Analysis
-
max time kernel
131s -
max time network
143s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
18-01-2021 08:30
Static task
static1
Behavioral task
behavioral1
Sample
PaymentReceipt_345.js
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
PaymentReceipt_345.js
-
Size
27KB
-
MD5
498ecc30f8856e7c6a509fbc73b86df6
-
SHA1
4b4fe0f6aeb00eb63ff12953bececc7eb66a78f8
-
SHA256
b96dc64b8a8f309058d5a311527a5eddb286f0e0c9b4771a5e52449b45d1c704
-
SHA512
e4aa5cc9a27f7835457218189d360aa1076db51c4de3ccf9979a569175a6ed76d36dfb54c666d9ce9fdb0ffe51759ab053df30f2c5f7674522cda7a78ad137e4
Malware Config
Signatures
-
Blocklisted process makes network request 8 IoCs
flow pid Process 5 324 wscript.exe 7 324 wscript.exe 8 324 wscript.exe 9 324 wscript.exe 12 324 wscript.exe 13 324 wscript.exe 14 324 wscript.exe 15 324 wscript.exe -
Drops startup file 2 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PaymentReceipt_345.js wscript.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PaymentReceipt_345.js wscript.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.