Report - ZeroBOX

ScreenShot


Created	2023.03.10 11:13	Machine	s1_win7_x6402
Filename	uucqwn.txt.ps1
Type	ASCII text, with very long lines, with no line terminators
AI Score	Not founds	Behavior Score	8.4
ZERO API	file : clean
VT API (file)	11 detected (GBLD, ai score=80)
md5	05526a1c67586ceb0c63891ca2d1a15f
sha256	b6bbefba6e3c0de88fa5ba41a1297e7b0dfd76a59ea1f7410d738aa78c9b007b
ssdeep	24:XVysiWIVPwLgzQ5QWAa64lc/lXlzosl4+r:YSINJzQ0ycFFo2/
imphash
impfuzzy

Network IP location

Level	Description
watch	Attempts to identify installed AV products by installation directory
watch	Creates a suspicious Powershell process
watch	Drops a binary and executes it
watch	File has been identified by 11 AntiVirus engines on VirusTotal as malicious
watch	Network communications indicative of a potential document or script payload download was initiated by the process powershell.exe
watch	One or more non-whitelisted processes were created
watch	The process powershell.exe wrote an executable file to disk
notice	A process created a hidden window
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Checks adapter addresses which can be used to detect virtual network interfaces
notice	Checks for the Locally Unique Identifier on the system for a suspicious privilege
notice	Creates a shortcut to an executable file
notice	Creates a suspicious process
notice	Poweshell is sending data to a remote host
notice	URL downloaded by powershell script
info	Checks amount of memory in system
info	Checks if process is being debugged by a debugger
info	Command line console output was observed
info	Queries for the computername
info	Uses Windows APIs to generate a cryptographic key

Level	Name	Description	Collection
warning	Generic_Malware_Zero	Generic Malware	binaries (download)
watch	Antivirus	Contains references to security software	binaries (download)

Request	CC	ASN Co	IP4	Rule ?	ZERO ?
cdn.discordapp.com whois			162.159.130.233		malware
162.159.134.233 whois			162.159.134.233		malware

Report - uucqwn.txt.ps1