Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Windows\System32\wscript.exe

C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\new.vbs"

Details

Is windows:	true
Is dropped:	false
PID:	8180
Target ID:	0
Parent PID:	3968
Name:	wscript.exe
Class:	wscript
Path:	C:\Windows\System32\wscript.exe
Commandline:	C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\new.vbs"
Size:	170496
MD5:	A47CBE969EA935BDD3AB568BB126BC80
Time:	02:51:25
Date:	26/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x7ff77ff20000
Modulesize:	184320
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: WScript or CScript Dropper	System Summary
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript	System Summary
Executes visual basic scripts	System Summary	Scripting

Domains

Name

Malicious

s-part-0017.t-0009.t-msedge.net

13.107.246.45

Memdumps

Base Address

Regiontype

Protect

Malicious

1B9B82E1000

heap

page read and write

1B9B8333000

heap

page read and write

1B9B830E000

heap

page read and write

1B9B851E000

heap

page read and write

1B9B82C8000

heap

page read and write

1B9B82DC000

heap

page read and write

1B9B831B000

heap

page read and write

1B9B833B000

heap

page read and write

47DC9FE000

stack

page read and write

1B9B8510000

heap

page read and write

1B9B82FC000

heap

page read and write

47DC8FE000

stack

page read and write

1B9B833B000

heap

page read and write

47DC6F8000

stack

page read and write

1B9B82C0000

heap

page read and write

47DC7FF000

stack

page read and write

1B9B8316000

heap

page read and write

1B9B8316000

heap

page read and write

1B9B8515000

heap

page read and write

1B9B8316000

heap

page read and write

1B9BBA30000

trusted library allocation

page read and write

47DCBFF000

stack

page read and write

1B9B82FB000

heap

page read and write

1B9B83E0000

heap

page read and write

47DCAFF000

stack

page read and write

1B9B9E84000

heap

page read and write

1B9BA1D2000

heap

page read and write

1B9B831B000

heap

page read and write

1B9B82F6000

heap

page read and write

1B9B82F6000

heap

page read and write

1B9B8317000

heap

page read and write

1B9B831B000

heap

page read and write

1B9B82F6000

heap

page read and write

1B9B831B000

heap

page read and write

1B9B9E80000

heap

page read and write

1B9B830E000

heap

page read and write

1B9B83C0000

heap

page read and write

1B9B830E000

heap

page read and write

1B9B8313000

heap

page read and write

1B9B830E000

heap

page read and write

1B9B84B0000

heap

page read and write

1B9B8316000

heap

page read and write

1B9B81E0000

heap

page read and write

47DCCFE000

stack

page read and write

1B9B82E1000

heap

page read and write

1B9B831E000

heap

page read and write

1B9B8316000

heap

page read and write

1B9B8331000

heap

page read and write

1B9BA1D0000

heap

page read and write

There are 39 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
new.vbs

Processes

Domains

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportnew.vbs

Processes

Domains

Memdumps

IOC Report
new.vbs