File_Vbs.vbs

Performs some HTTP requests (1 event)

request

GET https://paste.ee/d/qZWyg

File has been identified by 4 AntiVirus engines on VirusTotal as malicious (4 events)

Avast	Script:SNH-gen [Trj]
Kaspersky	HEUR:Trojan.VBS.SAgent.gen
Kingsoft	Win32.Troj.Undef.a
AVG	Script:SNH-gen [Trj]

Wscript.exe initiated network communications indicative of a script based payload download (3 events)

Time & API	Arguments	Status	Return	Repeated
WSASend Nov. 10, 2023, 9:23 a.m.	buffer:  k g eMx)íy9Ä$ñ©‚«á‘Å+á¨x^­‰·û#‡²/5 ÀÀÀ À 28 &ÿ paste.ee  socket: 592		0	0
WSASend Nov. 10, 2023, 9:23 a.m.	buffer:  FBA’xH•Æn5l¥š£×JL‹ý[±¨[Sä8‹FFÈPFxA[~ä¯}]ØW4š¤âx¬ìhýÊEFÒ  0Á“‰¿aÑÍMÅqL4–Í® "_‚O¬Õўpƒ@Ì]Ze ðUª‘Z]ÄbÙ¤ÂÕ socket: 592		0	0
WSASend Nov. 10, 2023, 9:23 a.m.	buffer:  À)+J)_¤ËIÙ®ñ€–Û˜’oîÛі¶ ÜÝQ«<ÖÐöÜ>p;HMÓÖ¾Ö:5©€"£1—UÔ¦dÐ÷|&Nšd—)¢îR6ñ’HŒ•“E*IFxù+E’b?ŒDº·øs „õœyèÏüú™¤Ç)Î"ÞcŒ°±tÖà^Íø´¡ržš#¿ãKËé@«ÝÁŒüŠý†²©öJ‹]Bƒ‚¥eØ<mîSÚ¤ÙÍMBK­°×­è̊Ԯ}ðC socket: 592		0	0

Attempts to create or modify system certificates (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F81F111D0E5AB58D396F7BF525577FD30FDC95AA\Blob

Network communications indicative of a potential document or script payload download was initiated by the process wscript.exe (3 events)

Time & API	Arguments	Status	Return	Repeated
WSASend Nov. 10, 2023, 9:23 a.m.	buffer:  k g eMx)íy9Ä$ñ©‚«á‘Å+á¨x^­‰·û#‡²/5 ÀÀÀ À 28 &ÿ paste.ee  socket: 592		0	0
WSASend Nov. 10, 2023, 9:23 a.m.	buffer:  FBA’xH•Æn5l¥š£×JL‹ý[±¨[Sä8‹FFÈPFxA[~ä¯}]ØW4š¤âx¬ìhýÊEFÒ  0Á“‰¿aÑÍMÅqL4–Í® "_‚O¬Õўpƒ@Ì]Ze ðUª‘Z]ÄbÙ¤ÂÕ socket: 592		0	0
WSASend Nov. 10, 2023, 9:23 a.m.	buffer:  À)+J)_¤ËIÙ®ñ€–Û˜’oîÛі¶ ÜÝQ«<ÖÐöÜ>p;HMÓÖ¾Ö:5©€"£1—UÔ¦dÐ÷|&Nšd—)¢îR6ñ’HŒ•“E*IFxù+E’b?ŒDº·øs „õœyèÏüú™¤Ç)Î"ÞcŒ°±tÖà^Íø´¡ržš#¿ãKËé@«ÝÁŒüŠý†²©öJ‹]Bƒ‚¥eØ<mîSÚ¤ÙÍMBK­°×­è̊Ԯ}ðC socket: 592		0	0