popup

Report - HTMLIEbrowserHistorycache.vbs

  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2023.11.02 10:05 Machine s1_win7_x6401
Filename HTMLIEbrowserHistorycache.vbs
Type Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators
AI Score Not founds Behavior Score
2.0
ZERO API file : clean
VT API (file) 3 detected (gen40, SAgent)
md5 857f884bf745995ea1ccd1275446201f
sha256 ba97164dd8f816967dd22dc025621fc1200cfbba8485ef10206796bf9de97c11
ssdeep 768:elowjTyU0EteFw4Ghtr5A9xoO3R5Y9Uvyw2qZkQFRFPUHvjudm9d26f1:PZpJ3R5Y9FBkW
imphash
impfuzzy
  Network IP location

Signature (4cnts)

Level Description
watch Network communications indicative of a potential document or script payload download was initiated by the process wscript.exe
watch Wscript.exe initiated network communications indicative of a script based payload download
notice File has been identified by 3 AntiVirus engines on VirusTotal as malicious
notice Performs some HTTP requests

Rules (0cnts)

Level Name Description Collection

Network (3cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
https://paste.ee/d/QBMBa
whois
US CLOUDFLARENET 172.67.187.200 clean
paste.ee
whois
US CLOUDFLARENET 104.21.84.67 mailcious
172.67.187.200
whois
US CLOUDFLARENET 172.67.187.200 mailcious

Suricata ids

ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

Similarity measure (PE file only) - Checking for service failure