Overview

overview

8

Static

static

1

update.js.zip

windows10-1703-x64

8

Resubmissions

20/03/2023, 22:43

230320-2nhblahf7w 8

20/03/2023, 22:32

230320-2gexwsff59 8

Analysis

  • max time kernel
    287s
  • max time network
    289s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    20/03/2023, 22:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    update.js.zip

  • Size

    2KB

  • MD5

    b46efe724ebb321a9626878c80595ace

  • SHA1

    9e174cebb1efad2b42bea1f07294df35b5cad424

  • SHA256

    94573626d8a55e36338c1c64269c4288d5822caf32d3a5fec3c943f47c22deb4

  • SHA512

    dc659cc85d2f409d9692bfd1cbb603005b8ea39c9e587a000d2b616be8d7fe97e100b70b25ce06ea1c2a7ca1eb979d2c9b765130096d6b338958eb001fc0951f

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 6 IoCs
  • Modifies registry class 1 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 13 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\update.js.zip
    1⤵
      PID:372
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:2328
      • C:\Windows\System32\WScript.exe
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\update.js"
        1⤵
        • Blocklisted process makes network request
        PID:4044
      • C:\Windows\System32\WScript.exe
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\update.js"
        1⤵
        • Blocklisted process makes network request
        PID:1636
      • C:\Windows\system32\OpenWith.exe
        C:\Windows\system32\OpenWith.exe -Embedding
        1⤵
        • Modifies registry class
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4376
        • C:\Windows\system32\NOTEPAD.EXE
          "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\update.js
          2⤵
          • Opens file in notepad (likely ransom note)
          PID:708

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
        Filesize

        1KB

        MD5

        0e9bbbcdeeddd8a68974915da109faeb

        SHA1

        db4f2364478d74de07496e798c6f3e69cf8bc2f6

        SHA256

        27d8957473ad03207de3ea82b2693c6dc2991af29ed20f8217e82447cfab412e

        SHA512

        704d2d093d78201044644c7851f2caa3090be500be53121a80d3b76ef506ed6ae780e3493e93ac2bfa6c73f3789190737eec69f4932a0e23249e4b43fa31ee2e

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_03D1B482EE3032A122274428715A4E19
        Filesize

        978B

        MD5

        0a686fb6d14c9a3c840060ae438eece6

        SHA1

        ac0fe4983e34ffa395936cfe367589fe8cb81db0

        SHA256

        fa1fa0514b252b4aa933b86a112cd93b73daa6f8e296dbd5a694babbe162a556

        SHA512

        8f17577632a9daf9ee88d196b2a0e16e9a866bf44498a7dbd63257c8d4b257f5072c96bf9bb535c40659a8cb522e0261d17eb6f84c854425c78c1ef9b5bf4d48

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DC0295DF88CEB332ABF57D83EC6C6170
        Filesize

        315B

        MD5

        86811750c814c99a2c8521b8d570ceb1

        SHA1

        53ff44c271c3709d11fec4c1983a5cb7c4c56d63

        SHA256

        eed14ce504d74b60c7651f5aed5f3c99359a2c81aece867d106936476d2a8d58

        SHA512

        2e7c389ebdef71679185fa031f68ad3d5b2d4b5cd78e1930fec67ece683569ad12fee77c5b3bfef1f2f942c322a048b875a21fd7ca44f522f7270315f6dffbdf

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
        Filesize

        482B

        MD5

        37248a00ef40b5bb93a1bd786340da92

        SHA1

        e46dea2632afa9b3d5b59507d1daeaed7f02b520

        SHA256

        287a499acbd4b736157b6e91ca3856af74222655bdda1dfc67765ebe309a8f68

        SHA512

        1284450e9defe003888ba729e7e06cd162737d08c78902d0564e4167540fba91ccb42547787b2678c3ba2157adf42f4473d9bc75f58b6de49df5cd808da24474

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_03D1B482EE3032A122274428715A4E19
        Filesize

        484B

        MD5

        434f976d306976fb127144c17aff7d9f

        SHA1

        6dff8f998e00e38feb7a5074f81eb0ecc1f1de4e

        SHA256

        3edec94be0c97c42328e41f977c2411cc467b366fd34338aa84c2d246d467ad2

        SHA512

        3097f0ba5e7dcfb35a1571ba532c0365e2ba6c0ac43262aaaa5a69b2fecdb8b8628ebf264da247ab1bce63c58f395136fcceaad6b9d8c91da1e015369c9f5b6c

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DC0295DF88CEB332ABF57D83EC6C6170
        Filesize

        512B

        MD5

        5f152b65da6a5a5b279df04e4604e2ba

        SHA1

        fc5fb57329f466913df3b29cfdf1c17952f7cc31

        SHA256

        bd1c53c53e1e2d3dca9ee167eb01b7c145f2813ea2bd65d093d7ab07841f1d54

        SHA512

        96760253a0f03d6852cdd2aff2daace255e490e64235d503a8378569225a81e013b365f1a6dbbbf9609c7d2bb576b46072d28254f68ae56c4ec771e6d1cfe027

        Download Submit