ScreenShot
| Created | 2025.03.28 09:36 | Machine | s1_win7_x6403 |
| Filename | loader.vbs | ||
| Type | UTF-8 Unicode text, with CRLF line terminators | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | |||
| VT API (file) | 9 detected (gen60, druvzi, Detected, Psyme) | ||
| md5 | cae91a547e1f1f9340d8856b5b1ffd07 | ||
| sha256 | aeb04690e950c382b02ccfc85370d5fd7f814bc8160350ee5daa6152dcd18c1e | ||
| ssdeep | 24:9AKpLr2KjwGzll9LONnhQrq9t7mBIHyyY0HVW:eoLrlgydwhbs | ||
| imphash | |||
| impfuzzy | |||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | The process wscript.exe wrote an executable file to disk which it then attempted to execute |
| watch | Network communications indicative of a potential document or script payload download was initiated by the process wscript.exe |
| watch | One or more non-whitelisted processes were created |
| watch | Wscript.exe initiated network communications indicative of a script based payload download |
| watch | wscript.exe-based dropper (JScript |
| notice | A process created a hidden window |
| notice | File has been identified by 9 AntiVirus engines on VirusTotal as malicious |
Rules (0cnts)
| Level | Name | Description | Collection |
|---|
Suricata ids
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET INFO TLS Handshake Failure