dc67671de99ae3869d0b5187f2a1abbe4ebf4b55f27802b6c87ab0709ba7f6b8

Analysis

max time kernel
148s
max time network
82s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
18/04/2023, 10:24

Target

DOC876524589078532.js
Size

423KB
MD5

5a57d01573a7ecf539096cf5101186bc
SHA1

3b40d8c5eeb6b507b9a0ecb2ca8c7b7b6240c575
SHA256

dc67671de99ae3869d0b5187f2a1abbe4ebf4b55f27802b6c87ab0709ba7f6b8
SHA512

10b381809d01509be0975f8383a52059e2c22f66d0ab9c8fd3997a9111b2a4dc59f2870327d154480a2ec41a4678764814c9ed4f3f1920abb372294dc60a51b6
SSDEEP

6144:QQ2sw+dWdfGvVAEDxp6JsSEHfKDf7C4R4Pm3VfI25pauoP2K95mjweU9Ckkp8S9v:TDVefIy8qf7CE4wfpiHebL9myeBq

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 896	1992	wscript.exe	28
PID 1992 wrote to memory of 896	1992	wscript.exe	28
PID 1992 wrote to memory of 896	1992	wscript.exe	28

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\DOC876524589078532.js
1⤵
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Program Files\Java\jre7\bin\javaw.exe
  "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\ckdpcwtjjo.txt"
  2⤵
  PID:896

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Roaming\ckdpcwtjjo.txt

Filesize
209KB

MD5
1b90bf0bc0f83fe4bf934a403db53723

SHA1
6dd965d63e63ef8735f37f751cbd998fa7440f45

SHA256
cc401dac6f09b9864248d7985a1efc5e239d6131ed25bd98c6e0511cf00270cc

SHA512
7bc0b5c38cc07eafc83764776140a495809024fe737bc41d8ac25f23a5309c079d08a98250f518a261ec88359716be60a505133e81179d76b1ee0586f56bc4de

Download Submit
memory/896-65-0x00000000000A0000-0x00000000000A1000-memory.dmp

Filesize
4KB

Download
memory/896-72-0x00000000000A0000-0x00000000000A1000-memory.dmp

Filesize
4KB

Download
memory/896-76-0x00000000000A0000-0x00000000000A1000-memory.dmp

Filesize
4KB

Download
memory/896-84-0x00000000000A0000-0x00000000000A1000-memory.dmp

Filesize
4KB

Download
memory/896-85-0x00000000000A0000-0x00000000000A1000-memory.dmp

Filesize
4KB

Download
memory/896-87-0x00000000000A0000-0x00000000000A1000-memory.dmp

Filesize
4KB

Download
memory/896-89-0x00000000000A0000-0x00000000000A1000-memory.dmp

Filesize
4KB

Download
memory/896-105-0x00000000000A0000-0x00000000000A1000-memory.dmp

Filesize
4KB

Download