popup

Report - IEbrowserUpdates.vbs

  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2024.01.23 14:19 Machine s1_win7_x6403
Filename IEbrowserUpdates.vbs
Type Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators
AI Score Not founds Behavior Score
2.6
ZERO API file : mailcious
VT API (file) 3 detected (gen40, SAgent)
md5 b188e3740962ca8e83f9a86ab3889c9f
sha256 27a9c5e4f0f75d076d0aa37abf3b7b3f900c72146bd5977ae88cddb016ce531c
ssdeep 3072:mlnpUPLnys2O17SpmzxvemRQrtN81QgvmIIb6t:mlnpUPLnys2OspmzxvYi
imphash
impfuzzy
  Network IP location

Signature (5cnts)

Level Description
watch Attempts to create or modify system certificates
watch Network communications indicative of a potential document or script payload download was initiated by the process wscript.exe
watch Wscript.exe initiated network communications indicative of a script based payload download
notice File has been identified by 3 AntiVirus engines on VirusTotal as malicious
notice Performs some HTTP requests

Rules (0cnts)

Level Name Description Collection

Network (4cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
http://paste.ee/d/ywRmc
whois
US CLOUDFLARENET 104.21.84.67 clean
https://paste.ee/d/ywRmc
whois
US CLOUDFLARENET 104.21.84.67 clean
paste.ee
whois
US CLOUDFLARENET 104.21.84.67 mailcious
104.21.84.67
whois
US CLOUDFLARENET 104.21.84.67 malware

Suricata ids

ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

Similarity measure (PE file only) - Checking for service failure