Overview
overview
10Static
static
1FACTURA_1714631916.js
windows7-x64
10FACTURA_1714631916.js
windows10-2004-x64
10FACTURA_1478723101.js
windows7-x64
10FACTURA_1478723101.js
windows10-2004-x64
10FACTURA_3104517939.js
windows7-x64
10FACTURA_3104517939.js
windows10-2004-x64
10FACTURA_50862162.js
windows7-x64
10FACTURA_50862162.js
windows10-2004-x64
10PDF20218238767362.js
windows7-x64
10PDF20218238767362.js
windows10-2004-x64
10FACTURA_1324819148.js
windows7-x64
10FACTURA_1324819148.js
windows10-2004-x64
10PDF247791026727441.js
windows7-x64
10PDF247791026727441.js
windows10-2004-x64
101258293779...be.zip
windows7-x64
11258293779...be.zip
windows10-2004-x64
11258293779...d8.zip
windows7-x64
11258293779...d8.zip
windows10-2004-x64
11258293779...22.zip
windows7-x64
11258293779...22.zip
windows10-2004-x64
11258293779...af.zip
windows7-x64
11258293779...af.zip
windows10-2004-x64
11258293779...6b.zip
windows7-x64
11258293779...6b.zip
windows10-2004-x64
11258293779...0b.zip
windows7-x64
11258293779...0b.zip
windows10-2004-x64
11258293779...25.zip
windows7-x64
11258293779...25.zip
windows10-2004-x64
11258293779...13.zip
windows7-x64
11258293779...13.zip
windows10-2004-x64
11258293779...e2.zip
windows7-x64
11258293779...e2.zip
windows10-2004-x64
1Analysis
-
max time kernel
90s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system -
submitted
27/10/2023, 11:04
Static task
static1
Behavioral task
behavioral1
Sample
FACTURA_1714631916.js
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
FACTURA_1714631916.js
Resource
win10v2004-20231023-en
Behavioral task
behavioral3
Sample
FACTURA_1478723101.js
Resource
win7-20231020-en
Behavioral task
behavioral4
Sample
FACTURA_1478723101.js
Resource
win10v2004-20231020-en
Behavioral task
behavioral5
Sample
FACTURA_3104517939.js
Resource
win7-20231025-en
Behavioral task
behavioral6
Sample
FACTURA_3104517939.js
Resource
win10v2004-20231020-en
Behavioral task
behavioral7
Sample
FACTURA_50862162.js
Resource
win7-20231023-en
Behavioral task
behavioral8
Sample
FACTURA_50862162.js
Resource
win10v2004-20231023-en
Behavioral task
behavioral9
Sample
PDF20218238767362.js
Resource
win7-20231020-en
Behavioral task
behavioral10
Sample
PDF20218238767362.js
Resource
win10v2004-20231023-en
Behavioral task
behavioral11
Sample
FACTURA_1324819148.js
Resource
win7-20231023-en
Behavioral task
behavioral12
Sample
FACTURA_1324819148.js
Resource
win10v2004-20231020-en
Behavioral task
behavioral13
Sample
PDF247791026727441.js
Resource
win7-20231020-en
Behavioral task
behavioral14
Sample
PDF247791026727441.js
Resource
win10v2004-20231025-en
Behavioral task
behavioral15
Sample
12582937793/b88e361f5db949317650956480502f6391359798fd85c0341c8c43c30fc361be.zip
Resource
win7-20231023-en
Behavioral task
behavioral16
Sample
12582937793/b88e361f5db949317650956480502f6391359798fd85c0341c8c43c30fc361be.zip
Resource
win10v2004-20231023-en
Behavioral task
behavioral17
Sample
12582937793/c1158c88f7951a14ff2436e679719e1b57d56002f1050b340b1fdd9bf37ee4d8.zip
Resource
win7-20231023-en
Behavioral task
behavioral18
Sample
12582937793/c1158c88f7951a14ff2436e679719e1b57d56002f1050b340b1fdd9bf37ee4d8.zip
Resource
win10v2004-20231020-en
Behavioral task
behavioral19
Sample
12582937793/ccd10d0c856a95beeffdd47f9e6530e71f23b2f3700c6fa609acfe262d5f1522.zip
Resource
win7-20231020-en
Behavioral task
behavioral20
Sample
12582937793/ccd10d0c856a95beeffdd47f9e6530e71f23b2f3700c6fa609acfe262d5f1522.zip
Resource
win10v2004-20231020-en
Behavioral task
behavioral21
Sample
12582937793/cea14b7d1bffe66e3139930602537416b723f2b685e08d5680fc677c5730d4af.zip
Resource
win7-20231025-en
Behavioral task
behavioral22
Sample
12582937793/cea14b7d1bffe66e3139930602537416b723f2b685e08d5680fc677c5730d4af.zip
Resource
win10v2004-20231023-en
Behavioral task
behavioral23
Sample
12582937793/cfd9efc4bcffd83c78da7165035918144b394a79b2fb60305f8993e35ee2986b.zip
Resource
win7-20231023-en
Behavioral task
behavioral24
Sample
12582937793/cfd9efc4bcffd83c78da7165035918144b394a79b2fb60305f8993e35ee2986b.zip
Resource
win10v2004-20231023-en
Behavioral task
behavioral25
Sample
12582937793/d0fd7e32bf5ce2e1781ad484e03644d58122912eb5b88de3ffbf3fa12d09c80b.zip
Resource
win7-20231023-en
Behavioral task
behavioral26
Sample
12582937793/d0fd7e32bf5ce2e1781ad484e03644d58122912eb5b88de3ffbf3fa12d09c80b.zip
Resource
win10v2004-20231025-en
Behavioral task
behavioral27
Sample
12582937793/da6db77248718ea9cb22ea8b99d3030aa2838d241fdd2f64dbaaf60b02903f25.zip
Resource
win7-20231023-en
Behavioral task
behavioral28
Sample
12582937793/da6db77248718ea9cb22ea8b99d3030aa2838d241fdd2f64dbaaf60b02903f25.zip
Resource
win10v2004-20231020-en
Behavioral task
behavioral29
Sample
12582937793/da9a74db58c63c627e43a42e4b1f368cd13a34795e185414283393b9a4dcb813.zip
Resource
win7-20231020-en
Behavioral task
behavioral30
Sample
12582937793/da9a74db58c63c627e43a42e4b1f368cd13a34795e185414283393b9a4dcb813.zip
Resource
win10v2004-20231020-en
Behavioral task
behavioral31
Sample
12582937793/df041e0c1f5e2a8cbdf2b7c77c21cc8892a010172ee77ce9b1f63629e0fd9ee2.zip
Resource
win7-20231023-en
Behavioral task
behavioral32
Sample
12582937793/df041e0c1f5e2a8cbdf2b7c77c21cc8892a010172ee77ce9b1f63629e0fd9ee2.zip
Resource
win10v2004-20231023-en
General
-
Target
PDF20218238767362.js
-
Size
1.0MB
-
MD5
0ab8b08e9c92bf1405755833d9409a95
-
SHA1
9fbf7143a55c83845815502c413e9eecdd74677e
-
SHA256
1e81b9479b419372da9ef8ce7f50a98becc218c8605f09d034a5a6514e86f607
-
SHA512
7e4d91c77087433209f8f74573e10d6a05ad951b48c5fc6ce15aba8b36252110a97b9747b9b47bbf549e372e45eb599afc1ca6425536f7617fa0a67f5145eb13
-
SSDEEP
24576:/Mue2z3xX0/FjN6zti4z33C+MnqHKYRtZl53M:Lq
Malware Config
Extracted
strela
91.215.85.209
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\Control Panel\International\Geo\Nation wscript.exe -
Loads dropped DLL 1 IoCs
pid Process 4188 rundll32.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 1800 wrote to memory of 2144 1800 wscript.exe 87 PID 1800 wrote to memory of 2144 1800 wscript.exe 87 PID 2144 wrote to memory of 5072 2144 cmd.exe 89 PID 2144 wrote to memory of 5072 2144 cmd.exe 89 PID 2144 wrote to memory of 2876 2144 cmd.exe 93 PID 2144 wrote to memory of 2876 2144 cmd.exe 93 PID 2144 wrote to memory of 4188 2144 cmd.exe 94 PID 2144 wrote to memory of 4188 2144 cmd.exe 94
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\PDF20218238767362.js1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:1800 -
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /k copy "C:\Users\Admin\AppData\Local\Temp\PDF20218238767362.js" "C:\Users\Admin\AppData\Local\Temp\\elgpvcoofzyvljjpmnhzjzntuhqdoioxguuxqugubrmewgacih.bat" && "C:\Users\Admin\AppData\Local\Temp\\elgpvcoofzyvljjpmnhzjzntuhqdoioxguuxqugubrmewgacih.bat"2⤵
- Suspicious use of WriteProcessMemory
PID:2144 -
C:\Windows\system32\findstr.exefindstr /V rmoulbhzypessjkwzujxsjanxvefrotukiloadqzppmwujgzdf ""C:\Users\Admin\AppData\Local\Temp\\elgpvcoofzyvljjpmnhzjzntuhqdoioxguuxqugubrmewgacih.bat""3⤵PID:5072
-
-
C:\Windows\system32\certutil.execertutil -f -decode iexbhpcchrxfgymholozzfrmmegxsjewaupjcikfkdoipnpzpi xrnrdhheniuijyhhuyzkxxkrlapoxfdhpnjhzgohfgecpyjrxq.dll3⤵PID:2876
-
-
C:\Windows\system32\rundll32.exerundll32 xrnrdhheniuijyhhuyzkxxkrlapoxfdhpnjhzgohfgecpyjrxq.dll,x3⤵
- Loads dropped DLL
PID:4188
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.0MB
MD50ab8b08e9c92bf1405755833d9409a95
SHA19fbf7143a55c83845815502c413e9eecdd74677e
SHA2561e81b9479b419372da9ef8ce7f50a98becc218c8605f09d034a5a6514e86f607
SHA5127e4d91c77087433209f8f74573e10d6a05ad951b48c5fc6ce15aba8b36252110a97b9747b9b47bbf549e372e45eb599afc1ca6425536f7617fa0a67f5145eb13
-
Filesize
1.0MB
MD50ab8b08e9c92bf1405755833d9409a95
SHA19fbf7143a55c83845815502c413e9eecdd74677e
SHA2561e81b9479b419372da9ef8ce7f50a98becc218c8605f09d034a5a6514e86f607
SHA5127e4d91c77087433209f8f74573e10d6a05ad951b48c5fc6ce15aba8b36252110a97b9747b9b47bbf549e372e45eb599afc1ca6425536f7617fa0a67f5145eb13
-
Filesize
1023KB
MD5333e4540d003b671b0fab4bf108dfcc4
SHA1bc3025b87eebd678e622955f6306fd5ce768e94a
SHA256177fa2cfda97c4fd97f41b742e0ae0d5742c91d6c31fbce9b276e4b8fe5788f7
SHA512f4498a3c1df15c426c381faa1c549549418061539ad4b87b20f7d996af1a7a599ddb36d05f650c28412e07d1d38d348d44afa2a94f604bed16ac5bf858ac988a
-
Filesize
763KB
MD50a7d89eb1cc9ed86183d6cc08c004ba3
SHA16a12bbfa326dd92c5118ed07536fb8908ccc4d02
SHA25673621fdd560b242fdb88c777b08e942701cba31df0954781702891879812caf8
SHA51275317829ce34323f57898187532ac4424ab9d2271a3007453f5049390f21059a181bf5ce37b5f237290cb3da62789ee54a5efa0c9fc04b3dd4ffc2efbe5c3e1c
-
Filesize
763KB
MD50a7d89eb1cc9ed86183d6cc08c004ba3
SHA16a12bbfa326dd92c5118ed07536fb8908ccc4d02
SHA25673621fdd560b242fdb88c777b08e942701cba31df0954781702891879812caf8
SHA51275317829ce34323f57898187532ac4424ab9d2271a3007453f5049390f21059a181bf5ce37b5f237290cb3da62789ee54a5efa0c9fc04b3dd4ffc2efbe5c3e1c