Analysis
-
max time kernel
143s -
max time network
146s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
31-03-2021 13:02
Static task
static1
Behavioral task
behavioral1
Sample
Statment of payments.js
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Statment of payments.js
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
Statment of payments.js
-
Size
29KB
-
MD5
13bd7e15b751a2a6389c587fd2cc3053
-
SHA1
335336c48596ab6a197b4254aec031f5dc327a30
-
SHA256
3b8e07eccb807a64a193e2ead60f739384542d295af70803e36f24cfc7e8c361
-
SHA512
93aee6c94609e371964ca2293eda2513ada188f5d18a28c5bf815350ce2640039fa3a386279d6f77b846ffce1b6f51d7d22d1c747cecd46ebfacf74262f13d0e
Score
10/10
Malware Config
Signatures
-
Blocklisted process makes network request 21 IoCs
Processes:
wscript.exeflow pid process 8 1192 wscript.exe 10 1192 wscript.exe 12 1192 wscript.exe 14 1192 wscript.exe 22 1192 wscript.exe 25 1192 wscript.exe 26 1192 wscript.exe 27 1192 wscript.exe 28 1192 wscript.exe 29 1192 wscript.exe 30 1192 wscript.exe 33 1192 wscript.exe 34 1192 wscript.exe 35 1192 wscript.exe 36 1192 wscript.exe 37 1192 wscript.exe 38 1192 wscript.exe 39 1192 wscript.exe 40 1192 wscript.exe 41 1192 wscript.exe 42 1192 wscript.exe -
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
wscript.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Windows\CurrentVersion\Run wscript.exe Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Windows\CurrentVersion\Run\EKNIWA4JDQ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\Statment of payments.js\"" wscript.exe