popup

Report - ORDER-231211.Xls.js

  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2023.12.14 10:29 Machine s1_win7_x6403_us
Filename ORDER-231211.Xls.js
Type ASCII text, with very long lines, with CRLF line terminators
AI Score Not founds Behavior Score
10.0
ZERO API file : clean
VT API (file) 22 detected (Cryxos, gen60, iacgm, Detected, ABRisk, YTIT, ai score=84)
md5 516442412f0c621f39abd64b645f587c
sha256 3dbe569606e7cb9d93ad9f5bb8135fb9e6faf2d525c365dbc0eb672a45419ff9
ssdeep 48:MOIWNECVZvY3thH1S4T0O2NiIVEggU3mOOFANEeoTmKaU9Osxi4OcKGE+G:zYCVZ+FTbmVEgg+u9Ny8MXV+G
imphash
impfuzzy
  Network IP location

Signature (4cnts)

Level Description
warning File has been identified by 22 AntiVirus engines on VirusTotal as malicious
watch Network communications indicative of a potential document or script payload download was initiated by the process wscript.exe
watch Wscript.exe initiated network communications indicative of a script based payload download
watch wscript.exe-based dropper (JScript

Rules (0cnts)

Level Name Description Collection

Network (2cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
nac-ecs.co.mz
whois
US INMOTI-1 144.208.78.130 malware
144.208.78.130
whois
US INMOTI-1 144.208.78.130 malware

Suricata ids

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure

Similarity measure (PE file only) - Checking for service failure