Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Windows\System32\wscript.exe

C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\download.js"

Details

Is windows:	true
Is dropped:	false
PID:	6968
Target ID:	0
Parent PID:	2580
Name:	wscript.exe
Class:	wscript
Path:	C:\Windows\System32\wscript.exe
Commandline:	C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\download.js"
Size:	170496
MD5:	A47CBE969EA935BDD3AB568BB126BC80
Time:	01:26:16
Date:	21/11/2024
Reason:	newprocess
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x7ff63d880000
Modulesize:	184320
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: WScript or CScript Dropper	System Summary
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript	System Summary

Memdumps

Base Address

Regiontype

Protect

Malicious

28527B16000

heap

page read and write

28527D40000

heap

page read and write

28527B03000

heap

page read and write

28527B0D000

heap

page read and write

9E50AFE000

stack

page read and write

28527B03000

heap

page read and write

28527B12000

heap

page read and write

28527B03000

heap

page read and write

28527AD0000

heap

page read and write

28527B03000

heap

page read and write

9E50DFE000

stack

page read and write

28527B0D000

heap

page read and write

28527B0D000

heap

page read and write

9E508FE000

stack

page read and write

28527A98000

heap

page read and write

28527940000

heap

page read and write

28529830000

heap

page read and write

28527ADC000

heap

page read and write

28527B17000

heap

page read and write

28527A90000

heap

page read and write

2852B1E0000

trusted library allocation

page read and write

28527D45000

heap

page read and write

28527B09000

heap

page read and write

28527A40000

heap

page read and write

28527B0D000

heap

page read and write

9E506FA000

stack

page read and write

28527A20000

heap

page read and write

28527AAC000

heap

page read and write

9E50BFF000

stack

page read and write

28527B1D000

heap

page read and write

28527AEA000

heap

page read and write

28527ACF000

heap

page read and write

28527D49000

heap

page read and write

28527AB7000

heap

page read and write

285294E4000

heap

page read and write

9E50CFE000

stack

page read and write

28527AB1000

heap

page read and write

28527AEA000

heap

page read and write

28527AB7000

heap

page read and write

28527ADC000

heap

page read and write

9E507FE000

stack

page read and write

28527AF0000

heap

page read and write

28527AE6000

heap

page read and write

28527AB1000

heap

page read and write

285294C0000

heap

page read and write

28527AB7000

heap

page read and write

28527AD2000

heap

page read and write

28527D4C000

heap

page read and write

28529831000

heap

page read and write

28527B0D000

heap

page read and write

28527B0D000

heap

page read and write

285294E0000

heap

page read and write

There are 42 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
download.js

Processes

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportdownload.js

Processes

Memdumps

IOC Report
download.js