Analysis
-
max time kernel
1795s -
max time network
1840s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
01-09-2021 14:23
Static task
static1
Behavioral task
behavioral1
Sample
js-decoded-3.js
Resource
win7v20210408
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
js-decoded-3.js
Resource
win10v20210408
0 signatures
0 seconds
General
-
Target
js-decoded-3.js
-
Size
3KB
-
MD5
744b8d34b4e5c61808a05ec5b565fd6a
-
SHA1
96ef2f1ad31565090ffaff2444f7ee0959181a82
-
SHA256
15a948980335d42d9bbc2cc1f721311936ebeeb6ce80b57c0c0f34d882a9d1ff
-
SHA512
e001c9e70aab07e11852582abf385fd2e7b5fdf9fb99380b9b72f83ed71664f2e21f8bab62c61261f84f67003efa0108919e1e3b0cad20b25021a2b5bb104390
Score
10/10
Malware Config
Signatures
-
Blocklisted process makes network request 64 IoCs
Processes:
wscript.exeflow pid process 6 1240 wscript.exe 7 1240 wscript.exe 8 1240 wscript.exe 10 1240 wscript.exe 11 1240 wscript.exe 12 1240 wscript.exe 14 1240 wscript.exe 15 1240 wscript.exe 16 1240 wscript.exe 18 1240 wscript.exe 19 1240 wscript.exe 20 1240 wscript.exe 22 1240 wscript.exe 23 1240 wscript.exe 24 1240 wscript.exe 26 1240 wscript.exe 27 1240 wscript.exe 28 1240 wscript.exe 30 1240 wscript.exe 31 1240 wscript.exe 32 1240 wscript.exe 34 1240 wscript.exe 35 1240 wscript.exe 36 1240 wscript.exe 38 1240 wscript.exe 39 1240 wscript.exe 40 1240 wscript.exe 42 1240 wscript.exe 43 1240 wscript.exe 44 1240 wscript.exe 46 1240 wscript.exe 47 1240 wscript.exe 48 1240 wscript.exe 50 1240 wscript.exe 51 1240 wscript.exe 52 1240 wscript.exe 54 1240 wscript.exe 55 1240 wscript.exe 56 1240 wscript.exe 58 1240 wscript.exe 59 1240 wscript.exe 60 1240 wscript.exe 62 1240 wscript.exe 63 1240 wscript.exe 64 1240 wscript.exe 66 1240 wscript.exe 67 1240 wscript.exe 68 1240 wscript.exe 70 1240 wscript.exe 71 1240 wscript.exe 72 1240 wscript.exe 74 1240 wscript.exe 75 1240 wscript.exe 76 1240 wscript.exe 78 1240 wscript.exe 79 1240 wscript.exe 80 1240 wscript.exe 82 1240 wscript.exe 83 1240 wscript.exe 84 1240 wscript.exe 86 1240 wscript.exe 87 1240 wscript.exe 88 1240 wscript.exe 90 1240 wscript.exe -
Drops startup file 2 IoCs
Processes:
wscript.exedescription ioc process File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\js-decoded-3.js wscript.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\js-decoded-3.js wscript.exe -
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
wscript.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Windows\CurrentVersion\Run wscript.exe Set value (str) \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Windows\CurrentVersion\Run\SEJOKAOI5S = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\js-decoded-3.js\"" wscript.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1240-59-0x000007FEFC391000-0x000007FEFC393000-memory.dmpFilesize
8KB