popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

DocuSign.vbs

  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 June 11, 2024, 2:40 p.m. June 11, 2024, 2:44 p.m.
Size 6.7KB
Type ASCII text, with very long lines
MD5 73999f3f3808981c1470956082ebc738
SHA256 b161c8e32c0f33a182b5b2479521d3b826ce739ac0b3f3de9042e17d53873e57
CRC32 A33B7A6D
ssdeep 96:nANhNfSznqJ2yos44n4aTHmDpWjAX2HvxvwpJ2KxOOw/UjNoZytHPaheAhyibdyC:00/yVzbIjGPtwumO/aoZytPapLbdyOwW
Yara None matched

Name Response Post-Analysis Lookup
www.python.org
CNAME dualstack.python.map.fastly.net
A 146.75.48.223
151.101.228.223
IP Address Status Action
146.75.48.223 Active Moloch
164.124.101.2 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.101:49162 -> 146.75.48.223:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined

Suricata TLS

No Suricata TLS

Skyhigh BehavesLike.VBS.Dropper.xp
Symantec ISB.Downloader!gen60
NANO-Antivirus Trojan.Script.Vbs-heuristic.druvzi
TrendMicro HEUR_VBS.DL1
Kingsoft Script.Ks.Malware.12156
Microsoft Trojan:Script/Wacatac.B!ml
ZoneAlarm HEUR:Trojan-Downloader.Script.Generic
Time & API Arguments Status Return Repeated

WSASend

 buffer: qmfgãOO˜øˆ5.<íÍS:ˆAÒ·r´{áñÒ¡óß8/5 ÀÀÀ À 28,ÿwww.python.org  
socket: 560
0 0

WSASend

 buffer: 51fgãO±åǕ—îíœ.7-ٚa† x"MB¡:|y…ÅE  ÿ
socket: 560
0 0
Time & API Arguments Status Return Repeated

WSASend

 buffer: qmfgãOO˜øˆ5.<íÍS:ˆAÒ·r´{áñÒ¡óß8/5 ÀÀÀ À 28,ÿwww.python.org  
socket: 560
0 0

WSASend

 buffer: 51fgãO±åǕ—îíœ.7-ٚa† x"MB¡:|y…ÅE  ÿ
socket: 560
0 0