ScreenShot
| Created | 2024.10.28 11:08 | Machine | s1_win7_x6403 |
| Filename | networks.ps1 | ||
| Type | ASCII text, with very long lines, with CRLF line terminators | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 6 detected (WannaMine, Save, Coinminer, PowerShell, HackTool, Mikatz) | ||
| md5 | 06efa98e5fee566bb1a9ef4b36abff34 | ||
| sha256 | 590218400886d51989625ecd9e1085a98cc41cee42748f2858faabbc006228e6 | ||
| ssdeep | 12288:vjSSHddEugzhS6fYpyX2vYqk+k8hqTzmB/nmhTEPQtZCzQG7GbRoLs3dorA4LrO1:7F9dEulQX2Q3g+GP+61ItrfKlOB | ||
| imphash | |||
| impfuzzy | |||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Executes one or more WMI queries |
| notice | File has been identified by 6 AntiVirus engines on VirusTotal as malicious |
| info | Checks amount of memory in system |
| info | Command line console output was observed |
| info | Queries for the computername |
| info | Uses Windows APIs to generate a cryptographic key |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | hide_executable_file | Hide executable file | binaries (upload) |
| watch | Antivirus | Contains references to security software | binaries (download) |
