File name: | view_presentation_74989.vbs.zip |
Full analysis: | https://app.any.run/tasks/eb361111-44db-427f-ab7e-5fb1a59ab8da |
Verdict: | Malicious activity |
Analysis date: | May 30, 2020, 14:16:56 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | E8BC270FB095A01D84DE3489598E0FCC |
SHA1: | F2C45260C075FF3C4CF19C5C0A38539765C44C04 |
SHA256: | EBB98F65B1BC72FECF3B03CC83F2EFC847851C17E9D900A72EDEE10C60ED88AA |
SSDEEP: | 6144:D56076RzNzh9wFK9Wp79ovgQbk4haE/A7onMLcB91Y14Lbt2rhbybeE:B7mzh9vYoYKk4haETnQubAsbD |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 788 |
---|---|
ZipBitFlag: | 0x0001 |
ZipCompression: | Deflated |
ZipModifyDate: | 2020:05:30 13:38:24 |
ZipCRC: | 0x13dea578 |
ZipCompressedSize: | 312115 |
ZipUncompressedSize: | 875262 |
ZipFileName: | view_presentation_74989.vbs |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2448 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\view_presentation_74989.vbs.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe | |||||||||||
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 Modules
| |||||||||||||||
2688 | "C:\Windows\System32\WScript.exe" "C:\Users\admin\Desktop\view_presentation_74989.vbs" | C:\Windows\System32\WScript.exe | explorer.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft ® Windows Based Script Host Exit code: 0 Version: 5.8.7600.16385 Modules
| |||||||||||||||
2868 | C:\Users\admin\AppData\Local\Temp\dad.cab | C:\Users\admin\AppData\Local\Temp\dad.cab | — | wmiprvse.exe | |||||||||||
User: admin Integrity Level: MEDIUM Exit code: 0 Modules
| |||||||||||||||
336 | C:\Users\admin\AppData\Local\Temp\dad.cab | C:\Users\admin\AppData\Local\Temp\dad.cab | — | dad.cab | |||||||||||
User: admin Integrity Level: MEDIUM Modules
| |||||||||||||||
2692 | "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding | C:\Program Files\Internet Explorer\iexplore.exe | — | svchost.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
1508 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2692 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | — | iexplore.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
2688 | WScript.exe | C:\Users\admin\AppData\Local\Temp\decay.tiff | text | |
MD5:ADD1C36DA7C319570FE18F32AB381AEB | SHA256:831F8BBF44C7F08A381C39E00DC1C98C90F118A209357C8E1EDA9A51B7733231 | |||
2688 | WScript.exe | C:\Users\admin\AppData\Local\Temp\maternity.zip | compressed | |
MD5:99DB0D4B3D5DD1BF1F1F86B5AE368A7D | SHA256:3D0270EEDF585290B2768C5C96DF1A61064F8BEC5319E04BC3A4DBA3E50D4FAF | |||
2688 | WScript.exe | C:\Users\admin\AppData\Local\Temp\Caleb.m4 | text | |
MD5:C3FA093C5E74CDA0CA64ACE8EC33CD5E | SHA256:0EC9615F12BC8E186B0C7192C9FA7D6FADE715C7AA4B47DDC456C4D71280190F | |||
2688 | WScript.exe | C:\Users\admin\AppData\Local\Temp\Segovia.mid | text | |
MD5:8C6364E0CEE47EA4420AC9F49682FEAA | SHA256:0222D1768E206D0EB3165389D64F46AA14907B3EE617FF9E93DCF857C9D0EA29 | |||
2688 | WScript.exe | C:\Users\admin\AppData\Local\Temp\dad.cab | executable | |
MD5:1E81D417B57E45A9FC64DDBC64F0D319 | SHA256:B35A8B95C866E3856C868EAC0C386BA1187B4B42F11653D6B2FB51FF31926CE9 | |||
2688 | WScript.exe | C:\Users\admin\AppData\Local\Temp\adobe.url | text | |
MD5:685EC51875CADACC2B845A289C5E8D6D | SHA256:B29099A54F1D5071DD700C24A448F4C16479AADF4CCA72E0D6CBF391A847894B | |||
2448 | WinRAR.exe | C:\Users\admin\Desktop\view_presentation_74989.vbs | text | |
MD5:5ECD975C5644D790128F199B7DA06017 | SHA256:480609BBA279F9A50355C2437CBC263EE9E419A33E24F06241313AE818D33A2E |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
— | — | GET | — | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | — | — | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
— | — | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2688 | WScript.exe | 88.99.66.31:443 | iplogger.org | Hetzner Online GmbH | DE | malicious |
Domain | IP | Reputation |
---|---|---|
iplogger.org |
| shared |
fs.ramtool.at |
| whitelisted |
www.bing.com |
| whitelisted |
api.bing.com |
| whitelisted |