Report - 32.ps1

Generic Malware Antivirus ZIP Format

ScreenShot

Info
Location map


Created	2025.02.05 11:06	Machine	s1_win7_x6401
Filename	32.ps1
Type	ASCII text
AI Score	Not founds	Behavior Score	5.2
ZERO API	file : mailcious
VT API (file)	23 detected (PowerShell, lummastealer, GNVQ, Detected, ABTrojan, VQQZ, LummaC2, SC227430, Fwnw)
md5	7de4a17dfc66695461f0c6a70ca4ec49
sha256	ee5775b3e3d293257a13bbed6b04a273deb4b92ab32c06b25228c2d581c52523
ssdeep	24:VU79N1K28Tm1K2n5gn4d1K2N85m9yRuifVAeABvQ1K22ft3vSO:eT1KPm1KId1KStyRuifbAS1KltSO
imphash
impfuzzy

Network IP location

Signature (12cnts)

Level	Description
danger	Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually)
warning	File has been identified by 23 AntiVirus engines on VirusTotal as malicious
watch	Network communications indicative of a potential document or script payload download was initiated by the process powershell.exe
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Checks adapter addresses which can be used to detect virtual network interfaces
notice	One or more potentially interesting buffers were extracted
notice	Poweshell is sending data to a remote host
notice	URL downloaded by powershell script
info	Checks amount of memory in system
info	Command line console output was observed
info	Queries for the computername
info	Uses Windows APIs to generate a cryptographic key

Rules (3cnts)

Level	Name	Description	Collection
warning	Generic_Malware_Zero	Generic Malware	binaries (download)
watch	Antivirus	Contains references to security software	binaries (download)
info	zip_file_format	ZIP file format	binaries (download)

Network (2cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?
shaileshvisionaryastrologer.com whois		Contabo GmbH	167.86.109.19		clean
167.86.109.19 whois		Contabo GmbH	167.86.109.19		clean

Suricata ids

Similarity measure (PE file only) - Checking for service failure