Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
04-10-2024 09:31
Static task
static1
Behavioral task
behavioral1
Sample
URGENTPAYMENTREQUEST.js
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
URGENTPAYMENTREQUEST.js
Resource
win10v2004-20240802-en
General
-
Target
URGENTPAYMENTREQUEST.js
-
Size
455KB
-
MD5
ec7b21746a03ffd34199f1943b74fe5e
-
SHA1
c575de9f5fe3af6b479d6b0eff608ba2cbad2c9a
-
SHA256
b5fab9889d333c721fed265c13879f11315afe346d13356d4d1d61d16cc2b9d7
-
SHA512
581e999de6f8a2fe6083ac2b3688422b7241779d606d0cd48547e2f967ce5e79be0b37bd52a839c68d1c9689e6fe290745c292f808f7b39a3ee462687195466b
-
SSDEEP
12288:wpJc5fLTwmpBt3bSZoWeA/3nk4I4eTrSfD:wO73lW5
Malware Config
Signatures
-
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
wscript.exedescription pid Process procid_target PID 1576 wrote to memory of 2088 1576 wscript.exe 32 PID 1576 wrote to memory of 2088 1576 wscript.exe 32 PID 1576 wrote to memory of 2088 1576 wscript.exe 32
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\URGENTPAYMENTREQUEST.js1⤵
- Suspicious use of WriteProcessMemory
PID:1576 -
C:\Program Files\Java\jre7\bin\javaw.exe"C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\ukgsgzj.txt"2⤵PID:2088
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
209KB
MD5844290ed18eb3b9635b3e8791d8010e4
SHA19af22c6adb2932835ab50d864e0651229721a0e8
SHA2561d1640fd890d14e7a04a5561136c3d1b4bd35f4de5de923b9af5f1d5a197fbc8
SHA512532f471a23a8b96337147f1d9265d5b1c19df6ae5454667d8a122873e92e8a461d500c244ef2c56acf14ce3e7148f6c9b21b4cf13c63455b08bad36113f00ad8