Report - Order_inquiry_012_013_21.js

ScreenShot

Info
Location map


Created	2021.09.14 10:31	Machine	s1_win7_x6402
Filename	Order_inquiry_012_013_21.js
Type	ASCII text, with very long lines, with no line terminators
AI Score	Not founds	Behavior Score	10.0
ZERO API	file : clean
VT API (file)
md5	9beeb0cd672264c6db9a47fc34e0fd7a
sha256	c504a603ade3dee1caa6b200b65c06ffd9325c2e4cd31e28cd8dcc1ac4a0803b
ssdeep	384:2YESpD76NQOzCJAtFMoQ4AA7ZanqS/OWhSbJ2zd6F:1XixZwq0g2zU
imphash
impfuzzy

Network IP location

Signature (12cnts)

Level	Description
danger	The process wscript.exe wrote an executable file to disk which it then attempted to execute
warning	Generates some ICMP traffic
watch	Installs itself for autorun at Windows startup
watch	Network communications indicative of a potential document or script payload download was initiated by the process wscript.exe
watch	One or more non-whitelisted processes were created
watch	Wscript.exe initiated network communications indicative of a script based payload download
watch	wscript.exe-based dropper (JScript
notice	A process created a hidden window
notice	Creates a suspicious process
notice	Uses Windows utilities for basic Windows functionality
info	Command line console output was observed
info	Queries for the computername

Rules (0cnts)

Level	Name	Description	Collection

Network (3cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?
http://grace2020.home-webserver.de:3774/Vre whois		CMCS	31.210.20.230		clean
grace2020.home-webserver.de whois		CMCS	31.210.20.230		mailcious
31.210.20.230 whois		CMCS	31.210.20.230		clean

Suricata ids

Similarity measure (PE file only) - Checking for service failure