Overview

overview

3

Static

static

Voicemail ...ion.js

windows7-x64

3

Voicemail ...ion.js

windows10-2004-x64

1

Analysis

  • max time kernel
    163s
  • max time network
    162s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    16/09/2022, 20:10

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Voicemail Audio Transcription.js

  • Size

    10KB

  • MD5

    8f321ab4d17b0cfc25f5d0c3564e69ae

  • SHA1

    5ad4e803165f3429f8897670dd027fbc0d60012a

  • SHA256

    1862c1ff2997083a164df50beaf2655d07e69aa4a281a93d0a3dbbabedfab55d

  • SHA512

    461fed457319fbb4743df7e12ec67c3da138b578c6e2a201790e0e47dea17200a6471100d31856380e73d06d6f9865367bf0101795efc7b446efbb3d23b8c710

  • SSDEEP

    192:tA+hY4T/OxZ7VWgMLwAQxPKdvEFJwwwwbkAIxVNvsqECEPPPKFTdiG9QPW7HVV+x:PS4rOP7VjKelqzXHI

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe "C:\Users\Admin\AppData\Local\Temp\Voicemail Audio Transcription.js"
    1⤵
      PID:1964
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:1440
      • C:\Windows\system32\AUDIODG.EXE
        C:\Windows\system32\AUDIODG.EXE 0x468
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:1768
      • C:\Windows\system32\rundll32.exe
        "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Voicemail Audio Transcription.js
        1⤵
        • Modifies registry class
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of WriteProcessMemory
        PID:1580
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Voicemail Audio Transcription.js
          2⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:988
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:988 CREDAT:275457 /prefetch:2
            3⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:752

      Network

            MITRE ATT&CK Enterprise v6

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
              Filesize

              60KB

              MD5

              6c6a24456559f305308cb1fb6c5486b3

              SHA1

              3273ac27d78572f16c3316732b9756ebc22cb6ed

              SHA256

              efc3c579bd619ceab040c4b8c1b821b2d82c64fddd9e80a00ec0d7f6577ed973

              SHA512

              587d4a9175a6aa82cd8bb1c11ca6508f95cd218f76ac322ddbd1bc7146a0e25f8937ee426a6fb0fb0bb045cedb24d8c8a9edfe9f654112f293d8701220f726b4

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
              Filesize

              1KB

              MD5

              a266bb7dcc38a562631361bbf61dd11b

              SHA1

              3b1efd3a66ea28b16697394703a72ca340a05bd5

              SHA256

              df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

              SHA512

              0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              304B

              MD5

              14d228ebfccf6f8934d42526461ff0ca

              SHA1

              973e14209d4dbe8dd156030479e6921399b67298

              SHA256

              a78c69daffcbdf83813d0707f2dd0c85038316c8e1f4bc59ff1d0b434fd3318e

              SHA512

              01fe92416509b6245103038d0ddfeefab81db9011403bdc698c807900edd9736de855d60d216adf502c9a542ec70e4c139689a5e2fe2bc6b406c73f92a5b8e5c

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              304B

              MD5

              378ccede5c7f656500685819fdff3acc

              SHA1

              771b0e716acba8df3fe153407f5ccd0506e3d674

              SHA256

              4cc0b9c1fcabb8d52d5036bb067e100232e637c9e904e9fc6db9a1ecac49d0e9

              SHA512

              207608e515220b47c3cde2d934c6fa09999415184ba8b3284c7e78bf77ab310ca66f2e71b83674c1ad31a0d24d61c2976460ff5f8355c64ab3fc0f4b4170ecba

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
              Filesize

              242B

              MD5

              fc6655aa18eb160efeb5c69209c1e9d4

              SHA1

              9af57d1efa52060f35fc993b26338cd8ba0e1bf5

              SHA256

              1c420482a2c3e43669ccd9850401c570096052c3dadc2fb0853646f77e2d6065

              SHA512

              08b641e72eab2a3db6415e372c4aed17b9a158c63f7c39f85d9a6609d617f5ab46e663019cd500444acfab36a22239c8e37215b52ac37add9210ee27e8a068bd

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\E6TWFYCH.txt
              Filesize

              608B

              MD5

              7af4264a741e8957babbf503a505e749

              SHA1

              d80282a7a30e2b21849c2a7a623cb5ed97605edb

              SHA256

              97d5a140d35900678262a1c554f8eb5dc4f615f0ac995e6b289b36911672cbb2

              SHA512

              56df4c6b0b732bf4464dd15d3b30dd5b2d0b2bf7ee69a4fabede31447d73784a10f7612d0f301ec4095ebdbbb4aca7ac37e5cf38457718588b8c4ac36de9b85c

              Download Submit

            • memory/1440-54-0x000007FEFBFE1000-0x000007FEFBFE3000-memory.dmp

              Filesize

              8KB

              Download