Overview

overview

10

Static

static

1.js

windows7_x64

3

1.js

windows10_x64

10

Analysis

  • max time kernel
    121s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    11-05-2021 14:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1.js

  • Size

    190KB

  • MD5

    afa8a2405270564c521d461ad00122df

  • SHA1

    61e8553d531aa7ab7005a8ab58f4b6fcd4583a1c

  • SHA256

    08fc942a3c8a9342e18e835316100440d441c36a613787bfc2010dc947362a95

  • SHA512

    c4bb09f1d540562767e6243f7542a3bffa07c5fe8e89ebc0b47bd035d8438e3ef655acf1dc3a514a6d8cee7a3a31bf0109046aa799fb3daed0cf21fdbe8e0fda

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\1.js
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1756
    • C:\Program Files\Java\jre7\bin\javaw.exe
      "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\aecj.txt"
      2⤵
        PID:1976

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Discovery

    System Information Discovery

    1
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\aecj.txt
      MD5

      3b098ed6aa7c3b342772a135129afebd

      SHA1

      f5b5e634b40d0a043c77f48a259dab9b5eea1f5b

      SHA256

      4a4a333147eb03fa0bfb7d0f03b37585669e4d056d63d31beecbb56eafc80c91

      SHA512

      56157f4c0168098877927c46334ac6f1236d18147ad331797152d71a3281d5e2d7bf24c5b0609f868cbf94ec978f6f4e91d882f596e7a97605bd42d4f619e98f

      Download Submit
    • memory/1976-60-0x0000000000000000-mapping.dmp
      Download
    • memory/1976-61-0x000007FEFBD21000-0x000007FEFBD23000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1976-63-0x00000000021C0000-0x0000000002430000-memory.dmp
      Filesize

      2.4MB

      Download
    • memory/1976-64-0x0000000000210000-0x0000000000211000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1976-65-0x0000000000210000-0x0000000000211000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1976-69-0x0000000000210000-0x0000000000211000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1976-71-0x0000000000210000-0x0000000000211000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1976-72-0x0000000000210000-0x0000000000211000-memory.dmp
      Filesize

      4KB

      Download