Report - B612.wsf

ScreenShot

Info
Location map


Created	2023.04.26 09:38	Machine	s1_win7_x6402
Filename	B612.wsf
Type	Non-ISO extended-ASCII text, with very long lines, with CRLF, LF line terminators
AI Score	Not founds	Behavior Score	10.0
ZERO API	file : clean
VT API (file)
md5	1203925e308bb967984771d3330c9eae
sha256	1609e8187996800f842200939a35315c4e0bde8af7ae5df56cc57934387b6698
ssdeep	1536:aWxFXrkW4/MXcKJU//4mhWPX6B9JIK1WmhjYtGlCYLgGkHJ:v7kW3XD0vhWPkJbZYKpNkp
imphash
impfuzzy

Network IP location

Signature (6cnts)

Level	Description
watch	Network communications indicative of a potential document or script payload download was initiated by the process wscript.exe
watch	Wscript.exe initiated network communications indicative of a script based payload download
watch	wscript.exe-based dropper (JScript
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Performs some HTTP requests
info	One or more processes crashed

Rules (0cnts)

Level	Name	Description	Collection

Network (3cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?
http://bristolroofingca.com/zWhP0nv/2 whois		UNIFIEDLAYER-AS-1	192.185.98.171	31084	malware
bristolroofingca.com whois		UNIFIEDLAYER-AS-1	192.185.98.171		malware
192.185.98.171 whois		UNIFIEDLAYER-AS-1	192.185.98.171		phishing

Suricata ids

Similarity measure (PE file only) - Checking for service failure