File name: | vw0rm 18.36.vbs |
Full analysis: | https://app.any.run/tasks/f2bfadfd-8f8c-4321-8940-9f93aaa2f0db |
Verdict: | Malicious activity |
Analysis date: | August 08, 2020, 18:18:44 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/plain |
File info: | ASCII text, with CRLF line terminators |
MD5: | 356A56EAA98CCC1C6C4ABB767193F1EA |
SHA1: | 75A60386CFC2C2E75E5D0C5C3CB764EB9800B0FF |
SHA256: | 047ECC4033BCCE6F2E811A36D2A945D23AACFBCB390E1BED7FEE904DD8FF694A |
SSDEEP: | 96:5EABpaDSKzGIRgRA+g0zaMxBU6rvbstLy2Ll3lnxmXB:5pXS/B50zlvmLDGXB |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2636 | "C:\Windows\System32\WScript.exe" "C:\Users\admin\AppData\Local\Temp\vw0rm 18.36.vbs" | C:\Windows\System32\WScript.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft ® Windows Based Script Host Version: 5.8.7600.16385 | ||||
1336 | "C:\Windows\System32\schtasks.exe" /create /sc minute /mo 1 /tn Skype /tr "C:\Users\admin\AppData\Local\Temp\vw0rm 18.36.vbs | C:\Windows\System32\schtasks.exe | — | WScript.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Manages scheduled tasks Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2636 | WScript.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vw0rm 18.36.vbs | text | |
MD5:356A56EAA98CCC1C6C4ABB767193F1EA | SHA256:047ECC4033BCCE6F2E811A36D2A945D23AACFBCB390E1BED7FEE904DD8FF694A |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2636 | WScript.exe | 194.5.98.46:4404 | xbu4vv8ayujduoon3a.ddns.net | — | FR | malicious |
Domain | IP | Reputation |
---|---|---|
xbu4vv8ayujduoon3a.ddns.net |
| malicious |
PID | Process | Class | Message |
---|---|---|---|
— | — | Potentially Bad Traffic | ET POLICY DNS Query to DynDNS Domain *.ddns .net |