Analysis Overview
SHA256
23c396aa04b6a989da0a96e6420693cbe8e3fe0d7bfe08984d5cbc5f4217f7de
Threat Level: Likely malicious
The file 3ddaf78c2133c0d73c06c6df81a504db was found to be: Likely malicious.
Malicious Activity Summary
Suspicious Office macro
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-01-01 20:50
Signatures
Suspicious Office macro
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-01-01 20:50
Reported
2024-01-01 20:54
Platform
win7-20231215-en
Max time kernel
122s
Max time network
152s
Command Line
Signatures
Processes
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3ddaf78c2133c0d73c06c6df81a504db.vbs"
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-01-01 20:50
Reported
2024-01-01 20:53
Platform
win10v2004-20231222-en
Max time kernel
137s
Max time network
111s
Command Line
Signatures
Processes
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3ddaf78c2133c0d73c06c6df81a504db.vbs"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 16.53.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 20.123.104.105:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 52.165.165.26:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 23.37.2.11:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 4.231.128.59:443 | tcp | |
| US | 192.229.221.95:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 20.123.104.105:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 20.82.154.241:443 | tcp | |
| N/A | 52.165.165.26:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 52.165.165.26:443 | tcp | |
| N/A | 52.165.165.26:443 | tcp | |
| US | 4.231.128.59:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 4.231.128.59:443 | tcp | |
| N/A | 13.85.23.206:443 | tcp | |
| N/A | 13.85.23.206:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 52.165.165.26:443 | tcp | |
| N/A | 52.165.165.26:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 104.91.71.134:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| PH | 23.37.1.183:80 | tcp | |
| PH | 23.37.1.183:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 20.123.104.105:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 20.54.110.119:443 | tcp | |
| N/A | 13.85.23.206:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 104.91.71.134:80 | tcp | |
| N/A | 104.91.71.134:80 | tcp | |
| N/A | 104.91.71.134:80 | tcp | |
| N/A | 104.91.71.134:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 93.184.221.240:80 | tcp | |
| US | 93.184.221.240:80 | tcp | |
| US | 93.184.221.240:80 | tcp | |
| US | 93.184.221.240:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 23.37.1.150:80 | tcp | |
| N/A | 104.91.71.134:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 104.91.71.134:80 | tcp | |
| N/A | 52.142.223.178:80 | tcp | |
| N/A | 104.91.71.134:80 | tcp | |
| N/A | 104.91.71.134:80 | tcp | |
| US | 93.184.221.240:80 | tcp | |
| US | 93.184.221.240:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 93.184.221.240:80 | tcp | |
| US | 93.184.221.240:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 96.17.179.45:80 | tcp | |
| N/A | 104.91.71.134:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 104.91.71.134:80 | tcp | |
| US | 93.184.221.240:80 | tcp | |
| US | 93.184.221.240:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 93.184.221.240:80 | tcp | |
| N/A | 23.37.1.150:80 | tcp | |
| N/A | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 20.199.58.43:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| GB | 96.17.179.67:80 | tcp | |
| GB | 96.17.179.67:80 | tcp | |
| GB | 96.17.179.67:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 52.142.223.178:80 | tcp | |
| N/A | 23.37.1.150:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 52.111.229.19:443 | tcp | |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| N/A | 20.223.36.55:443 | tcp | |
| N/A | 20.223.36.55:443 | tcp | |
| N/A | 20.223.36.55:443 | tcp | |
| N/A | 20.223.36.55:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 204.79.197.200:443 | tcp | |
| US | 204.79.197.200:443 | tcp | |
| US | 204.79.197.200:443 | tcp | |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 204.79.197.200:443 | tcp |