8a632947e30689f7f03d27a897c91165f60b462669d9c8995a6115d8da1911c7 | Triage

Analysis

max time kernel
61s
max time network
123s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
18/04/2023, 17:34

Sharing

Report Analysis Logs

General

Target

Funds_388416.wsf
Size

75KB
MD5

2d13f7d27e387cd9443a957ddab5bec9
SHA1

d100203ca5021e463a90208188d9aa2cc389b85f
SHA256

6593b65557133c5fd101733e4f7ca27f265c2312f36a088d360def48cf6c1c35
SHA512

cde5aab10ef6ccca77e9d7b8c89b08310044ac6bc291ff78095c7ba9610f28c677b1568327754c1fe2d583e8f981cd5f1f5ee9bea07fb4726dc8fb6f2d12c98a
SSDEEP

1536:SMMmr6MGe+e+gSecKrrHF55wEd9t9Gy7VuYeKAO:SMf6MGeh7SMr1w8l7VuYeKAO

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 3 IoCs

flow	pid	Process
2	1308	WScript.exe
3	1308	WScript.exe
5	1308	WScript.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Funds_388416.wsf"
1⤵
- Blocklisted process makes network request
PID:1308

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads