analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

document9924.vbe

Full analysis: https://app.any.run/tasks/6a032ae7-50cf-4be2-85bd-5dbdd0f95636
Verdict: Malicious activity
Analysis date: December 02, 2019, 16:28:22
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/plain
File info: ASCII text, with CRLF line terminators
MD5:

48628462FA7F0669176BCA093D7E5CD3

SHA1:

822585C1F381FB529CB7711D7FEC4E6399FDC839

SHA256:

D816AFDCCFEB4BA8301E68E1CAEAD91E53F1D0BE89BE8A660D00B272E5846DF7

SSDEEP:

96:t44kXk+/rgogEY+yD2rZZZQ2Jh5T3k7fAztE/EwKQe:t6X9Q9SmyfRaNKt

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    • Executes scripts

      • wscript.exe (PID: 1048)
      • wscript.exe (PID: 1756)
      • wscript.exe (PID: 3404)
      • WScript.exe (PID: 2696)
      • wscript.exe (PID: 3060)
      • wscript.exe (PID: 1188)
      • wscript.exe (PID: 820)
      • wscript.exe (PID: 2432)
      • wscript.exe (PID: 516)
      • wscript.exe (PID: 516)
      • wscript.exe (PID: 3016)
      • wscript.exe (PID: 2284)
      • wscript.exe (PID: 3992)
      • wscript.exe (PID: 2156)
      • wscript.exe (PID: 3952)
      • wscript.exe (PID: 2172)
      • wscript.exe (PID: 1880)
      • wscript.exe (PID: 3180)
      • wscript.exe (PID: 3836)
      • wscript.exe (PID: 3788)
      • wscript.exe (PID: 2136)
      • wscript.exe (PID: 2516)
      • wscript.exe (PID: 3364)
      • wscript.exe (PID: 3300)
    • Application launched itself

      • wscript.exe (PID: 1756)
      • wscript.exe (PID: 1048)
      • wscript.exe (PID: 3016)
      • wscript.exe (PID: 1188)
      • wscript.exe (PID: 2432)
      • wscript.exe (PID: 3992)
      • wscript.exe (PID: 2284)
      • wscript.exe (PID: 3952)
      • wscript.exe (PID: 1880)
      • wscript.exe (PID: 3180)
      • wscript.exe (PID: 3836)
      • wscript.exe (PID: 3300)
      • wscript.exe (PID: 2136)
  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
58
Monitored processes
25
Malicious processes
14
Suspicious processes
6

Behavior graph

Click at the process to see the details
start wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2696"C:\Windows\System32\WScript.exe" "C:\Users\admin\AppData\Local\Temp\document9924.vbe"C:\Windows\System32\WScript.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft ® Windows Based Script Host
Exit code:
0
Version:
5.8.7600.16385
1756"C:\Windows\System32\wscript.exe" C:\Users\admin\AppData\Local\Temp\document9924.vbe -C:\Windows\System32\wscript.exeWScript.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft ® Windows Based Script Host
Exit code:
0
Version:
5.8.7600.16385
3404"C:\Windows\System32\wscript.exe" C:\Users\admin\AppData\Local\Temp\document9924.vbe - -C:\Windows\System32\wscript.exewscript.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft ® Windows Based Script Host
Exit code:
0
Version:
5.8.7600.16385
1048"C:\Windows\System32\wscript.exe" C:\Users\admin\AppData\Local\Temp\document9924.vbe - - -C:\Windows\System32\wscript.exewscript.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft ® Windows Based Script Host
Exit code:
0
Version:
5.8.7600.16385
1188"C:\Windows\System32\wscript.exe" C:\Users\admin\AppData\Local\Temp\document9924.vbe - - - -C:\Windows\System32\wscript.exewscript.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft ® Windows Based Script Host
Exit code:
0
Version:
5.8.7600.16385
3060"C:\Windows\System32\wscript.exe" C:\Users\admin\AppData\Local\Temp\document9924.vbe - - - - -C:\Windows\System32\wscript.exewscript.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft ® Windows Based Script Host
Exit code:
0
Version:
5.8.7600.16385
2432"C:\Windows\System32\wscript.exe" C:\Users\admin\AppData\Local\Temp\document9924.vbe - - - - - -C:\Windows\System32\wscript.exewscript.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft ® Windows Based Script Host
Exit code:
0
Version:
5.8.7600.16385
820"C:\Windows\System32\wscript.exe" C:\Users\admin\AppData\Local\Temp\document9924.vbe - - - - - - -C:\Windows\System32\wscript.exewscript.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft ® Windows Based Script Host
Exit code:
0
Version:
5.8.7600.16385
3016"C:\Windows\System32\wscript.exe" C:\Users\admin\AppData\Local\Temp\document9924.vbe - - - - - - - -C:\Windows\System32\wscript.exewscript.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft ® Windows Based Script Host
Exit code:
0
Version:
5.8.7600.16385
516"C:\Windows\System32\wscript.exe" C:\Users\admin\AppData\Local\Temp\document9924.vbe - - - - - - - - -C:\Windows\System32\wscript.exewscript.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft ® Windows Based Script Host
Exit code:
0
Version:
5.8.7600.16385
Total events
1 857
Read events
1 761
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

No data
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info