ScreenShot
| Created | 2025.04.03 09:59 | Machine | s1_win7_x6401 |
| Filename | Adobe.vbs | ||
| Type | ASCII text, with CRLF line terminators | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 7 detected (Save, ABVR, Alien, TOPIS, dnjkLnnaHyD, Outbreak, Obfuse) | ||
| md5 | 607e7e4b5eee718c11d6305f99fc7b4f | ||
| sha256 | 01fcffe559c031d49107df1d551e267736c2424a8bd64843bd041a6c6cd0eccc | ||
| ssdeep | 24:HvlG+hiXYJGBAWqah7PNiDqeqrsBOd2rO7X6OUVvUEw6:PlG+h5JEAs7P4VTiTSVlw6 | ||
| imphash | |||
| impfuzzy | |||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| watch | Network communications indicative of a potential document or script payload download was initiated by the process wscript.exe |
| watch | Wscript.exe initiated network communications indicative of a script based payload download |
| watch | wscript.exe-based dropper (JScript |
| notice | File has been identified by 7 AntiVirus engines on VirusTotal as malicious |
| notice | Performs some HTTP requests |
Rules (0cnts)
| Level | Name | Description | Collection |
|---|
Suricata ids
ET POLICY Observed DNS Query to Commonly Abused Cloudflare Domain (trycloudflare .com)
ET HUNTING TryCloudFlare Domain in TLS SNI
ET INFO Observed trycloudflare .com Domain in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET HUNTING TryCloudFlare Domain in TLS SNI
ET INFO Observed trycloudflare .com Domain in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)