Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.20 01:09
setup.exe
09.20 11:09
3uTools.exe
09.20 11:09
66ecb4573225b_vsbhfdg1...
09.20 10:09
66ecb452ba19c_sfbdsgfd...
09.20 10:09
66ecb44c35444_vfdhsgdf...
09.20 10:09
66ec0e61998bf_setup30.exe
09.20 10:09
66ebf725efe38_lyla.exe
09.20 10:09
Desktop_Explorer.exe
09.20 10:09
66ec3528901bb_winupdat...
09.20 10:09
Inquiry-Dubai.js

Latest News
09.20 03:09
에듀사이버평생교육원, 종합미용면허증 단기...
09.20 03:09
보물섬투어, 베트남 나트랑·달랏 3박 5...
09.20 03:09
버드리 위승용, 50-50 메이저리거 오...
09.20 03:09
국정원, ‘한국우주안보학회’ 우주안보 전...
09.20 03:09
[PASCON 2024-영상] 파수, 끊...
09.20 03:09
Insurer Alan Hits €4 B...
09.20 03:09
스타일러스·따뜻한동행, 장애인 위한 '동...
09.20 03:09
[PASCON 2024-영상] 굿모닝아이...
09.20 03:09
Critical Ivanti Cloud ...
09.20 03:09
SOOSAN INT Product Sec...

Summary | ZeroBOX

e4C7Fwop.wsf

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Sept. 5, 2023, 8:40 a.m.	Sept. 5, 2023, 8:42 a.m.

Size	153.8KB
Type	UTF-8 Unicode text, with very long lines, with CRLF line terminators
MD5	`6f83b9c7c240127c0b92ce814d02bcb0`
SHA256	`9bdac91cec897f3b2fdb8ecd1fd279cdfa708ef5629d8f090d66fa96a2d8468a`
CRC32	`2502062C`
ssdeep	`384:xp5ocorp5ocorp5ocorp5ocorp5ocorp5ocorp5ocorp5ocorp5ocorp5ocorp5u:J+d`
Yara	None matched

wscript.exe "C:\Windows\System32\wscript.exe" C:\Users\test22\AppData\Local\Temp\e4C7Fwop.wsf
3032

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch
185.252.178.121	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Communicates with host for which no DNS query was performed (1 event)

host

185.252.178.121

Wscript.exe initiated network communications indicative of a script based payload download (1 event)

Time & API	Arguments	Status	Return	Repeated
HttpOpenRequestW Sept. 5, 2023, 8:40 a.m.	connect_handle: 0x00cc0008 http_version: flags: 4194320 http_method: GET referer: path: /gen.txt	1	13369356	0

Network communications indicative of a potential document or script payload download was initiated by the process wscript.exe (2 events)

Time & API	Arguments	Status	Return	Repeated
HttpOpenRequestW Sept. 5, 2023, 8:40 a.m.	connect_handle: 0x00cc0008 http_version: flags: 4194320 http_method: GET referer: path: /gen.txt	1	13369356	0
send Sept. 5, 2023, 8:40 a.m.	buffer: ! socket: 716 sent: 1	1	1	0

Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 event)

dead_host

185.252.178.121:222