Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Dec. 9, 2022, 10:53 a.m.	Dec. 9, 2022, 10:55 a.m.

Size	15.0MB
Type	ASCII text, with very long lines, with no line terminators
MD5	`5b411c2264642af22f27b1ab93fe55a8`
SHA256	`78f5031111f1a7f0e5858ce34b50d7831299e863bf46522be3c468c5fa025940`
CRC32	`10CFD695`
ssdeep	`49152:cmI8svSdeQLgTJ1Pk6dgpTcuYFyJm8V9axviQs:L`
Yara	None matched

wscript.exe "C:\Windows\System32\wscript.exe" C:\Users\test22\AppData\Local\Temp\summit_1208.js
3004

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

A potential heapspray has been detected. 322 megabytes was sprayed onto the heap of the wscript.exe process (4 events)

count

496

name

heapspray

process

wscript.exe

total_mb

length

126976

protection

PAGE_READWRITE

count

234

name

heapspray

process

wscript.exe

total_mb

length

262144

protection

PAGE_READWRITE

count

331

name

heapspray

process

wscript.exe

total_mb

length

258048

protection

PAGE_READWRITE

count

6306

name

heapspray

process

wscript.exe

total_mb

123

length

20480

protection

PAGE_READWRITE

summit_1208.js

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All