popup

Report - Update.js

  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2024.07.23 11:37 Machine s1_win7_x6401
Filename Update.js
Type ASCII text, with very long lines
AI Score Not founds Behavior Score
10.0
ZERO API file : clean
VT API (file)
md5 015f9a818b239f52fff35740eb74cb80
sha256 3a33662644276f85c5494d5cce3c96a4527fa275a280f019277283dc970a1e06
ssdeep 192:64HdhqvPsOLU+gvVSfFszMjUHbC81k+Mabi25ryMYuIv7f4V4YdOMv1IHdwfXJ+R:bHdhaVNh4bi25rYuIv7fI4YkMwdwfZ+R
imphash
impfuzzy
  Network IP location

Signature (3cnts)

Level Description
watch Network communications indicative of a potential document or script payload download was initiated by the process wscript.exe
watch Wscript.exe initiated network communications indicative of a script based payload download
watch wscript.exe-based dropper (JScript

Rules (0cnts)

Level Name Description Collection

Network (2cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
btram.loyalty.hienphucuanhanloai.org
whois
US GBTCLOUD 45.88.186.194 clean
45.88.186.194
whois
US GBTCLOUD 45.88.186.194 clean

Suricata ids

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure

Similarity measure (PE file only) - Checking for service failure