28d5a3837de55527eeb13e131583796a4bb92a7b3311774c078358c444e02156

Analysis

max time kernel
599s
max time network
601s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
05/10/2022, 11:40

Target

7022902165 Pending Account deposit transactions.js
Size

3.9MB
MD5

11fc41291d789ab2408d2da9dda5b131
SHA1

75d78689b62c30dda18364f120b8cb7e7468e308
SHA256

a92fcbf5d000d79e0dc176eb0149f56c048184c62870dec17d23caf87cb4b224
SHA512

68713b9ee337a1accd9ef3a6e2a17f13c652b4e38fd57f1e1df852a5b34a651048993032328ef68810c99c5cb7b5bd7251b96c9407da58a7c0c829c6dd36cfbb
SSDEEP

24576:XcB+QSz1zzoYhevL2ckpRBk13cFOz0nY5ba1vBq+gei8fprwgma6j+yo8rNbR6kM:X5BIE

Score

8^/10

Blocklisted process makes network request 19 IoCs

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\7022902165 Pending Account deposit transactions.js"
1⤵
- Blocklisted process makes network request
PID:2584

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact