File name: | sample.txt |
Full analysis: | https://app.any.run/tasks/7ccefc95-d2e2-4123-af61-d8efee69dace |
Verdict: | Malicious activity |
Analysis date: | June 12, 2019, 00:06:20 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/plain |
File info: | ASCII text, with very long lines, with CRLF line terminators |
MD5: | 70E791BC277212D283900A9DA30E813C |
SHA1: | BAEBA4EDCD4A933198562CECD7ABBB5F746561FB |
SHA256: | 973811E862E2EEA099F511228311E12127825FB0B050F44BB46215CAF77DEBCE |
SSDEEP: | 1536:vYfObBeYaBOnrhckWzTWkBHnnT1kftWmqo+qnHRgrr5iYfMEULP5LqQasQIsCJKG:J |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2628 | "C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\sample.txt | C:\Windows\system32\NOTEPAD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Notepad Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
960 | "C:\Windows\System32\WScript.exe" "C:\Users\admin\Desktop\sample.vbs" | C:\Windows\System32\WScript.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft ® Windows Based Script Host Exit code: 0 Version: 5.8.7600.16385 | ||||
2308 | "C:\Windows\System32\wscript.exe" //B "C:\Users\admin\AppData\Roaming\sample.vbs" | C:\Windows\System32\wscript.exe | WScript.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft ® Windows Based Script Host Version: 5.8.7600.16385 |
PID | Process | Filename | Type | |
---|---|---|---|---|
960 | WScript.exe | C:\Users\admin\AppData\Roaming\sample.vbs | text | |
MD5:70E791BC277212D283900A9DA30E813C | SHA256:973811E862E2EEA099F511228311E12127825FB0B050F44BB46215CAF77DEBCE | |||
960 | WScript.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sample.vbs | text | |
MD5:70E791BC277212D283900A9DA30E813C | SHA256:973811E862E2EEA099F511228311E12127825FB0B050F44BB46215CAF77DEBCE | |||
2308 | wscript.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sample.vbs | text | |
MD5:70E791BC277212D283900A9DA30E813C | SHA256:973811E862E2EEA099F511228311E12127825FB0B050F44BB46215CAF77DEBCE |
Domain | IP | Reputation |
---|---|---|
wc-ltc.ddns.net |
| unknown |