Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.21 02:09
random.exe
09.21 02:09
sdhsfd.exe
09.21 02:09
66edb89bc4073_crypted....
09.21 02:09
66ed33772bbe7_vdfhsjf1...
09.21 02:09
game.exe
09.21 02:09
66ebb3bf78bd6_Send.exe...
09.21 02:09
66ed33717e4c1_vfdshfda...
09.21 02:09
random.exe
09.21 02:09
66ed336eac985_vdfhssfd...
09.21 02:09
66ed7ef071886_crypted....

Latest News
09.21 11:09
LinkedIn Halts AI Data...
09.21 11:09
Ukraine Bans Telegram ...
09.21 11:09
Against Elitism
09.21 11:09
5 Best Practices For E...
09.21 10:09
Fälschung enttarnt: De...
09.21 10:09
ChatGPT o1: Revolution...
09.21 09:09
Sicherheitsgründe: Ukr...
09.21 08:09
Steel Reinforcement To...
09.21 07:09
Iranian Hackers Tried ...
09.21 06:09
Prime Day is approachi...

Summary | ZeroBOX

Update.js

Category	Machine	Started	Completed
FILE	s1_win7_x6401	July 23, 2024, 11:31 a.m.	July 23, 2024, 11:37 a.m.

Size	6.1KB
Type	ASCII text, with very long lines
MD5	`015f9a818b239f52fff35740eb74cb80`
SHA256	`3a33662644276f85c5494d5cce3c96a4527fa275a280f019277283dc970a1e06`
CRC32	`3B60B6AF`
ssdeep	`192:64HdhqvPsOLU+gvVSfFszMjUHbC81k+Mabi25ryMYuIv7f4V4YdOMv1IHdwfXJ+R:bHdhaVNh4bi25rYuIv7fI4YkMwdwfZ+R`
Yara	None matched

wscript.exe "C:\Windows\System32\wscript.exe" C:\Users\test22\AppData\Local\Temp\Update.js
2544

Name	Response	Post-Analysis Lookup
btram.loyalty.hienphucuanhanloai.org	A 45.88.186.194	45.88.186.194

IP Address	Status	Action
164.124.101.2	Active	Moloch
45.88.186.194	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49161 -> 45.88.186.194:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49163 -> 45.88.186.194:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 45.88.186.194:443 -> 192.168.56.101:49164	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Wscript.exe initiated network communications indicative of a script based payload download (2 events)

Time & API	Arguments	Status	Return	Repeated
InternetCrackUrlW July 23, 2024, 11:31 a.m.	url: https://btram.loyalty.hienphucuanhanloai.org/orderReview flags: 0	1	1	0
HttpOpenRequestW July 23, 2024, 11:31 a.m.	connect_handle: 0x00cc0008 http_version: flags: 81788928 http_method: POST referer: path: /orderReview	1	13369356	0

wscript.exe-based dropper (JScript, VBS) (1 event)

Network communications indicative of a potential document or script payload download was initiated by the process wscript.exe (12 events)

Time & API	Arguments	Status	Return	Repeated
InternetCrackUrlW July 23, 2024, 11:31 a.m.	url: https://btram.loyalty.hienphucuanhanloai.org/orderReview flags: 0	1	1	0
HttpOpenRequestW July 23, 2024, 11:31 a.m.	connect_handle: 0x00cc0008 http_version: flags: 81788928 http_method: POST referer: path: /orderReview	1	13369356	0
send July 23, 2024, 11:31 a.m.	buffer: ! socket: 844 sent: 1	1	1	0
send July 23, 2024, 11:31 a.m.	buffer: f]´*ûpOKØ ¼Å½it÷?Âë8nÜìy×`/5 ÀÀÀ À 28Bÿ)'$btram.loyalty.hienphucuanhanloai.org socket: 956 sent: 140	1	140	0
send July 23, 2024, 11:31 a.m.	buffer: ! socket: 844 sent: 1	1	1	0
send July 23, 2024, 11:31 a.m.	buffer: ! socket: 844 sent: 1	1	1	0
send July 23, 2024, 11:31 a.m.	buffer: f8[å5Ç]P÷VX¨¹Á(Û8nqq#°ku/5 ÀÀÀ À 28Bÿ)'$btram.loyalty.hienphucuanhanloai.org socket: 956 sent: 140	1	140	0
send July 23, 2024, 11:31 a.m.	buffer: ! socket: 844 sent: 1	1	1	0
send July 23, 2024, 11:31 a.m.	buffer: ! socket: 844 sent: 1	1	1	0
send July 23, 2024, 11:31 a.m.	buffer: 51f"`Y±Ë-Ø$y»Üu7O×Ír×3åÙ¤ËÏ ÿ socket: 956 sent: 58	1	58	0
send July 23, 2024, 11:31 a.m.	buffer: ! socket: 844 sent: 1	1	1	0
send July 23, 2024, 11:31 a.m.	buffer: ! socket: 844 sent: 1	1	1	0