ScreenShot
| Created | 2024.03.31 11:29 | Machine | s1_win7_x6401 |
| Filename | createdloverkissed.vbs | ||
| Type | Little-endian UTF-16 Unicode text, with CRLF, CR line terminators | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 7 detected (gen40, AABS, SAgent) | ||
| md5 | 7cfb0e8a02678ccbd305bea1d747a88e | ||
| sha256 | c4e00149e62cc05e31e3aeeb5e26edd925a68a1c43dfeaca8441bdf54e8e9494 | ||
| ssdeep | 3072:XYFEhNe4VTdRnTT8w4TWXBIgJdpe+og0S7A:XYFYM | ||
| imphash | 1 | ||
| impfuzzy | 1 | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| watch | Network communications indicative of a potential document or script payload download was initiated by the process wscript.exe |
| watch | Network communications indicative of a potential document or script payload download was initiated by the process wscript.exe |
| watch | Wscript.exe initiated network communications indicative of a script based payload download |
| watch | wscript.exe-based dropper (JScript |
| notice | File has been identified by 7 AntiVirus engines on VirusTotal as malicious |
| notice | Performs some HTTP requests |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | 1 | binaries (upload) | |
| info | 1 | dumpmem | |
| info | 1 | memory | |
| info | 1 | office | |
| info | 1 | scripts | |
| info | 1 | urls | |
| info | 94102 | shellcode |
Suricata ids
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
PE API
1