Analysis
-
max time kernel
144s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
20-06-2022 09:40
Static task
static1
Behavioral task
behavioral1
Sample
JUclMnXWGX.js
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
JUclMnXWGX.js
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
JUclMnXWGX.js
-
Size
30KB
-
MD5
1a78c6c4ea92442d7da8af8d2557e0d2
-
SHA1
410764bee9220b5630ac46f7a1c5c36c93b742c9
-
SHA256
288f91b613ec105cf8d9576e056b6c504c859c842b3b17649d103308040bd82d
-
SHA512
548c4cd49e8277b49d25d2d4b3ba04a29ba474e0ae1761a8edf12643923a6872e8bc448c05b0003c7bcea44cf1847d82ea7ad89874b6657e41055b89e7d4b20d
Score
10/10
Malware Config
Signatures
-
Blocklisted process makes network request 14 IoCs
Processes:
wscript.exeflow pid process 8 932 wscript.exe 15 932 wscript.exe 21 932 wscript.exe 29 932 wscript.exe 31 932 wscript.exe 37 932 wscript.exe 43 932 wscript.exe 44 932 wscript.exe 45 932 wscript.exe 46 932 wscript.exe 47 932 wscript.exe 48 932 wscript.exe 49 932 wscript.exe 50 932 wscript.exe -
Drops startup file 2 IoCs
Processes:
wscript.exedescription ioc process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JUclMnXWGX.js wscript.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JUclMnXWGX.js wscript.exe -
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
wscript.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\YVBPFHTJIQ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\JUclMnXWGX.js\"" wscript.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Windows\CurrentVersion\Run wscript.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.