File name: | Microsoft.vbs |
Full analysis: | https://app.any.run/tasks/878d3446-fca6-4f1a-b63b-e816936b1483 |
Verdict: | Malicious activity |
Analysis date: | August 13, 2019, 23:33:39 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/plain |
File info: | ASCII text, with very long lines |
MD5: | 2F219DFFA7A1B701663046ED5308CE9C |
SHA1: | 21DF4BBA07F9F26879B1D7C4501C81C832C37CD6 |
SHA256: | D54C47434C345192C83AB4890A07E14E01D402A0CD0D09D1987FE0032F6F75B6 |
SSDEEP: | 768:pLcmISFUdDA7uIRK+8zH19by4E3R8Vj+pkB7UC+VfC0+uixLXtSa1IpFMBhbAE2/:FcmIrA7uIZa1I3M6aHhA |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
360 | "C:\Windows\System32\WScript.exe" "C:\Users\admin\AppData\Local\Temp\Microsoft.vbs" | C:\Windows\System32\WScript.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft ® Windows Based Script Host Version: 5.8.7600.16385 |
PID | Process | Filename | Type | |
---|---|---|---|---|
360 | WScript.exe | C:\ProgramData\Microsoft.vbs | text | |
MD5:2F219DFFA7A1B701663046ED5308CE9C | SHA256:D54C47434C345192C83AB4890A07E14E01D402A0CD0D09D1987FE0032F6F75B6 | |||
360 | WScript.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.vbs | text | |
MD5:2F219DFFA7A1B701663046ED5308CE9C | SHA256:D54C47434C345192C83AB4890A07E14E01D402A0CD0D09D1987FE0032F6F75B6 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
360 | WScript.exe | 141.255.158.68:1922 | jihanenouhaila.ddns.net | Lost Oasis SARL | NL | unknown |
Domain | IP | Reputation |
---|---|---|
jihanenouhaila.ddns.net |
| malicious |
dns.msftncsi.com |
| shared |