popup

Report - wezg.vbs

  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2023.11.11 16:38 Machine s1_win7_x6403
Filename wezg.vbs
Type Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators
AI Score Not founds Behavior Score
2.2
ZERO API file : mailcious
VT API (file)
md5 aab95e79e0cb76d5b9740c28b4b503ed
sha256 191ab4cd8bd2b8e1ebf53d06895f8dd01f4225c7438ba62f69e7c58ee3bca2df
ssdeep 768:5gm4STQ8638ssssslsssssrsssssBsssss+ssssslsssssXsssssjsssssmssssD:5gm4STQ863T0NRdSKhnOG
imphash
impfuzzy
  Network IP location

Signature (4cnts)

Level Description
watch Attempts to create or modify system certificates
watch Network communications indicative of a potential document or script payload download was initiated by the process wscript.exe
watch Wscript.exe initiated network communications indicative of a script based payload download
notice Performs some HTTP requests

Rules (0cnts)

Level Name Description Collection

Network (3cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
https://paste.ee/d/t2Iek
whois
US CLOUDFLARENET 172.67.187.200 clean
paste.ee
whois
US CLOUDFLARENET 172.67.187.200 mailcious
172.67.187.200
whois
US CLOUDFLARENET 172.67.187.200 mailcious

Suricata ids

ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

Similarity measure (PE file only) - Checking for service failure