Analysis
-
max time kernel
146s -
max time network
151s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
27-02-2021 18:17
Static task
static1
Behavioral task
behavioral1
Sample
POA-56.js
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
POA-56.js
-
Size
25KB
-
MD5
66a481d5f48631478e4bb4b5bdbce5c4
-
SHA1
a2399bde1dcddcf77fb2025bb537c3c78d292d1d
-
SHA256
c8e73238ae2e8627b8070796c0e23fbd65b832bdde0982e4e897e8796b8f15c6
-
SHA512
f9d65d291cc7ad7d90c8e2265bfcfb8597d9ded4a77aab05ed7d7da2f59ccffedb7b974d4beb5dce184c3ca3c09c41d29e46a07aace38af6f5299d3d226114d6
Malware Config
Signatures
-
Blocklisted process makes network request 9 IoCs
Processes:
wscript.exeflow pid process 6 4772 wscript.exe 8 4772 wscript.exe 10 4772 wscript.exe 19 4772 wscript.exe 23 4772 wscript.exe 25 4772 wscript.exe 26 4772 wscript.exe 27 4772 wscript.exe 28 4772 wscript.exe -
Drops startup file 2 IoCs
Processes:
wscript.exedescription ioc process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\POA-56.js wscript.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\POA-56.js wscript.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.