Analysis
-
max time kernel
147s -
max time network
175s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
03-06-2021 09:02
Static task
static1
Behavioral task
behavioral1
Sample
PaymentConfirmation.js
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
General
-
Target
PaymentConfirmation.js
-
Size
24KB
-
MD5
575eb4b9c7430dece77eb2d8ed3b5997
-
SHA1
22ac1f40d7611d4f72507a46a4912935a5de79c4
-
SHA256
4a157e8aa3f27b82f9a55d21989604a9570c9d0a6eb3a36ce8e5866513abcc73
-
SHA512
bfa6c2ba1cf45bc4ea6c0fff05ab77bfd84c1ba13fffcbdca82961a2cd57a8332a2aa916e21e4235ddab29d37e49d1684b2696d932da94cb19879c71262bc597
Malware Config
Signatures
-
Blocklisted process makes network request 1 IoCs
Processes:
wscript.exeflow pid process 6 1040 wscript.exe -
Drops startup file 2 IoCs
Processes:
wscript.exedescription ioc process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PaymentConfirmation.js wscript.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PaymentConfirmation.js wscript.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.