Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Aug. 12, 2024, 9:14 a.m.	Aug. 12, 2024, 9:53 a.m.

Size	7.2KB
Type	ASCII text, with very long lines, with CRLF, LF line terminators
MD5	`afc30ab109d6fa03f5aa7165e732e14f`
SHA256	`556cdf802749030fabd3b0f8fd3291c8e748d664cbb37ddce57226e0f3523dee`
CRC32	`4170F5DA`
ssdeep	`192:o83pUi2Yaet9wqP3XOESW54PxKqrkyTMD0lT:b2YaetNHOZXxbkiT`
Yara	hide_executable_file - Hide executable file

wscript.exe "C:\Windows\System32\wscript.exe" C:\Users\test22\AppData\Local\Temp\Cleanup.vbs
1492
- ldGggdLlciUOIRz.exe "C:\Users\test22\AppData\Local\Temp\radC12D3.tmp\ldGggdLlciUOIRz.exe"
  2156

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
193.117.208.148	Active	Moloch

No Suricata Alerts

No Suricata TLS

file	C:\Users\test22\AppData\Local\Temp\radC12D3.tmp\ldGggdLlciUOIRz.exe

file	C:\Users\test22\AppData\Local\Temp\radC12D3.tmp\ldGggdLlciUOIRz.exe

Time & API	Arguments	Status	Return	Repeated
ShellExecuteExW Aug. 12, 2024, 9:14 a.m.	show_type: 0 filepath_r: C:\Users\test22\AppData\Local\Temp\radC12D3.tmp\ldGggdLlciUOIRz.exe parameters: filepath: C:\Users\test22\AppData\Local\Temp\radC12D3.tmp\ldGggdLlciUOIRz.exe	1	1	0

host

193.117.208.148

file	C:\Users\test22\AppData\Local\Temp\radC12D3.tmp\ldGggdLlciUOIRz.exe

parent_process	wscript.exe				martian_process	C:\Users\test22\AppData\Local\Temp\radC12D3.tmp\ldGggdLlciUOIRz.exe
parent_process	wscript.exe				martian_process	"C:\Users\test22\AppData\Local\Temp\radC12D3.tmp\ldGggdLlciUOIRz.exe"

dead_host

193.117.208.148:7800

Lionic	Trojan.Win32.Generic.4!c
ClamAV	Vbs.Backdoor.Msfvenom_Payload-9955777-0
CAT-QuickHeal	Trojan.VBS.33100
McAfee	VBS/MPreter
ALYac	VB:Trojan.VBS.Dropper.AG
VIPRE	VB:Trojan.VBS.Dropper.AG
Sangfor	Trojan.Generic-VBS.Save.5e608eb4
Arcabit	VB:Trojan.VBS.Dropper.AG
Baidu	JS.Trojan-Downloader.Agent.xk
Cyren	VBS/Agent.AJU!Eldorado
Symantec	VBS.Heur.SNIC
ESET-NOD32	Win32/Rozena.ED
Avast	BV:Dowloader-A [Trj]
Cynet	Malicious (score: 99)
Kaspersky	UDS:DangerousObject.Multi.Generic
BitDefender	VB:Trojan.VBS.Dropper.AG
NANO-Antivirus	Trojan.Script.Agent.fosjzx
MicroWorld-eScan	VB:Trojan.VBS.Dropper.AG
Rising	Dropper.Ploty!8.EEC8 (TOPIS:E0:JqyfiJ1QMlQ)
Emsisoft	VB:Trojan.VBS.Dropper.AG (B)
F-Secure	Malware.HTML/ExpKit.Gen2
DrWeb	JS.Muldrop.457
TrendMicro	HEUR_VBS.O1
McAfee-GW-Edition	VBS/MPreter
FireEye	VB:Trojan.VBS.Dropper.AG
Sophos	Troj/Swrort-AL
Ikarus	Trojan.Win32.Swrort
Avira	HTML/ExpKit.Gen2
Gridinsoft	Trojan.U.Gen.bot
Xcitium	TrojWare.VBS.TrojanDropper.Agent.NJA@833icd
Microsoft	TrojanDropper:VBS/Ploty.A
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	VB:Trojan.VBS.Dropper.AG
Google	Detected
Tencent	Heur:Trojan.Script.LS_Gencirc.7061677.0
MAX	malware (ai score=82)
Fortinet	VBS/Rozena.ED!tr
AVG	BV:Dowloader-A [Trj]

file	C:\Users\test22\AppData\Local\Temp\radC12D3.tmp\ldGggdLlciUOIRz.exe

Cleanup.vbs