SetItem_Keyword_Casing_Anomaly

Rule Info

Rule Hash
c9dc4061ec991a4197ad3657b4ea0f8f
Score
65
Tags
['CASING', 'OBFUS', 'SUSP', 'T1136', 'T1027']
Name
SetItem_Keyword_Casing_Anomaly
Date
2020-06-27
Required Modules
[]
Author
Florian Roth
Description
Detects obfuscated Set-Item by casing anomalies
Minimum Yara
1.7
Av Ratio
14.18

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
5
Suspicious (< 10 engines)
12
Clean (0 engines)
1

Rule Matches

Hash
Total
Timestamp
Positives
VT
c633a1bee807510251f10f87c493c84a1234e611dae659c84239ef7984f32d86
58
2020-08-01 13:23:33
6
bda19f49a287b5eb7510a3684583d0512dd6de46c28eff7b359cdaa417db7955
58
2020-07-31 02:41:19
4
dd62284f882bd011b4cac0707ef1d7efb1a900b63ebd651d5eac4598e9f8822f
58
2020-07-30 21:11:45
4
2b868db3ef68b9c90d8d48c57b7b4156c453635e4a5d34ee1359a1b14f90b416
57
2020-07-28 15:57:36
3
6831384b6f3971e1697f568127b3979797c9ef68408a5f2434d2edbd6c23fa84
59
2020-07-27 11:23:50
0
c6eb03119707654865515d18e415b892a5d3185189f46b665fdb68865fe7f2bb
58
2020-07-21 10:20:32
15
7d43bc2747763ad43ea74594933ca07cd3bb7fa3c384c93ae9b0e1e89bfcfff5
59
2020-07-21 09:42:23
8
5397744a69c096c9a7c167468a4376807c11a386468f4295faefe8f76f4a1519
60
2020-07-20 22:29:55
4
6c2b43fd13fd667f404373befe36d041bd671aed7af9f3246d510bff415bde25
59
2020-07-20 21:55:02
14
c862b279ddb463d607145bf2885df6b067d0a51f36f370048ef4df35cf22a90f
59
2020-07-20 17:42:11
2
c0afd8f4e43171415c6eac0bd911bc1eba71d1c8d1a62b6563da4c430467da08
58
2020-07-20 17:19:43
16
6c26866963feebb2716a92a69f08a2a789daf7adc69217e755112e226573fff6
59
2020-07-20 16:01:19
5
244cdf70349f904eb477d6b8d280c6d8e3ddad32328c9dbaaedc9478a25405cd
61
2020-07-17 03:35:43
41
22f9f65fa47ed318f38b6a8c598f80d39e914cd80d375ddbf2024852e7f4715c
59
2020-07-06 21:09:21
18
8462133b96782397d232bbe7c8b8738be5ef9d9b84b42866ff5637a4ee64794d
56
2020-06-30 21:57:17
3
45408591c8f19066029f0ed203760a3826a5aecbf534968c156527c94adb33ad
59
2020-06-29 03:37:48
2
07746b820175866e9e418a0daf8ab4e7e034334495b1c3618ebb5236a30c7af4
60
2020-06-29 03:24:23
2
140e243571f5106089805b4f45c131f7131a22dad00268a9ea860ffa62581068
59
2020-06-28 02:53:56
4

Rule Matches per Month (last 24 months)