ScreenShot
Created | 2023.03.17 17:34 | Machine | s1_win7_x6401 |
Filename | Bpznb.msi | ||
Type | Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code p | ||
AI Score | Not founds | Behavior Score |
|
ZERO API | file : mailcious | ||
VT API (file) | 4 detected (GenKryptik, GHPD, ai score=87, HeapOverride) | ||
md5 | c39fec313f716b37b80ccf946ef5cc83 | ||
sha256 | 015151bd2d2bfb88389899bfac44b0e17a28db00abc8e1463058d84de40b1925 | ||
ssdeep | 49152:LpUPlOPlQRNDP9nqI5KKs2p8iYu9ap7QqKHKG+n2H6h1Ug:LpTt4NDVPKB2vinG8n2Hs | ||
imphash | |||
impfuzzy |
Network IP location
Signature (11cnts)
Level | Description |
---|---|
watch | Communicates with host for which no DNS query was performed |
notice | Allocates read-write-execute memory (usually to unpack itself) |
notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
notice | File has been identified by 4 AntiVirus engines on VirusTotal as malicious |
notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
notice | Performs some HTTP requests |
notice | Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation |
notice | Sends data using the HTTP POST Method |
info | Checks amount of memory in system |
info | Checks if process is being debugged by a debugger |
info | Queries for the computername |
Rules (5cnts)
Level | Name | Description | Collection |
---|---|---|---|
watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
info | CAB_file_format | CAB archive file | binaries (upload) |
info | Microsoft_Office_File_Zero | Microsoft Office File | binaries (upload) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
info | Win_Backdoor_AsyncRAT_Zero | Win Backdoor AsyncRAT | binaries (upload) |
Network (9cnts) ?
Suricata ids
ET INFO Dotted Quad Host DLL Request
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download