Overview

overview

10

Static

static

10

97c97ad2ba...48c.js

windows7_x64

10

97c97ad2ba...48c.js

windows10-2004_x64

10

Analysis

  • max time kernel
    150s
  • max time network
    187s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    20-05-2022 15:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    97c97ad2baef37eea023549131c192f441aa7976747166cd31095e7dad17948c.js

  • Size

    19KB

  • MD5

    f226dbe5dc77fe071ffc8c5d3c82e424

  • SHA1

    b4a63bd81c5388390dbda8b92770da88581610d1

  • SHA256

    97c97ad2baef37eea023549131c192f441aa7976747166cd31095e7dad17948c

  • SHA512

    11303231b6f854588cf182933af31f54060244cc4a8dbb73e41e3fca673b2c7d33457513d131c098808b60db8ebbaa6acd394d9b458fe1e2dc9c090fe02b9251

Score
10/10
evilnumtrojan

Malware Config

Signatures

  • EvilNum JS Component 2 IoCs
  • Evilnum

    A malware family with multiple components distributed through LNK files.

    trojanevilnum
  • Deletes itself 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\97c97ad2baef37eea023549131c192f441aa7976747166cd31095e7dad17948c.js
    1⤵
    • Deletes itself
    • Suspicious use of WriteProcessMemory
    PID:1104
    • C:\Windows\System32\cscript.exe
      "C:\Windows\System32\cscript.exe" C:\ProgramData\Assistance\Assistance.js
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2016
      • C:\Windows\System32\cscript.exe
        "C:\Windows\System32\cscript.exe" C:\Users\Admin\AppData\Local\Temp\reportapi.js
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:592
        • C:\Windows\System32\reg.exe
          "C:\Windows\System32\reg.exe" import C:\ProgramData\Assistance\AssistanceIE.reg
          4⤵
            PID:1560
          • C:\Windows\System32\reg.exe
            "C:\Windows\System32\reg.exe" import C:\ProgramData\Assistance\Assistance.reg
            4⤵
              PID:1944
            • C:\Windows\System32\cscript.exe
              "C:\Windows\System32\cscript.exe" C:\Users\Admin\AppData\Local\Temp\reportapi.js
              4⤵
                PID:1748
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" -startmediumtab -Embedding
          1⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:432
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:432 CREDAT:275457 /prefetch:2
            2⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:1580

        Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\ProgramData\Assistance\Assistance.js
          Filesize

          19KB

          MD5

          f226dbe5dc77fe071ffc8c5d3c82e424

          SHA1

          b4a63bd81c5388390dbda8b92770da88581610d1

          SHA256

          97c97ad2baef37eea023549131c192f441aa7976747166cd31095e7dad17948c

          SHA512

          11303231b6f854588cf182933af31f54060244cc4a8dbb73e41e3fca673b2c7d33457513d131c098808b60db8ebbaa6acd394d9b458fe1e2dc9c090fe02b9251

          Download Submit

        • C:\ProgramData\Assistance\Assistance.reg
          Filesize

          180B

          MD5

          9f6c27491c261d863fac798c0bacccc7

          SHA1

          1cba060165473420f1f671f00c36169f32abc705

          SHA256

          c44db0cd3d6973be77fe8f8f7e822d3ff1d7868c77fba9835e226407a1f0f923

          SHA512

          65ac8569cc1d17067a7c7b9223fc580738769351f3682eb4efc71a81acaaf74244f875675fce82642e89ec30b2b5e241c9108644db4f387a568fb05fe5fe5fa0

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
          Filesize

          1KB

          MD5

          a266bb7dcc38a562631361bbf61dd11b

          SHA1

          3b1efd3a66ea28b16697394703a72ca340a05bd5

          SHA256

          df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

          SHA512

          0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          2ce0fca1012dda17f6086f6ba0ccc228

          SHA1

          265ac1c9582c5b2255503ae589bcf4e01014a056

          SHA256

          32f34b582e1e0c0908957914d22002a183bd530bdd6537b907937eb7c9e62fd5

          SHA512

          2a46103c48e63d163c2e71b8c336344d94d5f4564c0ad8edf3259c70fd71364f43a3632d41868eb17ba90098255fad0d23a3e3d4ead986fe547077ab6bb01971

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
          Filesize

          242B

          MD5

          906479a899bd0db8705b1d0c059ad18d

          SHA1

          8b86b3b300ef10cabd38f17c3d8b4d054a1ed28a

          SHA256

          29319c007dc83b4bb46cdd173cb9f2a9e508c37afcf2ce18af2839efa005c73f

          SHA512

          98466fff9c5b8e8df83396d4dcfb0701a4889484662286159a6b491e6dabb85f0ce7a7418838d0c585753f5206835c6c636f0c90e22f3dfaa04567a3d564bedd

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\9os4y76\imagestore.dat
          Filesize

          4KB

          MD5

          0d24d9f0ad20eae19630f7a32327ae70

          SHA1

          681d6bd252a5d8ae8c4fd289372f6048ece6cc12

          SHA256

          5063002e64d992adf5cffe9a5e268018bbb3af62dc2e42d81d462cfc51889e74

          SHA512

          1dcaa3d83aad6b009119eddfe6c609f4e51ccfc37bbe3f1e01ed49e42fcd01809f127033e4476fc034390ee77f4a30da007b955ba666f830a0afe858d4a70540

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\9os4y76\imagestore.dat
          Filesize

          9KB

          MD5

          071b463f3f6eeeff8e6e57883a5ca389

          SHA1

          24f07a678c80d0a57a42a8cd6ed0138e4a6b620d

          SHA256

          86ea557203d01c6f75e5bfb52285e22dafb51997d01825b50b05c3df5418e1d1

          SHA512

          04363175267507ef2043fe36741947387710a87cbb362b59fcdbd18a51af6d96c5c7a43cdf4a160da7466bfe7851879b5bb3e9f766b1b2ba292b12fa41225ca2

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\9os4y76\imagestore.dat
          Filesize

          10KB

          MD5

          d73725196e9d76aa34aeee0ddf5ff3be

          SHA1

          5d8de2da2cdcd66fddfd6a89a8acb460358b2573

          SHA256

          37c602d9284a2669b0447adc9a799735cf8dd9b380165a81ea915fcf9f4ae0e6

          SHA512

          7f9b1fc337cf734eb255479f93c93204aaec5bd06ad6e80f6324444d890a796e4857358da91c9ce37bf7da7e235487a47e82d7791e320cb08981b7bf13650414

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\9os4y76\imagestore.dat
          Filesize

          11KB

          MD5

          a00fb7ec5b3ea0f9ab8a9853d17c5f4c

          SHA1

          b59cf7f008e3ac5f2171905368fe626786c917cc

          SHA256

          dd0e57a672476656183499b5d781a8507bb13016ae78223e27e473a1febe528e

          SHA512

          e5f386ab95ab4816073d9daa854ec2198cd1aebf1c6891c7a6705155ca161d08483bc400926808403cba38f27a9917884c98f038397b4b69ca09af99e0b2d12e

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\reportapi.js
          Filesize

          751B

          MD5

          e14cbb0ced8b231a3dd97cf8bd9f1f55

          SHA1

          27de89ed08538f017d32b334a311d54d6859ed6d

          SHA256

          aa386dc2f66e2527766f50f5dd75f023550725ea8afc68593a596c41620265bc

          SHA512

          d9225061f5b2d8a151cbde88c70fa979a527b296b2ec192f210db574d85f6449d43dfa960a905d81d0b3d2c9eb0e5bcb300e7935734588667834477f5cbfdd8c

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\reportapi.js
          Filesize

          19KB

          MD5

          f226dbe5dc77fe071ffc8c5d3c82e424

          SHA1

          b4a63bd81c5388390dbda8b92770da88581610d1

          SHA256

          97c97ad2baef37eea023549131c192f441aa7976747166cd31095e7dad17948c

          SHA512

          11303231b6f854588cf182933af31f54060244cc4a8dbb73e41e3fca673b2c7d33457513d131c098808b60db8ebbaa6acd394d9b458fe1e2dc9c090fe02b9251

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\02SIT1RS.txt
          Filesize

          603B

          MD5

          cdd19763943ba84c4cea3b04175bacab

          SHA1

          7d15e1768ea2c157d3075ac4fa6a7e29670f401e

          SHA256

          381a6e5d40a70ab38be2dae7524eb7699522eeb021949a6e13d1591681fc4778

          SHA512

          49da968c516afdb8403449b12767b7714a8c1d0952c8fa1766f3467e510c21812656a60d4af1571dbfbc693b3280c80dc23073c004fee6e09da0cffaba7b13aa

          Download Submit

        • memory/592-66-0x0000000001C70000-0x0000000001C80000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1104-54-0x000007FEFBA51000-0x000007FEFBA53000-memory.dmp

          Filesize

          8KB

          Download