Casing_Anomaly_LocalTemp

Rule Info

Rule Hash
a251f0d5a5154eb66688ce8686da6441
Score
65
Tags
['CASING', 'SUSP', 'T1136', 'T1027']
Reference
Internal Research
Name
Casing_Anomaly_LocalTemp
Date
2019-10-02
Required Modules
[]
Author
Florian Roth
Description
Detects Local Temp with a suspicious casing
Minimum Yara
1.7
Av Ratio
19.53

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
16
Suspicious (< 10 engines)
12
Clean (0 engines)
0

Rule Matches

Hash
Total
Timestamp
Positives
VT
271aa2a02f7ddad4b179603d2c58ebc0e1004f7a635994ff445df8468a384db3
59
2020-07-23 16:15:06
13
e27c991cc4ec18262b3d90b6db4abf8f28109773d9ba0199d6dd36af859dce61
57
2020-07-23 16:14:10
6
7aeaf0c3ae303bc6796ef769ab685e4bb4a6867da6201201ae108632d47c06e0
58
2020-07-23 16:12:54
6
927bd846ec7af587b5a06579545f83161ae570a4f046d6386e6ae73a00b9adf7
58
2020-07-23 16:10:18
12
9cbf8cb844668bd9c5361f02359d01d0e38e5f4b1fd5e22e4aa041bd502ff6a8
59
2020-07-23 16:10:09
7
dd3ef16b47bd31fea825f044b0433870ddfa0be3fbe057959e2b04077aedbcdf
59
2020-07-23 16:10:03
21
46e05d9d20914855a31f6736972ae0042c5d34b2627934d9086c49cb397fa4b4
52
2020-07-23 16:10:01
11
d7bcfc772d5f402d22d442ad03a42606f344a129e9df2358b4e00ea45f3049a1
58
2020-07-23 16:10:01
4
4cfc4e166d9770a3141ab8e6c26b58a0e0c6f3b02e1218b3161ef11c658d56f2
58
2020-07-23 16:10:00
10
ac3bcbd34f5db23f09f8a90cb13fde990f28d5c24f22f3d8bf16904233889ab2
57
2020-07-23 16:09:45
19
047768e32d348fa1f40cfe28867c8fb54ac9b0e1f834f666ec3b73c576337f46
57
2020-07-23 16:09:42
4
913eec785d953be2dee24fd0af2242f72b7fc6081c6b6afa4b9d4bf2678339ce
56
2020-07-23 16:08:50
7
4a169cbdb43ce32975dcbc5b97dab03466479a1a6aefe9be8c3677a34740c118
58
2020-07-23 16:08:06
1
62b5697c7ed4f1717d9be4a7f74fc71cd8926f1c04bea281642c8cb0cf1a3335
58
2020-07-23 16:07:47
13
62cc0502d7dcbad514060f1da155dd7360f3979aad3fba569bb51f27bf585b1a
59
2020-07-23 16:07:31
15
997b7ff99abffefeee8ad1a44b6b2be1e728383dcb5e204c9d0c870c2047dfe4
58
2020-07-23 16:07:11
1
2e4d750174a9f30bb6cf2a1c3df497368d1f9c4537e96293c3a53d07b4d12c93
58
2020-07-23 16:06:53
2
eb9cc5ee32cd67cacf113b343e89d5daeab0cb007fa6904fcfa1fcab9c1d6816
58
2020-07-23 16:06:36
18
ba99454f3580e2b321916b70f0dd83c8325499048730db4bb753332fb9bab276
58
2020-07-23 16:06:24
4
bd7de0758a5e55450c5cb0456f9a95f15db9d7bed20c8289ec26bb9b4263f7a0
59
2020-07-23 16:06:08
11
b0e91265109d60cb654e776d52016b8ef3e42da1a96310c5f2fadd7110d7d730
58
2020-07-23 16:05:39
16
5508c9ddb676beb5e16c2da6fbaf4fe5de5f12cd5573d041148c9ded0cbe45ad
57
2020-07-23 16:05:14
8
1448d4fe1221d93dbf190496bebb31fe95a2c8740a182826a47be288e9cbfaa8
58
2020-07-23 16:05:13
14
5a8956e665402c41f00377a5f5f2900b1a3dbc8b04099d8293207d3c65caa238
58
2020-06-09 07:52:59
14
281a23141bf1b2cf55417d4263214f9dcb351ce9780c1b76155e552c4f1ee236
59
2020-06-04 14:52:32
12
58c2bb4ae6715d4812d35d1c789e48b3af0b6c0d3ca53b0dc25cf6aff219b094
57
2020-02-20 12:15:47
7
e4c41924188ced418eaae2d39e0c709e297a74d53fb70bcdf23beebf4b8a1816
60
2020-02-11 18:49:55
42
15c6536dd7a47add995049f4e54d86f69f50bb20fe29b88b5ae809a888730a5e
56
2020-01-14 13:16:27
19

Rule Matches per Month (last 24 months)