Analysis
-
max time kernel
1800s -
max time network
1814s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
01-09-2021 14:23
Static task
static1
Behavioral task
behavioral1
Sample
js-decoded-3.js
Resource
win7v20210408
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
js-decoded-3.js
Resource
win10v20210408
0 signatures
0 seconds
General
-
Target
js-decoded-3.js
-
Size
3KB
-
MD5
744b8d34b4e5c61808a05ec5b565fd6a
-
SHA1
96ef2f1ad31565090ffaff2444f7ee0959181a82
-
SHA256
15a948980335d42d9bbc2cc1f721311936ebeeb6ce80b57c0c0f34d882a9d1ff
-
SHA512
e001c9e70aab07e11852582abf385fd2e7b5fdf9fb99380b9b72f83ed71664f2e21f8bab62c61261f84f67003efa0108919e1e3b0cad20b25021a2b5bb104390
Score
10/10
Malware Config
Signatures
-
Blocklisted process makes network request 64 IoCs
Processes:
wscript.exeflow pid process 7 804 wscript.exe 14 804 wscript.exe 16 804 wscript.exe 17 804 wscript.exe 18 804 wscript.exe 19 804 wscript.exe 20 804 wscript.exe 21 804 wscript.exe 22 804 wscript.exe 23 804 wscript.exe 24 804 wscript.exe 25 804 wscript.exe 26 804 wscript.exe 27 804 wscript.exe 28 804 wscript.exe 29 804 wscript.exe 30 804 wscript.exe 31 804 wscript.exe 32 804 wscript.exe 33 804 wscript.exe 34 804 wscript.exe 35 804 wscript.exe 36 804 wscript.exe 37 804 wscript.exe 38 804 wscript.exe 39 804 wscript.exe 40 804 wscript.exe 41 804 wscript.exe 42 804 wscript.exe 43 804 wscript.exe 44 804 wscript.exe 45 804 wscript.exe 46 804 wscript.exe 47 804 wscript.exe 48 804 wscript.exe 49 804 wscript.exe 56 804 wscript.exe 57 804 wscript.exe 58 804 wscript.exe 59 804 wscript.exe 60 804 wscript.exe 61 804 wscript.exe 62 804 wscript.exe 63 804 wscript.exe 66 804 wscript.exe 67 804 wscript.exe 68 804 wscript.exe 69 804 wscript.exe 70 804 wscript.exe 71 804 wscript.exe 72 804 wscript.exe 73 804 wscript.exe 74 804 wscript.exe 75 804 wscript.exe 76 804 wscript.exe 77 804 wscript.exe 78 804 wscript.exe 79 804 wscript.exe 80 804 wscript.exe 81 804 wscript.exe 82 804 wscript.exe 83 804 wscript.exe 84 804 wscript.exe 85 804 wscript.exe -
Drops startup file 2 IoCs
Processes:
wscript.exedescription ioc process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\js-decoded-3.js wscript.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\js-decoded-3.js wscript.exe -
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
wscript.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Windows\CurrentVersion\Run wscript.exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Windows\CurrentVersion\Run\SEJOKAOI5S = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\js-decoded-3.js\"" wscript.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.