popup

Report - I_139153.js

  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.06.25 13:30 Machine s1_win7_x6402
Filename I_139153.js
Type ASCII text, with very long lines, with CRLF line terminators
AI Score Not founds Behavior Score
10.0
ZERO API file : clean
VT API (file) 39 detected (Nemucod, Eldorado, Cerber, JS03d, Cryptoload, iacgm, Hqlu, ExploitPdfjsc, JSDl, ai score=83, CLASSIC, Locky, qexvmc)
md5 239a49edd5b5a6f189fa10dabe67ac70
sha256 2a561027c5c1f4daadd16f84e1e268baa9c521373424a558ad4f3abf231ffa93
ssdeep 384:rcy40n+gnmUxa2ZVpsw0zrGNDGT3FCmBG08KB2GtlKBeGtocvgH/rNcK1g3A+J64:rcyznxnmUxnVpsw0zrGNDGT3FHBG08Kg
imphash
impfuzzy
  Network IP location

Signature (6cnts)

Level Description
danger File has been identified by 39 AntiVirus engines on VirusTotal as malicious
watch Communicates with host for which no DNS query was performed
watch Network communications indicative of a potential document or script payload download was initiated by the process wscript.exe
watch Wscript.exe initiated network communications indicative of a script based payload download
watch wscript.exe-based dropper (JScript
notice Performs some HTTP requests

Rules (0cnts)

Level Name Description Collection

Network (6cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
http://goliathstoneindustries.com/873gfhi3f3r??YhkGTDta=YhkGTDta
whois
SG USONYX PTE LTD 103.26.41.24 clean
goliathstoneindustries.com
whois
SG USONYX PTE LTD 103.26.41.24 mailcious
www.goliathstoneindustries.com
whois
SG USONYX PTE LTD 103.26.41.24 clean
sherylbro.net
whois
Unknown malware
schwellenwertdaten.de
whois
Unknown malware
103.26.41.24
whois
SG USONYX PTE LTD 103.26.41.24 clean

Suricata ids

ET POLICY Unsupported/Fake Windows NT Version 5.0
ET MALWARE Nemucod JS Downloader Aug 01 2017

Similarity measure (PE file only) - Checking for service failure