Report - Complaint_Copy_838511.wsf

ScreenShot

Info
Location map


Created	2023.04.20 11:18	Machine	s1_win7_x6401
Filename	Complaint_Copy_838511.wsf
Type	Non-ISO extended-ASCII text, with very long lines, with CRLF, LF line terminators
AI Score	Not founds	Behavior Score	10.0
ZERO API	file : clean
VT API (file)
md5	0038e8cfc6deaa5e8b9ba11affaeea2d
sha256	6c861ff6546836d6a76f5444f8a70f4d6c65f2369f76557822bce2b1a40b802e
ssdeep	384:AZwOuqQwE5nyzJcqHTaomG5RCxIVdVxeZJ:ATumW0TaD+oxItx0
imphash
impfuzzy

Network IP location

Signature (11cnts)

Level	Description
danger	A potential heapspray has been detected. 2877 megabytes was sprayed onto the heap of the wscript.exe process
danger	The process wscript.exe wrote an executable file to disk which it then attempted to execute
watch	Communicates with host for which no DNS query was performed
watch	Network communications indicative of a potential document or script payload download was initiated by the process wscript.exe
watch	One or more non-whitelisted processes were created
watch	Wscript.exe initiated network communications indicative of a script based payload download
watch	wscript.exe-based dropper (JScript
notice	HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice	Performs some HTTP requests
info	Checks amount of memory in system
info	One or more processes crashed

Rules (0cnts)

Level	Name	Description	Collection

Network (2cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?
http://103.20.235.243/aSxBaqnfj98wz.dat whois		Over The Wire Pty Ltd	103.20.235.243		clean
103.20.235.243 whois		Over The Wire Pty Ltd	103.20.235.243		mailcious

Suricata ids

Similarity measure (PE file only) - Checking for service failure