analyze malware
- Huge database of samples and IOCs
- Custom VM setup
- Unlimited submissions
- Interactive approach
| File name: | document8439.vbe |
| Full analysis: | https://app.any.run/tasks/edaf014f-f046-4775-9128-44850f67f811 |
| Verdict: | Malicious activity |
| Analysis date: | November 08, 2019, 16:21:34 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Indicators: | |
| MIME: | text/plain |
| File info: | ASCII text, with CRLF line terminators |
| MD5: | 0CF644E5644167001CC9EADEB9066C5E |
| SHA1: | 627FAFF48E8AAC5DB76F79171D3D3FEA6D8D01EE |
| SHA256: | 3D2E43D7E588E872DB9DC7B735A78FE287C972AA7904491564D0A1FC23367AD9 |
| SSDEEP: | 384:vnwQkY9gWQQQQQQQQ1CUPUUUUUUggggHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHh:PaO |
MALICIOUS
No malicious indicators.SUSPICIOUS
Application launched itself
- WScript.exe (PID: 1848)
- wscript.exe (PID: 3408)
- wscript.exe (PID: 3320)
- wscript.exe (PID: 3312)
- wscript.exe (PID: 2352)
- wscript.exe (PID: 1636)
- wscript.exe (PID: 4044)
- wscript.exe (PID: 748)
- wscript.exe (PID: 2212)
- wscript.exe (PID: 2432)
- wscript.exe (PID: 3028)
- wscript.exe (PID: 1520)
- wscript.exe (PID: 2500)
- wscript.exe (PID: 836)
- wscript.exe (PID: 1904)
- wscript.exe (PID: 2604)
Executes scripts
- WScript.exe (PID: 1848)
- wscript.exe (PID: 3312)
- wscript.exe (PID: 3320)
- wscript.exe (PID: 2352)
- wscript.exe (PID: 996)
- wscript.exe (PID: 2852)
- wscript.exe (PID: 3408)
- wscript.exe (PID: 1636)
- wscript.exe (PID: 3028)
- wscript.exe (PID: 748)
- wscript.exe (PID: 3028)
- wscript.exe (PID: 2212)
- wscript.exe (PID: 4044)
- wscript.exe (PID: 2432)
- wscript.exe (PID: 3244)
- wscript.exe (PID: 2500)
- wscript.exe (PID: 2500)
- wscript.exe (PID: 2140)
- wscript.exe (PID: 836)
- wscript.exe (PID: 2768)
- wscript.exe (PID: 1268)
- wscript.exe (PID: 1520)
- wscript.exe (PID: 1904)
- wscript.exe (PID: 2604)
INFO
No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
Total processes
59
Monitored processes
25
Malicious processes
13
Suspicious processes
5
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process |
|---|---|---|---|---|
| 1848 | "C:\Windows\System32\WScript.exe" "C:\Users\admin\Desktop\document8439.vbe" | C:\Windows\System32\WScript.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft ® Windows Based Script Host Exit code: 0 Version: 5.8.7600.16385 | ||||
| 3320 | "C:\Windows\System32\wscript.exe" C:\Users\admin\Desktop\document8439.vbe ___- | C:\Windows\System32\wscript.exe | — | WScript.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft ® Windows Based Script Host Exit code: 0 Version: 5.8.7600.16385 | ||||
| 3312 | "C:\Windows\System32\wscript.exe" C:\Users\admin\Desktop\document8439.vbe ___- ___- | C:\Windows\System32\wscript.exe | — | wscript.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft ® Windows Based Script Host Exit code: 0 Version: 5.8.7600.16385 | ||||
| 2352 | "C:\Windows\System32\wscript.exe" C:\Users\admin\Desktop\document8439.vbe ___- ___- ___- | C:\Windows\System32\wscript.exe | — | wscript.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft ® Windows Based Script Host Exit code: 0 Version: 5.8.7600.16385 | ||||
| 2852 | "C:\Windows\System32\wscript.exe" C:\Users\admin\Desktop\document8439.vbe ___- ___- ___- ___- | C:\Windows\System32\wscript.exe | — | wscript.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft ® Windows Based Script Host Exit code: 0 Version: 5.8.7600.16385 | ||||
| 3408 | "C:\Windows\System32\wscript.exe" C:\Users\admin\Desktop\document8439.vbe ___- ___- ___- ___- ___- | C:\Windows\System32\wscript.exe | — | wscript.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft ® Windows Based Script Host Exit code: 0 Version: 5.8.7600.16385 | ||||
| 996 | "C:\Windows\System32\wscript.exe" C:\Users\admin\Desktop\document8439.vbe ___- ___- ___- ___- ___- ___- | C:\Windows\System32\wscript.exe | — | wscript.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft ® Windows Based Script Host Exit code: 0 Version: 5.8.7600.16385 | ||||
| 1636 | "C:\Windows\System32\wscript.exe" C:\Users\admin\Desktop\document8439.vbe ___- ___- ___- ___- ___- ___- ___- | C:\Windows\System32\wscript.exe | — | wscript.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft ® Windows Based Script Host Exit code: 0 Version: 5.8.7600.16385 | ||||
| 3028 | "C:\Windows\System32\wscript.exe" C:\Users\admin\Desktop\document8439.vbe ___- ___- ___- ___- ___- ___- ___- ___- | C:\Windows\System32\wscript.exe | — | wscript.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft ® Windows Based Script Host Exit code: 0 Version: 5.8.7600.16385 | ||||
| 3244 | "C:\Windows\System32\wscript.exe" C:\Users\admin\Desktop\document8439.vbe ___- ___- ___- ___- ___- ___- ___- ___- ___- | C:\Windows\System32\wscript.exe | — | wscript.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft ® Windows Based Script Host Exit code: 0 Version: 5.8.7600.16385 | ||||
Total events
1 859
Read events
1 763
Write events
0
Delete events
0
Modification events
Executable files
0
Suspicious files
0
Text files
0
Unknown types
0
Dropped files
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0
HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report