HRE.vbs

Performs some HTTP requests (1 event)

request

GET https://paste.ee/d/e59ok

File has been identified by 7 AntiVirus engines on VirusTotal as malicious (7 events)

Symantec	ISB.Downloader!gen40
Avast	Script:SNH-gen [Drp]
Kaspersky	HEUR:Trojan.VBS.SAgent.gen
Varist	VBS/Agent.BFC!Eldorado
ZoneAlarm	HEUR:Trojan.VBS.SAgent.gen
Google	Detected
AVG	Script:SNH-gen [Drp]

Wscript.exe initiated network communications indicative of a script based payload download (3 events)

Time & API	Arguments	Status	Return	Repeated
WSASend Oct. 31, 2023, 5:42 p.m.	buffer:  k g e@½íÎð‹„°¼6¼ã1,‡w_V=7´Ã}ò‹™ïÊm4/5 ÀÀÀ À 28 &ÿ paste.ee  socket: 584		0	0
WSASend Oct. 31, 2023, 5:42 p.m.	buffer:  FBAÓHB¢2!%74a³ž³Nçæâä,_걃ý-}e¤ˆ¬²²’êXå8V ö³ÄÏ{H–éáƒqʪlÎ}  0°ÓY×xw¯7ÄÝ4·+R¢r¿â}"”÷7\ä›4v"åð•} z>ڔ‹6ä socket: 584		0	0
WSASend Oct. 31, 2023, 5:42 p.m.	buffer:  À{±­vnßɔÍښUS7±Œ{fšÉ&%Ò[(qÓ¯(77‰9s7y;zHSÂqå.j[ûÂý½V5;ÚIÅhܨjbÛ/7©¼1b7ß:q1ýhd@EþüŽ2·ó9¬H_›1Hõ¢Šîý1TEÎE—p·!ó5b%äJÅq/n'G äHà¶%Cþ¸Î•ØÃôôß]²Ëk¶¤Ð¥©‡!/‚ĝ:gŒËRöm‰ )ÉâƒNù÷ñ;gZnxÄçÓ socket: 584		0	0

Attempts to create or modify system certificates (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F81F111D0E5AB58D396F7BF525577FD30FDC95AA\Blob

Network communications indicative of a potential document or script payload download was initiated by the process wscript.exe (3 events)

Time & API	Arguments	Status	Return	Repeated
WSASend Oct. 31, 2023, 5:42 p.m.	buffer:  k g e@½íÎð‹„°¼6¼ã1,‡w_V=7´Ã}ò‹™ïÊm4/5 ÀÀÀ À 28 &ÿ paste.ee  socket: 584		0	0
WSASend Oct. 31, 2023, 5:42 p.m.	buffer:  FBAÓHB¢2!%74a³ž³Nçæâä,_걃ý-}e¤ˆ¬²²’êXå8V ö³ÄÏ{H–éáƒqʪlÎ}  0°ÓY×xw¯7ÄÝ4·+R¢r¿â}"”÷7\ä›4v"åð•} z>ڔ‹6ä socket: 584		0	0
WSASend Oct. 31, 2023, 5:42 p.m.	buffer:  À{±­vnßɔÍښUS7±Œ{fšÉ&%Ò[(qÓ¯(77‰9s7y;zHSÂqå.j[ûÂý½V5;ÚIÅhܨjbÛ/7©¼1b7ß:q1ýhd@EþüŽ2·ó9¬H_›1Hõ¢Šîý1TEÎE—p·!ó5b%äJÅq/n'G äHà¶%Cþ¸Î•ØÃôôß]²Ëk¶¤Ð¥©‡!/‚ĝ:gŒËRöm‰ )ÉâƒNù÷ñ;gZnxÄçÓ socket: 584		0	0