File name: | 03_extracted.vbs |
Full analysis: | https://app.any.run/tasks/0388c58b-28c8-4cc5-8098-2d4a1f2c75a2 |
Verdict: | Malicious activity |
Analysis date: | May 20, 2019, 14:36:41 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/plain |
File info: | ASCII text, with CRLF line terminators |
MD5: | 8CC4FFD9A02EC78600AE52B725C7787E |
SHA1: | FAD9B60BAC61F27EADD77BE1B23AD1EAE3EE2329 |
SHA256: | AABFA6EA0E9BA35643B8AF94DEC9BACA8E55F7EB9C5ACB0CE6D02A32EA7A1D01 |
SSDEEP: | 192:1eFJ8gXhFd8atGglQYhEWDM3ScFOtaCXCgsAVWsrVcllrblrO6TAFiPQYXEUV:1GbRFGagRYw3ScFOECXCg9w7XJ |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3328 | "C:\Windows\System32\WScript.exe" "C:\Users\admin\AppData\Local\Temp\03_extracted.vbs" | C:\Windows\System32\WScript.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft ® Windows Based Script Host Version: 5.8.7600.16385 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3328 | WScript.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\03_extracted.vbs | text | |
MD5:8CC4FFD9A02EC78600AE52B725C7787E | SHA256:AABFA6EA0E9BA35643B8AF94DEC9BACA8E55F7EB9C5ACB0CE6D02A32EA7A1D01 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3328 | WScript.exe | 216.38.8.164:4446 | — | GigeNET | US | malicious |