Windows
Analysis Report
f_171038 (2)
Overview
General Information
Detection
Score: | 52 |
Range: | 0 - 100 |
Confidence: | 100% |
Signatures
Multi AV Scanner detection for submitted file
Sigma detected: WScript or CScript Dropper
Creates a process in suspended mode (likely to inject code)
Found WSH timer for Javascript or VBS script (likely evasive script)
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Classification
- System is w10x64_ra
wscript.exe (PID: 6284 cmdline:
C:\Windows \System32\ WScript.ex e "C:\User s\user\Des ktop\f_171 038 (2).js " MD5: A47CBE969EA935BDD3AB568BB126BC80)
OpenWith.exe (PID: 7156 cmdline:
C:\Windows \system32\ OpenWith.e xe -Embedd ing MD5: E4A834784FA08C17D47A1E72429C5109) firefox.exe (PID: 1560 cmdline:
"C:\Progra m Files\Mo zilla Fire fox\firefo x.exe" -os int -url " C:\Users\u ser\Deskto p\f_171038 (2).js" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045) firefox.exe (PID: 5320 cmdline:
"C:\Progra m Files\Mo zilla Fire fox\firefo x.exe" -os int -url " C:\Users\u ser\Deskto p\f_171038 (2).js" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045) firefox.exe (PID: 1564 cmdline:
"C:\Progra m Files\Mo zilla Fire fox\firefo x.exe" -co ntentproc --channel= 2304 -pare ntBuildID 2023092723 2528 -pref sHandle 22 48 -prefMa pHandle 22 32 -prefsL en 25250 - prefMapSiz e 237879 - win32kLock edDown -ap pDir "C:\P rogram Fil es\Mozilla Firefox\b rowser" - {5f959d3a- 1866-4fd5- 998a-1a310 4bcceb0} 5 320 "\\.\p ipe\gecko- crash-serv er-pipe.53 20" 250702 6b710 sock et MD5: C86B1BE9ED6496FE0E0CBE73F81D8045) firefox.exe (PID: 3052 cmdline:
"C:\Progra m Files\Mo zilla Fire fox\firefo x.exe" -co ntentproc --channel= 4024 -pare ntBuildID 2023092723 2528 -pref sHandle 40 20 -prefMa pHandle 40 16 -prefsL en 26265 - prefMapSiz e 237879 - appDir "C: \Program F iles\Mozil la Firefox \browser" - {9832eef 8-57dc-4ad 5-8303-819 7d20dc6a7} 5320 "\\. \pipe\geck o-crash-se rver-pipe. 5320" 2508 20b3b10 rd d MD5: C86B1BE9ED6496FE0E0CBE73F81D8045) firefox.exe (PID: 1728 cmdline:
"C:\Progra m Files\Mo zilla Fire fox\firefo x.exe" -co ntentproc --channel= 2708 -pare ntBuildID 2023092723 2528 -sand boxingKind 0 -prefsH andle 3428 -prefMapH andle 2528 -prefsLen 33331 -pr efMapSize 237879 -wi n32kLocked Down -appD ir "C:\Pro gram Files \Mozilla F irefox\bro wser" - {4 0896e80-ee f5-4a65-bf 86-7a5f465 a3171} 532 0 "\\.\pip e\gecko-cr ash-server -pipe.5320 " 2508aaf6 510 utilit y MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
- cleanup
⊘No yara matches
System Summary |
---|
Source: | Author: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: |
Source: | Author: Michael Haag: |
⊘No Suricata rule has matched
- • AV Detection
- • Compliance
- • Software Vulnerabilities
- • Networking
- • System Summary
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
- • HIPS / PFW / Operating System Protection Evasion
- • Language, Device and Operating System Detection
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Memory has grown: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |