Overview

overview

10

Static

static

1

Doc49870477302203.js

windows7-x64

3

Doc49870477302203.js

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    43s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    22/03/2023, 07:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Doc49870477302203.js

  • Size

    363KB

  • MD5

    92764f45d45e4df159ebd139e2c6619c

  • SHA1

    7ef9907dd1c4b29df121133f0c31d720d806d0b6

  • SHA256

    91bc3eed793940f46537c8690c61c496021d8e68bfb016d8d4c390eab8e0e4b7

  • SHA512

    33f49c8f3a16db9bd3de072055baeb8f6966aad82bbbfa5281a6a204ac49216c8bff6008b13f3cbee60e6b7d16d2609b35a18b99939f745a689cf55c6c14fae1

  • SSDEEP

    6144:GQrM9UP/tCo8jc9p2vrXoEyykCSghKHyi6NhPTstoHL:NTD+/Rkjmnio7Kor

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\Doc49870477302203.js
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2032
    • C:\Program Files\Java\jre7\bin\javaw.exe
      "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\bmjspzwfxn.txt"
      2⤵
        PID:944

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\bmjspzwfxn.txt
      Filesize

      164KB

      MD5

      f02861314a99a6cd2995ac5e5313a855

      SHA1

      c4beec880e8e626d2c600db933165dd95581a339

      SHA256

      f1744458058b496f511390a9622b126bc74ae949392811a1b92ed6401f08dee6

      SHA512

      92603940c2fbc73f6723284510a65d800904604ce2278d9d83985a725265225ce6ca85bf09712a5f528de45c779b2366034e4b8d393150648785585539ffec1b

      Download Submit

    • memory/944-65-0x0000000000310000-0x0000000000311000-memory.dmp

      Filesize

      4KB

      Download

    • memory/944-66-0x0000000000310000-0x0000000000311000-memory.dmp

      Filesize

      4KB

      Download

    • memory/944-68-0x0000000000310000-0x0000000000311000-memory.dmp

      Filesize

      4KB

      Download