Overview

overview

3

Static

static

1

c22dc50dc2...eb9.js

windows7-x64

3

c22dc50dc2...eb9.js

windows10-2004-x64

3

Resubmissions

17-09-2024 21:20

240917-z6styawanp 10

07-09-2024 15:18

240907-spsdhszekm 3

Analysis

  • max time kernel
    80s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    07-09-2024 15:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c22dc50dc2bbe4422c7f68d26ab95eb9.js

  • Size

    92KB

  • MD5

    abbf8daa7bcdaca739f4d3fc4ebae091

  • SHA1

    1706784a398f62b28b178ca471446ed2dbb2aee9

  • SHA256

    a58fe10a096397b8eb9404af4ab8dfe14b1d88ae043f480f93697591ae262626

  • SHA512

    91d0b100ee6f708f4708e7e3ae9a7407c53a3e16f3fb58ea79b15751bf5edb1cfde75184ae0c7e3148ddc0170d9b8ad587cedbc856f10c8f40b2a62e13d56e9e

  • SSDEEP

    1536:JiPdxrC3WtVFyIcQwYJWOlA/Zk0pRZw6lw1rPTf:J+w2WhlprwXpTf

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\c22dc50dc2bbe4422c7f68d26ab95eb9.js
    1⤵
      PID:2232
    • C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\c22dc50dc2bbe4422c7f68d26ab95eb9.js"
      1⤵
      • Suspicious use of FindShellTrayWindow
      PID:2776
    • C:\Windows\System32\Notepad.exe
      "C:\Windows\System32\Notepad.exe" C:\Users\Admin\Desktop\c22dc50dc2bbe4422c7f68d26ab95eb9.js
      1⤵
      • Opens file in notepad (likely ransom note)
      PID:2596
    • C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\c22dc50dc2bbe4422c7f68d26ab95eb9.js"
      1⤵
        PID:2652
      • C:\Windows\System32\WScript.exe
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\c22dc50dc2bbe4422c7f68d26ab95eb9.js"
        1⤵
          PID:2800
        • C:\Windows\System32\WScript.exe
          "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\c22dc50dc2bbe4422c7f68d26ab95eb9.js"
          1⤵
            PID:1700
          • C:\Windows\System32\WScript.exe
            "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\c22dc50dc2bbe4422c7f68d26ab95eb9.js"
            1⤵
              PID:2040
            • C:\Windows\System32\WScript.exe
              "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\c22dc50dc2bbe4422c7f68d26ab95eb9.js"
              1⤵
                PID:2376
              • C:\Windows\System32\WScript.exe
                "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\c22dc50dc2bbe4422c7f68d26ab95eb9.js"
                1⤵
                  PID:2180
                • C:\Windows\System32\WScript.exe
                  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\c22dc50dc2bbe4422c7f68d26ab95eb9.js"
                  1⤵
                    PID:2288
                  • C:\Windows\System32\WScript.exe
                    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\c22dc50dc2bbe4422c7f68d26ab95eb9.js"
                    1⤵
                      PID:2888
                    • C:\Windows\System32\WScript.exe
                      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\c22dc50dc2bbe4422c7f68d26ab95eb9.js"
                      1⤵
                        PID:2908
                      • C:\Windows\System32\WScript.exe
                        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\c22dc50dc2bbe4422c7f68d26ab95eb9.js"
                        1⤵
                          PID:2892
                        • C:\Windows\System32\WScript.exe
                          "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\c22dc50dc2bbe4422c7f68d26ab95eb9.js"
                          1⤵
                            PID:2320
                          • C:\Windows\System32\WScript.exe
                            "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\c22dc50dc2bbe4422c7f68d26ab95eb9.js"
                            1⤵
                              PID:2244
                            • C:\Windows\System32\WScript.exe
                              "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\c22dc50dc2bbe4422c7f68d26ab95eb9.js"
                              1⤵
                                PID:1616
                              • C:\Windows\System32\WScript.exe
                                "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\c22dc50dc2bbe4422c7f68d26ab95eb9.js"
                                1⤵
                                  PID:2364
                                • C:\Windows\System32\WScript.exe
                                  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\c22dc50dc2bbe4422c7f68d26ab95eb9.js"
                                  1⤵
                                    PID:2128
                                  • C:\Windows\System32\WScript.exe
                                    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\c22dc50dc2bbe4422c7f68d26ab95eb9.js"
                                    1⤵
                                      PID:2996
                                    • C:\Windows\System32\WScript.exe
                                      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\c22dc50dc2bbe4422c7f68d26ab95eb9.js"
                                      1⤵
                                        PID:2052

                                      Network

                                      MITRE ATT&CK Enterprise v15

                                      Replay Monitor

                                      Loading Replay Monitor...

                                      Downloads