ScreenShot
| Created | 2025.01.08 12:34 | Machine | s1_win7_x6401 |
| Filename | New PO 3D Step drawings.jse | ||
| Type | ASCII text, with very long lines, with CRLF line terminators | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 3 detected (gen87, Obfuscated, kcdfgx) | ||
| md5 | 105d66b76a85c6b7b5e8cccdaff36744 | ||
| sha256 | 5067ae856163cdc7f64eadf716210a5da82d83adc4e15aafa2c05bd7ba07bcb4 | ||
| ssdeep | 192:lmaRotvfmdrxbJMuoIYTuoQFrUfIKL9F2f8grzs3fSJIBcVIC8ZN25I1Ow:AaDrREu5JGU2th | ||
| imphash | |||
| impfuzzy | |||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| danger | The process wscript.exe wrote an executable file to disk which it then attempted to execute |
| watch | Disables proxy possibly for traffic interception |
| watch | One or more non-whitelisted processes were created |
| notice | A process created a hidden window |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates a suspicious process |
| notice | File has been identified by 3 AntiVirus engines on VirusTotal as malicious |
| info | Checks amount of memory in system |
Rules (0cnts)
| Level | Name | Description | Collection |
|---|
