Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.21 02:09
random.exe
09.21 02:09
sdhsfd.exe
09.21 02:09
66edb89bc4073_crypted....
09.21 02:09
66ed33772bbe7_vdfhsjf1...
09.21 02:09
game.exe
09.21 02:09
66ebb3bf78bd6_Send.exe...
09.21 02:09
66ed33717e4c1_vfdshfda...
09.21 02:09
random.exe
09.21 02:09
66ed336eac985_vdfhssfd...
09.21 02:09
66ed7ef071886_crypted....

Latest News
09.21 11:09
Against Elitism
09.21 11:09
5 Best Practices For E...
09.21 10:09
Fälschung enttarnt: De...
09.21 10:09
ChatGPT o1: Revolution...
09.21 09:09
Sicherheitsgründe: Ukr...
09.21 08:09
Steel Reinforcement To...
09.21 07:09
Iranian Hackers Tried ...
09.21 06:09
Prime Day is approachi...
09.21 06:09
heise-Angebot: NEU im ...
09.21 06:09
Datenschutzvorfall bei...

Summary | ZeroBOX

Update.js

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	July 23, 2024, 1:30 p.m.	July 23, 2024, 1:32 p.m.

Size	6.2KB
Type	ASCII text, with very long lines
MD5	`af1c1d465d40a3f73b01c13f7dcd541a`
SHA256	`141d907662caa497fd9ecc71b59da824d5f5bd926990c512009b547df35d9054`
CRC32	`4D817CCA`
ssdeep	`192:NBZPvj223JERkFQNlGrYQVtYLGjm7i5jjIKMDu2ci:FSjlGBjai5jcroi`
Yara	None matched

wscript.exe "C:\Windows\System32\wscript.exe" C:\Users\test22\AppData\Local\Temp\Update.js
632

Name	Response	Post-Analysis Lookup
usve.loyalty.hienphucuanhanloai.org	A 45.88.186.194	45.88.186.194

IP Address	Status	Action
164.124.101.2	Active	Moloch
45.88.186.194	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49161 -> 45.88.186.194:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 45.88.186.194:443 -> 192.168.56.103:49164	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49163 -> 45.88.186.194:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

Suricata TLS

No Suricata TLS

Wscript.exe initiated network communications indicative of a script based payload download (2 events)

Time & API	Arguments	Status	Return	Repeated
InternetCrackUrlW July 23, 2024, 1:30 p.m.	url: https://usve.loyalty.hienphucuanhanloai.org/orderReview flags: 0	1	1	0
HttpOpenRequestW July 23, 2024, 1:30 p.m.	connect_handle: 0x00cc0008 http_version: flags: 81788928 http_method: POST referer: path: /orderReview	1	13369356	0

wscript.exe-based dropper (JScript, VBS) (1 event)

Network communications indicative of a potential document or script payload download was initiated by the process wscript.exe (12 events)

Time & API	Arguments	Status	Return	Repeated
InternetCrackUrlW July 23, 2024, 1:30 p.m.	url: https://usve.loyalty.hienphucuanhanloai.org/orderReview flags: 0	1	1	0
HttpOpenRequestW July 23, 2024, 1:30 p.m.	connect_handle: 0x00cc0008 http_version: flags: 81788928 http_method: POST referer: path: /orderReview	1	13369356	0
send July 23, 2024, 1:30 p.m.	buffer: ! socket: 828 sent: 1	1	1	0
send July 23, 2024, 1:30 p.m.	buffer: f1ÑLpÑØYRFm¨:o÷é¼Ü'_¯H/5 ÀÀÀ À 28Aÿ(&#usve.loyalty.hienphucuanhanloai.org socket: 940 sent: 139	1	139	0
send July 23, 2024, 1:30 p.m.	buffer: ! socket: 828 sent: 1	1	1	0
send July 23, 2024, 1:30 p.m.	buffer: ! socket: 828 sent: 1	1	1	0
send July 23, 2024, 1:30 p.m.	buffer: f1Òæ§)É@:Ñ×µ§YKìÛ mcÊÈµvë©4/5 ÀÀÀ À 28Aÿ(&#usve.loyalty.hienphucuanhanloai.org socket: 940 sent: 139	1	139	0
send July 23, 2024, 1:30 p.m.	buffer: ! socket: 828 sent: 1	1	1	0
send July 23, 2024, 1:30 p.m.	buffer: ! socket: 828 sent: 1	1	1	0
send July 23, 2024, 1:30 p.m.	buffer: 51f1Ò¹~ô«Û4Ýé"´«4©eîÀ«ÓèýK: ÿ socket: 1052 sent: 58	1	58	0
send July 23, 2024, 1:30 p.m.	buffer: ! socket: 828 sent: 1	1	1	0
send July 23, 2024, 1:30 p.m.	buffer: ! socket: 828 sent: 1	1	1	0