Analysis
-
max time kernel
148s -
max time network
148s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
14-05-2021 23:22
Static task
static1
Behavioral task
behavioral1
Sample
Soporte de pago realizado con exito en fecha .js
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
General
-
Target
Soporte de pago realizado con exito en fecha .js
-
Size
1.8MB
-
MD5
b6528071d31ea803a5e57eb69eec7265
-
SHA1
dc51b5004b167657acb13956aedb8f1153204642
-
SHA256
cf298e1886fb46e23b2607c3098fa945d9bbf12e0c6edd4a9ae9315f0150d058
-
SHA512
32bb7a3bd1a487637cbe995a7ef952baa1afc8d5a90ee0a83f0e0afc459f5e202f6ab7af8b12bcca9f8f0a96ad0fb86e9212b1efafdeddac5b4621820c485dfa
Malware Config
Signatures
-
Drops startup file 2 IoCs
Processes:
wscript.exedescription ioc process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soporte de pago realizado con exito en fecha .js wscript.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soporte de pago realizado con exito en fecha .js wscript.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.