d44707c5cfe6fcfef53df920200eea916de357e8f02fa9847a9d6f0cdcd81511 | Triage

Analysis

max time kernel
1799s
max time network
1802s
platform
windows10_x64
resource
win10v20210410
submitted
11-06-2021 02:24

Sharing

Report Analysis Logs

General

Target

js-beautified-1.js
Size

2.0MB
MD5

2cf2bd5991c8ac130e2ce7b6abaf6cf5
SHA1

e7fb302389722a9ae9c7c156a14299ea67a7d287
SHA256

d44707c5cfe6fcfef53df920200eea916de357e8f02fa9847a9d6f0cdcd81511
SHA512

49c25fad45a7486a66d83987890d907d4a7f14a4b41d5c375f6a1e9c2025456038c64aac7823f35eac8c687442f53e288a8ae5491407766458affea7a075bbb1

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 64 IoCs

Processes:

wscript.exe

flow	pid	process
13	3904	wscript.exe
17	3904	wscript.exe
18	3904	wscript.exe
19	3904	wscript.exe
20	3904	wscript.exe
21	3904	wscript.exe
23	3904	wscript.exe
24	3904	wscript.exe
26	3904	wscript.exe
27	3904	wscript.exe
28	3904	wscript.exe
29	3904	wscript.exe
30	3904	wscript.exe
31	3904	wscript.exe
33	3904	wscript.exe
34	3904	wscript.exe
35	3904	wscript.exe
36	3904	wscript.exe
37	3904	wscript.exe
38	3904	wscript.exe
40	3904	wscript.exe
41	3904	wscript.exe
42	3904	wscript.exe
43	3904	wscript.exe
50	3904	wscript.exe
51	3904	wscript.exe
53	3904	wscript.exe
54	3904	wscript.exe
55	3904	wscript.exe
58	3904	wscript.exe
59	3904	wscript.exe
60	3904	wscript.exe
62	3904	wscript.exe
63	3904	wscript.exe
64	3904	wscript.exe
65	3904	wscript.exe
66	3904	wscript.exe
67	3904	wscript.exe
69	3904	wscript.exe
70	3904	wscript.exe
71	3904	wscript.exe
72	3904	wscript.exe
73	3904	wscript.exe
74	3904	wscript.exe
76	3904	wscript.exe
77	3904	wscript.exe
78	3904	wscript.exe
79	3904	wscript.exe
80	3904	wscript.exe
81	3904	wscript.exe
83	3904	wscript.exe
85	3904	wscript.exe
86	3904	wscript.exe
87	3904	wscript.exe
88	3904	wscript.exe
89	3904	wscript.exe
90	3904	wscript.exe
92	3904	wscript.exe
93	3904	wscript.exe
94	3904	wscript.exe
95	3904	wscript.exe
96	3904	wscript.exe
98	3904	wscript.exe
99	3904	wscript.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\js-beautified-1.js
1⤵
- Blocklisted process makes network request
PID:3904

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...