Source: classification engine |
Classification label: mal52.winLNK@1/0@0/0 |
Source: unknown |
Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\aca5887474e22b7be6121c56919953745a7a821311080acbe8970da7ed9479b8.vbs" |
Source: C:\Windows\System32\wscript.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: sxs.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: vbscript.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32 |
Jump to behavior |
Source: pesuti lnk.lnk |
LNK file: ..\..\..\..\..\..\Local\Temp\aca5887474e22b7be6121c56919953745a7a821311080acbe8970da7ed9479b8.vbs |
Source: C:\Windows\System32\wscript.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Window found: window name: WSH-Timer |
Jump to behavior |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |