Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Windows\System32\wscript.exe

"C:\Windows\System32\WScript.exe" "D:\logo\parcel_photo002.vbs"

Details

Is windows:	true
Is dropped:	false
PID:	5372
Target ID:	1
Parent PID:	4056
Name:	wscript.exe
Class:	wscript
Path:	C:\Windows\System32\wscript.exe
Commandline:	"C:\Windows\System32\WScript.exe" "D:\logo\parcel_photo002.vbs"
Size:	170496
MD5:	A47CBE969EA935BDD3AB568BB126BC80
Time:	07:57:16
Date:	23/04/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff740430000
Modulesize:	184320
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript	System Summary
Executes visual basic scripts	System Summary	Scripting

Memdumps

Base Address

Regiontype

Protect

Malicious

1CE1A73F000

heap

page read and write

1CE1A72E000

heap

page read and write

7FFB226E0000

unkown

page read and write

1CE1DD80000

trusted library allocation

page read and write

A9DB1CA000

stack

page read and write

1CE1A72E000

heap

page read and write

1CE1A721000

heap

page read and write

1CE1A737000

heap

page read and write

1CE1A74B000

heap

page read and write

1CE1A742000

heap

page read and write

7FFB226D6000

unkown

page readonly

1CE1A71C000

heap

page read and write

1CE1A74B000

heap

page read and write

1CE1A721000

heap

page read and write

7FFB226E2000

unkown

page readonly

1CE1A640000

heap

page read and write

1CE1A768000

heap

page read and write

1CE1A708000

heap

page read and write

1CE1A726000

heap

page read and write

1CE1A768000

heap

page read and write

1CE1A940000

heap

page read and write

1CE1A800000

heap

page read and write

A9DB4FD000

stack

page read and write

1CE1A768000

heap

page read and write

1CE1A945000

heap

page read and write

1CE1A73C000

heap

page read and write

A9DB7FF000

stack

page read and write

A9DB5FE000

stack

page read and write

1CE1A73B000

heap

page read and write

1CE1A74B000

heap

page read and write

1CE1A8E4000

heap

page read and write

7FFB226E5000

unkown

page readonly

1CE1A700000

heap

page read and write

1CE1A737000

heap

page read and write

1CE1A94C000

heap

page read and write

1CE1A620000

heap

page read and write

1CE1A74C000

heap

page read and write

1CE1E580000

heap

page read and write

1CE1A742000

heap

page read and write

1CE1A74B000

heap

page read and write

1CE1A8E0000

heap

page read and write

1CE1A726000

heap

page read and write

1CE1A737000

heap

page read and write

7FFB226C0000

unkown

page readonly

1CE1A742000

heap

page read and write

1CE1A540000

heap

page read and write

1CE1A742000

heap

page read and write

7FFB226C1000

unkown

page execute read

There are 38 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
parcel_photo.lnk

Processes

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportparcel_photo.lnk

Processes

Memdumps

IOC Report
parcel_photo.lnk