Analysis

  • max time kernel
    107s
  • max time network
    75s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    31-05-2021 13:47

General

  • Target

    sample.js

  • Size

    67KB

  • MD5

    3e7159f1fbfbe75bfafde72feb1bf94f

  • SHA1

    4e8a7b7c3d52b965bea11c53829334bb0dc908c3

  • SHA256

    a5122b7a02ae525036dbef78c6d6042a8c2cd4888a6451c2baca96a0a68ed259

  • SHA512

    0beb743a0a4fe2e78483a2bd580eab205a879653ec8c84db6d5ac19c61cc2302df472b9c3f06698c3f5708638b6e7b05fdde310c35bea5b38e23690f91642245

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\sample.js
    1⤵
      PID:2044
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:1740
      • C:\Windows\system32\AUDIODG.EXE
        C:\Windows\system32\AUDIODG.EXE 0x168
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:1008

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1740-59-0x000007FEFC251000-0x000007FEFC253000-memory.dmp

        Filesize

        8KB