File name: | R000_60070.vbe |
Full analysis: | https://app.any.run/tasks/6b498bfe-4054-4915-8a25-4c2bd7b003f7 |
Verdict: | Malicious activity |
Analysis date: | June 18, 2019, 21:41:08 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/plain |
File info: | ASCII text, with CRLF line terminators |
MD5: | 9805DF2E0BB217BC9BA822F449CCADAF |
SHA1: | 30ADFB4C1D4BF2C4790B944E927C71F62308CB5E |
SHA256: | B8250AF0A7A9D51A039BB07642CC82479786A61E5AC7CDDC8ACC4CB135208586 |
SSDEEP: | 48:WyMUmw7jawbkAMTMTMTMTMTMTMTMTMTMTMTMTMTMTMTMTMTMTMTMTMTMTMToHoH2:WTY7ObZjvVa4AS7KKeHt8Xre |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3708 | "C:\Windows\System32\WScript.exe" "C:\Users\admin\Desktop\R000_60070.vbe" | C:\Windows\System32\WScript.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft ® Windows Based Script Host Version: 5.8.7600.16385 | ||||
3856 | "C:\Windows\System32\control.exe" SYSTEM | C:\Windows\System32\control.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Control Panel Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2616 | "C:\Windows\system32\mmc.exe" C:\Windows\system32\devmgmt.msc | C:\Windows\system32\mmc.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Management Console Exit code: 3221226540 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2136 | "C:\Windows\system32\mmc.exe" C:\Windows\system32\devmgmt.msc | C:\Windows\system32\mmc.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft Management Console Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2728 | "C:\Windows\System32\WScript.exe" "C:\Users\admin\Desktop\R000_60070.vbe" | C:\Windows\System32\WScript.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft ® Windows Based Script Host Version: 5.8.7600.16385 | ||||
1156 | "C:\Windows\System32\CScript.exe" "C:\Users\admin\Desktop\R000_60070.vbe" | C:\Windows\System32\CScript.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft ® Console Based Script Host Exit code: 3221225786 Version: 5.8.7600.16385 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1156 | CScript.exe | 185.101.93.178:443 | lulipcxulci.info | Mike Kaldig | DE | unknown |
3708 | WScript.exe | 185.101.93.178:443 | lulipcxulci.info | Mike Kaldig | DE | unknown |
2728 | WScript.exe | 185.101.93.178:443 | lulipcxulci.info | Mike Kaldig | DE | unknown |
Domain | IP | Reputation |
---|---|---|
lulipcxulci.info |
| unknown |