ScreenShot
| Created | 2023.05.23 17:17 | Machine | s1_win7_x6401 |
| Filename | 2022_12_PO-note_page-0002.hta | ||
| Type | HTML document, ASCII text, with CRLF line terminators | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 26 detected (Alien, GenericKD, Save, Eldorado, gen92, Malicious, score, TOPIS, F97ZczZOAr, VPDI, Tnega, Detected, Sgil, ai score=85) | ||
| md5 | dada4c04af88637d79abfec8ed74e568 | ||
| sha256 | 667561ab07beadb79120d3548d12417c66187ab72ee18ce4fa659a3c897e4fe1 | ||
| ssdeep | 24:hMNmMvy4GqptEIjb18qee0rp8xuY8yu5yNHRSBl88e/ZM8E4olEC:ImMqopOIjb1p0rd4ucNHRSoyt40F | ||
| imphash | |||
| impfuzzy | |||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 26 AntiVirus engines on VirusTotal as malicious |
| watch | Uses suspicious command line tools or Windows utilities |
| notice | A process created a hidden window |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| info | Checks amount of memory in system |
| info | Command line console output was observed |
Rules (0cnts)
| Level | Name | Description | Collection |
|---|
Suricata ids
ET INFO Observed Discord Domain (discordapp .com in TLS SNI)
ET INFO Observed Discord Domain in DNS Lookup (discordapp .com)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO Observed Discord Domain in DNS Lookup (discordapp .com)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)