ScreenShot
| Created | 2021.03.29 17:59 | Machine | s1_win7_x3201 |
| Filename | 745584778.js | ||
| Type | ASCII text, with very long lines, with CRLF line terminators | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 65f5e916c44ce0e15b66dc940c1e70c1 | ||
| sha256 | 00113d155f28b4bcdf2e251c176c8d3119ebea1e85280aafa4d2eee38989eb01 | ||
| ssdeep | 192:d2UPZsrcWYtt3UOtjuFm4vxb0og4qPoC6aAUGI8ZvLbEYkdwM+Lo9Rrkllmin2dh:d2isrouFAtQaDGIO37kCkreoyTAg0BJx | ||
| imphash | |||
| impfuzzy | |||
Network IP location
Signature (10cnts)
| Level | Description |
|---|---|
| danger | The process wscript.exe wrote an executable file to disk which it then attempted to execute |
| watch | Creates or sets a registry key to a long series of bytes |
| watch | Installs itself for autorun at Windows startup |
| watch | One or more non-whitelisted processes were created |
| notice | A process created a hidden window |
| notice | Creates a suspicious process |
| notice | Creates executable files on the filesystem |
| notice | Uses Windows utilities for basic Windows functionality |
| info | Command line console output was observed |
| info | Queries for the computername |
Rules (1cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsSuspicious | Might be PE Virus | binaries (upload) |
