Report - Order_inquiry_021_014_21.js

ScreenShot

Info
Location map


Created	2021.09.15 12:20	Machine	s1_win7_x6402
Filename	Order_inquiry_021_014_21.js
Type	ASCII text, with very long lines, with no line terminators
AI Score	Not founds	Behavior Score	10.0
ZERO API	file : clean
VT API (file)	11 detected (Outbreak, Nemucod, ai score=84)
md5	836365de25b8b33c14a7971eeca6151b
sha256	a51cc3c60ccd7b5ea425e70d4a6d3b66174f6e0b71304e9cc34bd800e54d6bc4
ssdeep	384:wLvHm13dN8b4H28naIpRkIfyqcmNxey3hzi8zzHLRsdqjyNLxFcXtqFZaZ:wi1tNXT7PWchmYxsdqjyNNFc0FZaZ
imphash
impfuzzy

Network IP location

Signature (12cnts)

Level	Description
danger	The process wscript.exe wrote an executable file to disk which it then attempted to execute
watch	File has been identified by 11 AntiVirus engines on VirusTotal as malicious
watch	Installs itself for autorun at Windows startup
watch	Network communications indicative of a potential document or script payload download was initiated by the process wscript.exe
watch	One or more non-whitelisted processes were created
watch	Wscript.exe initiated network communications indicative of a script based payload download
watch	wscript.exe-based dropper (JScript
notice	A process created a hidden window
notice	Creates a suspicious process
notice	Uses Windows utilities for basic Windows functionality
info	Command line console output was observed
info	Queries for the computername

Rules (0cnts)

Level	Name	Description	Collection

Network (3cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?
http://grace2020.home-webserver.de:3774/Vre whois		CMCS	31.210.20.230	5149	mailcious
grace2020.home-webserver.de whois		CMCS	31.210.20.230		mailcious
31.210.20.230 whois		CMCS	31.210.20.230		mailcious

Suricata ids

Similarity measure (PE file only) - Checking for service failure