ScreenShot
| Created | 2021.06.25 11:38 | Machine | s1_win7_x6402 |
| Filename | JV8256491470.js | ||
| Type | ASCII text, with very long lines, with CRLF line terminators | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 40 detected (Nemucod, Locky, Eldorado, Decode, iacgm, Hacktool, Malware@#3lm8pu8cj3w77, ExpKit, Gen2, JSRANSOM, auvc, TGeneric, Swabfex, NP@gen, TOPIS, 6zoMYUTbQQN, ai score=85) | ||
| md5 | fba84df6b9bf9bd8f09b9fe20714b379 | ||
| sha256 | 89ee3c5ae8900306571edddfe40ba964838e401d9b7c7eaf5f37576f8313915c | ||
| ssdeep | 96:NjTrpT9ySUrHOaTkWD546SP2iTvNm04T2GyZ:5Tx9PUruaTkI4hO41m04a7 | ||
| imphash | |||
| impfuzzy | |||
Network IP location
Signature (11cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 40 AntiVirus engines on VirusTotal as malicious |
| danger | The process wscript.exe wrote an executable file to disk which it then attempted to execute |
| danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| watch | Communicates with host for which no DNS query was performed |
| watch | Drops a binary and executes it |
| watch | Network communications indicative of a potential document or script payload download was initiated by the process wscript.exe |
| watch | One or more non-whitelisted processes were created |
| watch | Wscript.exe initiated network communications indicative of a script based payload download |
| watch | wscript.exe-based dropper (JScript |
| notice | Creates executable files on the filesystem |
| notice | Performs some HTTP requests |
Rules (0cnts)
| Level | Name | Description | Collection |
|---|
Network (4cnts) ?
Suricata ids
ET MALWARE Possible Malicious Macro DL EXE Feb 2016
ET MALWARE Possible Malicious Macro EXE DL AlphaNumL
ET MALWARE Possible Malicious Macro DL BIN May 2016 (No UA)
ET MALWARE Possible Malicious Macro EXE DL AlphaNumL
ET MALWARE Possible Malicious Macro DL BIN May 2016 (No UA)