Summary | ZeroBOX

Transfer-https.vbs

Hide_EXE PE32 PE File
Category Machine Started Completed
FILE s1_win7_x6403_us Dec. 6, 2024, 9:36 a.m. Dec. 6, 2024, 9:43 a.m.
Size 7.2KB
Type ASCII text, with very long lines, with CRLF, LF line terminators
MD5 e2f4a3c6e7570b4424089b24b059c9d0
SHA256 44fd76bed4f91723940931c035a1e92f7d26d7c94dabd15f2e4a8db4f6e48273
CRC32 D8D6A9FC
ssdeep 96:ZGze5ePQfJEgaGscxriEto+TE9sfQcHOB7uczr05LaGejhVPPCyCsB3fD+r2:UzezgfEtoRGocHOBDzr05KbPKyNBG2
Yara
  • hide_executable_file - Hide executable file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
89.197.154.116 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

file C:\Users\test22\AppData\Local\Temp\radF25E7.tmp\hTSebfAkRTedaXH.exe
file C:\Users\test22\AppData\Local\Temp\radF25E7.tmp\hTSebfAkRTedaXH.exe
Time & API Arguments Status Return Repeated

ShellExecuteExW

show_type: 0
filepath_r: C:\Users\test22\AppData\Local\Temp\radF25E7.tmp\hTSebfAkRTedaXH.exe
parameters:
filepath: C:\Users\test22\AppData\Local\Temp\radF25E7.tmp\hTSebfAkRTedaXH.exe
1 1 0
host 89.197.154.116
file C:\Users\test22\AppData\Local\Temp\radF25E7.tmp\hTSebfAkRTedaXH.exe
file C:\Users\test22\AppData\Local\Temp\radF25E7.tmp\hTSebfAkRTedaXH.exe
parent_process wscript.exe martian_process "C:\Users\test22\AppData\Local\Temp\radF25E7.tmp\hTSebfAkRTedaXH.exe"
parent_process wscript.exe martian_process C:\Users\test22\AppData\Local\Temp\radF25E7.tmp\hTSebfAkRTedaXH.exe
Lionic Trojan.Script.Swrort.4!c
MicroWorld-eScan VB:Trojan.VBS.Dropper.AG
CTX vba.trojan.swrort
CAT-QuickHeal Trojan.VBS.33100
Skyhigh BehavesLike.VBS.Dropper.zp
ALYac VB:Trojan.VBS.Dropper.AG
VIPRE VB:Trojan.VBS.Dropper.AG
Arcabit VB:Trojan.VBS.Dropper.AG
Baidu JS.Trojan-Downloader.Agent.xk
Symantec VBS.Heur.SNIC
ESET-NOD32 Win32/Rozena.ED
TrendMicro-HouseCall Backdoor.VBS.SWRORT.YXEKPZ
Avast BV:Dowloader-A [Trj]
Cynet Malicious (score: 99)
Kaspersky UDS:DangerousObject.Multi.Generic
BitDefender VB:Trojan.VBS.Dropper.AG
NANO-Antivirus Trojan.Script.Agent.fosjzx
Rising Dropper.Ploty!8.EEC8 (TOPIS:E0:JqyfiJ1QMlQ)
Emsisoft VB:Trojan.VBS.Dropper.AG (B)
F-Secure Malware.HTML/ExpKit.Gen2
DrWeb JS.Muldrop.457
TrendMicro Backdoor.VBS.SWRORT.YXEKPZ
Sophos Troj/Swrort-AL
Ikarus Trojan.Win32.Swrort
FireEye VB:Trojan.VBS.Dropper.AG
Google Detected
Avira HTML/ExpKit.Gen2
Kingsoft Script.Ks.Malware.9344
Gridinsoft Trojan.U.Gen.tr
Xcitium TrojWare.VBS.TrojanDropper.Agent.NJA@833icd
Microsoft Trojan:VBS/Obfuse.NFE!MTB
GData VB:Trojan.VBS.Dropper.AG
Varist VBS/Agent.AJU!Eldorado
AhnLab-V3 Dropper/VBS.Generic
McAfee VBS/MPreter
Tencent Win32.Trojan.Expkit.Ymhl
huorong TrojanDropper/Agent.fg
Fortinet VBS/Rozena.ED!tr
AVG BV:Dowloader-A [Trj]
alibabacloud Trojan:Win/Rozena.EF
file C:\Users\test22\AppData\Local\Temp\radF25E7.tmp\hTSebfAkRTedaXH.exe
dead_host 192.168.56.103:49171
dead_host 192.168.56.103:49170
dead_host 192.168.56.103:49163
dead_host 192.168.56.103:49173
dead_host 192.168.56.103:49172
dead_host 192.168.56.103:49164
dead_host 192.168.56.103:49169
dead_host 89.197.154.116:7810
dead_host 192.168.56.103:49167
dead_host 192.168.56.103:49168
dead_host 192.168.56.103:49166