Source: unknown |
HTTPS traffic detected: 188.138.69.102:443 -> 192.168.2.3:49693 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 188.138.69.102:443 -> 192.168.2.3:49695 version: TLS 1.2 |
Source: C:\Windows\System32\wscript.exe |
Network Connect: 188.138.69.102 443 |
Source: Traffic |
Snort IDS: 2039597 ET TROJAN SocGholish CnC Domain in DNS Lookup (portraits .studio-94-photography .com) 192.168.2.3:56466 -> 1.1.1.1:53 |
Source: Traffic |
Snort IDS: 2039597 ET TROJAN SocGholish CnC Domain in DNS Lookup (portraits .studio-94-photography .com) 192.168.2.3:53158 -> 1.1.1.1:53 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49695 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49695 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49693 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49693 -> 443 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 188.138.69.102 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 188.138.69.102 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 188.138.69.102 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 188.138.69.102 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 188.138.69.102 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 188.138.69.102 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 188.138.69.102 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 188.138.69.102 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 188.138.69.102 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 188.138.69.102 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 188.138.69.102 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 188.138.69.102 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 188.138.69.102 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 188.138.69.102 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 188.138.69.102 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 188.138.69.102 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 188.138.69.102 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 188.138.69.102 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 188.138.69.102 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 188.138.69.102 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 188.138.69.102 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 188.138.69.102 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 188.138.69.102 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 188.138.69.102 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 188.138.69.102 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 188.138.69.102 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 188.138.69.102 |
Source: unknown |
HTTPS traffic detected: 188.138.69.102:443 -> 192.168.2.3:49693 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 188.138.69.102:443 -> 192.168.2.3:49695 version: TLS 1.2 |
Source: C:\Windows\System32\wscript.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Source: classification engine |
Classification label: mal56.evad.winZIP@2/0@0/11 |
Source: unknown |
Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\alfredo\AppData\Local\Temp\Temp1_Chrom#U0435.U#U0440dat#U0435.zip\AutoUpdater.js" |
Source: unknown |
Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\alfredo\AppData\Local\Temp\Temp1_Chrom#U0435.U#U0440dat#U0435.zip\AutoUpdater.js" |
Source: C:\Windows\System32\wscript.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32 |
Source: C:\Windows\System32\wscript.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Source: C:\Windows\System32\wscript.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Source: C:\Windows\System32\wscript.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Source: C:\Windows\System32\wscript.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Source: Chrom#U0435.U#U0440dat#U0435.zip |
Joe Sandbox Cloud Basic: Detection: clean Score: 2 |
Perma Link |
Source: C:\Windows\System32\wscript.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\wscript.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\wscript.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\wscript.exe |
Process information set: NOOPENFILEERRORBOX |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Windows\System32\wscript.exe |
Window found: window name: WSH-Timer |
Source: C:\Windows\System32\wscript.exe |
Window found: window name: WSH-Timer |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Windows\System32\wscript.exe |
Network Connect: 188.138.69.102 443 |
Source: C:\Windows\System32\wscript.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid |