Analysis
-
max time kernel
107s -
max time network
75s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
31-05-2021 13:47
Static task
static1
Behavioral task
behavioral1
Sample
sample.js
Resource
win7v20210408
0 signatures
0 seconds
General
-
Target
sample.js
-
Size
67KB
-
MD5
3e7159f1fbfbe75bfafde72feb1bf94f
-
SHA1
4e8a7b7c3d52b965bea11c53829334bb0dc908c3
-
SHA256
a5122b7a02ae525036dbef78c6d6042a8c2cd4888a6451c2baca96a0a68ed259
-
SHA512
0beb743a0a4fe2e78483a2bd580eab205a879653ec8c84db6d5ac19c61cc2302df472b9c3f06698c3f5708638b6e7b05fdde310c35bea5b38e23690f91642245
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
AUDIODG.EXEdescription pid Process Token: 33 1008 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1008 AUDIODG.EXE Token: 33 1008 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1008 AUDIODG.EXE
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\sample.js1⤵PID:2044
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:1740
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x1681⤵
- Suspicious use of AdjustPrivilegeToken
PID:1008