Overview

overview

10

Static

static

1

Payment proof.js

windows7-x64

1

Payment proof.js

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    40s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    30/03/2023, 17:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Payment proof.js

  • Size

    213KB

  • MD5

    311ef1f6a6172d92cc3e25ef956da75b

  • SHA1

    6dc2284e6668d462a3122e924b88fc1cdf28b07d

  • SHA256

    0df05fb645c21efe2ca3d955b82e24369238355bcd54f593ba8643b639a543af

  • SHA512

    c05343a9a33b834facb96a5119424a46f5e41d13cb30e148056cd47ab29b24f624eba3c16724f148ebbd543a7f5c81fe07148dd46b4d3c3df0eefe23815bec75

  • SSDEEP

    3072:GQyejZErck/3o6u5KyLpR7OaaEZERx4Rzt2OeMHuK3xM3pqBw/4wohXG0RFA:GQyTrC5K2pR7OaHZyxGXIy0k2uA

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe "C:\Users\Admin\AppData\Local\Temp\Payment proof.js"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1208
    • C:\Program Files\Java\jre7\bin\javaw.exe
      "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\ibqcxglisv.txt"
      2⤵
        PID:2028

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\ibqcxglisv.txt
      Filesize

      92KB

      MD5

      391907cc91179ada8c93dfb70cf2fa56

      SHA1

      da55acbf6aafe2f376bf4ebd3ff8fbf99cf4966d

      SHA256

      20ad6197b8d0b6b2764f90ef38bace3e230cb2878db9a30778db0e4ef042a039

      SHA512

      931c419c6fff67cc0973eaa67c771aafa573ad5875b1db93ed4ec52e1f20f7e567a0f7c44d916de1d8e77407fe83eb2418fc9c0ba457bd05ef1f742bc4ed0afc

      Download Submit

    • memory/2028-65-0x0000000000220000-0x0000000000221000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2028-66-0x0000000000220000-0x0000000000221000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2028-93-0x0000000000220000-0x0000000000221000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2028-95-0x0000000000220000-0x0000000000221000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2028-97-0x0000000000220000-0x0000000000221000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2028-111-0x0000000000220000-0x0000000000221000-memory.dmp

      Filesize

      4KB

      Download