ScreenShot
| Created | 2023.06.20 09:36 | Machine | s1_win7_x6401 |
| Filename | mokkshk.vbs | ||
| Type | Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 18 detected (Save, gen285, Boxter, Valyria, ai score=84, Detected) | ||
| md5 | 0cdf35374e4c56f3d0beaa3a449e5c8d | ||
| sha256 | ded012ce4854f02123ae84ba22760c7f4975901d0527a7920e9d241efaf2d231 | ||
| ssdeep | 1536:eXZccvQvgpdpPZU+ogsUJW4Wrle/PhG+/kery+bGW:bgpdpe+og0S7N | ||
| imphash | |||
| impfuzzy | |||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | The process wscript.exe wrote an executable file to disk which it then attempted to execute |
| danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| watch | Communicates with host for which no DNS query was performed |
| watch | File has been identified by 18 AntiVirus engines on VirusTotal as malicious |
| watch | One or more non-whitelisted processes were created |
| notice | Executes one or more WMI queries |
| info | Queries for the computername |
Rules (1cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Antivirus | Contains references to security software | binaries (upload) |
