Overview

overview

10

Static

static

1

proof of payment.js

windows7-x64

3

proof of payment.js

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    15-10-2024 14:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    proof of payment.js

  • Size

    201KB

  • MD5

    afde4b4922541cf3d76e9ca92e350a54

  • SHA1

    66c54cdae7d65a72546f41f4a3017493c5dd114e

  • SHA256

    645badafa1c11566e044d0fa3ce25fd3ec3f33503bb562c447a332ed0fe8cd1f

  • SHA512

    819b8d1b573fde92137643f85d30cbf1cb1b7c9818eb7c6af81d0ee7d9bed80cef14cbbfb943b1201128d6e21152f8fe0ed0dfef1c0465e268be4f885f614de0

  • SSDEEP

    6144:KQSVeE40HtiBbDOtSkOSk7J3sArv5PNb/WwenMkcrB8PKoSO:ZSVeE4kYOPqZrRPNiwCpcrB8PKoSO

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe "C:\Users\Admin\AppData\Local\Temp\proof of payment.js"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2436
    • C:\Program Files\Java\jre7\bin\javaw.exe
      "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\rszhup.txt"
      2⤵
        PID:2100

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\rszhup.txt
      Filesize

      92KB

      MD5

      7b51be77942ed021489dbf24edec3de0

      SHA1

      87c16cedede053c98a0e8ee17ffbfdeb8525071b

      SHA256

      489004af1fd6085da359ab80ecce733e9bda9d5f7ddf08edcd5ae38a24826177

      SHA512

      5590644bcebbebd12d597ab11a5fe6fa584800ca8eda8cea45b5bd5b81bccccc92a1f5362282b74934f68ce5820bb6cd89c5e43cf328445105c42d4367194706

      Download Submit

    • memory/2100-4-0x0000000002590000-0x0000000002800000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/2100-12-0x0000000002140000-0x0000000002141000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2100-19-0x0000000002140000-0x0000000002141000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2100-22-0x0000000002140000-0x0000000002141000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2100-30-0x0000000002140000-0x0000000002141000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2100-35-0x0000000002140000-0x0000000002141000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2100-39-0x0000000002590000-0x0000000002800000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/2100-41-0x0000000002140000-0x0000000002141000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2100-43-0x0000000002140000-0x0000000002141000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2100-46-0x0000000002140000-0x0000000002141000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2100-51-0x0000000002140000-0x0000000002141000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2100-76-0x0000000002140000-0x0000000002141000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2100-80-0x0000000002140000-0x0000000002141000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2100-83-0x0000000002140000-0x0000000002141000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2100-85-0x0000000002140000-0x0000000002141000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2100-90-0x0000000002140000-0x0000000002141000-memory.dmp

      Filesize

      4KB

      Download