popup

Report - 48998.2017-07-31_69.06.43.vbs

  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.06.25 14:07 Machine s1_win7_x6401
Filename 48998.2017-07-31_69.06.43.vbs
Type ASCII text, with CRLF line terminators
AI Score Not founds Behavior Score
10.0
ZERO API file : clean
VT API (file) 37 detected (Nemucod, VBS01, LockyDownloader, druvzi, MaliciousEmail, CLASSIC, Malware@#2fr9nxoak1y59, Kriptik, S252, ai score=98, qexvmc)
md5 876d628a42f354504873d1a4bdcbdb2a
sha256 4f88054c9b880bed03cf5803cdc64d59fd4a96e00581407a7a8e4f3e29366b03
ssdeep 96:p9EijpW8aSaXwdxg+Fg6e1N+lfLn+8Xo0lXdrmitpOhwWx4mpnviqS:VpW8Iwq637L4AfU/x4mtvbS
imphash
impfuzzy
  Network IP location

Signature (6cnts)

Level Description
danger File has been identified by 37 AntiVirus engines on VirusTotal as malicious
watch Network communications indicative of a potential document or script payload download was initiated by the process wscript.exe
watch Wscript.exe initiated network communications indicative of a script based payload download
watch wscript.exe-based dropper (JScript
notice One or more potentially interesting buffers were extracted
notice Performs some HTTP requests

Rules (0cnts)

Level Name Description Collection

Network (9cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
http://healthbynature.co.nz/98wugf56?
whois
CA CLOUDFLARENET 23.227.38.32 mailcious
http://rhinelanderrabbits.com/98wugf56?
whois
US 1&1 Ionos Se 74.208.236.63 mailcious
trredfcjrottrdtwwq.net
whois
Unknown mailcious
healthbynature.co.nz
whois
CA CLOUDFLARENET 23.227.38.32 mailcious
www.healthbynature.co.nz
whois
CA CLOUDFLARENET 23.227.38.74 clean
speakezrewards.com
whois
Unknown clean
rhinelanderrabbits.com
whois
US 1&1 Ionos Se 74.208.236.63 mailcious
23.227.38.32
whois
CA CLOUDFLARENET 23.227.38.32 mailcious
74.208.236.63
whois
US 1&1 Ionos Se 74.208.236.63 clean

Suricata ids


Similarity measure (PE file only) - Checking for service failure