Overview
overview
10Static
static
1FACTURA_1714631916.js
windows7-x64
10FACTURA_1714631916.js
windows10-2004-x64
10FACTURA_1478723101.js
windows7-x64
10FACTURA_1478723101.js
windows10-2004-x64
10FACTURA_3104517939.js
windows7-x64
10FACTURA_3104517939.js
windows10-2004-x64
10FACTURA_50862162.js
windows7-x64
10FACTURA_50862162.js
windows10-2004-x64
10PDF20218238767362.js
windows7-x64
10PDF20218238767362.js
windows10-2004-x64
10FACTURA_1324819148.js
windows7-x64
10FACTURA_1324819148.js
windows10-2004-x64
10PDF247791026727441.js
windows7-x64
10PDF247791026727441.js
windows10-2004-x64
101258293779...be.zip
windows7-x64
11258293779...be.zip
windows10-2004-x64
11258293779...d8.zip
windows7-x64
11258293779...d8.zip
windows10-2004-x64
11258293779...22.zip
windows7-x64
11258293779...22.zip
windows10-2004-x64
11258293779...af.zip
windows7-x64
11258293779...af.zip
windows10-2004-x64
11258293779...6b.zip
windows7-x64
11258293779...6b.zip
windows10-2004-x64
11258293779...0b.zip
windows7-x64
11258293779...0b.zip
windows10-2004-x64
11258293779...25.zip
windows7-x64
11258293779...25.zip
windows10-2004-x64
11258293779...13.zip
windows7-x64
11258293779...13.zip
windows10-2004-x64
11258293779...e2.zip
windows7-x64
11258293779...e2.zip
windows10-2004-x64
1Analysis
-
max time kernel
115s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system -
submitted
27/10/2023, 11:04
Static task
static1
Behavioral task
behavioral1
Sample
FACTURA_1714631916.js
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
FACTURA_1714631916.js
Resource
win10v2004-20231023-en
Behavioral task
behavioral3
Sample
FACTURA_1478723101.js
Resource
win7-20231020-en
Behavioral task
behavioral4
Sample
FACTURA_1478723101.js
Resource
win10v2004-20231020-en
Behavioral task
behavioral5
Sample
FACTURA_3104517939.js
Resource
win7-20231025-en
Behavioral task
behavioral6
Sample
FACTURA_3104517939.js
Resource
win10v2004-20231020-en
Behavioral task
behavioral7
Sample
FACTURA_50862162.js
Resource
win7-20231023-en
Behavioral task
behavioral8
Sample
FACTURA_50862162.js
Resource
win10v2004-20231023-en
Behavioral task
behavioral9
Sample
PDF20218238767362.js
Resource
win7-20231020-en
Behavioral task
behavioral10
Sample
PDF20218238767362.js
Resource
win10v2004-20231023-en
Behavioral task
behavioral11
Sample
FACTURA_1324819148.js
Resource
win7-20231023-en
Behavioral task
behavioral12
Sample
FACTURA_1324819148.js
Resource
win10v2004-20231020-en
Behavioral task
behavioral13
Sample
PDF247791026727441.js
Resource
win7-20231020-en
Behavioral task
behavioral14
Sample
PDF247791026727441.js
Resource
win10v2004-20231025-en
Behavioral task
behavioral15
Sample
12582937793/b88e361f5db949317650956480502f6391359798fd85c0341c8c43c30fc361be.zip
Resource
win7-20231023-en
Behavioral task
behavioral16
Sample
12582937793/b88e361f5db949317650956480502f6391359798fd85c0341c8c43c30fc361be.zip
Resource
win10v2004-20231023-en
Behavioral task
behavioral17
Sample
12582937793/c1158c88f7951a14ff2436e679719e1b57d56002f1050b340b1fdd9bf37ee4d8.zip
Resource
win7-20231023-en
Behavioral task
behavioral18
Sample
12582937793/c1158c88f7951a14ff2436e679719e1b57d56002f1050b340b1fdd9bf37ee4d8.zip
Resource
win10v2004-20231020-en
Behavioral task
behavioral19
Sample
12582937793/ccd10d0c856a95beeffdd47f9e6530e71f23b2f3700c6fa609acfe262d5f1522.zip
Resource
win7-20231020-en
Behavioral task
behavioral20
Sample
12582937793/ccd10d0c856a95beeffdd47f9e6530e71f23b2f3700c6fa609acfe262d5f1522.zip
Resource
win10v2004-20231020-en
Behavioral task
behavioral21
Sample
12582937793/cea14b7d1bffe66e3139930602537416b723f2b685e08d5680fc677c5730d4af.zip
Resource
win7-20231025-en
Behavioral task
behavioral22
Sample
12582937793/cea14b7d1bffe66e3139930602537416b723f2b685e08d5680fc677c5730d4af.zip
Resource
win10v2004-20231023-en
Behavioral task
behavioral23
Sample
12582937793/cfd9efc4bcffd83c78da7165035918144b394a79b2fb60305f8993e35ee2986b.zip
Resource
win7-20231023-en
Behavioral task
behavioral24
Sample
12582937793/cfd9efc4bcffd83c78da7165035918144b394a79b2fb60305f8993e35ee2986b.zip
Resource
win10v2004-20231023-en
Behavioral task
behavioral25
Sample
12582937793/d0fd7e32bf5ce2e1781ad484e03644d58122912eb5b88de3ffbf3fa12d09c80b.zip
Resource
win7-20231023-en
Behavioral task
behavioral26
Sample
12582937793/d0fd7e32bf5ce2e1781ad484e03644d58122912eb5b88de3ffbf3fa12d09c80b.zip
Resource
win10v2004-20231025-en
Behavioral task
behavioral27
Sample
12582937793/da6db77248718ea9cb22ea8b99d3030aa2838d241fdd2f64dbaaf60b02903f25.zip
Resource
win7-20231023-en
Behavioral task
behavioral28
Sample
12582937793/da6db77248718ea9cb22ea8b99d3030aa2838d241fdd2f64dbaaf60b02903f25.zip
Resource
win10v2004-20231020-en
Behavioral task
behavioral29
Sample
12582937793/da9a74db58c63c627e43a42e4b1f368cd13a34795e185414283393b9a4dcb813.zip
Resource
win7-20231020-en
Behavioral task
behavioral30
Sample
12582937793/da9a74db58c63c627e43a42e4b1f368cd13a34795e185414283393b9a4dcb813.zip
Resource
win10v2004-20231020-en
Behavioral task
behavioral31
Sample
12582937793/df041e0c1f5e2a8cbdf2b7c77c21cc8892a010172ee77ce9b1f63629e0fd9ee2.zip
Resource
win7-20231023-en
Behavioral task
behavioral32
Sample
12582937793/df041e0c1f5e2a8cbdf2b7c77c21cc8892a010172ee77ce9b1f63629e0fd9ee2.zip
Resource
win10v2004-20231023-en
General
-
Target
FACTURA_1714631916.js
-
Size
4.9MB
-
MD5
84132ef0bb6ad44e0f34f0ffee42a5eb
-
SHA1
c0053fa7d8afbdbcc72ad21bc481e1bbea676216
-
SHA256
9767f0206ecff1cb54c38fdad51251bcc5151906a66fe7eb7b733bc9edf1d415
-
SHA512
1a7f8e5b7fa843e44956971de974bdf15cc4df137ca03a75d47d99e1bd8177ff6ea0cf863adc7916d8c812691221578375000db46de69c17896e4f969427b43b
-
SSDEEP
24576:tG+C4RcUDAZBS0DjulG4mmQfyZHcBwpS4dhKyN+HELDZHd7GXPHa6oafpSs1J35M:Q+c/lyZHs4iEXvxISjUbUH
Malware Config
Extracted
strela
193.109.85.77
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation wscript.exe -
Loads dropped DLL 1 IoCs
pid Process 1948 regsvr32.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 4512 wrote to memory of 1772 4512 wscript.exe 82 PID 4512 wrote to memory of 1772 4512 wscript.exe 82 PID 1772 wrote to memory of 4852 1772 cmd.exe 87 PID 1772 wrote to memory of 4852 1772 cmd.exe 87 PID 1772 wrote to memory of 3032 1772 cmd.exe 88 PID 1772 wrote to memory of 3032 1772 cmd.exe 88 PID 1772 wrote to memory of 1948 1772 cmd.exe 89 PID 1772 wrote to memory of 1948 1772 cmd.exe 89
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\FACTURA_1714631916.js1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4512 -
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /k copy "C:\Users\Admin\AppData\Local\Temp\FACTURA_1714631916.js" "C:\Users\Admin\AppData\Local\Temp\\tangywoebegone.bat" && "C:\Users\Admin\AppData\Local\Temp\\tangywoebegone.bat"2⤵
- Suspicious use of WriteProcessMemory
PID:1772 -
C:\Windows\system32\findstr.exefindstr /V bashfulspade ""C:\Users\Admin\AppData\Local\Temp\\tangywoebegone.bat""3⤵PID:4852
-
-
C:\Windows\system32\certutil.execertutil -f -decode brokenprecede habitualworkable.dll3⤵PID:3032
-
-
C:\Windows\system32\regsvr32.exeregsvr32 habitualworkable.dll3⤵
- Loads dropped DLL
PID:1948
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4.8MB
MD522ae5a6ad3c032823b1035182ef6b563
SHA1dfe710bfe8c8ca98d2a3c8ec247285d975536c55
SHA25663acc839c86de404d4abba3b4380c1e5377e057589344ac0b19032fd5340c5be
SHA51230ae54422334615d38fb9a32d104cf50b658314b37b85159b855b87e3f8fdb822fe1dfa577b5b2b26f487f015694a43a953d8ac9fbf030c364512514717219cd
-
Filesize
3.6MB
MD5a33c0faac0c19fa9703d78d8bf4d38ed
SHA1857acb13ffb952340ba066fbc6194db78b2c7e37
SHA256ac56297616518dff53fa5e01e7a1508a6db46321c5c453a034396214e7edad4b
SHA512542be33bda3adc4e54f42e73fa5f455925ae4d9eac93cc3a17921bc70e599d9d86cb273bc57537502e38b8d685d8490c65a5855335a3bbe07614bc3b73098cdf
-
Filesize
3.6MB
MD5a33c0faac0c19fa9703d78d8bf4d38ed
SHA1857acb13ffb952340ba066fbc6194db78b2c7e37
SHA256ac56297616518dff53fa5e01e7a1508a6db46321c5c453a034396214e7edad4b
SHA512542be33bda3adc4e54f42e73fa5f455925ae4d9eac93cc3a17921bc70e599d9d86cb273bc57537502e38b8d685d8490c65a5855335a3bbe07614bc3b73098cdf
-
Filesize
4.9MB
MD584132ef0bb6ad44e0f34f0ffee42a5eb
SHA1c0053fa7d8afbdbcc72ad21bc481e1bbea676216
SHA2569767f0206ecff1cb54c38fdad51251bcc5151906a66fe7eb7b733bc9edf1d415
SHA5121a7f8e5b7fa843e44956971de974bdf15cc4df137ca03a75d47d99e1bd8177ff6ea0cf863adc7916d8c812691221578375000db46de69c17896e4f969427b43b
-
Filesize
4.9MB
MD584132ef0bb6ad44e0f34f0ffee42a5eb
SHA1c0053fa7d8afbdbcc72ad21bc481e1bbea676216
SHA2569767f0206ecff1cb54c38fdad51251bcc5151906a66fe7eb7b733bc9edf1d415
SHA5121a7f8e5b7fa843e44956971de974bdf15cc4df137ca03a75d47d99e1bd8177ff6ea0cf863adc7916d8c812691221578375000db46de69c17896e4f969427b43b