File name: | Banking Details.vbs.zip |
Full analysis: | https://app.any.run/tasks/a0b9df35-2481-43b2-9ac1-9197c082edaf |
Verdict: | Malicious activity |
Analysis date: | April 25, 2019, 15:48:04 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | D672EA44F191473535AA29D4DE573E1A |
SHA1: | 4BA74292FFB11A4B0F9EEBDFC542F4077292C1AA |
SHA256: | EA7C6FA9E982626E8DA4C654F508884FC3AF40E839802F535FAD70589EF49A86 |
SSDEEP: | 384:QfanOG+55UkxvGqdaLZP8dcEtkr+XF9H/J/JDyzJYZHYiVeWroNcpgHJJW:BOG+5e7FZP8dcESr+VZJR2yZH9ewGW |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 788 |
---|---|
ZipBitFlag: | 0x0001 |
ZipCompression: | Deflated |
ZipModifyDate: | 2019:01:08 02:59:20 |
ZipCRC: | 0x27372cb3 |
ZipCompressedSize: | 26975 |
ZipUncompressedSize: | 44754 |
ZipFileName: | Banking Details.vbs |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3080 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Banking Details.vbs.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
2244 | "C:\Windows\System32\WScript.exe" "C:\Users\admin\AppData\Local\Temp\Rar$DIb3080.31173\Banking Details.vbs" | C:\Windows\System32\WScript.exe | WinRAR.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft ® Windows Based Script Host Exit code: 0 Version: 5.8.7600.16385 | ||||
3320 | "C:\Windows\System32\WScript.exe" "C:\Users\admin\AppData\Local\Temp\Banking Details.vbs" | C:\Windows\System32\WScript.exe | WScript.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft ® Windows Based Script Host Version: 5.8.7600.16385 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3080 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DIb3080.31173\Banking Details.vbs | text | |
MD5:6277E13119C5B521D0814E5F23D7255D | SHA256:C2E1CED1CDA569CE75C8B20706E36BA9A5B031F611A4E70D3EC2F880C69E7E7E | |||
2244 | WScript.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Banking Details.vbs | text | |
MD5:6277E13119C5B521D0814E5F23D7255D | SHA256:C2E1CED1CDA569CE75C8B20706E36BA9A5B031F611A4E70D3EC2F880C69E7E7E | |||
3320 | WScript.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Banking Details.vbs | text | |
MD5:6277E13119C5B521D0814E5F23D7255D | SHA256:C2E1CED1CDA569CE75C8B20706E36BA9A5B031F611A4E70D3EC2F880C69E7E7E | |||
2244 | WScript.exe | C:\Users\admin\AppData\Local\Temp\Banking Details.vbs | text | |
MD5:6277E13119C5B521D0814E5F23D7255D | SHA256:C2E1CED1CDA569CE75C8B20706E36BA9A5B031F611A4E70D3EC2F880C69E7E7E |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3320 | WScript.exe | 94.237.68.129:4419 | — | UpCloud Ltd | SG | malicious |