Report - C713.wsf

ScreenShot

Info
Location map


Created	2023.05.03 09:55	Machine	s1_win7_x6402
Filename	C713.wsf
Type	UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
AI Score	Not founds	Behavior Score	10.0
ZERO API	file : clean
VT API (file)
md5	ad4bcd97e9014f9f76b05d5db8b1e273
sha256	2cfffc7aff2656ddac2d73b855a70757e5370bf1af8f1ba1355daa23fdfef351
ssdeep	768:FjAbTum3DfTvVmnw5WyDCblhkehECwcbTum3DDe2xJ1ll:Fjkl3DbvwnPlDhvLl3Dzr
imphash
impfuzzy

Network IP location

Signature (8cnts)

Level	Description
danger	A potential heapspray has been detected. 2515 megabytes was sprayed onto the heap of the wscript.exe process
warning	Generates some ICMP traffic
warning	Uses WMI to create a new process
watch	Network communications indicative of a potential document or script payload download was initiated by the process wscript.exe
watch	Wscript.exe initiated network communications indicative of a script based payload download
watch	wscript.exe-based dropper (JScript
notice	Performs some HTTP requests
info	Queries for the computername

Rules (0cnts)

Level	Name	Description	Collection

Network (9cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?
https://tridayaonline.com/rf7H/1203 whois		PT Infinys System Indonesia	103.41.206.174		clean
puntoproduction.com whois		UNIFIEDLAYER-AS-1	162.241.194.193		clean
abragest.com whois		UNIFIEDLAYER-AS-1	192.185.79.168		clean
tridayaonline.com whois		PT Infinys System Indonesia	103.41.206.174		clean
demosites.live whois		UNIFIEDLAYER-AS-1	108.167.180.121		clean
108.167.180.121 whois		UNIFIEDLAYER-AS-1	108.167.180.121		clean
162.241.194.193 whois		UNIFIEDLAYER-AS-1	162.241.194.193		clean
192.185.79.168 whois		UNIFIEDLAYER-AS-1	192.185.79.168		clean
103.41.206.174 whois		PT Infinys System Indonesia	103.41.206.174		clean

Suricata ids

Similarity measure (PE file only) - Checking for service failure