popup

Report - HTMLIEcontentHistory.vbs

  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2023.10.30 17:41 Machine s1_win7_x6401
Filename HTMLIEcontentHistory.vbs
Type Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators
AI Score Not founds Behavior Score
2.0
ZERO API file : mailcious
VT API (file) 5 detected (gen40, SAgent, Detected, Eldorado)
md5 329ec572360f8e6cdddd1d7304e77001
sha256 76a73ec52afc9b6ba0596388abba0ace5eb64779c0154fd976c521c470d53f14
ssdeep 1536:F+5lollote4Mi3mI2hb7KZ18C2NGkikGkFjGkikGkKEt0eEKU+kCKGWGPrbrbTDr:KqyeBQFJy
imphash
impfuzzy
  Network IP location

Signature (4cnts)

Level Description
watch Network communications indicative of a potential document or script payload download was initiated by the process wscript.exe
watch Wscript.exe initiated network communications indicative of a script based payload download
notice File has been identified by 5 AntiVirus engines on VirusTotal as malicious
notice Performs some HTTP requests

Rules (0cnts)

Level Name Description Collection

Network (3cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
https://paste.ee/d/w2GD0
whois
US CLOUDFLARENET 104.21.84.67 clean
paste.ee
whois
US CLOUDFLARENET 172.67.187.200 mailcious
104.21.84.67
whois
US CLOUDFLARENET 104.21.84.67 malware

Suricata ids

ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

Similarity measure (PE file only) - Checking for service failure