Source: wscript.exe, 00000000.00000002.666056971.00000287402E5000.00000004.00000040.sdmp |
String found in binary or memory: http://ns.ad |
Source: wscript.exe, 00000000.00000002.665941348.000002873FFBA000.00000004.00000001.sdmp, wscript.exe, 00000000.00000002.666105863.0000028741DD0000.00000004.00000001.sdmp, wscript.exe, 00000000.00000003.665639824.000002873FFDF000.00000004.00000001.sdmp, wscript.exe, 00000000.00000002.666056971.00000287402E5000.00000004.00000040.sdmp, config_xml.js |
String found in binary or memory: http://www.techsmith.com/xmp/tsc/ |
Source: config_xml.js |
Initial sample: Strings found which are bigger than 50 |
Source: C:\Windows\System32\wscript.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32 |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: classification engine |
Classification label: clean1.winJS@1/0@0/0 |
Source: C:\Windows\System32\wscript.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Windows\System32\wscript.exe |
Window found: window name: WSH-Timer |
Jump to behavior |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Windows\System32\wscript.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid |
Jump to behavior |