ScreenShot
Created | 2021.03.29 17:59 | Machine | s1_win7_x3201 |
Filename | 745584778.js | ||
Type | ASCII text, with very long lines, with CRLF line terminators | ||
AI Score | Not founds | Behavior Score |
|
ZERO API | file : clean | ||
VT API (file) | |||
md5 | 65f5e916c44ce0e15b66dc940c1e70c1 | ||
sha256 | 00113d155f28b4bcdf2e251c176c8d3119ebea1e85280aafa4d2eee38989eb01 | ||
ssdeep | 192:d2UPZsrcWYtt3UOtjuFm4vxb0og4qPoC6aAUGI8ZvLbEYkdwM+Lo9Rrkllmin2dh:d2isrouFAtQaDGIO37kCkreoyTAg0BJx | ||
imphash | |||
impfuzzy |
Network IP location
Signature (10cnts)
Level | Description |
---|---|
danger | The process wscript.exe wrote an executable file to disk which it then attempted to execute |
watch | Creates or sets a registry key to a long series of bytes |
watch | Installs itself for autorun at Windows startup |
watch | One or more non-whitelisted processes were created |
notice | A process created a hidden window |
notice | Creates a suspicious process |
notice | Creates executable files on the filesystem |
notice | Uses Windows utilities for basic Windows functionality |
info | Command line console output was observed |
info | Queries for the computername |
Rules (1cnts)
Level | Name | Description | Collection |
---|---|---|---|
info | IsSuspicious | Might be PE Virus | binaries (upload) |