ngone.vbs

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

Performs some HTTP requests (1 event)

request

GET https://paste.ee/d/zTsQV

File has been identified by 5 AntiVirus engines on VirusTotal as malicious (5 events)

Symantec	ISB.Downloader!gen40
Avast	Script:SNH-gen [Trj]
Kaspersky	HEUR:Trojan.VBS.SAgent.gen
ZoneAlarm	HEUR:Trojan.VBS.SAgent.gen
AVG	Script:SNH-gen [Trj]

Wscript.exe initiated network communications indicative of a script based payload download (3 events)

Time & API	Arguments	Status	Return	Repeated
WSASend Oct. 27, 2023, 10:51 a.m.	buffer:  k g e;­²}¡ápñ_3û³I¼:è:ìÝÈNUysLg0¥/5 ÀÀÀ À 28 &ÿ paste.ee  socket: 968		0	0
WSASend Oct. 27, 2023, 10:51 a.m.	buffer:  FBAQÙû3¾d2’~Ýuë¡k¬)‹ž=Þ{f›LRŠDrdibßÁ¬sd²'Ô;@‘ Çnÿ/JI\OR  0q €Å’lÛÂ?÷r=À7Djtö±9œvã2ôà¦9ǔ„ý³ïó¥PmQ¾U? socket: 968		0	0
WSASend Oct. 27, 2023, 10:51 a.m.	buffer:  Àòü†/Ja1$ôÖǐ¢e²÷”ñ¶ý&²ôå=pLË'#û;Yï ž|µ›wS©Â®7£Ê÷‘xò¯P{œVì®rº;¦ž¨ñHx—wi×á3麵‹æÓÇ7Q‡øt¬ñåö$Yә  ƒŠ$TõÞ®»8«îåfkØl—g»W$ÐÈþ;,ƒg‡°N=j9 úœ) îdç€r<N“„jYzü݋;z©sGfÔdœÿè9ç˜ (˜.>ÊÌ socket: 968		0	0

Attempts to create or modify system certificates (2 events)

registry	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F81F111D0E5AB58D396F7BF525577FD30FDC95AA\Blob
registry	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\Blob

Network communications indicative of a potential document or script payload download was initiated by the process wscript.exe (3 events)

Time & API	Arguments	Status	Return	Repeated
WSASend Oct. 27, 2023, 10:51 a.m.	buffer:  k g e;­²}¡ápñ_3û³I¼:è:ìÝÈNUysLg0¥/5 ÀÀÀ À 28 &ÿ paste.ee  socket: 968		0	0
WSASend Oct. 27, 2023, 10:51 a.m.	buffer:  FBAQÙû3¾d2’~Ýuë¡k¬)‹ž=Þ{f›LRŠDrdibßÁ¬sd²'Ô;@‘ Çnÿ/JI\OR  0q €Å’lÛÂ?÷r=À7Djtö±9œvã2ôà¦9ǔ„ý³ïó¥PmQ¾U? socket: 968		0	0
WSASend Oct. 27, 2023, 10:51 a.m.	buffer:  Àòü†/Ja1$ôÖǐ¢e²÷”ñ¶ý&²ôå=pLË'#û;Yï ž|µ›wS©Â®7£Ê÷‘xò¯P{œVì®rº;¦ž¨ñHx—wi×á3麵‹æÓÇ7Q‡øt¬ñåö$Yә  ƒŠ$TõÞ®»8«îåfkØl—g»W$ÐÈþ;,ƒg‡°N=j9 úœ) îdç€r<N“„jYzü݋;z©sGfÔdœÿè9ç˜ (˜.>ÊÌ socket: 968		0	0