ScreenShot
| Created | 2024.11.01 09:51 | Machine | s1_win7_x6401 |
| Filename | a.hta | ||
| Type | HTML document, ASCII text, with CRLF line terminators | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 7 detected (gen60, TeslaCrypt, Detected, Eldorado, Psyme) | ||
| md5 | 9d17c4b02df4c09f0912771f0768ff44 | ||
| sha256 | 7ac2fc998131815c7796e3f6f308a5c194e8cb0f1ba7fb6cc04f167d0b867de8 | ||
| ssdeep | 48:WnvgO2S2IXDMjNsJWRGYjXPd50anePtpBk+P:gx/ojNsYgYL0oqVP | ||
| imphash | |||
| impfuzzy | |||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| watch | Disables proxy possibly for traffic interception |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | File has been identified by 7 AntiVirus engines on VirusTotal as malicious |
| info | Checks amount of memory in system |
Rules (0cnts)
| Level | Name | Description | Collection |
|---|
