150e01116bc6354164fc5862227bc6001df7b302c2aa0acaf09daf63873582b8

Analysis

max time kernel
123s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
26/10/2022, 16:11

Target

Ac No 953479300 Pending Account deposit transactions.js
Size

5.1MB
MD5

4a4fd370649b597272d5624b03c30c33
SHA1

1aa9d85a1d3eea80fd4b26ef4dd96ffb245dfafe
SHA256

fa08096fe72f46bc0ffe5abf01a62ade7d49d3c6a67a16d5e7e43c440b1a64bd
SHA512

66f29afa8c6feb9ae2db6a6c3ec147fd48290140ac4ae64c78eef8dd3f079566fa67b2c062c3b6604ec8191bc82947c92f638aec0cc4167a3e60b610085dd6ad
SSDEEP

49152:jHgbFBnA2o0SDlM6kvVWQWJZ/+w2e+wV2SSNswXx7NFjmTh9OX8oGEtmCWhSbXO2:c

Score

8^/10

Blocklisted process makes network request 4 IoCs

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Ac No 953479300 Pending Account deposit transactions.js"
1⤵
- Blocklisted process makes network request
PID:5040

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact