Analysis
-
max time kernel
146s -
max time network
145s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
06-05-2021 22:02
Static task
static1
Behavioral task
behavioral1
Sample
NOTIFICACION DE TRANSFERENCIA VIRTUAL EXITOSA.js
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
General
-
Target
NOTIFICACION DE TRANSFERENCIA VIRTUAL EXITOSA.js
-
Size
2.4MB
-
MD5
d720234b5136a9aab99e6bb59b6f45c5
-
SHA1
9833e954338d45830ab5603486319f4a46ceca01
-
SHA256
7209b5eaae21d79e72ea7fad3fdf9430e4f6fa4c4011c29fdedb71035f35e0b9
-
SHA512
131009b183d9c73bb2456e4834da4e8f1c72ac6c67201915754d4b899eefffd1de67eeb0fbc56bc3a359f8310516e7a9e12f892c376e317a53af89f183c1019c
Malware Config
Signatures
-
Blocklisted process makes network request 5 IoCs
Processes:
wscript.exeflow pid process 7 540 wscript.exe 8 540 wscript.exe 9 540 wscript.exe 11 540 wscript.exe 12 540 wscript.exe -
Drops startup file 2 IoCs
Processes:
wscript.exedescription ioc process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NOTIFICACION DE TRANSFERENCIA VIRTUAL EXITOSA.js wscript.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NOTIFICACION DE TRANSFERENCIA VIRTUAL EXITOSA.js wscript.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.