Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Windows\System32\wscript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\aca5887474e22b7be6121c56919953745a7a821311080acbe8970da7ed9479b8.vbs"

Details

Is windows:	true
Is dropped:	false
PID:	7336
Target ID:	0
Parent PID:	2580
Name:	wscript.exe
Class:	wscript
Path:	C:\Windows\System32\wscript.exe
Commandline:	"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\aca5887474e22b7be6121c56919953745a7a821311080acbe8970da7ed9479b8.vbs"
Size:	170496
MD5:	A47CBE969EA935BDD3AB568BB126BC80
Time:	09:22:55
Date:	01/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff751c70000
Modulesize:	184320
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Script Interpreter Execution From Suspicious Folder	System Summary
Sigma detected: Suspicious Script Execution From Temp Folder	System Summary
Sigma detected: WScript or CScript Dropper	System Summary
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript	System Summary
Executes visual basic scripts	System Summary	Scripting

Memdumps

Base Address

Regiontype

Protect

Malicious

323BAFE000

stack

page read and write

1D92CBE0000

heap

page read and write

1D92CC2A000

heap

page read and write

1D92CC36000

heap

page read and write

1D92CC21000

heap

page read and write

1D930AB0000

heap

page read and write

1D9302B0000

trusted library allocation

page read and write

1D92CC4A000

heap

page read and write

1D92CE70000

heap

page read and write

1D92CC36000

heap

page read and write

1D92CC28000

heap

page read and write

1D92CC4B000

heap

page read and write

323B77B000

stack

page read and write

1D92CC36000

heap

page read and write

1D92CC3B000

heap

page read and write

1D92CC3C000

heap

page read and write

323BBFE000

stack

page read and write

1D92CC68000

heap

page read and write

1D92CC1C000

heap

page read and write

323BDFE000

stack

page read and write

1D92CC27000

heap

page read and write

1D92CC4A000

heap

page read and write

1D92CE75000

heap

page read and write

1D92CB00000

heap

page read and write

1D92CC43000

heap

page read and write

1D92CDB0000

heap

page read and write

1D92CDB4000

heap

page read and write

1D92CE7C000

heap

page read and write

1D92CC67000

heap

page read and write

1D92CC29000

heap

page read and write

1D92CC43000

heap

page read and write

1D92CC4A000

heap

page read and write

1D92CC4A000

heap

page read and write

1D92CC08000

heap

page read and write

1D92CC67000

heap

page read and write

1D92CC00000

heap

page read and write

1D92CC3E000

heap

page read and write

1D92CC43000

heap

page read and write

1D92CC4A000

heap

page read and write

1D92CDD0000

heap

page read and write

1D92CC47000

heap

page read and write

1D92CD00000

heap

page read and write

1D92CC43000

heap

page read and write

1D92CC21000

heap

page read and write

There are 34 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
pesuti lnk.lnk

Processes

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportpesuti lnk.lnk

Processes

Memdumps

IOC Report
pesuti lnk.lnk