File name: | Load_2.js |
Full analysis: | https://app.any.run/tasks/5d6057e8-09d4-4276-9512-be226953dc4d |
Verdict: | Malicious activity |
Analysis date: | March 22, 2019, 14:07:54 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/plain |
File info: | ASCII text, with very long lines, with no line terminators |
MD5: | A3DD06ACE53FD98D602ECB87275F198B |
SHA1: | D68B58066017B4D8549F70EB306843A7D23378E1 |
SHA256: | 203EE8881BB631ED1785F7B7AC5D6791D94F6F0C5B3162F9C6079BA55E9CB186 |
SSDEEP: | 192:giC1AmZjCu4Y84m8EDwGR43SYswsyRaeBwEwcJ9jHwPsGGwRwYX/SMj6wS4wEw2N:vYVZu5jZwGR43Oi7G9GI1KWncqQUXk4H |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2368 | "C:\Windows\System32\WScript.exe" "C:\Users\admin\AppData\Local\Temp\Load_2.js" | C:\Windows\System32\WScript.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft ® Windows Based Script Host Version: 5.8.7600.16385 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2368 | WScript.exe | GET | — | 181.39.233.180:80 | http://interruption.ru/hello.rar | EC | — | — | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2368 | WScript.exe | 181.39.233.180:80 | interruption.ru | Telconet S.A | EC | suspicious |
Domain | IP | Reputation |
---|---|---|
interruption.ru |
| malicious |