Analysis
-
max time kernel
299s -
max time network
301s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
06-07-2021 16:18
Static task
static1
Behavioral task
behavioral1
Sample
Copia de la denuncia fiscal presentada en su contra NUNC Numero Unico de Noticia Criminal ESM/Copia.vbs
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Copia de la denuncia fiscal presentada en su contra NUNC Numero Unico de Noticia Criminal ESM/Copia.vbs
Resource
win10v20210410
Behavioral task
behavioral3
Sample
Copia de la denuncia fiscal presentada en su contra NUNC Numero Unico de Noticia Criminal ESM/Requer.exe
Resource
win7v20210410
Behavioral task
behavioral4
Sample
Copia de la denuncia fiscal presentada en su contra NUNC Numero Unico de Noticia Criminal ESM/Requer.exe
Resource
win10v20210410
Behavioral task
behavioral5
Sample
Copia de la denuncia fiscal presentada en su contra NUNC Numero Unico de Noticia Criminal ESM/SPOA S.js
Resource
win7v20210410
Behavioral task
behavioral6
Sample
Copia de la denuncia fiscal presentada en su contra NUNC Numero Unico de Noticia Criminal ESM/SPOA S.js
Resource
win10v20210410
General
-
Target
Copia de la denuncia fiscal presentada en su contra NUNC Numero Unico de Noticia Criminal ESM/SPOA S.js
-
Size
181KB
-
MD5
bf197fc803110445e9101d0d4273c43f
-
SHA1
cca51de9562decf397de1479840f1f00fac1f5e2
-
SHA256
0b21dc99aacd1c180a7c837761778f362a418e7e01e346df6b22a8211bab34f3
-
SHA512
64cd33c4072a18e7974e968e5e8e7cddda85c8c7b9cba244d976f9bd5ce84e81c7ac7bec49bb1a54da3727c9839559ae2661be53394188b0f585d57c7a4287f4
Malware Config
Signatures
-
Drops startup file 1 IoCs
Processes:
wscript.exedescription ioc process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SPOA S.js wscript.exe -
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
wscript.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Windows\CurrentVersion\Run\TGLZ6AQ14S = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\SPOA S.js\"" wscript.exe Key created \REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Windows\CurrentVersion\Run wscript.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.