Analysis
-
max time kernel
142s -
max time network
143s -
platform
windows10_x64 -
resource
win10-en -
submitted
03-09-2021 13:30
Static task
static1
Behavioral task
behavioral1
Sample
ORDER-21902.js
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
ORDER-21902.js
Resource
win10-en
windows10_x64
0 signatures
0 seconds
General
-
Target
ORDER-21902.js
-
Size
116KB
-
MD5
f001e1070c9c455fc200a56466a82b49
-
SHA1
1dee5748281b89e2ce4bffac4096cdf0105129dc
-
SHA256
034666a3eecfe683ff4f1942e353a413701b08a412c479c8eb6a82af0d7be52c
-
SHA512
395ced29b05be41101cd61c380c6b6b744b85ca190d550dc406065637bcceb8bb4cf777acf27416c65b61d9c7d2c611b8562423929984a3d47338aeb40090762
Score
10/10
Malware Config
Signatures
-
Blocklisted process makes network request 1 IoCs
Processes:
wscript.exeflow pid process 9 3940 wscript.exe -
Drops startup file 2 IoCs
Processes:
wscript.exedescription ioc process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ORDER-21902.js wscript.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ORDER-21902.js wscript.exe -
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
wscript.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000\Software\Microsoft\Windows\CurrentVersion\Run wscript.exe Set value (str) \REGISTRY\USER\S-1-5-21-2559286294-2439613352-4032193287-1000\Software\Microsoft\Windows\CurrentVersion\Run\TCT0DVSIH6 = "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ORDER-21902.js'" wscript.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.