Analysis

  • max time kernel
    122s
  • max time network
    125s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    09/12/2021, 12:55

General

  • Target

    Request_For_Quotation.js

  • Size

    184KB

  • MD5

    d86eb37fb515a419f7d154c0e0e915e5

  • SHA1

    3817f60df66abe6278cf7bf0e0d8581e0a448cd2

  • SHA256

    7e46aa47cfe108b7d8113725729e70a96bae5ef32686e7e41cbc56ca76aae58f

  • SHA512

    367ae0645b01b452d75b603097b6c5a12f3bb2e77b9f8f36b50d9b690a67c28dcdc225d33ffa19fbe40874373448a4daaef2a72ef6f094842cdd9aba3a72d050

Score
4/10

Malware Config

Signatures

  • Drops file in Program Files directory 12 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\Request_For_Quotation.js
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2480
    • C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
      "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\qkzxfdpdmc.txt"
      2⤵
      • Drops file in Program Files directory
      PID:2756

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2756-117-0x0000000002F20000-0x0000000003190000-memory.dmp

          Filesize

          2.4MB

        • memory/2756-118-0x0000000002F20000-0x0000000003190000-memory.dmp

          Filesize

          2.4MB

        • memory/2756-119-0x0000000000BC0000-0x0000000000BC1000-memory.dmp

          Filesize

          4KB

        • memory/2756-120-0x0000000003190000-0x00000000031A0000-memory.dmp

          Filesize

          64KB