popup

Report - ORDER-23116FC.pdf.js

  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2023.11.08 09:39 Machine s1_win7_x6401
Filename ORDER-23116FC.pdf.js
Type ASCII text, with very long lines, with CRLF line terminators
AI Score Not founds Behavior Score
10.0
ZERO API file : clean
VT API (file) 20 detected (Cryxos, gen60, iacgm, TOPIS, 9kuM9iQ3OWD, Eldorado, ai score=88, Wacatac, Detected)
md5 cf34cf3dc725d0145cb4b3ecfba459e7
sha256 6766c478915817f5a95bc278a0205a89d0fbc03432d544399b70ab3fdc137001
ssdeep 48:hSJE7GJLO4JJoNK5JzOTwgNS2utIGndHsRbJJz0GhD7GJ5o4fuwufQAJ6Gmfo/iT:yO1wtOMgR1uMF5SNEiGF4sdc
imphash
impfuzzy
  Network IP location

Signature (4cnts)

Level Description
warning File has been identified by 20 AntiVirus engines on VirusTotal as malicious
watch Network communications indicative of a potential document or script payload download was initiated by the process wscript.exe
watch Wscript.exe initiated network communications indicative of a script based payload download
watch wscript.exe-based dropper (JScript

Rules (0cnts)

Level Name Description Collection

Network (2cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
grapemundo.com
whois
IN PUBLIC-DOMAIN-REGISTRY 103.50.163.157 mailcious
103.50.163.157
whois
IN PUBLIC-DOMAIN-REGISTRY 103.50.163.157 mailcious

Suricata ids

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure

Similarity measure (PE file only) - Checking for service failure