Analysis
-
max time kernel
142s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
20-06-2022 09:40
Static task
static1
Behavioral task
behavioral1
Sample
JUclMnXWGX.js
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
JUclMnXWGX.js
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
JUclMnXWGX.js
-
Size
30KB
-
MD5
1a78c6c4ea92442d7da8af8d2557e0d2
-
SHA1
410764bee9220b5630ac46f7a1c5c36c93b742c9
-
SHA256
288f91b613ec105cf8d9576e056b6c504c859c842b3b17649d103308040bd82d
-
SHA512
548c4cd49e8277b49d25d2d4b3ba04a29ba474e0ae1761a8edf12643923a6872e8bc448c05b0003c7bcea44cf1847d82ea7ad89874b6657e41055b89e7d4b20d
Score
10/10
Malware Config
Signatures
-
Blocklisted process makes network request 14 IoCs
Processes:
wscript.exeflow pid process 4 1984 wscript.exe 5 1984 wscript.exe 6 1984 wscript.exe 8 1984 wscript.exe 10 1984 wscript.exe 11 1984 wscript.exe 13 1984 wscript.exe 14 1984 wscript.exe 15 1984 wscript.exe 17 1984 wscript.exe 18 1984 wscript.exe 19 1984 wscript.exe 21 1984 wscript.exe 22 1984 wscript.exe -
Drops startup file 2 IoCs
Processes:
wscript.exedescription ioc process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JUclMnXWGX.js wscript.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JUclMnXWGX.js wscript.exe -
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
wscript.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Windows\CurrentVersion\Run wscript.exe Set value (str) \REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Windows\CurrentVersion\Run\YVBPFHTJIQ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\JUclMnXWGX.js\"" wscript.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
Processes
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1984-54-0x000007FEFBFE1000-0x000007FEFBFE3000-memory.dmpFilesize
8KB