File name:

Vdate.vbs

Full analysis: https://app.any.run/tasks/34582e1f-4789-47bb-bedc-bc08dd163588
Verdict: Malicious activity
Analysis date: November 15, 2019, 20:51:07
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/plain
File info: ISO-8859 text, with CRLF line terminators
MD5:

D3DA8F2E9817FCCC1737D65DAA978729

SHA1:

20753B84FA11DD4A5B40A6C406821CF2D2075950

SHA256:

818D12D701BA345CEF35B43F024ABDB5358E41CEF5D52863C2BC04A32D3F985E

SSDEEP:

48:HAJ3nzjUFtDhud5AjAZz3ryAcTfaT6SAHisYVu:HAJ3ngtDhud5AjAZfyAy9SAHX

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • WScript.exe (PID: 1576)

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
34
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start wscript.exe

Process information

PID
CMD
Path
Indicators
Parent process
1576"C:\Windows\System32\WScript.exe" "C:\Users\admin\AppData\Local\Temp\Vdate.vbs"C:\Windows\System32\WScript.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft ® Windows Based Script Host
Exit code:
0
Version:
5.8.7600.16385
Modules
Images
c:\windows\system32\wscript.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
Total events
64
Read events
16
Write events
48
Delete events
0

Modification events

(PID) Process:(1576) WScript.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:ScanRegistry
Value:
C:\Users\admin\AppData\Local\Temp\explorer.vbs
(PID) Process:(1576) WScript.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:
Value:
C:\Windows\System32\kernel.vbs
Executable files
0
Suspicious files
0
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
1576WScript.exeC:\Users\admin\AppData\Local\Temp\explorer.vbstext
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Vdate.vbs