Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	June 12, 2024, 5:04 p.m.	June 12, 2024, 5:05 p.m.

Size	2.3KB
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`41ce2a4359cc224772c6e32eae0a6013`
SHA256	`81eb2be7040c4cccfa2ab752cc5fea79a40a2c8c459977c71275b2becd49a5ce`
CRC32	`11BCF614`
ssdeep	`48:EyWMyk9AjB4T6EtqJEbffMNfAg3EI8Dn6psK/4o2l7PnK1QL7xa:EyWtyJ6E84fSfAcEns/4Fl7ndI`
Yara	None matched

wscript.exe "C:\Windows\System32\wscript.exe" C:\Users\test22\AppData\Local\Temp\jquery.min.js
2548

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ June 12, 2024, 5:04 p.m.	stacktrace: CtfImeIsIME+0x36fd DllUnregisterServer-0xf9d9 msctf+0x2d08c @ 0x75aad08c TF_GetGlobalCompartment+0x3dfd CtfImeIsIME-0x344 msctf+0x2964b @ 0x75aa964b TF_GetInputScope+0xf65 CtfImeDestroyThreadMgr-0x25ae msctf+0x14d6b @ 0x75a94d6b TF_GetInputScope+0x3176 CtfImeDestroyThreadMgr-0x39d msctf+0x16f7c @ 0x75a96f7c CtfImeDestroyInputContext+0x280 TF_CanUninitialize-0x1c msctf+0x1e825 @ 0x75a9e825 TF_GetInputScope+0x21fc CtfImeDestroyThreadMgr-0x1317 msctf+0x16002 @ 0x75a96002 TF_GetInputScope+0x21e2 CtfImeDestroyThreadMgr-0x1331 msctf+0x15fe8 @ 0x75a95fe8 TF_GetInputScope+0xbdd CtfImeDestroyThreadMgr-0x2936 msctf+0x149e3 @ 0x75a949e3 TF_GetInputScope+0x1c1a CtfImeDestroyThreadMgr-0x18f9 msctf+0x15a20 @ 0x75a95a20 RtlIsCurrentThreadAttachExempt+0x5f TpCheckTerminateWorker-0x37 ntdll+0x39a91 @ 0x76f49a91 LdrShutdownProcess+0x97 RtlDetectHeapLeaks-0x1bb ntdll+0x58f10 @ 0x76f68f10 RtlExitUserProcess+0x74 LdrShutdownProcess-0x1d ntdll+0x58e5c @ 0x76f68e5c ExitProcess+0x15 TerminateThread-0xa kernel32+0x17a25 @ 0x755c7a25 wscript+0x2fbd @ 0xff2fbd BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 51 0c 8b 45 fc 89 be 8c 04 00 00 3b c7 74 25 exception.symbol: TF_GetCompatibleKeyboardLayout+0x5885 TF_IsCtfmonRunning-0xfd3 msctf+0x43ef4 exception.instruction: call dword ptr [ecx + 0xc] exception.module: MSCTF.dll exception.exception_code: 0xc0000005 exception.offset: 278260 exception.address: 0x75ac3ef4 registers.esp: 4257872 registers.edi: 0 registers.eax: 8558392 registers.ebp: 4257900 registers.edx: 1 registers.ebx: 0 registers.esi: 7068840 registers.ecx: 1932080604	1	0	0

Time & API

Arguments

Status

Return

Repeated

__exception__

June 12, 2024, 5:04 p.m.

stacktrace:

CtfImeIsIME+0x36fd DllUnregisterServer-0xf9d9 msctf+0x2d08c @ 0x75aad08c
TF_GetGlobalCompartment+0x3dfd CtfImeIsIME-0x344 msctf+0x2964b @ 0x75aa964b
TF_GetInputScope+0xf65 CtfImeDestroyThreadMgr-0x25ae msctf+0x14d6b @ 0x75a94d6b
TF_GetInputScope+0x3176 CtfImeDestroyThreadMgr-0x39d msctf+0x16f7c @ 0x75a96f7c
CtfImeDestroyInputContext+0x280 TF_CanUninitialize-0x1c msctf+0x1e825 @ 0x75a9e825
TF_GetInputScope+0x21fc CtfImeDestroyThreadMgr-0x1317 msctf+0x16002 @ 0x75a96002
TF_GetInputScope+0x21e2 CtfImeDestroyThreadMgr-0x1331 msctf+0x15fe8 @ 0x75a95fe8
TF_GetInputScope+0xbdd CtfImeDestroyThreadMgr-0x2936 msctf+0x149e3 @ 0x75a949e3
TF_GetInputScope+0x1c1a CtfImeDestroyThreadMgr-0x18f9 msctf+0x15a20 @ 0x75a95a20
RtlIsCurrentThreadAttachExempt+0x5f TpCheckTerminateWorker-0x37 ntdll+0x39a91 @ 0x76f49a91
LdrShutdownProcess+0x97 RtlDetectHeapLeaks-0x1bb ntdll+0x58f10 @ 0x76f68f10
RtlExitUserProcess+0x74 LdrShutdownProcess-0x1d ntdll+0x58e5c @ 0x76f68e5c
ExitProcess+0x15 TerminateThread-0xa kernel32+0x17a25 @ 0x755c7a25
wscript+0x2fbd @ 0xff2fbd
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: ff 51 0c 8b 45 fc 89 be 8c 04 00 00 3b c7 74 25
exception.symbol: TF_GetCompatibleKeyboardLayout+0x5885 TF_IsCtfmonRunning-0xfd3 msctf+0x43ef4
exception.instruction: call dword ptr [ecx + 0xc]
exception.module: MSCTF.dll
exception.exception_code: 0xc0000005
exception.offset: 278260
exception.address: 0x75ac3ef4
registers.esp: 4257872
registers.edi: 0
registers.eax: 8558392
registers.ebp: 4257900
registers.edx: 1
registers.ebx: 0
registers.esi: 7068840
registers.ecx: 1932080604

File has been identified by 37 AntiVirus engines on VirusTotal as malicious (37 events)

Lionic	Hacktool.Script.Generic.3!c
FireEye	Trojan.Script.7583
CAT-QuickHeal	Exp.HTML.CVE-2010-0806.A
McAfee	JS/Exploit-BO
ALYac	Trojan.Script.7583
VIPRE	Trojan.Script.7583
K7AntiVirus	Exploit ( 04c55a8f1 )
K7GW	Exploit ( 04c55a8f1 )
Arcabit	Trojan.Script.D1D9F
Symantec	Trojan.Gen.NPE
ESET-NOD32	JS/Exploit.CVE-2010-0806.NAH
TrendMicro-HouseCall	JS_EXPLOIT.PTLO
Avast	JS:CVE-2010-0806-AG [Expl]
Cynet	Malicious (score: 99)
Kaspersky	HEUR:Exploit.Script.Generic
BitDefender	Trojan.Script.7583
NANO-Antivirus	Exploit.Script.CVE-2010-0806.bmjpd
MicroWorld-eScan	Trojan.Script.7583
Ad-Aware	Trojan.Script.7583
Emsisoft	Trojan.Script.7583 (B)
F-Secure	Malware.JS/Bofra.A.1
DrWeb	SCRIPT.Virus
TrendMicro	JS_EXPLOIT.PTLO
McAfee-GW-Edition	JS/Exploit-BO
Ikarus	JS.Bofra
Avira	JS/Bofra.A.1
Microsoft	Exploit:Win32/Senglot.Z
ViRobot	JS.S.CVE-2010-0806.2325
ZoneAlarm	HEUR:Exploit.Script.Generic
GData	Trojan.Script.7583
Google	Detected
AhnLab-V3	JS/SARS.S4
Tencent	Heur:Trojan.Script.LS_Gencirc.7040674.0
Yandex	JS.BOFExploit.Gen
MAX	malware (ai score=100)
Fortinet	JS/CVE_2010_0806.B!exploit
AVG	JS:CVE-2010-0806-AG [Expl]

jquery.min.js

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All