Analysis
-
max time kernel
144s -
max time network
155s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
25/08/2022, 10:59
Static task
static1
Behavioral task
behavioral1
Sample
SZGefsAYXZ_Tadexax2223.js
Resource
win7-20220812-en
General
-
Target
SZGefsAYXZ_Tadexax2223.js
-
Size
56KB
-
MD5
b73ba6eb7f6b4fc2d4711871d55f4d30
-
SHA1
ac710b5a76921d81c1cbe5b5b8815c36536719d4
-
SHA256
136916061bfeb5df05b83ba428bcd2005dccbce2035b2b28a029274bf95a25b4
-
SHA512
98034cb31973fcff1c45cab52b993c32cb486134e62e18437074249b4b0bbdd0f47ca3b39bd01ed5370b546c72ce447632107d1afbaccf16c9392c3d3712ec0f
-
SSDEEP
1536:5YJm4ERgktGIefDKehwa8q4kDrxch7WpgIf/P4yT/P6hYpP34PzsqH+F8n1x6:KJm4FhKk82HPcU
Malware Config
Extracted
vjw0rm
http://185.157.162.75:2223
Signatures
-
Blocklisted process makes network request 1 IoCs
flow pid Process 3 1656 wscript.exe -
Drops startup file 2 IoCs
description ioc Process File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SZGefsAYXZ_Tadexax2223.js wscript.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SZGefsAYXZ_Tadexax2223.js wscript.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1656 wrote to memory of 1128 1656 wscript.exe 26 PID 1656 wrote to memory of 1128 1656 wscript.exe 26 PID 1656 wrote to memory of 1128 1656 wscript.exe 26
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\SZGefsAYXZ_Tadexax2223.js1⤵
- Blocklisted process makes network request
- Drops startup file
- Suspicious use of WriteProcessMemory
PID:1656 -
C:\Windows\System32\wscript.exe"C:\Windows\System32\wscript.exe" //B "C:\Users\Admin\AppData\Roaming\DrKzuLzfJN.js"2⤵PID:1128
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
18KB
MD56603a31cf804b8bfc789e62685a39291
SHA10d3918e67b92a5ced1a9ec8bc30d3103c53b1201
SHA256a2d293790800a34a0b959815f28bc8cc8e1dea3729699936a710aed4fd8d0193
SHA51277c5ff393d6e1485e3e41b4535f4fc58078f45f585f0b9ad515e0efa5b1796337ca40fe946aff5dd9c71cabd2442c69a828e237a039d10908192933f01f0854f