ScreenShot
| Created | 2023.08.09 11:21 | Machine | s1_win7_x6402 |
| Filename | lnvoice#20336 .vbs | ||
| Type | ASCII text, with very long lines, with no line terminators | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 13 detected (Kryptik, Ximw, ai score=82) | ||
| md5 | 8280d77f1fe4f3ad7e067180f6cf1ad9 | ||
| sha256 | d77d9d1e6a565872764d63888898c9fd1f27ae108bea1096b597ae5e9b00e14f | ||
| ssdeep | 24:lgPtE1wnIQHnCnp4WmnCnDdnCn2bxYA0QDkNulTmnCnumnJWWWWT:+PkQMbbxYA0duleK | ||
| imphash | |||
| impfuzzy | |||
Network IP location
Signature (11cnts)
| Level | Description |
|---|---|
| danger | The process wscript.exe wrote an executable file to disk which it then attempted to execute |
| watch | Disables proxy possibly for traffic interception |
| watch | File has been identified by 13 AntiVirus engines on VirusTotal as malicious |
| watch | Modifies proxy override settings possibly for traffic interception |
| watch | One or more non-whitelisted processes were created |
| notice | A process created a hidden window |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates a suspicious process |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| info | Checks amount of memory in system |
Rules (0cnts)
| Level | Name | Description | Collection |
|---|
