Casing_Anomaly_LocalTemp

Rule Info

Name
Casing_Anomaly_LocalTemp
Author
Florian Roth
Description
Detects Local Temp with a suspicious casing
Score
65
Reference
Internal Research
Date
2019-10-02
Modified
2022-06-09
Minimum Yara
1.7
Rule Hash
9374def176101dd0caa3d2d70a28d266
Tags
['CASING', 'ANOMALY', 'T1027', 'SCRIPT', 'SUSP']
Required Modules
[]

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
20
Suspicious (< 10 engines)
16
Clean (0 engines)
2

Rule Matches

Timestamp
Positives
Total
Hash
VT
2024-03-13 15:03:26
21
60
2e7f54472b337c73f7b06a1b148806119b936f1cfccab40903401995afdfeafe
2023-10-10 11:34:00
0
63
14a4ae701460377b6c6babe7328a05e0302490cc2c55d975bafc25dec387abf2
2023-03-24 21:31:19
0
59
f64b3b26cb38077999d4b9abfde5742ca749f42b418b0d334b92445be6239e2c
2022-10-25 18:07:54
3
61
e73eac79eb3eb235397b062ad92d702df6901a38a4ab3507e441fbcda726fff0
2022-09-18 10:07:29
13
69
442c7316218785047b6d7fcb9c3363cfdfba57cf1c65523c4076c1fa13f651ae
2022-05-10 10:26:31
33
59
fbd5e17738e2ac488f37f58f64128961fdbc6b59e22900dae783c38886365ff8
2022-03-20 06:26:45
9
56
cf0bd8bea79701c6130efd48593b41dde421f303d9f7234decb00c3089916505
2022-02-20 21:14:00
10
58
da570e33c928e4f5a68b105c99d72a93a2239370f6e281a172f70bd0e2ad5109
2021-09-14 14:54:47
9
57
0d88772be0a41602e1356190cc88c79df6d74d0644d2fba34fd25fee97456f12
2021-01-12 11:46:54
7
61
c687f29414cc9767dc16a82b97a877ddeb668a30a7122c945b0842e32b267fbb
2020-07-23 16:15:06
13
59
271aa2a02f7ddad4b179603d2c58ebc0e1004f7a635994ff445df8468a384db3
2020-07-23 16:14:10
6
57
e27c991cc4ec18262b3d90b6db4abf8f28109773d9ba0199d6dd36af859dce61
2020-07-23 16:12:54
6
58
7aeaf0c3ae303bc6796ef769ab685e4bb4a6867da6201201ae108632d47c06e0
2020-07-23 16:10:18
12
58
927bd846ec7af587b5a06579545f83161ae570a4f046d6386e6ae73a00b9adf7
2020-07-23 16:10:09
7
59
9cbf8cb844668bd9c5361f02359d01d0e38e5f4b1fd5e22e4aa041bd502ff6a8
2020-07-23 16:10:03
21
59
dd3ef16b47bd31fea825f044b0433870ddfa0be3fbe057959e2b04077aedbcdf
2020-07-23 16:10:01
4
58
d7bcfc772d5f402d22d442ad03a42606f344a129e9df2358b4e00ea45f3049a1
2020-07-23 16:10:01
11
52
46e05d9d20914855a31f6736972ae0042c5d34b2627934d9086c49cb397fa4b4
2020-07-23 16:10:00
10
58
4cfc4e166d9770a3141ab8e6c26b58a0e0c6f3b02e1218b3161ef11c658d56f2
2020-07-23 16:09:45
19
57
ac3bcbd34f5db23f09f8a90cb13fde990f28d5c24f22f3d8bf16904233889ab2
2020-07-23 16:09:42
4
57
047768e32d348fa1f40cfe28867c8fb54ac9b0e1f834f666ec3b73c576337f46
2020-07-23 16:08:50
7
56
913eec785d953be2dee24fd0af2242f72b7fc6081c6b6afa4b9d4bf2678339ce
2020-07-23 16:08:06
1
58
4a169cbdb43ce32975dcbc5b97dab03466479a1a6aefe9be8c3677a34740c118
2020-07-23 16:07:47
13
58
62b5697c7ed4f1717d9be4a7f74fc71cd8926f1c04bea281642c8cb0cf1a3335
2020-07-23 16:07:31
15
59
62cc0502d7dcbad514060f1da155dd7360f3979aad3fba569bb51f27bf585b1a
2020-07-23 16:07:11
1
58
997b7ff99abffefeee8ad1a44b6b2be1e728383dcb5e204c9d0c870c2047dfe4
2020-07-23 16:06:53
2
58
2e4d750174a9f30bb6cf2a1c3df497368d1f9c4537e96293c3a53d07b4d12c93
2020-07-23 16:06:36
18
58
eb9cc5ee32cd67cacf113b343e89d5daeab0cb007fa6904fcfa1fcab9c1d6816
2020-07-23 16:06:24
4
58
ba99454f3580e2b321916b70f0dd83c8325499048730db4bb753332fb9bab276
2020-07-23 16:06:08
11
59
bd7de0758a5e55450c5cb0456f9a95f15db9d7bed20c8289ec26bb9b4263f7a0
2020-07-23 16:05:39
16
58
b0e91265109d60cb654e776d52016b8ef3e42da1a96310c5f2fadd7110d7d730
2020-07-23 16:05:14
8
57
5508c9ddb676beb5e16c2da6fbaf4fe5de5f12cd5573d041148c9ded0cbe45ad
2020-07-23 16:05:13
14
58
1448d4fe1221d93dbf190496bebb31fe95a2c8740a182826a47be288e9cbfaa8
2020-06-09 07:52:59
14
58
5a8956e665402c41f00377a5f5f2900b1a3dbc8b04099d8293207d3c65caa238
2020-06-04 14:52:32
12
59
281a23141bf1b2cf55417d4263214f9dcb351ce9780c1b76155e552c4f1ee236
2020-02-20 12:15:47
7
57
58c2bb4ae6715d4812d35d1c789e48b3af0b6c0d3ca53b0dc25cf6aff219b094
2020-02-11 18:49:55
42
60
e4c41924188ced418eaae2d39e0c709e297a74d53fb70bcdf23beebf4b8a1816
2020-01-14 13:16:27
19
56
15c6536dd7a47add995049f4e54d86f69f50bb20fe29b88b5ae809a888730a5e

Rule Matches per Month (last 24 months)