popup

Report - htmljason.vbs

  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2023.11.28 09:23 Machine s1_win7_x6403
Filename htmljason.vbs
Type Little-endian UTF-16 Unicode text, with very long lines, with CRLF line terminators
AI Score Not founds Behavior Score
2.8
ZERO API file : mailcious
VT API (file) 16 detected (Valyria, Detected, Eldorado, S2442, ai score=80)
md5 e64be178e12b020963cc38980edc18f8
sha256 9b36f007ee4269cab9614e8fd91217bd6ef13200c7fd9e03beb60dbe97cd339d
ssdeep 3072:9vbvTvUfvrvZvHvVvAvvvgvlvPoPiKDYPs1QFyINQzbnRPPPPPjdPPPPPJfPPPPI:Bb56jt
imphash
impfuzzy
  Network IP location

Signature (5cnts)

Level Description
watch Attempts to create or modify system certificates
watch File has been identified by 16 AntiVirus engines on VirusTotal as malicious
watch Network communications indicative of a potential document or script payload download was initiated by the process wscript.exe
watch Wscript.exe initiated network communications indicative of a script based payload download
notice Performs some HTTP requests

Rules (0cnts)

Level Name Description Collection

Network (3cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
https://paste.ee/d/GTjJl
whois
US CLOUDFLARENET 172.67.187.200 clean
paste.ee
whois
US CLOUDFLARENET 172.67.187.200 mailcious
172.67.187.200
whois
US CLOUDFLARENET 172.67.187.200 mailcious

Suricata ids

ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

Similarity measure (PE file only) - Checking for service failure