Overview
overview
10Static
static
1FACTURA_1714631916.js
windows7-x64
10FACTURA_1714631916.js
windows10-2004-x64
10FACTURA_1478723101.js
windows7-x64
10FACTURA_1478723101.js
windows10-2004-x64
10FACTURA_3104517939.js
windows7-x64
10FACTURA_3104517939.js
windows10-2004-x64
10FACTURA_50862162.js
windows7-x64
10FACTURA_50862162.js
windows10-2004-x64
10PDF20218238767362.js
windows7-x64
10PDF20218238767362.js
windows10-2004-x64
10FACTURA_1324819148.js
windows7-x64
10FACTURA_1324819148.js
windows10-2004-x64
10PDF247791026727441.js
windows7-x64
10PDF247791026727441.js
windows10-2004-x64
101258293779...be.zip
windows7-x64
11258293779...be.zip
windows10-2004-x64
11258293779...d8.zip
windows7-x64
11258293779...d8.zip
windows10-2004-x64
11258293779...22.zip
windows7-x64
11258293779...22.zip
windows10-2004-x64
11258293779...af.zip
windows7-x64
11258293779...af.zip
windows10-2004-x64
11258293779...6b.zip
windows7-x64
11258293779...6b.zip
windows10-2004-x64
11258293779...0b.zip
windows7-x64
11258293779...0b.zip
windows10-2004-x64
11258293779...25.zip
windows7-x64
11258293779...25.zip
windows10-2004-x64
11258293779...13.zip
windows7-x64
11258293779...13.zip
windows10-2004-x64
11258293779...e2.zip
windows7-x64
11258293779...e2.zip
windows10-2004-x64
1Analysis
-
max time kernel
121s -
max time network
130s -
platform
windows7_x64 -
resource
win7-20231020-en -
resource tags
arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system -
submitted
27/10/2023, 11:04
Static task
static1
Behavioral task
behavioral1
Sample
FACTURA_1714631916.js
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
FACTURA_1714631916.js
Resource
win10v2004-20231023-en
Behavioral task
behavioral3
Sample
FACTURA_1478723101.js
Resource
win7-20231020-en
Behavioral task
behavioral4
Sample
FACTURA_1478723101.js
Resource
win10v2004-20231020-en
Behavioral task
behavioral5
Sample
FACTURA_3104517939.js
Resource
win7-20231025-en
Behavioral task
behavioral6
Sample
FACTURA_3104517939.js
Resource
win10v2004-20231020-en
Behavioral task
behavioral7
Sample
FACTURA_50862162.js
Resource
win7-20231023-en
Behavioral task
behavioral8
Sample
FACTURA_50862162.js
Resource
win10v2004-20231023-en
Behavioral task
behavioral9
Sample
PDF20218238767362.js
Resource
win7-20231020-en
Behavioral task
behavioral10
Sample
PDF20218238767362.js
Resource
win10v2004-20231023-en
Behavioral task
behavioral11
Sample
FACTURA_1324819148.js
Resource
win7-20231023-en
Behavioral task
behavioral12
Sample
FACTURA_1324819148.js
Resource
win10v2004-20231020-en
Behavioral task
behavioral13
Sample
PDF247791026727441.js
Resource
win7-20231020-en
Behavioral task
behavioral14
Sample
PDF247791026727441.js
Resource
win10v2004-20231025-en
Behavioral task
behavioral15
Sample
12582937793/b88e361f5db949317650956480502f6391359798fd85c0341c8c43c30fc361be.zip
Resource
win7-20231023-en
Behavioral task
behavioral16
Sample
12582937793/b88e361f5db949317650956480502f6391359798fd85c0341c8c43c30fc361be.zip
Resource
win10v2004-20231023-en
Behavioral task
behavioral17
Sample
12582937793/c1158c88f7951a14ff2436e679719e1b57d56002f1050b340b1fdd9bf37ee4d8.zip
Resource
win7-20231023-en
Behavioral task
behavioral18
Sample
12582937793/c1158c88f7951a14ff2436e679719e1b57d56002f1050b340b1fdd9bf37ee4d8.zip
Resource
win10v2004-20231020-en
Behavioral task
behavioral19
Sample
12582937793/ccd10d0c856a95beeffdd47f9e6530e71f23b2f3700c6fa609acfe262d5f1522.zip
Resource
win7-20231020-en
Behavioral task
behavioral20
Sample
12582937793/ccd10d0c856a95beeffdd47f9e6530e71f23b2f3700c6fa609acfe262d5f1522.zip
Resource
win10v2004-20231020-en
Behavioral task
behavioral21
Sample
12582937793/cea14b7d1bffe66e3139930602537416b723f2b685e08d5680fc677c5730d4af.zip
Resource
win7-20231025-en
Behavioral task
behavioral22
Sample
12582937793/cea14b7d1bffe66e3139930602537416b723f2b685e08d5680fc677c5730d4af.zip
Resource
win10v2004-20231023-en
Behavioral task
behavioral23
Sample
12582937793/cfd9efc4bcffd83c78da7165035918144b394a79b2fb60305f8993e35ee2986b.zip
Resource
win7-20231023-en
Behavioral task
behavioral24
Sample
12582937793/cfd9efc4bcffd83c78da7165035918144b394a79b2fb60305f8993e35ee2986b.zip
Resource
win10v2004-20231023-en
Behavioral task
behavioral25
Sample
12582937793/d0fd7e32bf5ce2e1781ad484e03644d58122912eb5b88de3ffbf3fa12d09c80b.zip
Resource
win7-20231023-en
Behavioral task
behavioral26
Sample
12582937793/d0fd7e32bf5ce2e1781ad484e03644d58122912eb5b88de3ffbf3fa12d09c80b.zip
Resource
win10v2004-20231025-en
Behavioral task
behavioral27
Sample
12582937793/da6db77248718ea9cb22ea8b99d3030aa2838d241fdd2f64dbaaf60b02903f25.zip
Resource
win7-20231023-en
Behavioral task
behavioral28
Sample
12582937793/da6db77248718ea9cb22ea8b99d3030aa2838d241fdd2f64dbaaf60b02903f25.zip
Resource
win10v2004-20231020-en
Behavioral task
behavioral29
Sample
12582937793/da9a74db58c63c627e43a42e4b1f368cd13a34795e185414283393b9a4dcb813.zip
Resource
win7-20231020-en
Behavioral task
behavioral30
Sample
12582937793/da9a74db58c63c627e43a42e4b1f368cd13a34795e185414283393b9a4dcb813.zip
Resource
win10v2004-20231020-en
Behavioral task
behavioral31
Sample
12582937793/df041e0c1f5e2a8cbdf2b7c77c21cc8892a010172ee77ce9b1f63629e0fd9ee2.zip
Resource
win7-20231023-en
Behavioral task
behavioral32
Sample
12582937793/df041e0c1f5e2a8cbdf2b7c77c21cc8892a010172ee77ce9b1f63629e0fd9ee2.zip
Resource
win10v2004-20231023-en
General
-
Target
FACTURA_1478723101.js
-
Size
5.3MB
-
MD5
3db5b96e1c9cf4583ea95d83152fd173
-
SHA1
e48cd61c57d0140096840aeb199a300af6423936
-
SHA256
6a2ba302bcf65d2520ecd5d477ed382a1b0d6bb010b84f1ee0f2223bef84ba16
-
SHA512
6fe9ba142bdb830ae1c073f20968df4a2958b7a9959a3ce3cf513038c0503048cd9f93b8be06035b34927ec0358e8c0349ed5efd81a91c50fa2ee0f904672feb
-
SSDEEP
24576:tEnUMmLNPWqdwkDYALLZiii+n+luT0Bnk2bAMJViCy7vItYk7923U9m2m/El1FID:yUh88LD6dJVijG2ePl1HxCWJZAUbUX
Malware Config
Extracted
strela
193.109.85.77
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 2400 regsvr32.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs
pid Process 2400 regsvr32.exe -
Suspicious use of WriteProcessMemory 14 IoCs
description pid Process procid_target PID 2176 wrote to memory of 2696 2176 wscript.exe 28 PID 2176 wrote to memory of 2696 2176 wscript.exe 28 PID 2176 wrote to memory of 2696 2176 wscript.exe 28 PID 2696 wrote to memory of 2692 2696 cmd.exe 32 PID 2696 wrote to memory of 2692 2696 cmd.exe 32 PID 2696 wrote to memory of 2692 2696 cmd.exe 32 PID 2696 wrote to memory of 2700 2696 cmd.exe 33 PID 2696 wrote to memory of 2700 2696 cmd.exe 33 PID 2696 wrote to memory of 2700 2696 cmd.exe 33 PID 2696 wrote to memory of 2400 2696 cmd.exe 34 PID 2696 wrote to memory of 2400 2696 cmd.exe 34 PID 2696 wrote to memory of 2400 2696 cmd.exe 34 PID 2696 wrote to memory of 2400 2696 cmd.exe 34 PID 2696 wrote to memory of 2400 2696 cmd.exe 34
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\FACTURA_1478723101.js1⤵
- Suspicious use of WriteProcessMemory
PID:2176 -
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /k copy "C:\Users\Admin\AppData\Local\Temp\FACTURA_1478723101.js" "C:\Users\Admin\AppData\Local\Temp\\pinphysical.bat" && "C:\Users\Admin\AppData\Local\Temp\\pinphysical.bat"2⤵
- Suspicious use of WriteProcessMemory
PID:2696 -
C:\Windows\system32\findstr.exefindstr /V curecarve ""C:\Users\Admin\AppData\Local\Temp\\pinphysical.bat""3⤵PID:2692
-
-
C:\Windows\system32\certutil.execertutil -f -decode vivacioussecond partoverwrought.dll3⤵PID:2700
-
-
C:\Windows\system32\regsvr32.exeregsvr32 partoverwrought.dll3⤵
- Loads dropped DLL
- Suspicious behavior: CmdExeWriteProcessMemorySpam
PID:2400
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.9MB
MD5ce18786cd944962504bc77bb973294f8
SHA163291da25e666fa08a063086b10dc42e593b8067
SHA256a8fadc416e4dcbd16da7cb752260044bbabec205c9e73f46b79fe06aab4ceb99
SHA512ace0d6b322526a342f692bfbb720756cfa312a4a0d1037f05306639aa4094ec9149d9f146ec6fdd267df8b744f9816703a7a4e31f433ed3cde788bf826ed34a2
-
Filesize
5.3MB
MD53db5b96e1c9cf4583ea95d83152fd173
SHA1e48cd61c57d0140096840aeb199a300af6423936
SHA2566a2ba302bcf65d2520ecd5d477ed382a1b0d6bb010b84f1ee0f2223bef84ba16
SHA5126fe9ba142bdb830ae1c073f20968df4a2958b7a9959a3ce3cf513038c0503048cd9f93b8be06035b34927ec0358e8c0349ed5efd81a91c50fa2ee0f904672feb
-
Filesize
5.3MB
MD53db5b96e1c9cf4583ea95d83152fd173
SHA1e48cd61c57d0140096840aeb199a300af6423936
SHA2566a2ba302bcf65d2520ecd5d477ed382a1b0d6bb010b84f1ee0f2223bef84ba16
SHA5126fe9ba142bdb830ae1c073f20968df4a2958b7a9959a3ce3cf513038c0503048cd9f93b8be06035b34927ec0358e8c0349ed5efd81a91c50fa2ee0f904672feb
-
Filesize
5.3MB
MD5acfa429912a2488f208734d0a9b39c55
SHA1e4259ddb9c0c8ba037016c32da0782633b8536de
SHA256d6ff5a3f5437351df4da8f9b335980d596299ac077f4b8c20062eb073af7bcfb
SHA512087bcc0c74fd48fb76d1ad4e5513de69c4a8684e47324829d3b84e9f3a08fcc2a2c9629176d5f19bf4e1ecdc171eda535326b29d3bec16edb644021c0883ef10
-
Filesize
3.9MB
MD5ce18786cd944962504bc77bb973294f8
SHA163291da25e666fa08a063086b10dc42e593b8067
SHA256a8fadc416e4dcbd16da7cb752260044bbabec205c9e73f46b79fe06aab4ceb99
SHA512ace0d6b322526a342f692bfbb720756cfa312a4a0d1037f05306639aa4094ec9149d9f146ec6fdd267df8b744f9816703a7a4e31f433ed3cde788bf826ed34a2