ScreenShot
| Created | 2021.11.12 08:54 | Machine | s1_win7_x6403 |
| Filename | EYWCET97LV2U.cab | ||
| Type | Microsoft Cabinet archive data, 287893 bytes, 1 file | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 22 detected (CobaltStrike, GenericKDZ, COBEACON, Donoff, CVE-2021-4044, Artemis, ai score=81, CLASSIC, s4mlTO1HeKM, PossibleThreat) | ||
| md5 | 0785352502e5180153c079fa6cbe1ada | ||
| sha256 | 89097f85954c992ab27572d63daf119b87bb75cd3785ffcc2b5615988a9a398b | ||
| ssdeep | 6144:Ht289kjPMvG/Ob5606j6EJ7jnjF6LHaEaIskUTlje:N+jPMvr6+kjFqHaEdkl6 | ||
| imphash | |||
| impfuzzy | |||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 22 AntiVirus engines on VirusTotal as malicious |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Yara rule detected in process memory |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
Rules (11cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| notice | Escalate_priviledges | Escalate priviledges | memory |
| notice | KeyLogger | Run a KeyLogger | memory |
| info | anti_dbg | Checks if being debugged | memory |
| info | DebuggerCheck__GlobalFlags | (no description) | memory |
| info | DebuggerCheck__QueryInfo | (no description) | memory |
| info | DebuggerHiding__Active | (no description) | memory |
| info | DebuggerHiding__Thread | (no description) | memory |
| info | disable_dep | Bypass DEP | memory |
| info | SEH__vectored | (no description) | memory |
| info | ThreadControl__Context | (no description) | memory |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|