Report - Transfer-https.vbs

Hide_EXE PE32 PE File
ScreenShot
Created 2024.12.06 09:44 Machine s1_win7_x6403
Filename Transfer-https.vbs
Type ASCII text, with very long lines, with CRLF, LF line terminators
AI Score Not founds Behavior Score
7.6
ZERO API file : clean
VT API (file) 40 detected (Swrort, SNIC, Rozena, YXEKPZ, Dowloader, Malicious, score, fosjzx, Ploty, TOPIS, JqyfiJ1QMlQ, ExpKit, Gen2, Muldrop, Detected, NJA@833icd, Obfuse, Eldorado, MPreter, Ymhl)
md5 e2f4a3c6e7570b4424089b24b059c9d0
sha256 44fd76bed4f91723940931c035a1e92f7d26d7c94dabd15f2e4a8db4f6e48273
ssdeep 96:ZGze5ePQfJEgaGscxriEto+TE9sfQcHOB7uczr05LaGejhVPPCyCsB3fD+r2:UzezgfEtoRGocHOBDzr05KbPKyNBG2
imphash
impfuzzy
  Network IP location

Signature (10cnts)

Level Description
danger Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually)
danger File has been identified by 40 AntiVirus engines on VirusTotal as malicious
danger The process wscript.exe wrote an executable file to disk which it then attempted to execute
watch Communicates with host for which no DNS query was performed
watch Deletes executed files from disk
watch Drops a binary and executes it
watch One or more non-whitelisted processes were created
notice A process created a hidden window
notice Creates executable files on the filesystem
notice Drops an executable to the user AppData folder

Rules (3cnts)

Level Name Description Collection
warning hide_executable_file Hide executable file binaries (upload)
info IsPE32 (no description) binaries (download)
info PE_Header_Zero PE File Signature binaries (download)

Network (1cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
89.197.154.116 GB Virtual1 Limited 89.197.154.116 mailcious

Suricata ids



Similarity measure (PE file only) - Checking for service failure