File name: | MM-959426078-04242019.js |
Full analysis: | https://app.any.run/tasks/21e58f2c-0261-433b-b5e5-406b77963016 |
Verdict: | Malicious activity |
Analysis date: | April 25, 2019, 18:32:08 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/plain |
File info: | ASCII text, with very long lines |
MD5: | DC325DECFB873739D6C09055B09FC043 |
SHA1: | 50DFE46B30F8DEE35BC6F1285138E3DD631165EE |
SHA256: | F9A3D8D2568059BFF0DA6D27FE8D474FA8DC1C0F97C24433F2FD9CAED3594B0F |
SSDEEP: | 768:/mpSpUgP3uPJSNRAyMLNhRKl0TSGkFDbLKXyAXStfwzrR2nr2IT1JRT2xML1i7GS:OpSpUgP3kSNJMLAqqo |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2148 | "C:\Windows\System32\WScript.exe" "C:\Users\admin\AppData\Local\Temp\MM-959426078-04242019.js" | C:\Windows\System32\WScript.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft ® Windows Based Script Host Exit code: 0 Version: 5.8.7600.16385 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2148 | WScript.exe | GET | 404 | 91.134.13.106:80 | http://mktfan.com/admin/Qq0b/ | ES | xml | 345 b | suspicious |
2148 | WScript.exe | GET | 404 | 120.78.5.237:80 | http://chinamyart.com/wp-content/Xd/ | CN | xml | 345 b | unknown |
2148 | WScript.exe | GET | 404 | 31.47.73.71:80 | http://proxectomascaras.com/wp-admin/ckTXbb/ | ES | xml | 345 b | malicious |
2148 | WScript.exe | GET | 404 | 185.182.56.115:80 | http://ulco.tv/1v7wu20/0OoR/ | NL | xml | 345 b | malicious |
2148 | WScript.exe | GET | 404 | 85.25.185.217:80 | http://psselection.com/YGLhPE/ | DE | xml | 345 b | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2148 | WScript.exe | 85.25.185.217:80 | psselection.com | Host Europe GmbH | DE | suspicious |
2148 | WScript.exe | 120.78.5.237:80 | chinamyart.com | Hangzhou Alibaba Advertising Co.,Ltd. | CN | unknown |
2148 | WScript.exe | 91.134.13.106:80 | mktfan.com | OVH SAS | ES | unknown |
2148 | WScript.exe | 31.47.73.71:80 | proxectomascaras.com | Tecnocratica Centro de Datos, S.L. | ES | suspicious |
2148 | WScript.exe | 185.182.56.115:80 | ulco.tv | Astralus B.V. | NL | malicious |
Domain | IP | Reputation |
---|---|---|
proxectomascaras.com |
| malicious |
chinamyart.com |
| unknown |
ulco.tv |
| malicious |
mktfan.com |
| suspicious |
psselection.com |
| malicious |
PID | Process | Class | Message |
---|---|---|---|
2148 | WScript.exe | Misc activity | SUSPICIOUS [PTsecurity] Cmd.Powershell.Download HTTP UserAgent (Win7) |
2148 | WScript.exe | Misc activity | SUSPICIOUS [PTsecurity] Cmd.Powershell.Download HTTP UserAgent (Win7) |
2148 | WScript.exe | Misc activity | SUSPICIOUS [PTsecurity] Cmd.Powershell.Download HTTP UserAgent (Win7) |
2148 | WScript.exe | Misc activity | SUSPICIOUS [PTsecurity] Cmd.Powershell.Download HTTP UserAgent (Win7) |
2148 | WScript.exe | Misc activity | SUSPICIOUS [PTsecurity] Cmd.Powershell.Download HTTP UserAgent (Win7) |