Analysis
-
max time kernel
4294357s -
max time network
301s -
platform
windows7_x64 -
resource
win7-20220223-en -
submitted
28-02-2022 15:09
Static task
static1
Behavioral task
behavioral1
Sample
ReceiptTT54657534.js
Resource
win7-20220223-en
windows7_x64
0 signatures
0 seconds
General
-
Target
ReceiptTT54657534.js
-
Size
169KB
-
MD5
6923fdb0993ace8c1ee750f0b3810a1c
-
SHA1
9b8dc652eb39737c6bfdb505dbbf8617c36efadf
-
SHA256
eb36e0d72eeabd0731238af52c8f2175ff809091c117f83e0945928550c93850
-
SHA512
10a9dbcf6d5b598a324019304aff8d86765297a94c21db71789dacdd015737322173aa9e9b3eb612d22ff5dc7b897ffefe180ab5fc37cb095a1cf046fe676aec
Malware Config
Signatures
-
Blocklisted process makes network request 37 IoCs
Processes:
wscript.exeflow pid process 5 1828 wscript.exe 6 1828 wscript.exe 7 1828 wscript.exe 9 1828 wscript.exe 10 1828 wscript.exe 11 1828 wscript.exe 13 1828 wscript.exe 14 1828 wscript.exe 15 1828 wscript.exe 17 1828 wscript.exe 18 1828 wscript.exe 19 1828 wscript.exe 21 1828 wscript.exe 22 1828 wscript.exe 23 1828 wscript.exe 25 1828 wscript.exe 26 1828 wscript.exe 27 1828 wscript.exe 29 1828 wscript.exe 30 1828 wscript.exe 31 1828 wscript.exe 33 1828 wscript.exe 34 1828 wscript.exe 35 1828 wscript.exe 37 1828 wscript.exe 38 1828 wscript.exe 39 1828 wscript.exe 41 1828 wscript.exe 42 1828 wscript.exe 43 1828 wscript.exe 45 1828 wscript.exe 46 1828 wscript.exe 47 1828 wscript.exe 49 1828 wscript.exe 50 1828 wscript.exe 51 1828 wscript.exe 53 1828 wscript.exe -
Drops startup file 1 IoCs
Processes:
wscript.exedescription ioc process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ReceiptTT54657534.js wscript.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.