d89d414f788968b51167e9020ea772fd1e869a5633604042185cc37c2056a20c

Analysis

max time kernel
150s
max time network
153s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
01-03-2023 07:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

42799223.js
Size

337KB
MD5

98852e60ba7c53901110f0b5252ca2e1
SHA1

75dd09aef979344a7a3980ef7a68dfc6af26d9f4
SHA256

d89d414f788968b51167e9020ea772fd1e869a5633604042185cc37c2056a20c
SHA512

e4b5b2c33cfffb4edc400ceb9ac0f079ccf12607fd161fa35f016192132f11081910e03da40f6759210f7f92b9b5967a21977dc20e5dd0722a03464a735ad274
SSDEEP

6144:GQlhss9OrDm+2FeaIPNIGNd3o6vjjJe+FW2wG1v2WOpsTA91:NzhwrDmzFgIGNdrjJ7hwGxA1

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1696 wrote to memory of 308	1696	wscript.exe	28
PID 1696 wrote to memory of 308	1696	wscript.exe	28
PID 1696 wrote to memory of 308	1696	wscript.exe	28

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\42799223.js
1⤵
- Suspicious use of WriteProcessMemory
PID:1696
- C:\Program Files\Java\jre7\bin\javaw.exe
  "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\tmyzkbtelg.txt"
  2⤵
  PID:308

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\tmyzkbtelg.txt

Filesize
164KB

MD5
ee0c894459d03d1cac9a1ffda9a7f424

SHA1
8cf7735a72d49cfcdb61f7dd2aee32ee05bdac59

SHA256
76ad6c02cae9447420bd4e3b74b580637fadf3a891be3e79750a68dd5b3b493c

SHA512
fee7e034dfe382130708bc4f422c1c710fe1a296519319741ab693178a1ea764c86dbf4c99f7bcd30598e633e81fb965412f81b4b4b093e80c96421e9f9286a5

Download Submit
memory/308-65-0x0000000001B40000-0x0000000001B41000-memory.dmp

Filesize
4KB

Download
memory/308-72-0x0000000001B40000-0x0000000001B41000-memory.dmp

Filesize
4KB

Download
memory/308-78-0x0000000001B40000-0x0000000001B41000-memory.dmp

Filesize
4KB

Download
memory/308-81-0x0000000001B40000-0x0000000001B41000-memory.dmp

Filesize
4KB

Download
memory/308-85-0x0000000001B40000-0x0000000001B41000-memory.dmp

Filesize
4KB

Download
memory/308-90-0x0000000001B40000-0x0000000001B41000-memory.dmp

Filesize
4KB

Download
memory/308-92-0x0000000001B40000-0x0000000001B41000-memory.dmp

Filesize
4KB

Download
memory/308-93-0x0000000001B40000-0x0000000001B41000-memory.dmp

Filesize
4KB

Download
memory/308-94-0x0000000001B40000-0x0000000001B41000-memory.dmp

Filesize
4KB

Download
memory/308-95-0x0000000001B40000-0x0000000001B41000-memory.dmp

Filesize
4KB

Download
memory/308-96-0x0000000001B40000-0x0000000001B41000-memory.dmp

Filesize
4KB

Download
memory/308-97-0x0000000001B40000-0x0000000001B41000-memory.dmp

Filesize
4KB

Download
memory/308-98-0x0000000001B40000-0x0000000001B41000-memory.dmp

Filesize
4KB

Download
memory/308-99-0x0000000001B40000-0x0000000001B41000-memory.dmp

Filesize
4KB

Download
memory/308-100-0x0000000001B40000-0x0000000001B41000-memory.dmp

Filesize
4KB

Download
memory/308-103-0x0000000001B40000-0x0000000001B41000-memory.dmp

Filesize
4KB

Download
memory/308-107-0x0000000001B40000-0x0000000001B41000-memory.dmp

Filesize
4KB

Download