Analysis
-
max time kernel
1797s -
max time network
1800s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
11-06-2021 01:53
Static task
static1
Behavioral task
behavioral1
Sample
js-beautified-1.js
Resource
win7v20210410
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
js-beautified-1.js
Resource
win10v20210408
0 signatures
0 seconds
General
-
Target
js-beautified-1.js
-
Size
2.0MB
-
MD5
2cf2bd5991c8ac130e2ce7b6abaf6cf5
-
SHA1
e7fb302389722a9ae9c7c156a14299ea67a7d287
-
SHA256
d44707c5cfe6fcfef53df920200eea916de357e8f02fa9847a9d6f0cdcd81511
-
SHA512
49c25fad45a7486a66d83987890d907d4a7f14a4b41d5c375f6a1e9c2025456038c64aac7823f35eac8c687442f53e288a8ae5491407766458affea7a075bbb1
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 64 IoCs
Processes:
wscript.exeflow pid process 4 308 wscript.exe 5 308 wscript.exe 6 308 wscript.exe 7 308 wscript.exe 8 308 wscript.exe 9 308 wscript.exe 11 308 wscript.exe 12 308 wscript.exe 13 308 wscript.exe 14 308 wscript.exe 15 308 wscript.exe 16 308 wscript.exe 18 308 wscript.exe 19 308 wscript.exe 20 308 wscript.exe 21 308 wscript.exe 22 308 wscript.exe 23 308 wscript.exe 25 308 wscript.exe 26 308 wscript.exe 27 308 wscript.exe 28 308 wscript.exe 29 308 wscript.exe 30 308 wscript.exe 32 308 wscript.exe 33 308 wscript.exe 34 308 wscript.exe 35 308 wscript.exe 36 308 wscript.exe 37 308 wscript.exe 39 308 wscript.exe 40 308 wscript.exe 41 308 wscript.exe 42 308 wscript.exe 43 308 wscript.exe 44 308 wscript.exe 46 308 wscript.exe 47 308 wscript.exe 48 308 wscript.exe 49 308 wscript.exe 51 308 wscript.exe 52 308 wscript.exe 53 308 wscript.exe 54 308 wscript.exe 55 308 wscript.exe 56 308 wscript.exe 58 308 wscript.exe 59 308 wscript.exe 60 308 wscript.exe 61 308 wscript.exe 62 308 wscript.exe 63 308 wscript.exe 65 308 wscript.exe 66 308 wscript.exe 67 308 wscript.exe 68 308 wscript.exe 69 308 wscript.exe 70 308 wscript.exe 72 308 wscript.exe 74 308 wscript.exe 75 308 wscript.exe 76 308 wscript.exe 77 308 wscript.exe 78 308 wscript.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.