IOC Report
Document-v23-08-15.js

loading gif

Processes

Path
Cmdline
Malicious
C:\Windows\System32\wscript.exe
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Document-v23-08-15.js"
 malicious
C:\Windows\System32\msiexec.exe
C:\Windows\system32\msiexec.exe /V

URLs

Name
IP
Malicious
https://fwaax.life/merd.php
104.21.20.51

Domains

Name
IP
Malicious
fwaax.life
104.21.20.51

IPs

IP
Domain
Country
Malicious
104.21.20.51
fwaax.life
United States

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\wscript.exe
JScriptSetScriptStateStarted

Memdumps

Base Address
Regiontype
Protect
Malicious
1623F145000
heap
page read and write
16240C07000
heap
page read and write
1623EEF2000
heap
page read and write
16240C00000
heap
page read and write
1623EEAD000
heap
page read and write
2062CFE000
stack
page read and write
1623EEF6000
heap
page read and write
162407A0000
heap
page read and write
1623EF0C000
heap
page read and write
1623EF09000
heap
page read and write
1623EEC7000
heap
page read and write
1623F14A000
heap
page read and write
20632FE000
stack
page read and write
1623EF02000
heap
page read and write
1623EEBE000
heap
page read and write
1623EED8000
heap
page read and write
1623EED8000
heap
page read and write
1623ED60000
heap
page read and write
162407A4000
heap
page read and write
1623EED2000
heap
page read and write
1623EEAE000
heap
page read and write
1623EEC1000
heap
page read and write
1623EED5000
heap
page read and write
1623EEF6000
heap
page read and write
1623F14B000
heap
page read and write
1623EF02000
heap
page read and write
1623EEFA000
heap
page read and write
1623EE9E000
heap
page read and write
1623EE9F000
heap
page read and write
2062DFF000
stack
page read and write
1623EE40000
heap
page read and write
20629FE000
stack
page read and write
1623EEF6000
heap
page read and write
1623EECC000
heap
page read and write
20628F9000
stack
page read and write
1623F140000
heap
page read and write
1623EE8D000
heap
page read and write
1623EEC7000
heap
page read and write
1623EEC8000
heap
page read and write
1623EF10000
heap
page read and write
1623EECC000
heap
page read and write
16242520000
heap
page read and write
1623EE9A000
heap
page read and write
1623EEB2000
heap
page read and write
16240C02000
heap
page read and write
1623EEA5000
heap
page read and write
16240C14000
heap
page read and write
1623EED5000
heap
page read and write
1623EEF6000
heap
page read and write
1623EEFF000
heap
page read and write
1623EEFF000
heap
page read and write
1623EE91000
heap
page read and write
2062FFE000
stack
page read and write
1623EE70000
heap
page read and write
1623EEBD000
heap
page read and write
16240C14000
heap
page read and write
1623EEA5000
heap
page read and write
16240C02000
heap
page read and write
1623F14D000
heap
page read and write
1623EF70000
heap
page read and write
162426A0000
trusted library allocation
page read and write
1623EEFF000
heap
page read and write
2062AFE000
stack
page read and write
1623EED8000
heap
page read and write
1623EEFF000
heap
page read and write
1623EEFA000
heap
page read and write
1623EEFF000
heap
page read and write
1623EEFF000
heap
page read and write
1623EE9B000
heap
page read and write
16240C01000
heap
page read and write
16240C06000
heap
page read and write
1623EED8000
heap
page read and write
1623EEB0000
heap
page read and write
1623EED4000
heap
page read and write
2062EFF000
stack
page read and write
16240C0B000
heap
page read and write
20630FE000
stack
page read and write
16240C0B000
heap
page read and write
There are 68 hidden memdumps, click here to show them.