siampana.blogg.se

"wscript.exe" (Access type: "DELETEVAL" Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS" Key: "PROXYSERVER") "wscript.exe" (Access type: "SETVAL" Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS" Key: "PROXYENABLE" Value: "00000000") Spawned process "WINWORD.EXE" with commandline "/n "%TEMP%\16JrYhus5uJgL75rfFELNtxZRjpUgJXUWn.doc" ( Show Process), Spawned process "16JrYhus5uJgL75rfFELNtxZRjpUgJXUWn.exe" with commandline ""%TEMP%\16JrYhus5uJgL75rfFELNtxZRjpUgJXUWn.php" 16JrYhus5uJgL75rfFELNtxZRjpUgJXUWn 0.116 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1K+XI7V1qt92oR+AV9VK91liCcWStzjArkngzq1lJx4WkHjmRU/RAArdeLxvNkKTUHFsLQdhYyQZtx8YFv/qamUb9j3O4RS1eYD+Ig+TnNLz/JaBr+qwUDzVjvx3Ovcf/nAkdr0wrZURgjRNWYZMgf816XvGh0KxHHW6Rf0Rdi9qa5jSuHMSPNJAYsRH1vsuJZykGeceLvXwxfhL/1WQukiPVwdYy26hxnPJtMZ1hd8eNnlL0bwMEEDMeaOZnSq27P+M1tHpMqrXC5ZyLZ8ef8a9UNH3p5uuBof4DrVOAMUB圓Z1EWoL7ReE+NtVsodYVk3x5zDXA3yFhzBTJgMbwIDAQAB" ( Show Process), Spawned process "cmd.exe" with commandline "/c "mshta.exe "%TEMP%\16JrYhus5uJgL75rfFELNtxZRjpUgJXUWn.hta""" ( Show Process), Spawned process "mshta.exe" with commandline "%TEMP%\16JrYhus5uJgL75rfFELNtxZRjpUgJXUWn.hta"" ( Show Process) Spawned process "wscript.exe" with commandline ""C:\"" ( Show Process) Script file shows a combination of malicious behavior Detected alert "ET TROJAN WS/JS Downloader M1" (SID: 2024035, Rev: 3, Severity: 1) categorized as "A Network Trojan was detected" (Backdoor, ransomware, trojans, etc.)ĭetected alert "ET MALWARE Windows executable sent when remote host claims to send an image 3" (SID: 2023750, Rev: 1, Severity: 1) categorized as "A Network Trojan was detected" (PUA/PUP/Adware)ĭetected alert "ET POLICY PE EXE or DLL Windows file download HTTP" (SID: 2018959, Rev: 3, Severity: 1) categorized as "Potential Corporate Privacy Violation"ĭetected alert "ET CURRENT_EVENTS Likely Evil EXE download from MSXMLHTTP non-exe extension M2" (SID: 2022053, Rev: 2, Severity: 1) categorized as "A Network Trojan was detected" (Phishing, Exploit Kits)ĭetected alert "ET TROJAN JS/WSF Downloader M3" (SID: 2023671, Rev: 3, Severity: 1) categorized as "A Network Trojan was detected" (Backdoor, ransomware, trojans, etc.)ĭetected alert "ET TROJAN JS/WSF Downloader M4" (SID: 2023672, Rev: 3, Severity: 1) categorized as "A Network Trojan was detected" (Backdoor, ransomware, trojans, etc.)