VTI Score
100 / 100
|
|
VTI Database Version | 2.6 |
VTI Rule Match Count | 16 |
VTI Rule Type | Documents |
File System | Create many files |
|
|
Create above average number of files.
|
|||
File System | Encrypt content of user files |
|
|
Encrypt the content of multiple user files. This is an indicator for ransomware.
|
|||
Process | Create process |
|
|
Create process "C:\Users\aETAdzjz\Desktop\lukitus.htm".
|
|||
Create process "C:\Users\aETAdzjz\Desktop\lukitus.bmp".
|
|||
Create process "cmd.exe /C del /Q /F "C:\Users\aETAdzjz\AppData\Local\Temp\agraba8.exe"".
|
|||
Network | Download data |
|
|
Url "http://calster.be/87wifhFsdf".
|
|||
Url "212.109.220.109/imageload.cgi".
|
|||
PE | Execute dropped PE file |
|
|
Execute dropped file "c:\users\aetadzjz\appdata\local\temp\agraba8.exe".
|
|||
Network | Connect to HTTP server |
|
|
Remote address "http://calster.be/87wifhFsdf".
|
|||
Remote address "212.109.220.109/imageload.cgi".
|
|||
PE | Drop PE file |
|
|
Drop file "c:\users\aetadzjz\appdata\local\temp\agraba8.exe".
|
|||
VBA Macro | Create suspicious COM object |
|
|
CreateObject(VertikName)
|
|||
CreateObject(AlertNE)
|
|||
CreateObject(AlertN(1))
|
|||
CreateObject(AlertN(3))
|
|||
VBA Macro | Execute macro on specific worksheet event |
|
|
Execute macro on "Open Document" event.
|