Analysis
-
max time kernel
143s -
max time network
146s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
17-01-2021 13:57
Static task
static1
Behavioral task
behavioral1
Sample
PaymentReceipt.js
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
PaymentReceipt.js
-
Size
28KB
-
MD5
b199269852088f41919025ee636a8f6d
-
SHA1
3b0262420bf7a33d4265415e9245c4fa21f5398f
-
SHA256
2432c50fa8569fb4e19d7fe0630b9a4e2657465e9fe30dc9248b04a62af02c9f
-
SHA512
477f79c85277576ecf87153fe86fe8eb31c81a2982e84b68f5dd4d190446b20961cebca6dbd082661c8c50d14e157ec44acfab60efe3556d0691ec1e2faa7da0
Malware Config
Signatures
-
Blocklisted process makes network request 21 IoCs
flow pid Process 6 3904 wscript.exe 8 3904 wscript.exe 11 3904 wscript.exe 12 3904 wscript.exe 17 3904 wscript.exe 21 3904 wscript.exe 22 3904 wscript.exe 23 3904 wscript.exe 24 3904 wscript.exe 25 3904 wscript.exe 26 3904 wscript.exe 30 3904 wscript.exe 31 3904 wscript.exe 32 3904 wscript.exe 33 3904 wscript.exe 34 3904 wscript.exe 35 3904 wscript.exe 36 3904 wscript.exe 37 3904 wscript.exe 38 3904 wscript.exe 39 3904 wscript.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PaymentReceipt.js wscript.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.