e129d7e093e1ab82b09c0b4d9c23f71ee8c50bff17ac9f9a2bc71fec053fd3e9 | Triage

Analysis

max time kernel
43s
max time network
108s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
03-05-2023 10:52

Sharing

Report Analysis Logs

General

Target

A104.wsf
Size

36KB
MD5

1e0d3efa1494049c07b56db8994f0682
SHA1

9145f291baac4e9542d19177186e338727780f17
SHA256

2f5fa112a3851103950f2aac5c58fe715e2e55277ed1e17edf556d00148dec06
SHA512

7c8437cc58c77777e645c11f110059a17fe437c72143bf24940c6e7497ae00b1fb8537675b584c75bc6972a086a0a8a3f2e2863fbc008f8fefc501bacecb260b
SSDEEP

768:LWp6iDX1ZOWeyrTbojkpRUj7BzU6QxIoohuTtwjA+p:W6W1ZOqb8iRUjFw66f8Zp

Score

10^/10

Malware Config

Signatures

Process spawned unexpected child process 1 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

description	pid	pid_target	Process	procid_target
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	1288	1140	rundll32.exe	31

Blocklisted process makes network request 15 IoCs

flow	pid	Process
4	1736	WScript.exe
5	1736	WScript.exe
6	1736	WScript.exe
7	1736	WScript.exe
9	1736	WScript.exe
10	1736	WScript.exe
11	1736	WScript.exe
12	1736	WScript.exe
14	1736	WScript.exe
15	1736	WScript.exe
16	1736	WScript.exe
17	1736	WScript.exe
20	1736	WScript.exe
22	1736	WScript.exe
24	1736	WScript.exe

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\A104.wsf"
1⤵
- Blocklisted process makes network request
PID:1736

C:\Windows\SysWOW64\rundll32.exe
C:\\Windows\\SysWOW64\\rundll32.exe C:\ProgramData\acogJqAR8nFYC7d.dat,Time
1⤵
- Process spawned unexpected child process
PID:1288

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
62KB

MD5
b5fcc55cffd66f38d548e8b63206c5e6

SHA1
79db08ababfa33a4f644fa8fe337195b5aba44c7

SHA256
7730df1165195dd5bb6b40d6e519b4ce07aceb03601a77bca6535d31698d4ca1

SHA512
aaa17175e90dbca04f0fa753084731313e70119fef7d408b41ff4170116ab24eaee0bd05dca2cc43464b1ee920819e5ce6f6e750d97e3c4fc605f01e7ff9c649

Download Submit