Overview
overview
10Static
static
1FACTURA_1714631916.js
windows7-x64
10FACTURA_1714631916.js
windows10-2004-x64
10FACTURA_1478723101.js
windows7-x64
10FACTURA_1478723101.js
windows10-2004-x64
10FACTURA_3104517939.js
windows7-x64
10FACTURA_3104517939.js
windows10-2004-x64
10FACTURA_50862162.js
windows7-x64
10FACTURA_50862162.js
windows10-2004-x64
10PDF20218238767362.js
windows7-x64
10PDF20218238767362.js
windows10-2004-x64
10FACTURA_1324819148.js
windows7-x64
10FACTURA_1324819148.js
windows10-2004-x64
10PDF247791026727441.js
windows7-x64
10PDF247791026727441.js
windows10-2004-x64
101258293779...be.zip
windows7-x64
11258293779...be.zip
windows10-2004-x64
11258293779...d8.zip
windows7-x64
11258293779...d8.zip
windows10-2004-x64
11258293779...22.zip
windows7-x64
11258293779...22.zip
windows10-2004-x64
11258293779...af.zip
windows7-x64
11258293779...af.zip
windows10-2004-x64
11258293779...6b.zip
windows7-x64
11258293779...6b.zip
windows10-2004-x64
11258293779...0b.zip
windows7-x64
11258293779...0b.zip
windows10-2004-x64
11258293779...25.zip
windows7-x64
11258293779...25.zip
windows10-2004-x64
11258293779...13.zip
windows7-x64
11258293779...13.zip
windows10-2004-x64
11258293779...e2.zip
windows7-x64
11258293779...e2.zip
windows10-2004-x64
1Analysis
-
max time kernel
122s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20231023-en -
resource tags
arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system -
submitted
27/10/2023, 11:04
Static task
static1
Behavioral task
behavioral1
Sample
FACTURA_1714631916.js
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
FACTURA_1714631916.js
Resource
win10v2004-20231023-en
Behavioral task
behavioral3
Sample
FACTURA_1478723101.js
Resource
win7-20231020-en
Behavioral task
behavioral4
Sample
FACTURA_1478723101.js
Resource
win10v2004-20231020-en
Behavioral task
behavioral5
Sample
FACTURA_3104517939.js
Resource
win7-20231025-en
Behavioral task
behavioral6
Sample
FACTURA_3104517939.js
Resource
win10v2004-20231020-en
Behavioral task
behavioral7
Sample
FACTURA_50862162.js
Resource
win7-20231023-en
Behavioral task
behavioral8
Sample
FACTURA_50862162.js
Resource
win10v2004-20231023-en
Behavioral task
behavioral9
Sample
PDF20218238767362.js
Resource
win7-20231020-en
Behavioral task
behavioral10
Sample
PDF20218238767362.js
Resource
win10v2004-20231023-en
Behavioral task
behavioral11
Sample
FACTURA_1324819148.js
Resource
win7-20231023-en
Behavioral task
behavioral12
Sample
FACTURA_1324819148.js
Resource
win10v2004-20231020-en
Behavioral task
behavioral13
Sample
PDF247791026727441.js
Resource
win7-20231020-en
Behavioral task
behavioral14
Sample
PDF247791026727441.js
Resource
win10v2004-20231025-en
Behavioral task
behavioral15
Sample
12582937793/b88e361f5db949317650956480502f6391359798fd85c0341c8c43c30fc361be.zip
Resource
win7-20231023-en
Behavioral task
behavioral16
Sample
12582937793/b88e361f5db949317650956480502f6391359798fd85c0341c8c43c30fc361be.zip
Resource
win10v2004-20231023-en
Behavioral task
behavioral17
Sample
12582937793/c1158c88f7951a14ff2436e679719e1b57d56002f1050b340b1fdd9bf37ee4d8.zip
Resource
win7-20231023-en
Behavioral task
behavioral18
Sample
12582937793/c1158c88f7951a14ff2436e679719e1b57d56002f1050b340b1fdd9bf37ee4d8.zip
Resource
win10v2004-20231020-en
Behavioral task
behavioral19
Sample
12582937793/ccd10d0c856a95beeffdd47f9e6530e71f23b2f3700c6fa609acfe262d5f1522.zip
Resource
win7-20231020-en
Behavioral task
behavioral20
Sample
12582937793/ccd10d0c856a95beeffdd47f9e6530e71f23b2f3700c6fa609acfe262d5f1522.zip
Resource
win10v2004-20231020-en
Behavioral task
behavioral21
Sample
12582937793/cea14b7d1bffe66e3139930602537416b723f2b685e08d5680fc677c5730d4af.zip
Resource
win7-20231025-en
Behavioral task
behavioral22
Sample
12582937793/cea14b7d1bffe66e3139930602537416b723f2b685e08d5680fc677c5730d4af.zip
Resource
win10v2004-20231023-en
Behavioral task
behavioral23
Sample
12582937793/cfd9efc4bcffd83c78da7165035918144b394a79b2fb60305f8993e35ee2986b.zip
Resource
win7-20231023-en
Behavioral task
behavioral24
Sample
12582937793/cfd9efc4bcffd83c78da7165035918144b394a79b2fb60305f8993e35ee2986b.zip
Resource
win10v2004-20231023-en
Behavioral task
behavioral25
Sample
12582937793/d0fd7e32bf5ce2e1781ad484e03644d58122912eb5b88de3ffbf3fa12d09c80b.zip
Resource
win7-20231023-en
Behavioral task
behavioral26
Sample
12582937793/d0fd7e32bf5ce2e1781ad484e03644d58122912eb5b88de3ffbf3fa12d09c80b.zip
Resource
win10v2004-20231025-en
Behavioral task
behavioral27
Sample
12582937793/da6db77248718ea9cb22ea8b99d3030aa2838d241fdd2f64dbaaf60b02903f25.zip
Resource
win7-20231023-en
Behavioral task
behavioral28
Sample
12582937793/da6db77248718ea9cb22ea8b99d3030aa2838d241fdd2f64dbaaf60b02903f25.zip
Resource
win10v2004-20231020-en
Behavioral task
behavioral29
Sample
12582937793/da9a74db58c63c627e43a42e4b1f368cd13a34795e185414283393b9a4dcb813.zip
Resource
win7-20231020-en
Behavioral task
behavioral30
Sample
12582937793/da9a74db58c63c627e43a42e4b1f368cd13a34795e185414283393b9a4dcb813.zip
Resource
win10v2004-20231020-en
Behavioral task
behavioral31
Sample
12582937793/df041e0c1f5e2a8cbdf2b7c77c21cc8892a010172ee77ce9b1f63629e0fd9ee2.zip
Resource
win7-20231023-en
Behavioral task
behavioral32
Sample
12582937793/df041e0c1f5e2a8cbdf2b7c77c21cc8892a010172ee77ce9b1f63629e0fd9ee2.zip
Resource
win10v2004-20231023-en
General
-
Target
FACTURA_1324819148.js
-
Size
3.7MB
-
MD5
397ff04b5a64bd1f89b92819bb92e086
-
SHA1
94dbafbf953881732757956132c93b52b1940dfe
-
SHA256
3bdb2e4bada14fdda4b518959e9375814158b877516d2ff77ec8886a7926e28a
-
SHA512
7ed326a43bc2438162a931e9733db98e7beec5372516e1de06dd90b0e9c23b81962b8e83a60fefe8a5c4e620a04148e10e57f8dbb1666b6c9ca951041d17fd67
-
SSDEEP
24576:jRtZ2RUL9+dJsYsuxYSkF0TLnbwrOWOQQ65Hv3zRrqjCgQwnfAjSEF/RAHLn/dNX:CivQLeunEws8hrfUbU5
Malware Config
Extracted
strela
193.109.85.77
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 1468 regsvr32.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs
pid Process 1468 regsvr32.exe -
Suspicious use of WriteProcessMemory 14 IoCs
description pid Process procid_target PID 2216 wrote to memory of 2028 2216 wscript.exe 28 PID 2216 wrote to memory of 2028 2216 wscript.exe 28 PID 2216 wrote to memory of 2028 2216 wscript.exe 28 PID 2028 wrote to memory of 2080 2028 cmd.exe 30 PID 2028 wrote to memory of 2080 2028 cmd.exe 30 PID 2028 wrote to memory of 2080 2028 cmd.exe 30 PID 2028 wrote to memory of 2060 2028 cmd.exe 31 PID 2028 wrote to memory of 2060 2028 cmd.exe 31 PID 2028 wrote to memory of 2060 2028 cmd.exe 31 PID 2028 wrote to memory of 1468 2028 cmd.exe 32 PID 2028 wrote to memory of 1468 2028 cmd.exe 32 PID 2028 wrote to memory of 1468 2028 cmd.exe 32 PID 2028 wrote to memory of 1468 2028 cmd.exe 32 PID 2028 wrote to memory of 1468 2028 cmd.exe 32
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\FACTURA_1324819148.js1⤵
- Suspicious use of WriteProcessMemory
PID:2216 -
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /k copy "C:\Users\Admin\AppData\Local\Temp\FACTURA_1324819148.js" "C:\Users\Admin\AppData\Local\Temp\\farmossified.bat" && "C:\Users\Admin\AppData\Local\Temp\\farmossified.bat"2⤵
- Suspicious use of WriteProcessMemory
PID:2028 -
C:\Windows\system32\findstr.exefindstr /V pestcalculator ""C:\Users\Admin\AppData\Local\Temp\\farmossified.bat""3⤵PID:2080
-
-
C:\Windows\system32\certutil.execertutil -f -decode festivewaggish mournpastoral.dll3⤵PID:2060
-
-
C:\Windows\system32\regsvr32.exeregsvr32 mournpastoral.dll3⤵
- Loads dropped DLL
- Suspicious behavior: CmdExeWriteProcessMemorySpam
PID:1468
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.7MB
MD5397ff04b5a64bd1f89b92819bb92e086
SHA194dbafbf953881732757956132c93b52b1940dfe
SHA2563bdb2e4bada14fdda4b518959e9375814158b877516d2ff77ec8886a7926e28a
SHA5127ed326a43bc2438162a931e9733db98e7beec5372516e1de06dd90b0e9c23b81962b8e83a60fefe8a5c4e620a04148e10e57f8dbb1666b6c9ca951041d17fd67
-
Filesize
3.7MB
MD5397ff04b5a64bd1f89b92819bb92e086
SHA194dbafbf953881732757956132c93b52b1940dfe
SHA2563bdb2e4bada14fdda4b518959e9375814158b877516d2ff77ec8886a7926e28a
SHA5127ed326a43bc2438162a931e9733db98e7beec5372516e1de06dd90b0e9c23b81962b8e83a60fefe8a5c4e620a04148e10e57f8dbb1666b6c9ca951041d17fd67
-
Filesize
3.6MB
MD5341f3b9ea1746dff428bbc568ea0b6f5
SHA1d52dd921199ce7d5a95632dfc768bf4aa19c209c
SHA2565258b99c488332b011fcb6157de260a9e7fe439e05821e6995f795fb40f86067
SHA512694c402e9314c270a83f33f20ca478367e22de927edded69643e35c3ea968b75f8710549a9c2162a075dde05b8aa5f460fce507b740e12e061f0926eb05d229f
-
Filesize
2.7MB
MD5db4a7c58c2087a38447e198fb999c0f0
SHA1ac9d1a3f574073c050ddb3afdcf6863c553f3579
SHA2565c1508f5353265929def3af0f093bd9580f7589f63b196bce37cf5bcd3073c8f
SHA51208ca1c58e709474c9240ff45f2a31f06b6fbc8d8d3f7d1ad6d9983a352717309c86a171dbb07bfcdb21a28c657cf21582c1a630b9604a977f5a34e6222981425
-
Filesize
2.7MB
MD5db4a7c58c2087a38447e198fb999c0f0
SHA1ac9d1a3f574073c050ddb3afdcf6863c553f3579
SHA2565c1508f5353265929def3af0f093bd9580f7589f63b196bce37cf5bcd3073c8f
SHA51208ca1c58e709474c9240ff45f2a31f06b6fbc8d8d3f7d1ad6d9983a352717309c86a171dbb07bfcdb21a28c657cf21582c1a630b9604a977f5a34e6222981425