Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Nov. 11, 2024, 10:03 a.m.	Nov. 11, 2024, 10:24 a.m.

Size	2.2KB
Type	Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
MD5	`590ddf122e578bbc4d925c1df8a8acbf`
SHA256	`8fd47bd19dc4a4487788ed0f117afaf4155d30616082da7a3f6f1db17e65221d`
CRC32	`35026EB3`
ssdeep	`48:cAY3lxW9Gxl0VOxf8fDlge/4gG6l+6IMiQf/eMiTrSQ5l4Cs9Skt:zYW9Gxl8Oxf8fIS+eiQiHJr2b`
Yara	None matched

wscript.exe "C:\Windows\System32\wscript.exe" C:\Users\test22\AppData\Local\Temp\MONDAYconstraints.vbs
2540

Name	Response	Post-Analysis Lookup
paste.ee		172.67.187.200

IP Address	Status	Action
164.124.101.2	Active	Moloch

Flow	SID	Signature	Category
UDP 192.168.56.101:59002 -> 164.124.101.2:53	2054041	ET INFO Pastebin-like Service Domain in DNS Lookup (paste .ee)	Misc activity
UDP 192.168.56.101:59002 -> 164.124.101.2:53	2054041	ET INFO Pastebin-like Service Domain in DNS Lookup (paste .ee)	Misc activity
UDP 192.168.56.101:59002 -> 164.124.101.2:53	2054041	ET INFO Pastebin-like Service Domain in DNS Lookup (paste .ee)	Misc activity
UDP 192.168.56.101:59002 -> 8.8.8.8:53	2054041	ET INFO Pastebin-like Service Domain in DNS Lookup (paste .ee)	Misc activity
UDP 192.168.56.101:59002 -> 8.8.8.8:53	2054041	ET INFO Pastebin-like Service Domain in DNS Lookup (paste .ee)	Misc activity
UDP 192.168.56.101:59002 -> 8.8.8.8:53	2054041	ET INFO Pastebin-like Service Domain in DNS Lookup (paste .ee)	Misc activity
UDP 192.168.56.101:59002 -> 8.8.8.8:53	2054041	ET INFO Pastebin-like Service Domain in DNS Lookup (paste .ee)	Misc activity

No Suricata TLS

Lionic	Trojan.Script.SAgent.4!c
CTX	mp3.trojan.generic
ALYac	Trojan.Generic.36895517
VIPRE	Trojan.Generic.36895517
Arcabit	Trojan.Generic.D232FB1D
Symantec	ISB.Downloader!gen40
Avast	Script:SNH-gen [Trj]
Kaspersky	HEUR:Trojan.VBS.SAgent.gen
BitDefender	Trojan.Generic.36895517
NANO-Antivirus	Trojan.Script.Downloader.hrpyor
MicroWorld-eScan	Trojan.Generic.36895517
Rising	Trojan.AgentTesla/VBS!8.160F9 (TOPIS:E0:5TAXQq7FJaT)
Emsisoft	Trojan.Generic.36895517 (B)
Ikarus	Trojan.Script.Agent
FireEye	Trojan.Generic.36895517
Google	Detected
Microsoft	Trojan:VBS/AgentTesla.RVI!MTB
GData	Trojan.Generic.36895517
Fortinet	VBS/Agent.SXD!tr.dldr
AVG	Script:SNH-gen [Trj]

MONDAYconstraints.vbs