3a28e9cd293456001a3a7be5c937c26a03270df07c0576e48859f3a1941aa104 | Triage

Resubmissions

28-06-2023 15:36

230628-s1v9jsbb5v 4

28-06-2023 15:14

230628-smjzcsba9w 5

28-06-2023 14:47

230628-r5x39saa64 1

Analysis

max time kernel
1162s
max time network
975s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
28-06-2023 15:14

Sharing

Report Analysis Logs

General

Target

f_0076d0.js
Size

35KB
MD5

2ecbe272a31befb5fb4cef797f08809f
SHA1

7aeaf15cb3534a69aad834ec47da0a57ca454eec
SHA256

80351dba116819f679547775b760ecda97aa51bc42e703716c66383bcce7d6ac
SHA512

4470c79d14201f8c5b0c36afc068dc71dad8b60e88c070320eff3954533087fa93e8955a66203a5b03d902a63b71c0d4755e004e97bc7c3b2c0233ccf265edbd
SSDEEP

768:XRthFKqBcSwFRPDABPr1TNaD6CZ92zdk4Qji:PCATwDyj1TNaD6CZ92zdk4Qji

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 8 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{737E68F7-0C12-40D2-95BC-24F9D980E284}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{AB303E7B-73B7-443F-9E29-A86C7795E814}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{A834BD30-7A49-4C3E-A293-0CC1F07BFE90}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{49E4C408-B10F-4B1B-B914-3D2B818D14F9}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{2152F164-96F0-47A3-B7E3-E2F6C4E690B8}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{7CF37985-CA3D-46AB-88EA-BE652A55FEE9}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{6A67F305-9497-43CE-BCC5-8A7D4C59F5C7}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{F55513A1-3E63-4F16-A0D9-1E000104088F}.catalogItem	svchost.exe

Opens file in notepad (likely ransom note) 1 IoCs

pid	Process
2472	Notepad.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2472	Notepad.exe
2472	Notepad.exe

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\f_0076d0.js
1⤵
PID:4416

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3140

C:\Windows\System32\Notepad.exe
"C:\Windows\System32\Notepad.exe" C:\Users\Admin\AppData\Local\Temp\f_0076d0.js
1⤵
- Opens file in notepad (likely ransom note)
- Suspicious use of FindShellTrayWindow
PID:2472

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
1⤵
- Drops file in System32 directory
PID:840

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads