Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Windows\System32\wscript.exe

C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\INVOICE#RVEBSAKSA.vbs"

Details

Is windows:	true
Is dropped:	false
PID:	7664
Target ID:	0
Parent PID:	3968
Name:	wscript.exe
Class:	wscript
Path:	C:\Windows\System32\wscript.exe
Commandline:	C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\INVOICE#RVEBSAKSA.vbs"
Size:	170496
MD5:	A47CBE969EA935BDD3AB568BB126BC80
Time:	12:26:05
Date:	23/05/2024
Reason:	newprocess
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x7ff647bc0000
Modulesize:	184320
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: WScript or CScript Dropper	System Summary
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript	System Summary
Executes visual basic scripts	System Summary	Scripting

Memdumps

Base Address

Regiontype

Protect

Malicious

23A0243E000

heap

page read and write

23A02435000

heap

page read and write

23A02435000

heap

page read and write

FE3ECFE000

stack

page read and write

23A0242F000

heap

page read and write

23A0241B000

heap

page read and write

FE3EDFF000

stack

page read and write

23A02401000

heap

page read and write

23A02439000

heap

page read and write

23A0245E000

heap

page read and write

FE3E9FE000

stack

page read and write

23A02449000

heap

page read and write

23A02435000

heap

page read and write

23A05AC0000

heap

page read and write

23A02340000

heap

page read and write

23A02435000

heap

page read and write

23A02417000

heap

page read and write

23A05AC4000

heap

page read and write

23A02685000

heap

page read and write

23A02457000

heap

page read and write

23A023E0000

heap

page read and write

23A02436000

heap

page read and write

23A02680000

heap

page read and write

23A02614000

heap

page read and write

23A0241D000

heap

page read and write

FE3E8F9000

stack

page read and write

23A0242E000

heap

page read and write

FE3EEFF000

stack

page read and write

23A02417000

heap

page read and write

23A05BC0000

trusted library allocation

page read and write

23A023FC000

heap

page read and write

23A02417000

heap

page read and write

23A02610000

heap

page read and write

23A02449000

heap

page read and write

23A02650000

heap

page read and write

23A0244C000

heap

page read and write

23A023E9000

heap

page read and write

23A02439000

heap

page read and write

23A02415000

heap

page read and write

23A0244C000

heap

page read and write

23A0244C000

heap

page read and write

23A0244C000

heap

page read and write

23A02442000

heap

page read and write

23A02439000

heap

page read and write

23A02370000

heap

page read and write

23A0244C000

heap

page read and write

23A02443000

heap

page read and write

23A02439000

heap

page read and write

23A02439000

heap

page read and write

23A02350000

heap

page read and write

FE3EAFE000

stack

page read and write

There are 41 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
INVOICE#RVEBSAKSA.vbs

Processes

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportINVOICE#RVEBSAKSA.vbs

Processes

Memdumps

IOC Report
INVOICE#RVEBSAKSA.vbs