Analysis
-
max time kernel
144s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
22-06-2022 08:46
General
-
Target
?? ??? ??????????? ??????.jse
-
Size
5KB
-
MD5
21edf1a6ae8e0a869aca1890b3e34a97
-
SHA1
cd19915eb44c6b5d8ec3397db1280bbfbca16435
-
SHA256
073321b040b9b6820c5701dd61732c1aa88ac7e40687f14c0e37ebd1253211de
-
SHA512
00c9aeab7a5ce8f2fda77e7a051bc219fc2b9de25cce32deb0073c3bd6cbc3da4a5a61d2c4a2c7b1b85344b82f64a672758ab04d1073f3f19ec1f9c7d30e9a99
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 2 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 2 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Windows\System32\WScript.exeC:\Windows\System32\WScript.exe "C:\Users\Admin\AppData\Local\Temp\__ ___ ___________ ______.jse"1⤵
- Blocklisted process makes network request
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c C:\Users\Admin\AppData\Local\Temp\radCA77A.tmp2⤵
- Modifies registry class
-
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
31KB
MD5ea24bc598bea877cebd270701012ee09
SHA17132efeab2250a2294951156056ce5de74a40fed
SHA256f410c1348fd54a54ba3b041407aec74d2a38fe9ea7118e0163d0f21f5181eaa4
SHA512c9fe24c3d28c042692ace2f8391a9d46cb22da2c2dbfd9f9dbf323469a2678a894172339ece321ed72ebe7dd607bbc558c90f18b080db24cb8ba95204814e76e