bdolsx.vbs

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

Performs some HTTP requests (1 event)

request

GET https://paste.ee/d/ntKQd

File has been identified by 5 AntiVirus engines on VirusTotal as malicious (5 events)

Symantec	ISB.Downloader!gen40
Avast	Script:SNH-gen [Trj]
Kaspersky	HEUR:Trojan.VBS.SAgent.gen
ZoneAlarm	HEUR:Trojan.VBS.SAgent.gen
AVG	Script:SNH-gen [Trj]

Wscript.exe initiated network communications indicative of a script based payload download (3 events)

Time & API	Arguments	Status	Return	Repeated
WSASend Oct. 27, 2023, 10:51 a.m.	buffer:  k g e;ª¥Ë¡š®òHОAú ٍ¾YBBáãm”ƒ/5 ÀÀÀ À 28 &ÿ paste.ee  socket: 972		0	0
WSASend Oct. 27, 2023, 10:51 a.m.	buffer:  FBA]Yý;ÍöxÂÒ¥ÙDÓݬáèü/±RôOök”X® XŽ°¦ô©äPÿ>Z ‡ò’ü.Ӏè >h^  0‹óm0‹ýÅ‚·Ä”$©*^µ•mT ’2uò¶‡ÃL#J†6ˆÓ9R ‡Ó socket: 972		0	0
WSASend Oct. 27, 2023, 10:51 a.m.	buffer:  À£ö¬„ó*éP%†ËÛøÑ»K¦Å¦q‡cÀ¾­g–bHg·oö:æÞ»ÈÆ֍.x¨“¡änóÉ%Rà8!´Yù •}¼!í¶)@»ëÉÑ‹%^Aû–ÞÛ.ù¨ÁLðcúf„?Dòã䖍^«6¬†ŽTs÷¤eGÿIn¥e¸5>ísÓíü^õ}@3HÏ#[lJà ¿EmIúÝJE)³‚ó4Þ, ÞZšÉ˜)ò¯˜Óù¨kÛÊÍ socket: 972		0	0

Attempts to create or modify system certificates (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\Blob

Network communications indicative of a potential document or script payload download was initiated by the process wscript.exe (3 events)

Time & API	Arguments	Status	Return	Repeated
WSASend Oct. 27, 2023, 10:51 a.m.	buffer:  k g e;ª¥Ë¡š®òHОAú ٍ¾YBBáãm”ƒ/5 ÀÀÀ À 28 &ÿ paste.ee  socket: 972		0	0
WSASend Oct. 27, 2023, 10:51 a.m.	buffer:  FBA]Yý;ÍöxÂÒ¥ÙDÓݬáèü/±RôOök”X® XŽ°¦ô©äPÿ>Z ‡ò’ü.Ӏè >h^  0‹óm0‹ýÅ‚·Ä”$©*^µ•mT ’2uò¶‡ÃL#J†6ˆÓ9R ‡Ó socket: 972		0	0
WSASend Oct. 27, 2023, 10:51 a.m.	buffer:  À£ö¬„ó*éP%†ËÛøÑ»K¦Å¦q‡cÀ¾­g–bHg·oö:æÞ»ÈÆ֍.x¨“¡änóÉ%Rà8!´Yù •}¼!í¶)@»ëÉÑ‹%^Aû–ÞÛ.ù¨ÁLðcúf„?Dòã䖍^«6¬†ŽTs÷¤eGÿIn¥e¸5>ísÓíü^õ}@3HÏ#[lJà ¿EmIúÝJE)³‚ó4Þ, ÞZšÉ˜)ò¯˜Óù¨kÛÊÍ socket: 972		0	0