Windows Analysis Report fax000497762.doc.js
Overview
General Information
Detection
Score: | 96 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Multi AV Scanner detection for submitted file
JScript performs obfuscated calls to suspicious functions
JavaScript source code contains functionality to generate code involving a shell, file or stream
JavaScript source code contains functionality to generate code involving HTTP requests or file downloads
Creates HTML files with .exe extension (expired dropper behavior)
Uses an obfuscated file name to hide its real file extension (double extension)
Java / VBScript file with very long strings (likely obfuscated code)
Uses a known web browser user agent for HTTP communication
Internet Provider seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Found WSH timer for Javascript or VBS script (likely evasive script)
Classification
Process Tree |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
No yara matches |
---|
Sigma Overview |
---|
No Sigma rule has matched |
---|
Jbx Signature Overview |
---|
Click to jump to signature section
Show All Signature Results
AV Detection: |
---|
Antivirus / Scanner detection for submitted sample | Show sources |
Source: | Avira: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | Metadefender: | Perma Link | ||
Source: | ReversingLabs: |
Software Vulnerabilities: |
---|
JavaScript source code contains functionality to generate code involving a shell, file or stream | Show sources |
Source: | Argument value : | Go to definition |
Networking: |
---|
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) | Show sources |
Source: | Snort IDS: |
System process connects to network (likely due to code injection or exploit) | Show sources |
Source: | Domain query: | |||
Source: | Network Connect: | Jump to behavior |
JavaScript source code contains functionality to generate code involving HTTP requests or file downloads | Show sources |
Source: | Argument value : | Go to definition | ||
Source: | Return value : | Go to definition | ||
Source: | Return value : | Go to definition |
Creates HTML files with .exe extension (expired dropper behavior) | Show sources |
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | ASN Name: |
Source: | HTTP traffic detected: |