popup

Report - HTMLIEBrowserHistory.vbs

  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2023.10.28 12:42 Machine s1_win7_x6401
Filename HTMLIEBrowserHistory.vbs
Type Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators
AI Score Not founds Behavior Score
2.0
ZERO API file : mailcious
VT API (file) 1 detected (gen40)
md5 56238116f5d9877c000e6431306d0071
sha256 af3726be77dd71685498be6e2ec2276a2541ddbc96745b6663118078d9c3724c
ssdeep 1536:F+RlOlqe4Mi3mI2hb7KZ18C2NGkikGkFjGkikGkKEt0eEKU+kCKGWGPrbrbTDDpZ:y0AeBQFJy
imphash
impfuzzy
  Network IP location

Signature (4cnts)

Level Description
watch Network communications indicative of a potential document or script payload download was initiated by the process wscript.exe
watch Wscript.exe initiated network communications indicative of a script based payload download
notice File has been identified by one AntiVirus engine on VirusTotal as malicious
notice Performs some HTTP requests

Rules (0cnts)

Level Name Description Collection

Network (3cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
https://paste.ee/d/MckQn
whois
US CLOUDFLARENET 104.21.84.67 clean
paste.ee
whois
US CLOUDFLARENET 104.21.84.67 mailcious
104.21.84.67
whois
US CLOUDFLARENET 104.21.84.67 malware

Suricata ids

ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

Similarity measure (PE file only) - Checking for service failure