Overview

overview

8

Static

static

Swift_TT_0...pdf.js

windows7-x64

8

Swift_TT_0...pdf.js

windows10-2004-x64

8

Analysis

  • max time kernel
    142s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    07-09-2022 15:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Swift_TT_00005092022_pdf.js

  • Size

    1.9MB

  • MD5

    c8110f7e0f3f71d4da6363a7f3a1448d

  • SHA1

    9d4713f0a916b89ec94876968bd7822b36d6eba6

  • SHA256

    8a9026e3443ea4e40687161628ec243e20d03962c2028f1f4d899d346376c1ee

  • SHA512

    e2185d5eee7b1edf0036b7d7d811a77ca6409325a79a196b7d7465f0294858152ea79c11d4c15c03a3cea4e00177219d340cc1b27f0adbcc443bfb2169cf5973

  • SSDEEP

    49152:BEp78m15fjjEaHv3+UTlbL275YMqahoXMBNFETXfe1kAqtgEB/z918WB9UobiGtQ:j

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\Swift_TT_00005092022_pdf.js
    1⤵
    • Blocklisted process makes network request
    PID:988

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads