popup

Report - Edge.js

  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.07.29 09:46 Machine s1_win7_x6402
Filename Edge.js
Type ASCII text, with CRLF line terminators
AI Score Not founds Behavior Score
10.0
ZERO API file : clean
VT API (file) 4 detected (gen406, SLoad)
md5 8a005a721fcf3972456cb12e0a4f3fa0
sha256 f1df2c9befe5e84082891195415c8b032fbf3859090e1e3a856fb9611f85bb5c
ssdeep 48:mup04JDUsJBeNWczSxWDE1YWbJVLNSJ3WQFSVV9vuByx33udwi6Df8zv5XYH:g41jeNRzUNK3WQFMV9mBA33udwi6Ovd6
imphash
impfuzzy
  Network IP location

Signature (4cnts)

Level Description
watch Network communications indicative of a potential document or script payload download was initiated by the process wscript.exe
watch Wscript.exe initiated network communications indicative of a script based payload download
watch wscript.exe-based dropper (JScript
notice File has been identified by 4 AntiVirus engines on VirusTotal as malicious

Rules (0cnts)

Level Name Description Collection

Network (2cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
fe1eaf89.office.drpease.com
whois
LT UAB Cherry Servers 195.189.96.41 clean
195.189.96.41
whois
LT UAB Cherry Servers 195.189.96.41 clean

Suricata ids

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure

Similarity measure (PE file only) - Checking for service failure