Analysis
-
max time kernel
146s -
max time network
147s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
17-01-2021 13:57
Static task
static1
Behavioral task
behavioral1
Sample
PaymentReceipt.js
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
PaymentReceipt.js
-
Size
28KB
-
MD5
b199269852088f41919025ee636a8f6d
-
SHA1
3b0262420bf7a33d4265415e9245c4fa21f5398f
-
SHA256
2432c50fa8569fb4e19d7fe0630b9a4e2657465e9fe30dc9248b04a62af02c9f
-
SHA512
477f79c85277576ecf87153fe86fe8eb31c81a2982e84b68f5dd4d190446b20961cebca6dbd082661c8c50d14e157ec44acfab60efe3556d0691ec1e2faa7da0
Malware Config
Signatures
-
Blocklisted process makes network request 30 IoCs
flow pid Process 5 240 wscript.exe 7 240 wscript.exe 8 240 wscript.exe 9 240 wscript.exe 10 240 wscript.exe 11 240 wscript.exe 12 240 wscript.exe 13 240 wscript.exe 15 240 wscript.exe 16 240 wscript.exe 17 240 wscript.exe 18 240 wscript.exe 19 240 wscript.exe 20 240 wscript.exe 22 240 wscript.exe 23 240 wscript.exe 24 240 wscript.exe 25 240 wscript.exe 26 240 wscript.exe 27 240 wscript.exe 29 240 wscript.exe 30 240 wscript.exe 31 240 wscript.exe 32 240 wscript.exe 33 240 wscript.exe 34 240 wscript.exe 36 240 wscript.exe 37 240 wscript.exe 38 240 wscript.exe 39 240 wscript.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PaymentReceipt.js wscript.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.