Analysis
-
max time kernel
142s -
max time network
144s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
15-05-2021 00:02
Static task
static1
Behavioral task
behavioral1
Sample
Soporte de pago realizado con exito en fecha .js
Resource
win7v20210410
0 signatures
0 seconds
General
-
Target
Soporte de pago realizado con exito en fecha .js
-
Size
1.8MB
-
MD5
b6528071d31ea803a5e57eb69eec7265
-
SHA1
dc51b5004b167657acb13956aedb8f1153204642
-
SHA256
cf298e1886fb46e23b2607c3098fa945d9bbf12e0c6edd4a9ae9315f0150d058
-
SHA512
32bb7a3bd1a487637cbe995a7ef952baa1afc8d5a90ee0a83f0e0afc459f5e202f6ab7af8b12bcca9f8f0a96ad0fb86e9212b1efafdeddac5b4621820c485dfa
Malware Config
Signatures
-
Blocklisted process makes network request 15 IoCs
Processes:
wscript.exeflow pid process 28 2112 wscript.exe 29 2112 wscript.exe 30 2112 wscript.exe 31 2112 wscript.exe 32 2112 wscript.exe 33 2112 wscript.exe 34 2112 wscript.exe 35 2112 wscript.exe 36 2112 wscript.exe 37 2112 wscript.exe 38 2112 wscript.exe 39 2112 wscript.exe 40 2112 wscript.exe 41 2112 wscript.exe 42 2112 wscript.exe -
Drops startup file 2 IoCs
Processes:
wscript.exedescription ioc process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soporte de pago realizado con exito en fecha .js wscript.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soporte de pago realizado con exito en fecha .js wscript.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.