Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe
11.15 01:11
msf.exe
11.15 01:11
lum250.exe
11.15 01:11
msf443.exe
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe

Latest News
11.17 07:11
IT Sicherheitsnews stü...
11.17 06:11
World’s First Virtual ...
11.17 06:11
IT Sicherheitsnews stü...
11.17 06:11
KI und Coding: Wie Kün...
11.17 06:11
Bye-bye, Windows 10: E...
11.17 03:11
[일본 애니메이션]世界最高の暗殺者、異世界...
11.17 03:11
Playing Chess Against ...
11.17 03:11
IT Sicherheitsnews tae...
11.17 03:11
IT Sicherheitsnews tae...
11.17 01:11
IT Sicherheitsnews tae...

Summary | ZeroBOX

Docs_Request_06(62).js

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	June 15, 2023, 10:40 a.m.	June 15, 2023, 10:42 a.m.

Size	795.9KB
Type	ASCII text, with very long lines, with no line terminators
MD5	`9a27bf21439229a96a0c621003e867e7`
SHA256	`76c2fbd003945044ebb5cbd5952c170f3a3f5ffce7f1599eb4d551ab6d4a90bf`
CRC32	`50E56353`
ssdeep	`24576:m9mM16EtVEh941Wpu5UFbSgk8FQANZTOGyP0j8ZKAmxgEUS22i2oWUuNv8ROJI5n:OmM16EtVEh941Wpu5UFbSgk8FQANZTOT`
Yara	None matched

wscript.exe "C:\Windows\System32\wscript.exe" C:\Users\test22\AppData\Local\Temp\Docs_Request_06(62).js
1668

Name	Response	Post-Analysis Lookup
masar-alulaedu.com	A 68.66.248.36	68.66.248.36

IP Address	Status	Action
164.124.101.2	Active	Moloch
68.66.248.36	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 68.66.248.36:443 -> 192.168.56.103:49164	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49162 -> 68.66.248.36:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49163 -> 68.66.248.36:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

Suricata TLS

No Suricata TLS

Wscript.exe initiated network communications indicative of a script based payload download (2 events)

Time & API	Arguments	Status	Return	Repeated
InternetCrackUrlW June 15, 2023, 10:40 a.m.	url: https://masar-alulaedu.com/wp-content/woocommerce/out/berr.php flags: 0	1	1	0
HttpOpenRequestW June 15, 2023, 10:40 a.m.	connect_handle: 0x00cc0008 http_version: flags: 12582912 http_method: GET referer: path: /wp-content/woocommerce/out/berr.php	1	13369356	0

wscript.exe-based dropper (JScript, VBS) (1 event)

Network communications indicative of a potential document or script payload download was initiated by the process wscript.exe (12 events)

Time & API	Arguments	Status	Return	Repeated
InternetCrackUrlW June 15, 2023, 10:40 a.m.	url: https://masar-alulaedu.com/wp-content/woocommerce/out/berr.php flags: 0	1	1	0
HttpOpenRequestW June 15, 2023, 10:40 a.m.	connect_handle: 0x00cc0008 http_version: flags: 12582912 http_method: GET referer: path: /wp-content/woocommerce/out/berr.php	1	13369356	0
send June 15, 2023, 10:40 a.m.	buffer: ! socket: 940 sent: 1	1	1	0
send June 15, 2023, 10:40 a.m.	buffer: uqdkÿ¦Ê~£ûkçúæG°9)_óßDá/5 ÀÀÀ À 280ÿmasar-alulaedu.com socket: 1056 sent: 122	1	122	0
send June 15, 2023, 10:40 a.m.	buffer: ! socket: 940 sent: 1	1	1	0
send June 15, 2023, 10:40 a.m.	buffer: ! socket: 940 sent: 1	1	1	0
send June 15, 2023, 10:40 a.m.	buffer: uqdkÿfË¿¥¯)lKúÑ%#&XÔf)rU_ï/5 ÀÀÀ À 280ÿmasar-alulaedu.com socket: 1072 sent: 122	1	122	0
send June 15, 2023, 10:40 a.m.	buffer: ! socket: 940 sent: 1	1	1	0
send June 15, 2023, 10:40 a.m.	buffer: ! socket: 940 sent: 1	1	1	0
send June 15, 2023, 10:40 a.m.	buffer: 51dle)9ú¡¬\båpÀtñ½ 7sh@{åÉ ÿ socket: 1056 sent: 58	1	58	0
send June 15, 2023, 10:40 a.m.	buffer: ! socket: 940 sent: 1	1	1	0
send June 15, 2023, 10:40 a.m.	buffer: ! socket: 940 sent: 1	1	1	0