Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Windows\System32\wscript.exe

"C:\WINDOWS\system32\wscript.exe" Dark_Files\Cthulhu.vbs The_call 30000

Details

Is windows:	true
Is dropped:	false
PID:	7004
Target ID:	0
Parent PID:	4056
Name:	wscript.exe
Class:	wscript
Path:	C:\Windows\System32\wscript.exe
Commandline:	"C:\WINDOWS\system32\wscript.exe" Dark_Files\Cthulhu.vbs The_call 30000
Size:	170496
MD5:	A47CBE969EA935BDD3AB568BB126BC80
Time:	21:15:22
Date:	18/04/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff6c48a0000
Modulesize:	184320
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript	System Summary
Executes visual basic scripts	System Summary	Scripting

Memdumps

Base Address

Regiontype

Protect

Malicious

1E09E820000

heap

page read and write

1E09CDD8000

heap

page read and write

7FFB226E5000

unkown

page readonly

7FFB226E0000

unkown

page read and write

7FFB226D6000

unkown

page readonly

1E09CE07000

heap

page read and write

7FFB226C1000

unkown

page execute read

1E09CDEC000

heap

page read and write

1E09CE07000

heap

page read and write

7FFB226C0000

unkown

page readonly

1E09CE0C000

heap

page read and write

1E0A0C00000

heap

page read and write

1E09CDF1000

heap

page read and write

1E09CE38000

heap

page read and write

1E09CDD0000

heap

page read and write

4C111FE000

stack

page read and write

4C110FD000

stack

page read and write

1E0A0400000

trusted library allocation

page read and write

1E09CE40000

heap

page read and write

4C113FF000

stack

page read and write

1E09CE23000

heap

page read and write

1E09CE12000

heap

page read and write

1E09CF8C000

heap

page read and write

1E09E824000

heap

page read and write

1E09CE40000

heap

page read and write

1E09CDB0000

heap

page read and write

1E09CE12000

heap

page read and write

1E09CF80000

heap

page read and write

1E09CE12000

heap

page read and write

1E0A02E0000

heap

page read and write

1E09CE07000

heap

page read and write

7FFB226E2000

unkown

page readonly

1E09CDFE000

heap

page read and write

1E09CE12000

heap

page read and write

1E09CE1C000

heap

page read and write

1E09CED0000

heap

page read and write

4C10DBA000

stack

page read and write

1E09CDFE000

heap

page read and write

1E09CCD0000

heap

page read and write

1E09CF85000

heap

page read and write

1E09CE18000

heap

page read and write

1E09CE0B000

heap

page read and write

1E09CDF1000

heap

page read and write

There are 33 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
Archivos.lnk

Processes

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportArchivos.lnk

Processes

Memdumps

IOC Report
Archivos.lnk