SUSP_CreateMutex_Script_Apr20

Rule Info

Name
SUSP_CreateMutex_Script_Apr20
Author
Florian Roth
Description
Detects a suspicious script that creates a local Mutex
Score
60
Reference
Internal Research
Date
2020-04-01
Modified
2023-11-24
Minimum Yara
1.7
Rule Hash
ec514e7b8b0510c04891e808492a9b1d
Tags
['SUSP', 'SCRIPT']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/susp_createmutex_script_apr20/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
0
Suspicious (< 10 engines)
5
Clean (0 engines)
7

Rule Matches

Timestamp
Positives
Total
Hash
VT
2024-01-31 11:09:39
3
62
179980d482d527789c5fddca38c83b8d8c3057b2a9ed11aa8a149c83fec6d91c
2024-01-31 11:09:39
3
59
408286de587311991fe61c4d2622e993ce298c7c8ece4c11dcb0e7c7dbbd484d
2024-01-31 11:09:36
3
62
6c6285a4b2dc00f5467600449b0e82d1b3820bcbcb3563a0b815715e6a6ae768
2024-01-31 11:09:34
3
61
1faa4e66e28601107bed1d0cc684ffc0ec119b1b6f589bf7ea4c6712e6b8c128
2024-01-31 11:02:52
0
60
805ac6032a5b872bac2c7e7e8fe892ad8c9bc227d12a51dad481b088e9b8aa99
2024-01-31 11:02:52
0
60
573270481c270d54aeaa33273ca9669b3039b7e6c093338bd2ac33e4383a0e0f
2024-01-31 11:02:52
0
59
e12e4d647fb737abb69eb8fd2555ff8b0dc18ba86c2d74e3aa4e4c71aaa6a17c
2024-01-31 11:02:52
0
51
4f746cb16dcde4adcaa443f0198cd86ec6dc92b76f5661d17b13a9efb538cbf0
2024-01-31 11:02:52
0
55
c159db9583dc530a1c4fae53d8d54a330e6850777f203b81dd43b1df61e2032e
2024-01-31 11:02:52
0
60
df8a42de18c6136dfd4d9ac33f2bb2aac24fa6844f45b6e172d5a3a013261ac7
2024-01-31 01:03:33
0
43
b6563b2378cfa8352c6c59ab28935fed0af3d7ea4c4c7b72ae627c4c6152eeac
2023-12-15 06:01:33
2
56
1c37f17fac8fafdba5a3ed599ed5fab68f9051b5234debec86fee4cd7599ec1c

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022