Analysis
-
max time kernel
149s -
max time network
157s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
11-10-2023 14:51
Static task
static1
Behavioral task
behavioral1
Sample
PAYMENT-9262023.js
Resource
win7-20230831-en
General
-
Target
PAYMENT-9262023.js
-
Size
293KB
-
MD5
f3b567669e8b937dc08bc81a2f7bf6ac
-
SHA1
383cc6008c5c78178e8e18611a7f4d4dea28d7f4
-
SHA256
24d1e734345b0206fd0c673cb5a98f876cf4392c79c5f5dc5237b61ca37afb7c
-
SHA512
6eb2ce7251af2a45a9b5c24e4e3674407a3648e56418c68c34476aed0d4a6cecf50bfe2584db7806e9030896708a66a4338dac8a1b50e8529a661bb724e5fc6a
-
SSDEEP
6144:R4xBc0zl1+gb1S04ipaJftEXWJcNjVe/510D4cgNO:ReBzCgbrPm6W+NVu10ccgY
Malware Config
Extracted
strrat
96.47.233.13:8454
-
license_id
7C80-HMCX-T9VH-K5QU-BQT2
-
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
-
scheduled_task
true
-
secondary_startup
true
-
startup
true
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
wscript.exedescription pid process target process PID 2548 wrote to memory of 3052 2548 wscript.exe java.exe PID 2548 wrote to memory of 3052 2548 wscript.exe java.exe PID 2548 wrote to memory of 3052 2548 wscript.exe java.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
219KB
MD5ee415321c29634b711dd60a761364aaa
SHA1f62440bcd9c9c2f5e41f289de239a263bf64286f
SHA256858723e08c08e1f795d8d99516b6c74571ceef624fd91c5b14cea7db982a758c
SHA512c7bffe51260280b98ed624d73374477e56e9a03cc1b1d181c9b1f6a3d6e6f5b7917d8594335d11f39759ad7b62e8ffa3a258d4ab4758a5d1aed6b7c4402b129e