SUSP_Script_PS1_PE_Injection_Indicators_Mar21_1

Rule Info

Tags
['SUSP', 'T1086', 'T1059_001']
Name
SUSP_Script_PS1_PE_Injection_Indicators_Mar21_1
Minimum Yara
1.7
Rule Hash
0199cf9df58f7ea424f8fa6b0359eb22
Av Ratio
13.28
Score
60
Author
Florian Roth
Date
2021-03-01
Description
Detects suspicious script with keywords that indicate pe injection techniques
Required Modules
[]

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
22
Suspicious (< 10 engines)
33
Clean (0 engines)
6

Rule Matches

Hash
Timestamp
Total
Positives
VT
6abba23c0d1539b167a7f71817845c616dd40620cde17ce367eaa6973356f876
2021-06-15 13:44:27
55
2
e81e33f6d1d6a91552c53bb2ebe621218917b85bf9b7ef20aa049b23676c235a
2021-06-13 22:15:12
51
20
046e0bce54a74fb6edada0dfa14048ca80851c72151b5e00ce54086206419e1f
2021-06-13 19:35:41
58
17
e91de341151086d4381599bc0129709b5d67ca4a5ef4a8dc085839e7b903f701
2021-06-12 22:11:43
58
12
dd292da794d6c9afb8ea5e136c7b23ff61aa913ff2f451fa5c6b268c74714f60
2021-06-11 19:44:11
57
12
d95be7fd5df8c30f73e8cdd6dd4fedc7444ac29eead3e7fb0fe504835244f9d7
2021-06-11 19:13:12
58
13
ebe7ae465bd2241cfdd315a1bd5acbc17458a8f57a238df442c4c2d48e107235
2021-06-11 19:04:41
59
21
bf25aa9d9ca536ca0fcc74daeb95e574289b1688b42638e8b8ddc74c68579b8d
2021-06-11 17:28:46
58
14
deae0ac8251d8c9eb7ad3b77d693501d96db7d7c67b85933c509031202c272da
2021-06-09 16:23:21
58
3
ea4aa4ffa978a970a3d9a762a8ea6e8c57f0286d2bd6debb5217fc6a44e37ca8
2021-06-08 22:10:17
59
6
9a9f60d4736cfb2716ec4f6f05b76ac61d9f16596fc787d5a459f7407b1956a3
2021-06-08 14:53:32
58
4
6688b11e528cbf670e6b83df29090845d8b3a135416797e665bcbd7202abd48b
2021-06-07 20:57:29
57
11
2476e53d066a717d8627e08d13e7d2983e6ba9ecd76a8c3968273845f7996bde
2021-06-07 20:56:29
57
2
db7c19cc03486f9948a0d9bb304baea5017f937802c88bb8ad85c7493fb5aeeb
2021-06-07 17:34:23
59
12
7a1cb678e79d27382387cd8df1b5f6f36c7d4b45b0151f608b125d226f6f16dc
2021-06-07 17:32:11
57
2
0b776bb3bc48dcdb0e99b045ce4ce4488b307732b903aeb54c85d8c88d565f80
2021-06-07 17:31:07
58
4
1e361ecd42d4d704ec6d4a3104398274fb02034beafb33aa20aeb69c79c61616
2021-06-05 12:29:05
59
20
ed29dccb1d68c749d7f6248e9b3ac78381f45e982fe3ee93de0df1cbd5620e48
2021-06-05 11:37:49
59
22
4e529abc079f38a59e41e00dc4ef787cc47f826744eedf2b16c17914ca688c71
2021-06-04 20:58:26
58
0
0d12d72f4691502612412705654a383201a399ffee0b4c08bb8c279dc6fd8b2d
2021-06-04 11:33:01
59
24
3ee16ae43649f5fe2d54277e150d950522915a5602a3a2e84dd266a78fbea01d
2021-06-03 21:13:32
58
11
13bda2fab9d78868f30a0bb704eaa1db2e0dacfe11bd3dcd348290bfc67fe40c
2021-06-01 15:28:31
58
5
9aaebcf0df8cf361b10e071e4feec5c859dd110c2f5be32a1154442d8106f274
2021-06-01 14:47:00
57
3
094a4f0819d85cc72f804fe78b5a8093328ab8f7bf63a4b976bf4a5bd963eda0
2021-06-01 10:26:19
57
7
033559d889dbcece338bbd5a063ea953472196ac234e7037b705ac3cd42494c3
2021-05-31 19:33:53
57
4
b28dbdaae1e58f5a4d8c09e68bc4c6b29a58cc162098d09814230f4b0af979e7
2021-05-28 12:10:17
58
1
494a1f49e7ab9eb20e8156aed6f1ffffe5abe8a1dc47e2b8a2c35bd99b30cc4d
2021-05-27 20:05:53
58
1
d57a7c21023e6b3166718d2777b35f2587ce766492c7f6370ce4531cd7888507
2021-05-26 12:47:33
58
13
51863340741893ed0860f30704e00ee4e4c4f0ac4b2c6eefd5e765008f20eb29
2021-05-25 18:41:59
57
2
fc75c268c55b88fcd2ab61c35cb4d0c09ea729aa1b1dec03e1d7004e012ac716
2021-05-25 12:51:58
69
13
933d5086d4e99b6f22a58b25ada04965424b21a51002a91ea1e12575fa8e0a97
2021-05-19 14:15:56
58
25
8e0eb23b3d22741b067ad57fcc12248a9e0b2166d2f9596a5324379021d27948
2021-05-19 13:47:21
58
23
91d0954130cb7e87eb2db32473d56ec9789be52b49177a7a6f6c55cf0fc73560
2021-05-17 00:04:21
58
4
12ae33d519bf1efd0f5c0adc22be209326e31f992e7a6eed764a59a13b6a3b32
2021-05-16 20:00:51
58
21
587570f0e9da0db8fd179cf45ee06db6c93531328e6bf178bc3772e99208e87d
2021-05-16 00:27:25
58
1
da6f745df1852c5f42ea963d3110a6c0a2e754491b5f02367f6663560c3e75aa
2021-05-14 21:32:32
57
1
c2c2ae7c44a897fbce240980febd3ccfdd5e69a2d4dd9ca2ac79ab02b2bb712e
2021-05-14 20:28:28
58
0
99164eef80c02082642980c2b9105b261aaca679db2279c8c0c8a2cce98a1c31
2021-05-14 17:58:37
58
0
9df22ac3289e59f514b1117af7646ec5e4a90ada27c2684b5f68adf7ca5233fb
2021-05-14 17:57:56
68
2
4e0650ef82323aa958bdb040fc1a873b1b00bdfbf5fe79d9bffd5b027ddeff8a
2021-05-14 17:56:52
69
2
571b49ffe3854f11bcebab1faafbf7c90e759d6cfb899d224ec2557caa8329cd
2021-05-14 17:51:49
67
2
ff0f63e8d923d3a188695ff8b46967c893a34210284b00a02a4548face42549c
2021-05-13 21:36:53
58
0
b445f178d281f23aafe7365b8cfaab549a37368c8fe2f7e4f0c63eaa8b4b6f7c
2021-05-12 20:07:14
57
18
db34170991fe20cdd6e80ef63da26bf408451fb6aedc6b985cf237d1017ec5e3
2021-05-10 22:52:40
58
20
931719d29493e2e395a8f72cfa4d0e30b81ddb30d3226ba3d90e0de19d38cd79
2021-05-09 18:17:57
69
2
cbc347ef9bc8788285fcbf6e345ffaf8f2a259e4d7eeb273b146320dc7bb4a9b
2021-05-07 20:25:43
58
4
ce24ba86f2adab667402000fa951c4072d9c38ce4f536e99efeec75c516427eb
2021-05-07 20:23:44
58
0
d4e790b90e24e33f89f7c7da99ce0f76b10dfa1b7a1baf091b7a34951a71c573
2021-05-07 20:10:00
58
4
8a0e9a6a435171f50486a35bc86c4e7d44f5e800876a7f6a6d1396b00ac1537c
2021-05-07 18:01:55
57
5
a6deba62e17f4d31fc05e6aeda4de19a97b186f992f8fbafefb17a6818f3441d
2021-05-07 18:01:54
58
2
d70c1cab220266bf0fe2af4e568090de258818be3b2afa63caa461b3fefc0c65
2021-05-06 21:29:48
57
3
64b8b612101ba269b9481a9648ece8ff5c80a3e7a12556e8d0352b76f35d4a71
2021-05-06 11:22:06
57
3
f5ab28a9364bb5b77eb00ddf90966e352eb14101e24b8cfc1cf824808c3f405a
2021-05-06 10:54:54
59
14
afdc33fbcbaa9be0f357e7b284794cb04d55a16eb5f6d7edd08e05b617b0626a
2021-05-05 22:14:08
58
1
7b1dd6809826dfc8a7aa776c4d31ff414dbd9d90d32eb506b3ca7a32b312f126
2021-05-04 18:52:52
59
7
924987d83b84239064da8a7d4ff8cea20c48817098474849d95baf7949536742
2021-05-03 19:57:47
57
4
928fbf96d9eeb957a3ac45a176c676942b061bb076550513867f02ff386a31af
2021-04-28 21:47:52
57
1
f355e1c426b13dfecaa3027998c282af56b603f8555280a50c821f20919bbbe4
2021-04-27 20:17:03
56
13
7db96ca84f97ade18337169368f3043cb8c00b7767c3f40b8ce503ecaa898edc
2021-04-27 19:48:15
59
3
28ac4a7d1212d0c85dd4423573f9a95f022b19eb56fbcb11889f83655adf8243
2021-04-26 21:05:01
55
0
8956587c30185f329a00525c867064384e095f46216a504a328ca8297b99dbbd
2021-04-23 16:34:53
52
4

Rule Matches per Month (last 24 months)