Analysis
-
max time kernel
147s -
max time network
152s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
17-06-2022 17:17
Static task
static1
Behavioral task
behavioral1
Sample
js-decoded-2.js
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
js-decoded-2.js
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
js-decoded-2.js
-
Size
3KB
-
MD5
6f97e89ac83c12f2dd74e2577da3544c
-
SHA1
926677b800daec16a90d495ba5491fd3e7b136b9
-
SHA256
dd8ae86a69f6a09889c54b29dc299bf10ecb551f809c1fac1eeba97e3f37ae12
-
SHA512
e5f194d774b2ee9f8ee68ea418b531eadd21990e7c8d93970d07c408965753528fe9f02219a1f84dfa064ef76e3655ae6adf5eb6d1302fca66d0f9d3aae97790
Score
10/10
Malware Config
Signatures
-
Blocklisted process makes network request 16 IoCs
Processes:
wscript.exeflow pid process 4 1008 wscript.exe 5 1008 wscript.exe 6 1008 wscript.exe 8 1008 wscript.exe 10 1008 wscript.exe 11 1008 wscript.exe 13 1008 wscript.exe 14 1008 wscript.exe 15 1008 wscript.exe 17 1008 wscript.exe 18 1008 wscript.exe 19 1008 wscript.exe 21 1008 wscript.exe 22 1008 wscript.exe 23 1008 wscript.exe 25 1008 wscript.exe -
Drops startup file 2 IoCs
Processes:
wscript.exedescription ioc process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\js-decoded-2.js wscript.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\js-decoded-2.js wscript.exe -
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
wscript.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Windows\CurrentVersion\Run wscript.exe Set value (str) \REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Windows\CurrentVersion\Run\YVBPFHTJIQ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\js-decoded-2.js\"" wscript.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1008-54-0x000007FEFBA51000-0x000007FEFBA53000-memory.dmpFilesize
8KB