55bb2a2ca819696050ebe1c97b5d9c691c2055bf6b8712ff099df6511800f0b6 | Triage

Analysis

max time kernel
120s
max time network
118s
platform
windows7_x64
resource
win7v20201028
submitted
13-01-2021 06:50

Sharing

Report Analysis Logs

General

Target

Invoice.js
Size

881KB
MD5

f51c0415346eefbc435681fce71f36b4
SHA1

2af2663fe36306d8c6fb34f6a29bee985b0fe0d9
SHA256

55bb2a2ca819696050ebe1c97b5d9c691c2055bf6b8712ff099df6511800f0b6
SHA512

2825f013ef137e0f69e55890df45a7209ae54185ac59a6556ff5b1bd04ebef536d39b39256a078089cbfd479a00424faaca4c61ba53950049029db43395d00c7

Score

1^/10

Malware Config

Signatures

Runs .reg file with regedit 1 IoCs

Processes:

regedit.exe

pid process

1352 regedit.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

regedit.exe

pid process

1352 regedit.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

wscript.exe

description	pid	process	target process
PID 644 wrote to memory of 1352	644	wscript.exe	regedit.exe
PID 644 wrote to memory of 1352	644	wscript.exe	regedit.exe
PID 644 wrote to memory of 1352	644	wscript.exe	regedit.exe

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Invoice.js
1⤵
- Suspicious use of WriteProcessMemory
PID:644
- C:\Windows\regedit.exe
  "regedit.exe" "C:\Users\Admin\AppData\Local\Temp\ebgeaegdbdecaedfebace.reg"
  2⤵
  - Runs .reg file with regedit
  - Suspicious behavior: GetForegroundWindowSpam
  PID:1352

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1352-2-0x0000000000000000-mapping.dmp

Download