Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
01-09-2021 14:05
Static task
static1
Behavioral task
behavioral1
Sample
yyUgEcLmud.js
Resource
win7v20210408
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
yyUgEcLmud.js
Resource
win10v20210408
0 signatures
0 seconds
General
-
Target
yyUgEcLmud.js
-
Size
10KB
-
MD5
65363d0ea259acee31709e3e7a45cab8
-
SHA1
10143fc1636eb68c01f5fd6b39244dbd393c66e9
-
SHA256
86177bfcebdc7ae4a3d049399710ff6272f8289160c068465d729e7cff80f4c7
-
SHA512
6eb5e93b6a6be0e0c9aecbb4f356e188c41a475a926ef1de5329bfbb80509ab4dbbafd219027ea42e89ae4d355740277820a5e20c0dae5cb27d00e2f00ee070f
Score
10/10
Malware Config
Signatures
-
Blocklisted process makes network request 17 IoCs
Processes:
wscript.exeflow pid process 6 1060 wscript.exe 7 1060 wscript.exe 8 1060 wscript.exe 10 1060 wscript.exe 11 1060 wscript.exe 12 1060 wscript.exe 14 1060 wscript.exe 15 1060 wscript.exe 16 1060 wscript.exe 18 1060 wscript.exe 19 1060 wscript.exe 20 1060 wscript.exe 22 1060 wscript.exe 23 1060 wscript.exe 24 1060 wscript.exe 26 1060 wscript.exe 27 1060 wscript.exe -
Drops startup file 2 IoCs
Processes:
wscript.exedescription ioc process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yyUgEcLmud.js wscript.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yyUgEcLmud.js wscript.exe -
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
wscript.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Windows\CurrentVersion\Run wscript.exe Set value (str) \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Windows\CurrentVersion\Run\SEJOKAOI5S = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\yyUgEcLmud.js\"" wscript.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.