Report - wp.vbs

ScreenShot

Info
Location map


Created	2023.12.14 10:17	Machine	s1_win7_x6401
Filename	wp.vbs
Type	Non-ISO extended-ASCII text, with very long lines, with CRLF line terminators
AI Score	Not founds	Behavior Score	10.0
ZERO API	file : mailcious
VT API (file)	29 detected (Valyria, Save, SNIC, Skiddo, Malicious, score, iwquii, VPTL, Siggen, Detected, Dunihi, ai score=85, TOPIS, xxVsk5TjtcJ)
md5	4d09dbc70709eb2790c491dc476d508b
sha256	8939bff041d3968fe34dd5ded9c609364d0c5f2989ff60b1703a8c557fe09d84
ssdeep	384:LW0SXuLuL8qCMhqbxOsu4Xpj3Tu88+cIUL87V7yY/DR7g7gDJ1ecYkG3Vd2AjIjt:LW0t3Ifve
imphash
impfuzzy

Network IP location

Signature (10cnts)

Level	Description
warning	File has been identified by 29 AntiVirus engines on VirusTotal as malicious
watch	Executes one or more WMI queries
watch	Installs itself for autorun at Windows startup
watch	Network communications indicative of a potential document or script payload download was initiated by the process wscript.exe
watch	Wscript.exe initiated network communications indicative of a script based payload download
watch	wscript.exe-based dropper (JScript
notice	Connects to a Dynamic DNS Domain
notice	Executes one or more WMI queries which can be used to identify virtual machines
notice	Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation
info	Queries for the computername

Rules (0cnts)

Level	Name	Description	Collection

Network (4cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?
http://chongmei33.publicvm.com:7045/is-processes whois		M247 Ltd	103.47.144.44	37041	mailcious
http://chongmei33.publicvm.com:7045/is-ready whois		M247 Ltd	103.47.144.44	28328	mailcious
chongmei33.publicvm.com whois		M247 Ltd	103.47.144.44		mailcious
103.47.144.44 whois		M247 Ltd	103.47.144.44		clean

Suricata ids

Similarity measure (PE file only) - Checking for service failure