Overview

overview

1

Static

static

1

f_0076d0.js

windows7-x64

1

f_0076d0.js

windows10-2004-x64

1

Resubmissions

28-06-2023 15:36

230628-s1v9jsbb5v 4

28-06-2023 15:14

230628-smjzcsba9w 5

28-06-2023 14:47

230628-r5x39saa64 1

Analysis

  • max time kernel
    255s
  • max time network
    259s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230621-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-06-2023 14:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f_0076d0.js

  • Size

    35KB

  • MD5

    2ecbe272a31befb5fb4cef797f08809f

  • SHA1

    7aeaf15cb3534a69aad834ec47da0a57ca454eec

  • SHA256

    80351dba116819f679547775b760ecda97aa51bc42e703716c66383bcce7d6ac

  • SHA512

    4470c79d14201f8c5b0c36afc068dc71dad8b60e88c070320eff3954533087fa93e8955a66203a5b03d902a63b71c0d4755e004e97bc7c3b2c0233ccf265edbd

  • SSDEEP

    768:XRthFKqBcSwFRPDABPr1TNaD6CZ92zdk4Qji:PCATwDyj1TNaD6CZ92zdk4Qji

Score
1/10

Malware Config

Signatures

  • Modifies registry class 1 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 47 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\f_0076d0.js
    1⤵
      PID:4412
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:1192
      • C:\Windows\system32\OpenWith.exe
        C:\Windows\system32\OpenWith.exe -Embedding
        1⤵
        • Modifies registry class
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2228
        • C:\Windows\system32\NOTEPAD.EXE
          "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\f_0076d0.js
          2⤵
          • Opens file in notepad (likely ransom note)
          PID:4632

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads