Overview

overview

10

Static

static

1

URGENT PAY...EST.js

windows7-x64

3

URGENT PAY...EST.js

windows10-2004-x64

10

Analysis

  • max time kernel
    299s
  • max time network
    300s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    04-10-2024 15:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    URGENT PAYMENT REQUEST.js

  • Size

    455KB

  • MD5

    e6c000051f40808e93931bfdf2c5256e

  • SHA1

    d4777746ee558788c4d22c68df4ad699dcc2cd14

  • SHA256

    835bc4b59c124c2c28fd98acd9a8d6d43cb76f9859277b470a75d87e6b97d7f3

  • SHA512

    da811bbdbbc7bb5c52fdfd6d902af0b5e7c7e1d139db399adcb8eb3bc6530f111548eaa091850f923d05ceb8b15f636a637b402cb9d2d8763a309e9f0891c25c

  • SSDEEP

    12288:wCcDYnaA2meIGJZakKOeZbZV0aJGeORhYj5AbaQW5Io9ST7:wDYh2mQakKpP9KOJU

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe "C:\Users\Admin\AppData\Local\Temp\URGENT PAYMENT REQUEST.js"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2148
    • C:\Program Files\Java\jre7\bin\javaw.exe
      "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\iviwotaa.txt"
      2⤵
        PID:2344

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\iviwotaa.txt
      Filesize

      209KB

      MD5

      9253a3ae8d339ad044eddacb81295060

      SHA1

      27d8793f419328ea690734e7b5c4c4c1287fad3f

      SHA256

      5269f44114815dbe9d98fbc756da86969b056b4d7362c9c96d8c58dd17be161c

      SHA512

      fca47b36359817e769064f9b8c3d4b36ffa5e6bbba3904f06cb2c3bf7b21fa1332be506b7e45754b6c884d6d2e12da64c3bea66fc15b8baea8312b29578c557c

      Download Submit

    • memory/2344-4-0x0000000002590000-0x0000000002800000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/2344-12-0x0000000000130000-0x0000000000131000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2344-19-0x0000000000130000-0x0000000000131000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2344-24-0x0000000000130000-0x0000000000131000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2344-29-0x0000000000130000-0x0000000000131000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2344-40-0x0000000000130000-0x0000000000131000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2344-42-0x0000000000130000-0x0000000000131000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2344-54-0x0000000000130000-0x0000000000131000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2344-56-0x0000000000130000-0x0000000000131000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2344-86-0x0000000000130000-0x0000000000131000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2344-89-0x0000000000130000-0x0000000000131000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2344-97-0x0000000002590000-0x0000000002800000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/2344-103-0x0000000000130000-0x0000000000131000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2344-104-0x0000000000130000-0x0000000000131000-memory.dmp

      Filesize

      4KB

      Download