Overview

overview

10

Static

static

1

69b3c7e999...c3.wsf

windows7-x64

10

69b3c7e999...c3.wsf

windows10-2004-x64

10

Analysis

  • max time kernel
    116s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    26/05/2023, 01:49

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    69b3c7e999be1bdbd6c9bebe95102c3a887876c12eb29af9d222c6c2dce340c3.wsf

  • Size

    76KB

  • MD5

    d645df28dd840db7e2f71b060804fcf8

  • SHA1

    cc2d7b5cced759599ac659ff36c4dd272bc4fae6

  • SHA256

    69b3c7e999be1bdbd6c9bebe95102c3a887876c12eb29af9d222c6c2dce340c3

  • SHA512

    8633f11cb4270f99be211ab73296d19f05dae45caee604b4f6d1c146925231843253c0850588d54624df7738f6da1ecc920d513bc9853ec067914e86375a1423

  • SSDEEP

    1536:j3DbJxlPlX3DV0WWjIQlW0WZIYmX3fSLmxlXTJ1ZOVyj/tQlR1ZOVc:Hb7lPpOWfQhW2h36LmV1ZOcj/tQT1ZOe

Score
10/10

Malware Config

Signatures

  • Process spawned unexpected child process 1 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • Blocklisted process makes network request 8 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\69b3c7e999be1bdbd6c9bebe95102c3a887876c12eb29af9d222c6c2dce340c3.wsf"
    1⤵
    • Blocklisted process makes network request
    PID:2000
  • C:\Windows\system32\conhost.exe
    conhost.exe rundll32.exe C:\Users\Public\abzu731MHQcDpLk.dat,bind
    1⤵
    • Process spawned unexpected child process
    PID:1668

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads