Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.PassView.1835.14688.26789.exe

"C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.PassView.1835.14688.26789.exe"

Details

Is windows:	false
Is dropped:	false
PID:	5320
Target ID:	0
Parent PID:	3504
Name:	SecuriteInfo.com.PUA.Tool.PassView.1835.14688.26789.exe
Path:	C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.PassView.1835.14688.26789.exe
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.PassView.1835.14688.26789.exe"
Size:	102400
MD5:	A878DD0345C3721D93791AB68FCC1FAF
Time:	19:31:31
Date:	22/05/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	114688
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Yara detected MailPassView	Stealing of Sensitive Information
Machine Learning detection for sample	AV Detection
PE file contains an invalid checksum	Data Obfuscation
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
URLs found in memory or binary data	Networking
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
PE file contains a mix of resources often seen in goodware	System Summary

URLs

Name

Malicious

http://www.nirsoft.net

unknown

http://www.nirsoft.net/

unknown

Memdumps

Base Address

Regiontype

Protect

Malicious

5EB000

heap

page read and write

413000

unkown

page readonly

413000

unkown

page readonly

400000

unkown

page readonly

4F0000

heap

page read and write

401000

unkown

page execute read

580000

heap

page read and write

255E000

stack

page read and write

5A0000

heap

page read and write

5F0000

heap

page read and write

22E4000

heap

page read and write

520000

heap

page read and write

2220000

trusted library allocation

page read and write

19B000

stack

page read and write

617000

heap

page read and write

265F000

stack

page read and write

5F8000

heap

page read and write

417000

unkown

page read and write

57B000

heap

page read and write

47E000

stack

page read and write

610000

heap

page read and write

5CA000

heap

page read and write

22DE000

stack

page read and write

251F000

stack

page read and write

5C0000

heap

page read and write

3D9D000

heap

page read and write

609000

heap

page read and write

419000

unkown

page readonly

3D98000

heap

page read and write

3E90000

trusted library allocation

page read and write

22E0000

heap

page read and write

5CE000

heap

page read and write

57E000

heap

page read and write

417000

unkown

page write copy

400000

unkown

page readonly

401000

unkown

page execute read

420000

heap

page read and write

570000

heap

page read and write

88F000

stack

page read and write

419000

unkown

page readonly

430000

heap

page read and write

93000

stack

page read and write

4F5000

heap

page read and write

There are 33 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
SecuriteInfo.com.PUA.Tool.PassView.1835.14688.26789.exe

Processes

URLs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportSecuriteInfo.com.PUA.Tool.PassView.1835.14688.26789.exe

Processes

URLs

Memdumps

IOC Report
SecuriteInfo.com.PUA.Tool.PassView.1835.14688.26789.exe