31.0.0 Red Diamond
IR
338693
CloudBasic
18:54:27
12/01/2021
Covid19-Min-Saude-Comuinicado-STIBY-11-01-21-224.vbs
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
462d612fcc6ce92ac4d1b58a27e4ecac
405633f2a4fe5b859ea9331a2276ebd494d39aa4
2bedcf94c9aea7b126f70169728f38678d615cdc26991c3b30628912eb2766d9
Visual Basic Script (13500/0) 100.00%
true
false
false
false
92
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\P-16-5[1].dll
true
E1B2EC2857BDEDC4497655078946A20C
2DE9B015192D5F54370DCC1F5238F1CBA2245CE4
E5C9CE8563AA0AB460EC150A29161ADC1918245C29647A7BCE353FDD7DF2D651
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\0[1].zip
false
BC50209A431C05FA1E0D39FF8761073F
DFDE6CF89AEEC720A8515E40303BBB230B2C9D69
EFD7057D2625E4F08EDD7427CF2C8A8FDD9DBAB724F3C648E10ED3EAE1E21C7F
C:\Users\user\AppData\Roaming\0.zip
true
BC50209A431C05FA1E0D39FF8761073F
DFDE6CF89AEEC720A8515E40303BBB230B2C9D69
EFD7057D2625E4F08EDD7427CF2C8A8FDD9DBAB724F3C648E10ED3EAE1E21C7F
C:\Users\user\AppData\Roaming\44788286328315\ttmdaoktkityhfkfg34112692654132.dll
true
E1B2EC2857BDEDC4497655078946A20C
2DE9B015192D5F54370DCC1F5238F1CBA2245CE4
E5C9CE8563AA0AB460EC150A29161ADC1918245C29647A7BCE353FDD7DF2D651
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\puyfmugprn .lnk
true
58193A61036D7292767F73A37E74FF2E
1BF0034C84F01EDC28902320B8F23BB9388CC39E
C57AAF21A4C702CBB0FD6B427983A95E36AAA6127125A001072646F752E3588C
C:\Users\user\AppData\Roaming\wfcfjfsoqjp.vbs
true
C5394303848978B05D041057E051124B
DCF334238967DB0ACE42ACEB5445416259687223
D346B18223E32677DC656E18BF328AE441E7EB65CFF935EC8F51562844E1528B
8.8.8.8
74.125.143.128
Detected VMProtect packer
Machine Learning detection for dropped file
Potential evasive VBS script found (sleep loop)
Potential malicious VBS script found (has network functionality)
Windows Shell Script Host drops VBS files
Antivirus detection for dropped file
Benign windows process drops PE files
System process connects to network (likely due to code injection or exploit)
VBScript performs obfuscated calls to suspicious functions