Free Automated Malware Analysis Service - powered by Falcon Sandbox (2024)

Table of Contents
WPJCleanUp.cmd Additional Context Indicators File Details Screenshots System Resource Monitor Hybrid Analysis Network Analysis DNS Requests Contacted Hosts HTTP Traffic Extracted Strings Extracted Files Notifications Community References

whitelisted

based on MD5

WPJCleanUp.cmd

This report is generated from a file or URL submitted to this webservice on December 3rd 2020 20:21:01 (UTC)
Guest System: Windows 7 32 bit, Professional, 6.1 (build 7601), Service Pack 1
Report generated by Falcon Sandbox v8.45.3 © Hybrid Analysis

Overview Sample unavailable

  • PCAP File (45KiB)
  • HTML Report (1MiB)
  • PDF Report (12KiB)
  • JSON Report (23KiB)
  • XML Report (25KiB)
  • OpenIOC Report (900B)
  • MISP (XML) Report (736B)
  • MISP (JSON) Report (637B)
  • Memory Dumps (616KiB)

Re-analyze Hash Seen Before Show Similar Samples Request Report Deletion

Additional Context

Related Sandbox Artifacts

Associated SHA256s
1a989f9dd27c799f62834f5343b1461b12ffa57ef14423604ed457468bbe37f2
3b08535b4add194f5661e1131c8e81af373ca322cf669674cf1272095e5cab95
a5f4b731c495fc8b95a58b3228c798c887138354bafd765b5f620b913d9aa4e7
2672d366ee3c6ae745a8a547ba3f350fb8597c92e1117a80092df8f7531dd565
da6a1126510af787472f32b0535af2920799e6460f5e46779aa2dadb6caabcff
Associated URLs
hxxps://download.microsoft.com/download/8/e/f/8ef13ae0-6aa8-48a2-8697-5b1711134730/WPJCleanUp.zip

Indicators

Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.

  • Informative 5

  • General
    • Spawns new processes
      details
      Spawned process "cmd.exe" with commandline "/c ver" (Show Process)
      source
      Monitored Target
      relevance
      3/10
    • Spawns new processes that are not known child processes
      details
      Spawned process "cmd.exe" with commandline "/c ver" (Show Process)
      source
      Monitored Target
      relevance
      3/10
  • Installation/Persistence
    • Creates new processes
      details
      "cmd.exe" is creating a new process (Name: "%WINDIR%\System32\cmd.exe", Handle: 104)
      source
      API Call
      relevance
      8/10
    • Opens the MountPointManager (often used to detect additional infection locations)
      details
      "cmd.exe" opened "\Device\MountPointManager"
      source
      API Call
      relevance
      5/10
    • Touches files in the Windows directory
      details
      "cmd.exe" touched file "%WINDIR%\Globalization\Sorting\SortDefault.nls"
      source
      API Call
      relevance
      7/10

File Details

All Details:

See Also
Uninstall Sophos Endpoint - Sophos EndpointHow to clear DNS cache ?Manual CleanupT2T Device

WPJCleanUp.cmd

Filename
WPJCleanUp.cmd
Size
1.6KiB (1608 bytes)
Type
script cmd
Description
ASCII text, with CRLF line terminators
Architecture
WINDOWS
SHA256
343fe54d4e5d0b91a0b5aed57aa9733375dbae479d7400f769394d8435822153Free Automated Malware Analysis Service - powered by Falcon Sandbox (1)
MD5
606acaf64d1da5aa33af8732a14aaa5aFree Automated Malware Analysis Service - powered by Falcon Sandbox (2)
SHA1
4e2dae8f4674a59b32adc0035a210d5a56f6f6a9Free Automated Malware Analysis Service - powered by Falcon Sandbox (3)
ssdeep
24:uewru1oX5bGmUrC5rnrJNQrQvEVIZFTCYPfyy6zjGqT5EUIFwxCh:6u1ozUO5DlNQs93patT52wxA Free Automated Malware Analysis Service - powered by Falcon Sandbox (4)

Resources

Icon
Free Automated Malware Analysis Service - powered by Falcon Sandbox (5)

Visualization

Input File (PortEx)

Screenshots

Loading content, please wait...

System Resource Monitor

Hybrid Analysis

Tip: Click an analysed process below to view more details.

Analysed 2 processes in total.

  • Free Automated Malware Analysis Service - powered by Falcon Sandbox (7) cmd.exe /c ""C:\WPJCleanUp.cmd" " (PID: 2372)
    • Free Automated Malware Analysis Service - powered by Falcon Sandbox (8) cmd.exe /c ver (PID: 3728)
Logged Script Calls Logged Stdout Extracted Streams Memory Dumps
Reduced Monitoring Network Activityy Network Error Multiscan Match

Network Analysis

DNS Requests

No relevant DNS requests were made.

Contacted Hosts

No relevant hosts were contacted.

See Also
Free Automated Malware Analysis Service

HTTP Traffic

No relevant HTTP requests were made.

Extracted Strings

All Details:

  • All Strings (2)
  • Interesting (2)
  • cmd.exe (1)
  • 343fe54d4e5d0b91a0b5aed57aa9733375dbae479d7400f769394d8435822153.cmd.bin (1)

/c ""C:\WPJCleanUp.cmd" "

Ansi based on Process Commandline (cmd.exe)

@echo off setlocal for /f "tokens=2 delims=[]" %%i in ('ver') do set verStr=%%i for /f "tokens=2-6 delims=. " %%i in ("%verStr%") do ( set Major=%%i set Minor=%%j set Build=%%k set Revision=%%l ) if not %Major%.%Minor%.==10.0. ( echo This tool is for Windows 10 only! 1>&2 goto :eof ) set root=%~dp0. if %Build% GEQ 18900 ( set tool=%root%\v2004\CleanupWPJ_X86.exe goto :exec ) if %Build% GEQ 18000 ( set tool=%root%\v1903\CleanupWPJ_X86.exe goto :exec ) if %Build% GEQ 17700 ( set tool=%root%\v1809\CleanupWPJ_X86.exe goto :exec ) if %Build% GEQ 17000 ( set tool=%root%\v1803\CleanupWPJ_X86.exe goto :exec ) if %Build% GEQ 16000 ( set tool=%root%\v1709\CleanupWPJ_X86.exe goto :exec ) echo Unsupported Windows 10 version! 1>&2 exit /b 1:exec rem Exec

Ansi based on Memory/File Scan (343fe54d4e5d0b91a0b5aed57aa9733375dbae479d7400f769394d8435822153.cmd.bin)

/c ""C:\WPJCleanUp.cmd" "

Ansi based on Process Commandline (cmd.exe)

@echo off setlocal for /f "tokens=2 delims=[]" %%i in ('ver') do set verStr=%%i for /f "tokens=2-6 delims=. " %%i in ("%verStr%") do ( set Major=%%i set Minor=%%j set Build=%%k set Revision=%%l ) if not %Major%.%Minor%.==10.0. ( echo This tool is for Windows 10 only! 1>&2 goto :eof ) set root=%~dp0. if %Build% GEQ 18900 ( set tool=%root%\v2004\CleanupWPJ_X86.exe goto :exec ) if %Build% GEQ 18000 ( set tool=%root%\v1903\CleanupWPJ_X86.exe goto :exec ) if %Build% GEQ 17700 ( set tool=%root%\v1809\CleanupWPJ_X86.exe goto :exec ) if %Build% GEQ 17000 ( set tool=%root%\v1803\CleanupWPJ_X86.exe goto :exec ) if %Build% GEQ 16000 ( set tool=%root%\v1709\CleanupWPJ_X86.exe goto :exec ) echo Unsupported Windows 10 version! 1>&2 exit /b 1:exec rem Exec

Ansi based on Memory/File Scan (343fe54d4e5d0b91a0b5aed57aa9733375dbae479d7400f769394d8435822153.cmd.bin)

/c ""C:\WPJCleanUp.cmd" "

Ansi based on Process Commandline (cmd.exe)

@echo off setlocal for /f "tokens=2 delims=[]" %%i in ('ver') do set verStr=%%i for /f "tokens=2-6 delims=. " %%i in ("%verStr%") do ( set Major=%%i set Minor=%%j set Build=%%k set Revision=%%l ) if not %Major%.%Minor%.==10.0. ( echo This tool is for Windows 10 only! 1>&2 goto :eof ) set root=%~dp0. if %Build% GEQ 18900 ( set tool=%root%\v2004\CleanupWPJ_X86.exe goto :exec ) if %Build% GEQ 18000 ( set tool=%root%\v1903\CleanupWPJ_X86.exe goto :exec ) if %Build% GEQ 17700 ( set tool=%root%\v1809\CleanupWPJ_X86.exe goto :exec ) if %Build% GEQ 17000 ( set tool=%root%\v1803\CleanupWPJ_X86.exe goto :exec ) if %Build% GEQ 16000 ( set tool=%root%\v1709\CleanupWPJ_X86.exe goto :exec ) echo Unsupported Windows 10 version! 1>&2 exit /b 1:exec rem Exec

Ansi based on Memory/File Scan (343fe54d4e5d0b91a0b5aed57aa9733375dbae479d7400f769394d8435822153.cmd.bin)

Extracted Files

No significant files were extracted.

Notifications

  • Runtime

  • Network whitenoise filtering was applied
  • Not all Falcon MalQuery lookups completed in time

Community

  1. Anonymous commented 1 year ago

    FIN Sophos

You must be logged in to submit a comment.

Free Automated Malware Analysis Service - powered by Falcon Sandbox (2024)

References

Top Articles
Mommy Milkers: Origin, significance and evolution of a controversial term
Experience the Spiritual Bliss of Church of the Big Mommy Milkers
Destiny 2 Season Of The Seraph Eververse Rotations
Destiny 2: Eververse Schedule Season of Plunder
Mechanical Clover Slot - Gratis spelen en recensies (2024)
Delve into an exciting fantasy in Mechanical Clover Slot!
Used Power Washer For Sale Near Me
Students, staff recognized at the June 13 board meeting
Skyward 187
Eni Annual Report 2021
Cvs Brooklyn Square Jamestown Ny
About Walmart MoneyCard - Cash Back Prepaid Debit Card
Latest Posts
Shell Education 180 Days Pdf Answer Key
Craiglist Idaho
Article information

Author: Chrissy Homenick

Last Updated:

Views: 5592

Rating: 4.3 / 5 (54 voted)

Reviews: 93% of readers found this page helpful

Author information

Name: Chrissy Homenick

Birthday: 2001-10-22

Address: 611 Kuhn Oval, Feltonbury, NY 02783-3818

Phone: +96619177651654

Job: Mining Representative

Hobby: amateur radio, Sculling, Knife making, Gardening, Watching movies, Gunsmithing, Video gaming

Introduction: My name is Chrissy Homenick, I am a tender, funny, determined, tender, glorious, fancy, enthusiastic person who loves writing and wants to share my knowledge and understanding with you.