Report - Jubilets1.vbs

Generic Malware Antivirus

ScreenShot

Info
Location map


Created	2023.03.21 17:25	Machine	s1_win7_x6402
Filename	Jubilets1.vbs
Type	ASCII text, with very long lines, with CRLF line terminators
AI Score	Not founds	Behavior Score	7.8
ZERO API	file : clean
VT API (file)	20 detected (SAgent, GenericKDZ, Malcode, gen36, Obfuscated, Cryp, Malicious, score, CLASSIC, Minerva, ipwvv, Wacatac, Detected, ai score=84, Ctgl)
md5	d79593a6fb6c636a50334085b9d6018b
sha256	20d129d8ad727dc816fac7ab3dc4d3d3f3666220822de0d722db763fa138a246
ssdeep	6144:5btNeypGlYHsUitfIWosFJun3hK2/5CDiRtCt:dtNRKYMU8fbFJu3jk3
imphash
impfuzzy

Network IP location

Signature (17cnts)

Level	Description
danger	The processes wscript.exe
warning	File has been identified by 20 AntiVirus engines on VirusTotal as malicious
watch	Creates or sets a registry key to a long series of bytes
watch	One or more non-whitelisted processes were created
watch	Tries to unhook Windows functions monitored by Cuckoo
watch	Uses Sysinternals tools in order to add additional command line functionality
notice	A process created a hidden window
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Checks for the Locally Unique Identifier on the system for a suspicious privilege
notice	Creates a shortcut to an executable file
notice	Creates a suspicious process
notice	Uses Windows utilities for basic Windows functionality
info	Checks amount of memory in system
info	Checks if process is being debugged by a debugger
info	One or more processes crashed
info	Queries for the computername
info	Uses Windows APIs to generate a cryptographic key

Rules (2cnts)

Level	Name	Description	Collection
warning	Generic_Malware_Zero	Generic Malware	binaries (download)
watch	Antivirus	Contains references to security software	binaries (download)

Network (0cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?

Suricata ids

Similarity measure (PE file only) - Checking for service failure