Register Login

sloganpng

top title background image

mat.vbs

Status: finished

Submission Time: 2020-07-31 15:37:18 +02:00

Malicious

Evader

Comments

Tags

Details

Analysis ID:
255441
API (Web) ID:
406223
Analysis Started:

2020-08-01 00:09:51 +02:00
Analysis Finished:

2020-08-01 00:18:03 +02:00
MD5:
3f4f53a5a18c6b737d649b011dd6b9a1
SHA1:
1848f72d0e23e721f3307a1ce2673f5d127b7032
SHA256:
2a09c15cbdf630ca762a9baa8cffd71fdeeb9195f1ed0bcf1aab4d46afdb13dc
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 56	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

IPs

IP	Country	Detection
172.67.143.177	United States

Domains

Name	IP	Detection
asf-ris-prod-neurope.northeurope.cloudapp.azure.com	168.63.67.155
redefarmapacheco.com.br	172.67.143.177
g.msn.com	0.0.0.0

URLs

Name	Detection
https://www.cloudflare.com/5xx

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive	data	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dw1lbf1c.tyy.ps1	very short file (no magic)	#
Click to see the 2 hidden entries
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jgckxbhh.e4c.psm1	very short file (no magic)	#
C:\Users\user\Documents\20200801\PowerShell_transcript.390120.gthVtrW7.20200801001120.txt	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators	#