ScreenShot
| Created | 2023.10.25 12:19 | Machine | s1_win7_x6403_us |
| Filename | Comprobante_transfer.pdf.js | ||
| Type | Little-endian UTF-16 Unicode text, with very long lines, with CRLF line terminators | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 15 detected (Cryxos, Obfuscated, Cryp, iacgm, ai score=84, Detected) | ||
| md5 | c8bb8a34766ec04c304597c76d179f4b | ||
| sha256 | fd16b16c7ca1e83c7daee8a04409cc1501fe3b178154b93f68b0c22b215733b7 | ||
| ssdeep | 3072:d+oIRR7775e8eu77777777IRR7775e8eu77777777IRR7775e8ej7Zj:d5 | ||
| imphash | |||
| impfuzzy | |||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| watch | Attempts to create or modify system certificates |
| watch | File has been identified by 15 AntiVirus engines on VirusTotal as malicious |
| watch | Network communications indicative of a potential document or script payload download was initiated by the process wscript.exe |
| watch | Wscript.exe initiated network communications indicative of a script based payload download |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| notice | Performs some HTTP requests |
| info | One or more processes crashed |
Rules (1cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | Javascript_ActiveXObject | Use ActiveXObject JavaScript | binaries (upload) |
Network (7cnts) ?
Suricata ids
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY Observed DNS Query to Pastebin-style Service (wtools .io)
ET POLICY Observed DNS Query to Pastebin-style Service (wtools .io)