Overview

overview

3

Static

static

1

马健数�...ne.vbs

windows7-x64

1

马健数�...ne.vbs

windows10-2004-x64

1

马健数�...ss.asp

windows7-x64

3

马健数�...ss.asp

windows10-2004-x64

3

马健数�...in.asp

windows7-x64

3

马健数�...in.asp

windows10-2004-x64

1

马健数�...HAT.js

windows7-x64

1

马健数�...HAT.js

windows10-2004-x64

1

马健数�...EX.vbs

windows7-x64

1

马健数�...EX.vbs

windows10-2004-x64

1

马健数�...at.vbs

windows7-x64

1

马健数�...at.vbs

windows10-2004-x64

1

马健数�.../f5.js

windows7-x64

1

马健数�.../f5.js

windows10-2004-x64

1

马健数�.../f7.js

windows7-x64

1

马健数�.../f7.js

windows10-2004-x64

1

马健数�...msg.js

windows7-x64

1

马健数�...msg.js

windows10-2004-x64

1

马健数�...it.vbs

windows7-x64

1

马健数�...it.vbs

windows10-2004-x64

1

马健数�...sk.asp

windows7-x64

3

马健数�...sk.asp

windows10-2004-x64

3

马健数�...痕.js

windows7-x64

1

马健数�...痕.js

windows10-2004-x64

1

马健数�...fy.vbs

windows7-x64

1

马健数�...fy.vbs

windows10-2004-x64

1

马健数�...ify.js

windows7-x64

1

马健数�...ify.js

windows10-2004-x64

1

马健数�...st.vbs

windows7-x64

1

马健数�...st.vbs

windows10-2004-x64

1

马健数�...ow.vbs

windows7-x64

1

马健数�...ow.vbs

windows10-2004-x64

1

Analysis

  • max time kernel
    143s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/01/2024, 15:29 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    马健数码科技电子同学录终结版 v2.0 build 0601/chatroom/f7.js

  • Size

    1KB

  • MD5

    dbbdf7b46ac0cf0bbe0ab98309ebcd16

  • SHA1

    00d261d4c1980e88e218ecfb7362d53d398259a8

  • SHA256

    7f3423f79e6ee2341f4ec0bc21095a81088071a336006c4f945286250a1e8572

  • SHA512

    13c0a9277c3d588495304cc1ec0707c1d2ab7072a4ea3b99e6890ae1dbff0a8053c82bf23c840dc8d2e78a0e3d0426a99d33bcc8e537300c59818fb2feb89407

Score
1/10

Malware Config

Signatures

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe "C:\Users\Admin\AppData\Local\Temp\马健数码科技电子同学录终结版 v2.0 build 0601\chatroom\f7.js"
    1⤵
      PID:1320

    Network

    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.a-0001.a-msedge.net
      g-bing-com.a-0001.a-msedge.net
      IN CNAME
      dual-a-0001.a-msedge.net
      dual-a-0001.a-msedge.net
      IN A
      204.79.197.200
      dual-a-0001.a-msedge.net
      IN A
      13.107.21.200
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=be0b31a404e242b89922c7670012864b&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=be0b31a404e242b89922c7670012864b&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=0F222C83CF0063B23C3E3F7ACEE062B3; domain=.bing.com; expires=Sat, 25-Jan-2025 15:32:00 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 1D1D9F760D7341A0B6B4A2E247ABAE43 Ref B: LON04EDGE1110 Ref C: 2024-01-01T15:32:00Z
      date: Mon, 01 Jan 2024 15:31:59 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=be0b31a404e242b89922c7670012864b&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=be0b31a404e242b89922c7670012864b&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=0F222C83CF0063B23C3E3F7ACEE062B3
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MSPTC=HT6m2i3ZF3eLhdrW5JeCcX8SCDY5FIDhlnxEBY1fFe8; domain=.bing.com; expires=Sat, 25-Jan-2025 15:32:01 GMT; path=/; Partitioned; secure; SameSite=None
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 0C033954F16B4D3297CA946D87FE374C Ref B: LON04EDGE1110 Ref C: 2024-01-01T15:32:01Z
      date: Mon, 01 Jan 2024 15:32:01 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=be0b31a404e242b89922c7670012864b&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=be0b31a404e242b89922c7670012864b&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=0F222C83CF0063B23C3E3F7ACEE062B3; MSPTC=HT6m2i3ZF3eLhdrW5JeCcX8SCDY5FIDhlnxEBY1fFe8
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 78546540130D4ECAAC266B0A426A2AC2 Ref B: LON04EDGE1110 Ref C: 2024-01-01T15:32:02Z
      date: Mon, 01 Jan 2024 15:32:01 GMT
    • flag-us
      DNS
      6.181.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      6.181.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      146.78.124.51.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      146.78.124.51.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      179.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      179.178.17.96.in-addr.arpa
      IN PTR
      Response
      179.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-179deploystaticakamaitechnologiescom
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      88.156.103.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      88.156.103.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      9.228.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      9.228.82.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      183.59.114.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      183.59.114.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      41.110.16.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      41.110.16.96.in-addr.arpa
      IN PTR
      Response
      41.110.16.96.in-addr.arpa
      IN PTR
      a96-16-110-41deploystaticakamaitechnologiescom
    • flag-us
      DNS
      241.154.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      241.154.82.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      241.154.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      241.154.82.20.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      241.154.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      241.154.82.20.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      15.164.165.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      15.164.165.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      18.134.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      18.134.221.88.in-addr.arpa
      IN PTR
      Response
      18.134.221.88.in-addr.arpa
      IN PTR
      a88-221-134-18deploystaticakamaitechnologiescom
    • flag-us
      DNS
      100.5.17.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      100.5.17.2.in-addr.arpa
      IN PTR
      Response
      100.5.17.2.in-addr.arpa
      IN PTR
      a2-17-5-100deploystaticakamaitechnologiescom
    • flag-us
      DNS
      119.110.54.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      119.110.54.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      19.229.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      19.229.111.52.in-addr.arpa
      IN PTR
      Response
    • 204.79.197.200:443
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=be0b31a404e242b89922c7670012864b&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid=
      tls, http2
      2.4kB
       9.2kB
       20
      13

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=be0b31a404e242b89922c7670012864b&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=be0b31a404e242b89922c7670012864b&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=be0b31a404e242b89922c7670012864b&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid=

      HTTP Response

      204
    • 96.16.110.114:80
    • 88.221.135.217:80
    • 88.221.135.217:80
    • 88.221.135.217:80
    • 88.221.135.217:80
    • 20.231.121.79:80
    • 96.17.178.196:80
    • 96.17.178.196:80
    • 96.17.178.196:80
    • 96.17.178.196:80
    • 88.221.135.217:80
    • 88.221.135.217:80
    • 88.221.135.217:80
    • 96.17.178.196:80
    • 88.221.135.217:80
    • 96.17.178.196:80
    • 96.17.178.196:80
    • 88.221.135.211:80
    • 88.221.135.211:80
    • 88.221.135.217:80
    • 88.221.135.217:80
    • 96.17.178.196:80
    • 96.17.178.196:80
    • 96.17.178.196:80
    • 88.221.135.211:80
    • 88.221.135.211:80
      342 B
       8.8kB
       7
      8
    • 88.221.135.211:80
    • 96.17.178.194:80
    • 88.221.135.211:80
      46 B
       40 B
       1
      1
    • 88.221.135.211:80
    • 88.221.135.211:80
    • 88.221.135.211:80
    • 20.31.169.57:443
    • 88.221.135.211:80
    • 88.221.135.211:80
      7.6kB
       222.1kB
       131
      159
    • 88.221.135.211:80
    • 88.221.135.211:80
    • 88.221.135.211:80
    • 88.221.135.211:80
    • 88.221.135.211:80
    • 88.221.135.211:80
    • 88.221.135.211:80
      10.1kB
       217.9kB
       154
      156
    • 52.111.229.19:443
    • 88.221.135.211:80
    • 88.221.135.211:80
    • 88.221.135.211:80
    • 88.221.135.211:80
    • 88.221.135.211:80
    • 88.221.135.211:80
    • 88.221.135.211:80
    • 88.221.135.211:80
      6.4kB
       196.1kB
       126
      143
    • 88.221.134.18:80
    • 88.221.134.18:80
    • 93.184.221.240:80
    • 93.184.221.240:80
      59.6kB
       3.0MB
       1186
      2122
    • 20.223.35.26:443
    • 20.223.35.26:443
    • 20.223.35.26:443
    • 204.79.197.200:443
    • 204.79.197.200:443
    • 204.79.197.200:443
      g.bing.com
      1.5kB
       43.3kB
       31
      31
    • 204.79.197.200:443
    • 204.79.197.200:443
    • 20.231.121.79:80
    • 96.16.110.114:80
    • 138.91.171.81:80
      104 B
       2
    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
       158 B
       1
      1

      DNS Request

      g.bing.com

      DNS Response

      204.79.197.200
      13.107.21.200

    • 8.8.8.8:53
      6.181.190.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      6.181.190.20.in-addr.arpa

    • 8.8.8.8:53
      146.78.124.51.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      146.78.124.51.in-addr.arpa

    • 8.8.8.8:53
      179.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      179.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      88.156.103.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      88.156.103.20.in-addr.arpa

    • 8.8.8.8:53
      9.228.82.20.in-addr.arpa
      dns
      70 B
       156 B
       1
      1

      DNS Request

      9.228.82.20.in-addr.arpa

    • 8.8.8.8:53
      183.59.114.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      183.59.114.20.in-addr.arpa

    • 8.8.8.8:53
      41.110.16.96.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      41.110.16.96.in-addr.arpa

    • 8.8.8.8:53
      241.154.82.20.in-addr.arpa
      dns
      216 B
       158 B
       3
      1

      DNS Request

      241.154.82.20.in-addr.arpa

      DNS Request

      241.154.82.20.in-addr.arpa

      DNS Request

      241.154.82.20.in-addr.arpa

    • 8.8.8.8:53
      15.164.165.52.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      15.164.165.52.in-addr.arpa

    • 8.8.8.8:53
      100.5.17.2.in-addr.arpa
      dns
      69 B
       131 B
       1
      1

      DNS Request

      100.5.17.2.in-addr.arpa

    • 8.8.8.8:53
      18.134.221.88.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      18.134.221.88.in-addr.arpa

    • 8.8.8.8:53
      119.110.54.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      119.110.54.20.in-addr.arpa

    • 8.8.8.8:53
    • 8.8.8.8:53
    • 8.8.8.8:53
    • 8.8.8.8:53
    • 8.8.8.8:53
    • 8.8.8.8:53
    • 8.8.8.8:53
    • 8.8.8.8:53
    • 8.8.8.8:53
    • 8.8.8.8:53
    • 8.8.8.8:53
    • 8.8.8.8:53
    • 8.8.8.8:53
      19.229.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      19.229.111.52.in-addr.arpa

    • 8.8.8.8:53
    • 8.8.8.8:53
    • 8.8.8.8:53
    • 8.8.8.8:53
    • 8.8.8.8:53
    • 8.8.8.8:53
    • 8.8.8.8:53

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.