Analysis Overview
SHA256
1f6ed75256a5ea2e3c235df69f077f808376ce95eae962d0f234631907d9dde6
Threat Level: Likely benign
The file 25-Aug-7914026146.zip was found to be: Likely benign.
Malicious Activity Summary
Program crash
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-08-25 18:58
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2022-08-25 18:58
Reported
2022-08-25 19:01
Platform
win10v2004-20220812-en
Max time kernel
129s
Max time network
133s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\WerFault.exe |
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\How_to_threaten_legal_action_sample_letter (cpa).js"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 444 -p 3652 -ip 3652
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 3652 -s 1472
Network
| Country | Destination | Domain | Proto |
| NL | 104.110.191.133:80 | tcp | |
| US | 20.189.173.2:443 | tcp | |
| US | 93.184.220.29:80 | tcp | |
| US | 8.8.8.8:53 | 78.171.72.100.in-addr.arpa | udp |
| US | 209.197.3.8:80 | tcp | |
| US | 209.197.3.8:80 | tcp | |
| US | 209.197.3.8:80 | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2022-08-25 18:58
Reported
2022-08-25 19:01
Platform
win10v2004-20220812-en
Max time kernel
122s
Max time network
125s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\9d5e4d05e40d812badc9be41ee077793ee4556f81c6ca6950cfe95b988bc5900.js
Network
| Country | Destination | Domain | Proto |
| US | 93.184.221.240:80 | tcp | |
| US | 93.184.221.240:80 | tcp | |
| US | 93.184.221.240:80 | tcp | |
| US | 93.184.220.29:80 | tcp | |
| NL | 104.80.225.205:443 | tcp | |
| US | 8.8.8.8:53 | 70.56.116.100.in-addr.arpa | udp |
| US | 93.184.221.240:80 | tcp |