ScreenShot
| Created | 2025.03.27 10:33 | Machine | s1_win7_x6403 |
| Filename | tarksloader.hta | ||
| Type | HTML document, ASCII text, with CRLF line terminators | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | |||
| VT API (file) | 23 detected (Qakbot, gen92, Possible, SMHANCITORGMNE, Runner, kslccp, TOPIS, eqceN2cLLcS, Detected, Eldorado, Ddhl, NetLoader) | ||
| md5 | cc3c0e6f75302fb6c2d9b5e7f487efe8 | ||
| sha256 | 354d082858bfc5e24133854ff14bb2e89bc16e1b010b9d3372c8370d3144cdb9 | ||
| ssdeep | 24:hMNmMvy4GqptEIjb18qeORVp8xuY8yu5yEl88e/hM8E4olEC:ImMqopOIjb17d4ucD6t40F | ||
| imphash | |||
| impfuzzy | |||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 23 AntiVirus engines on VirusTotal as malicious |
| watch | Uses suspicious command line tools or Windows utilities |
| notice | A process created a hidden window |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| info | Checks amount of memory in system |
| info | Command line console output was observed |
Rules (0cnts)
| Level | Name | Description | Collection |
|---|
