ScreenShot
| Created | 2024.10.16 11:32 | Machine | s1_win7_x6401 |
| Filename | Invoke-Petitpotam.ps1 | ||
| Type | ASCII text, with very long lines | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 34 detected (PowerShell, Malicious, score, pwshell, RefA, Hacktool, Mimikatz, PwrSh, PowerSploit, CLASSIC, Detected, B@81qbmy, Mikatz, ReflectiveLdr, S1483, Vimw, WannaMine, NetWalker) | ||
| md5 | 79f4fb681368185834f5ccf8d4812aec | ||
| sha256 | ae80c0b5510c206b2119e20400aeaf63cde4460ebf26df4591b666ab7e9a2390 | ||
| ssdeep | 24576:4wZtD0YkOnnz1tMSEq+3Be33dMsiS8owwgFhWCSPSzdQZHuMqp1rbY:4mWYkO8St+3RcS+H0bY | ||
| imphash | |||
| impfuzzy | |||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 34 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | Checks amount of memory in system |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Vidar_IN | Vidar | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | hide_executable_file | Hide executable file | binaries (upload) |
| watch | Antivirus | Contains references to security software | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|