Analysis
-
max time kernel
147s -
max time network
148s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
26-03-2021 18:20
Static task
static1
Behavioral task
behavioral1
Sample
90900rder-Receipt.js
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
90900rder-Receipt.js
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
90900rder-Receipt.js
-
Size
99KB
-
MD5
9040ae2e4483d24ceb81966b052df3d5
-
SHA1
237429befe90f85cb70250812e08546424f27e2d
-
SHA256
0a0ec4f64f4efa303729198bba3975932c9e22bd8da317e31fc1a3029b29008f
-
SHA512
2cd8c88b2b932658bc60669c96919842f58d14c37365bab04ab057011bad3622a815399bbf79c27eb102c783d64ffd1c6e9e4cf77687ef0978c31d9aae9f12d0
Score
10/10
Malware Config
Signatures
-
Blocklisted process makes network request 18 IoCs
Processes:
wscript.exeflow pid process 6 1784 wscript.exe 7 1784 wscript.exe 8 1784 wscript.exe 9 1784 wscript.exe 10 1784 wscript.exe 11 1784 wscript.exe 13 1784 wscript.exe 14 1784 wscript.exe 15 1784 wscript.exe 16 1784 wscript.exe 17 1784 wscript.exe 18 1784 wscript.exe 20 1784 wscript.exe 21 1784 wscript.exe 22 1784 wscript.exe 23 1784 wscript.exe 24 1784 wscript.exe 25 1784 wscript.exe -
Drops startup file 2 IoCs
Processes:
wscript.exedescription ioc process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\90900rder-Receipt.js wscript.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\90900rder-Receipt.js wscript.exe -
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
wscript.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Windows\CurrentVersion\Run wscript.exe Set value (str) \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Windows\CurrentVersion\Run\K5OONDJ1J0 = "'C:\\Users\\Admin\\AppData\\Local\\Temp\\90900rder-Receipt.js'" wscript.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/756-2-0x000007FEF7510000-0x000007FEF778A000-memory.dmpFilesize
2.5MB