ScreenShot
| Created | 2024.11.11 10:06 | Machine | s1_win7_x6403 |
| Filename | Manger.docx | ||
| Type | ASCII text, with very long lines, with CRLF line terminators | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | |||
| VT API (file) | 26 detected (Alien, gen80, PowerShell, Runner, A suspicious, TOPIS, V57SxEang5G, MulDrop28, Detected, AsyncRAT, RTCR, Eldorado, Vdkl, NetLoader) | ||
| md5 | 53eac0d35066ed3fbce4e52ca06fec42 | ||
| sha256 | 8cd167a8eb67a290731a2a7ec65de32702488bc9245651fb847dc71af8d7991f | ||
| ssdeep | 192:r6K6O6d6L6+6o686+6U6/6m6VD61636U6D6X6H6K6Y6L6U6N6j6p6M6D6C666H6q:O/ | ||
| imphash | |||
| impfuzzy | |||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 26 AntiVirus engines on VirusTotal as malicious |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Creates (office) documents on the filesystem |
| notice | Creates hidden or system file |
Rules (1cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Antivirus | Contains references to security software | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|