ScreenShot
Created 2025.04.03 09:59 Machine s1_win7_x6401
Filename Adobe.vbs
Type ASCII text, with CRLF line terminators
AI Score Not founds Behavior Score
10.0
ZERO API file : clean
VT API (file) 7 detected (Save, ABVR, Alien, TOPIS, dnjkLnnaHyD, Outbreak, Obfuse)
md5 607e7e4b5eee718c11d6305f99fc7b4f
sha256 01fcffe559c031d49107df1d551e267736c2424a8bd64843bd041a6c6cd0eccc
ssdeep 24:HvlG+hiXYJGBAWqah7PNiDqeqrsBOd2rO7X6OUVvUEw6:PlG+h5JEAs7P4VTiTSVlw6
imphash
impfuzzy
  Network IP location

Signature (5cnts)

Level Description
watch Network communications indicative of a potential document or script payload download was initiated by the process wscript.exe
watch Wscript.exe initiated network communications indicative of a script based payload download
watch wscript.exe-based dropper (JScript
notice File has been identified by 7 AntiVirus engines on VirusTotal as malicious
notice Performs some HTTP requests

Rules (0cnts)

Level Name Description Collection

Network (3cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
https://dat-voip-sit-cio.trycloudflare.com/shell.ps1 US CLOUDFLARENET 104.16.230.132 clean
dat-voip-sit-cio.trycloudflare.com US CLOUDFLARENET 104.16.231.132 mailcious
104.16.230.132 US CLOUDFLARENET 104.16.230.132 mailcious

Suricata ids



Similarity measure (PE file only) - Checking for service failure