ScreenShot
Created 2024.12.16 19:01 Machine s1_win7_x6403
Filename Captcha.hta
Type HTML document, ASCII text, with very long lines, with CRLF line terminators
AI Score Not founds Behavior Score
2.2
ZERO API file : clean
VT API (file) 24 detected (Electryon, PowerShell, LUMMASTEALER, YXELMZ, Tiny, ExpKit, eurlzq, ExploitKit, Detected, Infected, AutoInfector, ABApplication, Kmnw)
md5 81df0a7222ad3c1bd736c2190314b47c
sha256 df63eda4107b614d7a1138490e5c23d657ef4966d7af8c5bd747e5c06a4b231c
ssdeep 48:3XrEzR0n67Z00kWo5XJdYCSC0DpxMUR02V4YD9Lhushq3pYk94WdfG:qgc00doRYrC0FfqYKCAu
imphash
impfuzzy
  Network IP location

Signature (5cnts)

Level Description
warning File has been identified by 24 AntiVirus engines on VirusTotal as malicious
notice Allocates read-write-execute memory (usually to unpack itself)
notice Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time)
notice Performs some HTTP requests
info Checks amount of memory in system

Rules (0cnts)

Level Name Description Collection

Network (1cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl Unknown 23.67.75.83 clean

Suricata ids



Similarity measure (PE file only) - Checking for service failure