Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Windows\System32\wscript.exe

C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\cache.vbs"

Details

Is windows:	true
Is dropped:	false
PID:	5260
Target ID:	0
Parent PID:	4056
Name:	wscript.exe
Class:	wscript
Path:	C:\Windows\System32\wscript.exe
Commandline:	C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\cache.vbs"
Size:	170496
MD5:	A47CBE969EA935BDD3AB568BB126BC80
Time:	05:02:09
Date:	08/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x7ff60d4a0000
Modulesize:	184320
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: WScript or CScript Dropper	System Summary
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript	System Summary
Executes visual basic scripts	System Summary	Scripting

Memdumps

Base Address

Regiontype

Protect

Malicious

17088842000

heap

page read and write

1708885B000

heap

page read and write

1708884E000

heap

page read and write

17088857000

heap

page read and write

170869D2000

heap

page read and write

17086A1A000

heap

page read and write

1708884E000

heap

page read and write

17086920000

heap

page read and write

17086A1F000

heap

page read and write

1708699B000

heap

page read and write

170869FF000

heap

page read and write

7FFB1E0E1000

unkown

page execute read

17088858000

heap

page read and write

17088857000

heap

page read and write

7FFB1E0E0000

unkown

page readonly

17086A1F000

heap

page read and write

17086A0B000

heap

page read and write

170869E8000

heap

page read and write

17086A03000

heap

page read and write

17088841000

heap

page read and write

1708699C000

heap

page read and write

17086998000

heap

page read and write

170869DB000

heap

page read and write

170869F0000

heap

page read and write

1708885B000

heap

page read and write

170869DA000

heap

page read and write

1708699E000

heap

page read and write

17088840000

heap

page read and write

31EAFEA000

stack

page read and write

7FFB1E100000

unkown

page read and write

170869ED000

heap

page read and write

17086A17000

heap

page read and write

170869F3000

heap

page read and write

170869CD000

heap

page read and write

31EB6FF000

stack

page read and write

17088857000

heap

page read and write

1708699B000

heap

page read and write

17086900000

heap

page read and write

170869B0000

heap

page read and write

1708884E000

heap

page read and write

1708699E000

heap

page read and write

1708884E000

heap

page read and write

170869EC000

heap

page read and write

17086A1E000

heap

page read and write

17086A1F000

heap

page read and write

17086A15000

heap

page read and write

7FFB1E102000

unkown

page readonly

1708699E000

heap

page read and write

1708884C000

heap

page read and write

17088846000

heap

page read and write

17086A1F000

heap

page read and write

17086A0B000

heap

page read and write

17086A0F000

heap

page read and write

17086999000

heap

page read and write

1708699A000

heap

page read and write

17088843000

heap

page read and write

1708884A000

heap

page read and write

170884F0000

heap

page read and write

31EB3FE000

stack

page read and write

1708884E000

heap

page read and write

31EB2FE000

stack

page read and write

170868F0000

heap

page read and write

170869E7000

heap

page read and write

17086998000

heap

page read and write

17086A0B000

heap

page read and write

7FFB1E0F6000

unkown

page readonly

31EB5FF000

stack

page read and write

17086A0B000

heap

page read and write

17086990000

heap

page read and write

17088857000

heap

page read and write

17088857000

heap

page read and write

7FFB1E105000

unkown

page readonly

17086995000

heap

page read and write

17088841000

heap

page read and write

170869D2000

heap

page read and write

There are 65 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
cache.vbs

Processes

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportcache.vbs

Processes

Memdumps

IOC Report
cache.vbs