ScreenShot
Created | 2023.11.16 18:57 | Machine | s1_win7_x6402 |
Filename | NOV_INQUIRY.js | ||
Type | Little-endian UTF-16 Unicode text, with CRLF line terminators | ||
AI Score | Not founds | Behavior Score |
|
ZERO API | file : clean | ||
VT API (file) | |||
md5 | b22055de1a1ea49c1b4f7d64ff315471 | ||
sha256 | 6343522bdc6d71634d7fc6d0f6ac0f6b0bc1edd36060abd4fd9e700387a50601 | ||
ssdeep | 24:QKV/xnPpzfYZljxkLHDG6WLXVvM7sGG0+4whz8GyME8xL9GXBsbn6V6FE0xUtnXc:JV/pipkLHSl4j+cGOaU4E7e3LVAHE | ||
imphash | |||
impfuzzy |
Network IP location
Signature (6cnts)
Level | Description |
---|---|
watch | Network communications indicative of a potential document or script payload download was initiated by the process wscript.exe |
watch | Wscript.exe initiated network communications indicative of a script based payload download |
notice | Allocates read-write-execute memory (usually to unpack itself) |
notice | Checks adapter addresses which can be used to detect virtual network interfaces |
notice | Performs some HTTP requests |
info | One or more processes crashed |
Rules (1cnts)
Level | Name | Description | Collection |
---|---|---|---|
info | Javascript_ActiveXObject | Use ActiveXObject JavaScript | binaries (upload) |
Network (7cnts) ?
Suricata ids
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY Observed DNS Query to Pastebin-style Service (wtools .io)
ET POLICY Observed DNS Query to Pastebin-style Service (wtools .io)