Malicious

e949627dd9c1821a7bbd2c4fe43a162f

VBScript
|
MD5: e949627dd9c1821a7bbd2c4fe43a162f
|
Size: 2.97 MB
|
text/vbscript

Print

Infection Chain

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	e949627dd9c1821a7bbd2c4fe43a162f
Sha1	477addb03c8ededfa81791318f8b474ccd586f15
Sha256	7d9914deb75aade492c0f130e2b113817023a3dd45b40427d8c1c4b5e3fc825d
Sha384	39fe0cd9aa722246cc9de503a67eae37621715bcc9920615a989343ab2204e3dfa99ad7064a8694bc414f5860b0442ea
Sha512	bf982df45df6b76f37763a6d35b9588bd1f85bce44cb982340b362ab8c74725e4661ec9223c6838bfe30826fd25063e3e61aae3acf4d02f63cd11301d3cb3a14
SSDeep	49152:vtGIUwcM6+4Q9fxpFXhxCD0fUZZdRMgwDhOk+Tv95lq1qS3PoSNfXI8yt:Y
TLSH	F3D5AF6A50EC0BEA7C184F00C4B81A1F67F4BDD97CAE57C67D23FC4B8691AA4A5123D4

File Structure

Artefacts

Name0	Value
Deobfuscated PowerShell	powershell "Script" dim @("sCmdLine", "oprocess", "DstartTime", "dCurrentTime", "NTimeout", "owmIService", "oprocCollection", "oprocessItem") dim "nExitcode" scmdline "=" "powershell -ExecutionPolicy Bypass -NoProfile -WindowStyle Hidden -NonInteractive -NoLogo -File "" & sscriptfile & """ set "oprocess" "=" "OShell.Exec" (scmdline) dstarttime "=" "Timer" ntimeout "=" 20
Deobfuscated PowerShell	"Script" dim @("sCmdLine", "oprocess", "DstartTime", "dCurrentTime", "NTimeout", "owmIService", "oprocCollection", "oprocessItem") dim "nExitcode" scmdline "=" "powershell -ExecutionPolicy Bypass -NoProfile -WindowStyle Hidden -NonInteractive -NoLogo -File " & sscriptfile & "" set "oprocess" "=" "OShell.Exec" (scmdline) dstarttime "=" "Timer" ntimeout "=" 20
Deobfuscated PowerShell	sscriptfile & "" set "oprocess" "=" "OShell.Exec" (scmdline) dstarttime "=" "Timer" ntimeout "=" 20
Deobfuscated PowerShell	sscriptfile & "" set " oprocess = oshell.exec (scmdline) dstarttime = timer ntimeout = 20

e949627dd9c1821a7bbd2c4fe43a162f (2.97 MB)

An error has occurred. This application may no longer respond until reloaded. Reload 🗙