Analysis
-
max time kernel
141s -
max time network
149s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
26-02-2021 13:14
Static task
static1
Behavioral task
behavioral1
Sample
ReceiptCopy.js
Resource
win7v20201028
0 signatures
0 seconds
General
-
Target
ReceiptCopy.js
-
Size
25KB
-
MD5
ea0364f70362a4980db75ec2daf47dd7
-
SHA1
3d8816bf7bb284811f39cb8334b8a98b7ceccc40
-
SHA256
b96407d5400aada01adfb86753604efa9e291a0b30d96f90d5897a1596947f4b
-
SHA512
af121da57ca5cc200ad5a3d216f95e4fa0d11257c6d4d1951978ed8f12e7991e133e8e5aca65cd0ef2fdcdce04d67bcaee082c905d6c809246d2bfed2b1628cf
Malware Config
Signatures
-
Blocklisted process makes network request 4 IoCs
Processes:
wscript.exeflow pid process 6 1232 wscript.exe 9 1232 wscript.exe 11 1232 wscript.exe 14 1232 wscript.exe -
Drops startup file 2 IoCs
Processes:
wscript.exedescription ioc process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ReceiptCopy.js wscript.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ReceiptCopy.js wscript.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1232-2-0x000001F24CFD0000-0x000001F24CFD4000-memory.dmpFilesize
16KB