Analysis
-
max time kernel
1796s -
max time network
1801s -
platform
windows10_x64 -
resource
win10-en-20211104 -
submitted
02-12-2021 16:41
Static task
static1
Behavioral task
behavioral1
Sample
RRXVpOavDl.js
Resource
win7-en-20211014
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
RRXVpOavDl.js
Resource
win10-en-20211104
0 signatures
0 seconds
General
-
Target
RRXVpOavDl.js
-
Size
9KB
-
MD5
dfdc9c79b321d87cc8dcbb361a69ecb5
-
SHA1
7d430e4ef2ecaf4db5e42789a56b2ea4e280b35c
-
SHA256
f99f5c043620cf790857f1a2c8906a9323c57a5b6fa6a59acd571eb1bfc68328
-
SHA512
4856afcf1953a9056253af8baa39b6d9283aa17153903c3c671785e51ac2ccf7aa104fac5e4c2fb4098d1f1ed6a9c9212cfe2ebbbbe6f46fc53ebec96537705f
Score
10/10
Malware Config
Signatures
-
Blocklisted process makes network request 64 IoCs
Processes:
wscript.exeflow pid process 10 3676 wscript.exe 22 3676 wscript.exe 23 3676 wscript.exe 27 3676 wscript.exe 28 3676 wscript.exe 29 3676 wscript.exe 30 3676 wscript.exe 31 3676 wscript.exe 34 3676 wscript.exe 35 3676 wscript.exe 36 3676 wscript.exe 37 3676 wscript.exe 38 3676 wscript.exe 39 3676 wscript.exe 40 3676 wscript.exe 41 3676 wscript.exe 42 3676 wscript.exe 43 3676 wscript.exe 44 3676 wscript.exe 45 3676 wscript.exe 46 3676 wscript.exe 47 3676 wscript.exe 49 3676 wscript.exe 50 3676 wscript.exe 51 3676 wscript.exe 52 3676 wscript.exe 53 3676 wscript.exe 54 3676 wscript.exe 55 3676 wscript.exe 56 3676 wscript.exe 57 3676 wscript.exe 58 3676 wscript.exe 59 3676 wscript.exe 60 3676 wscript.exe 61 3676 wscript.exe 62 3676 wscript.exe 63 3676 wscript.exe 64 3676 wscript.exe 65 3676 wscript.exe 66 3676 wscript.exe 67 3676 wscript.exe 68 3676 wscript.exe 69 3676 wscript.exe 70 3676 wscript.exe 71 3676 wscript.exe 72 3676 wscript.exe 73 3676 wscript.exe 74 3676 wscript.exe 75 3676 wscript.exe 76 3676 wscript.exe 77 3676 wscript.exe 78 3676 wscript.exe 79 3676 wscript.exe 80 3676 wscript.exe 81 3676 wscript.exe 82 3676 wscript.exe 83 3676 wscript.exe 84 3676 wscript.exe 85 3676 wscript.exe 86 3676 wscript.exe 87 3676 wscript.exe 88 3676 wscript.exe 89 3676 wscript.exe 90 3676 wscript.exe -
Drops startup file 2 IoCs
Processes:
wscript.exedescription ioc process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RRXVpOavDl.js wscript.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RRXVpOavDl.js wscript.exe -
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
wscript.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Windows\CurrentVersion\Run wscript.exe Set value (str) \REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Windows\CurrentVersion\Run\SEJOKAOI5S = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\RRXVpOavDl.js\"" wscript.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.