Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Windows\System32\wscript.exe

C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\new.vbs"

Details

Is windows:	true
Is dropped:	false
PID:	2268
Target ID:	0
Parent PID:	2592
Name:	wscript.exe
Class:	wscript
Path:	C:\Windows\System32\wscript.exe
Commandline:	C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\new.vbs"
Size:	170496
MD5:	A47CBE969EA935BDD3AB568BB126BC80
Time:	12:26:11
Date:	23/05/2024
Reason:	newprocess
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x7ff7a8ab0000
Modulesize:	184320
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: WScript or CScript Dropper	System Summary
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript	System Summary
Executes visual basic scripts	System Summary	Scripting

Domains

Name

Malicious

edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com

217.20.57.34

fp2e7a.wpc.phicdn.net

192.229.221.95

Memdumps

Base Address

Regiontype

Protect

Malicious

20C20B8A000

heap

page read and write

20C20B8E000

heap

page read and write

20C20B80000

heap

page read and write

20C20B86000

heap

page read and write

20C20B51000

heap

page read and write

20C20B8E000

heap

page read and write

20C20B84000

heap

page read and write

DB7D1FF000

stack

page read and write

20C20B8A000

heap

page read and write

20C20B85000

heap

page read and write

20C20B7F000

heap

page read and write

20C20DE5000

heap

page read and write

20C20B8A000

heap

page read and write

20C20960000

heap

page read and write

20C20A60000

heap

page read and write

20C24140000

heap

page read and write

20C20B4D000

heap

page read and write

20C20B80000

heap

page read and write

20C20A40000

heap

page read and write

20C20BA7000

heap

page read and write

20C20B30000

heap

page read and write

20C20B93000

heap

page read and write

20C20B61000

heap

page read and write

DB7D2FF000

stack

page read and write

20C20B5A000

heap

page read and write

20C20B67000

heap

page read and write

20C20B51000

heap

page read and write

20C20B99000

heap

page read and write

20C24144000

heap

page read and write

20C20DE0000

heap

page read and write

20C20B61000

heap

page read and write

20C224A4000

heap

page read and write

DB7CEFE000

stack

page read and write

20C20B66000

heap

page read and write

20C20BAD000

heap

page read and write

20C20B92000

heap

page read and write

20C20B6C000

heap

page read and write

20C22410000

heap

page read and write

DB7CB69000

stack

page read and write

20C20B5B000

heap

page read and write

DB7CFFF000

stack

page read and write

20C20B4C000

heap

page read and write

20C20B99000

heap

page read and write

20C24240000

trusted library allocation

page read and write

DB7D3FE000

stack

page read and write

20C20B8E000

heap

page read and write

20C20B8A000

heap

page read and write

20C224A0000

heap

page read and write

20C20B61000

heap

page read and write

20C20B6E000

heap

page read and write

DB7D0FF000

stack

page read and write

20C20B8E000

heap

page read and write

There are 42 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
new.vbs

Processes

Domains

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportnew.vbs

Processes

Domains

Memdumps

IOC Report
new.vbs