Analysis
-
max time kernel
149s -
max time network
197s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
18-08-2021 18:36
Static task
static1
Behavioral task
behavioral1
Sample
Our New Order AUG 18 2021 at 2.50_PVV440_TXT.js
Resource
win7v20210410
0 signatures
0 seconds
General
-
Target
Our New Order AUG 18 2021 at 2.50_PVV440_TXT.js
-
Size
8KB
-
MD5
a7deb33bf9c672522776d5428d18bd6f
-
SHA1
c286414e8493d4684ed9ce9f8de8b4fa50e0ba5a
-
SHA256
edb6e160869e2a4e91ea436cc66cd7f1c239d09c3459e76eb163e1450fc4e2e7
-
SHA512
0d5443fd1d1ea84a01a7bdefd182d120906220a5f64446fbe05db4bb3e02a9f7dbc3e2ef7f6124514ba7744609f6434c56be9d213a39299192cb6a6203dfcc1a
Malware Config
Signatures
-
Blocklisted process makes network request 28 IoCs
Processes:
wscript.exeflow pid process 5 1996 wscript.exe 6 1996 wscript.exe 7 1996 wscript.exe 8 1996 wscript.exe 9 1996 wscript.exe 10 1996 wscript.exe 12 1996 wscript.exe 13 1996 wscript.exe 14 1996 wscript.exe 15 1996 wscript.exe 16 1996 wscript.exe 17 1996 wscript.exe 19 1996 wscript.exe 20 1996 wscript.exe 21 1996 wscript.exe 22 1996 wscript.exe 23 1996 wscript.exe 24 1996 wscript.exe 26 1996 wscript.exe 27 1996 wscript.exe 28 1996 wscript.exe 29 1996 wscript.exe 30 1996 wscript.exe 31 1996 wscript.exe 33 1996 wscript.exe 34 1996 wscript.exe 35 1996 wscript.exe 36 1996 wscript.exe -
Drops startup file 2 IoCs
Processes:
wscript.exedescription ioc process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Our New Order AUG 18 2021 at 2.50_PVV440_TXT.js wscript.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Our New Order AUG 18 2021 at 2.50_PVV440_TXT.js wscript.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.