31.0.0 Red Diamond
IR
338695
CloudBasic
18:56:18
12/01/2021
Covid19-Min-Saude-Comuinicado-STIBY-11-01-21-224.vbs
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
462d612fcc6ce92ac4d1b58a27e4ecac
405633f2a4fe5b859ea9331a2276ebd494d39aa4
2bedcf94c9aea7b126f70169728f38678d615cdc26991c3b30628912eb2766d9
Visual Basic Script (13500/0) 100.00%
true
false
false
false
92
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\0[1].zip
false
BC50209A431C05FA1E0D39FF8761073F
DFDE6CF89AEEC720A8515E40303BBB230B2C9D69
EFD7057D2625E4F08EDD7427CF2C8A8FDD9DBAB724F3C648E10ED3EAE1E21C7F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\P-16-5[1].dll
true
E1B2EC2857BDEDC4497655078946A20C
2DE9B015192D5F54370DCC1F5238F1CBA2245CE4
E5C9CE8563AA0AB460EC150A29161ADC1918245C29647A7BCE353FDD7DF2D651
C:\Users\user\AppData\Roaming\0.zip
true
BC50209A431C05FA1E0D39FF8761073F
DFDE6CF89AEEC720A8515E40303BBB230B2C9D69
EFD7057D2625E4F08EDD7427CF2C8A8FDD9DBAB724F3C648E10ED3EAE1E21C7F
C:\Users\user\AppData\Roaming\64317583203315\wkoyrphebhxonpimm60602927029132.dll
true
E1B2EC2857BDEDC4497655078946A20C
2DE9B015192D5F54370DCC1F5238F1CBA2245CE4
E5C9CE8563AA0AB460EC150A29161ADC1918245C29647A7BCE353FDD7DF2D651
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tgwpxyohqm .lnk
true
EFF6667494E9C529A0189BA4FDD93E51
1269792565D3E2869BF58B4F0EAFD9E8BAD576CF
0D32724BFFDE1EEE5CC0524407FD74BCF2714E5BA5875EFBE533ED2F9FE60907
C:\Users\user\AppData\Roaming\phewmqhjwxh.vbs
true
C5394303848978B05D041057E051124B
DCF334238967DB0ACE42ACEB5445416259687223
D346B18223E32677DC656E18BF328AE441E7EB65CFF935EC8F51562844E1528B
8.8.8.8
108.177.96.128
Detected VMProtect packer
Machine Learning detection for dropped file
Potential evasive VBS script found (sleep loop)
Potential malicious VBS script found (has network functionality)
Windows Shell Script Host drops VBS files
Antivirus detection for dropped file
Benign windows process drops PE files
System process connects to network (likely due to code injection or exploit)
VBScript performs obfuscated calls to suspicious functions