9e15f908620f3b62433510250fdf8ecf3020e56ee6e60e3007dbccfa6db1b83f | Triage

Analysis

max time kernel
41s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
14/02/2023, 14:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Adobe Cloud Certificate 259323.wsf
Size

6KB
MD5

bdbaca93dbb178b60a7e6376a3a937dc
SHA1

20653b247ee52e148f1a9b7a7727aaad9df886b1
SHA256

9e15f908620f3b62433510250fdf8ecf3020e56ee6e60e3007dbccfa6db1b83f
SHA512

522651ca52ab76c947c27fc1784291714453b187b9b12074b41a9a2cf77bf87372799cc71fa45800b628d938d99fccbad7aa7c678e9ab33a9b0e1df812daf652
SSDEEP

192:H/sHXLDgfGWre61ajlhXpSaY643G0r8AWL:Hk3LhWrY75SaY6SG0qL

Score

10^/10

Malware Config

Signatures

Process spawned unexpected child process 1 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

description	pid	pid_target	Process	procid_target
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	1560	772	rundll32.exe	28

Blocklisted process makes network request 1 IoCs

flow	pid	Process
4	1460	WScript.exe

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Adobe Cloud Certificate 259323.wsf"
1⤵
- Blocklisted process makes network request
PID:1460

C:\Windows\system32\rundll32.exe
rundll32 C:\ProgramData\zRG7ojml.gzshlHZk,Wind
1⤵
- Process spawned unexpected child process
PID:1560

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1460-54-0x000007FEFC251000-0x000007FEFC253000-memory.dmp

Filesize
8KB

Download