File name: | 2019_0808_deobf.js |
Full analysis: | https://app.any.run/tasks/b3e73a54-3322-4c6d-9e87-6be58be62bbe |
Verdict: | Malicious activity |
Analysis date: | November 30, 2020, 01:12:41 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/x-c |
File info: | C source, ASCII text, with CRLF line terminators |
MD5: | 65A9B7D12C1D56A279DB593E1BCED325 |
SHA1: | 54B2E7B881FC9C0171D69F4F1C4323BB81D92B3A |
SHA256: | AE07C67DA28352CBA8371EA2B8E6EE859563F6006650B64B4E1888AC5301A9D9 |
SSDEEP: | 96:0W7X22sXTbOKbytnPDUQHvTl47rlrIiJyKw:nazXnOrnPDJJerlDyKw |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2728 | "C:\Windows\System32\WScript.exe" "C:\Users\admin\AppData\Local\Temp\2019_0808_deobf.js" | C:\Windows\System32\WScript.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft ® Windows Based Script Host Exit code: 0 Version: 5.8.7600.16385 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2728 | WScript.exe | 210.188.201.200:80 | innovation.xsrv.jp | SAKURA Internet Inc. | JP | malicious |
2728 | WScript.exe | 185.112.145.132:80 | herdispala.com | — | IS | malicious |
Domain | IP | Reputation |
---|---|---|
innovation.xsrv.jp |
| malicious |
herdispala.com |
| malicious |
www.herdispala.is |
| unknown |