Analysis Overview
SHA256
3900b9213c574231b117b06b5a7cf3426d5c4458d75fa65a2baae7ff60ca6bdf
Threat Level: Likely malicious
The file 18-Aug-7892746132.zip was found to be: Likely malicious.
Malicious Activity Summary
Blocklisted process makes network request
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-08-18 13:35
Signatures
Analysis: behavioral4
Detonation Overview
Submitted
2022-08-18 13:35
Reported
2022-08-18 13:38
Platform
win7-20220812-en
Max time kernel
117s
Max time network
130s
Command Line
Signatures
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\wscript.exe | N/A |
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\ef5918cad072c9ef777a7fe004dadec8dd9af3fcd5036f9161cd8ff97f04c623.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.lukeamiller.net | udp |
| US | 69.163.163.127:443 | www.lukeamiller.net | tcp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2022-08-18 13:35
Reported
2022-08-18 13:38
Platform
win7-20220812-en
Max time kernel
45s
Max time network
48s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Sample_referral_agreement_contract (eje).js"
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2022-08-18 13:35
Reported
2022-08-18 13:38
Platform
win7-20220812-en
Max time kernel
115s
Max time network
128s
Command Line
Signatures
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\wscript.exe | N/A |
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\3388d4b4242b1c842cf37a0642566e2eb5ddd8aaac575269082023fc26ac32fa.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.lukeamiller.net | udp |
| US | 69.163.163.127:443 | www.lukeamiller.net | tcp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2022-08-18 13:35
Reported
2022-08-18 13:38
Platform
win7-20220812-en
Max time kernel
96s
Max time network
109s
Command Line
Signatures
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\wscript.exe | N/A |
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Tenant_snow_removal_agreement_ontario (mgrrf).js"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.lukeamiller.net | udp |
| US | 69.163.163.127:443 | www.lukeamiller.net | tcp |