Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\sj-pulse-ui.exe

"C:\Users\user\Desktop\sj-pulse-ui.exe"

Details

Is windows:	false
Is dropped:	false
PID:	5424
Target ID:	0
Parent PID:	4004
Name:	sj-pulse-ui.exe
Path:	C:\Users\user\Desktop\sj-pulse-ui.exe
Commandline:	"C:\Users\user\Desktop\sj-pulse-ui.exe"
Size:	1975672
MD5:	7C31EFBC0EFC3EFF68A757D54B79EABE
Time:	13:20:31
Date:	27/05/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7dfd40000
Modulesize:	2002944
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Sample file is different than original file name gathered from version info	System Summary
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery
PE file has an executable .text section and no other executable section	System Summary
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
URLs found in memory or binary data	Networking
PE file contains a valid data directory to section mapping	System Summary
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a mix of data directories often seen in goodware	System Summary
PE file imports many functions	System Summary
PE / OLE file has a valid certificate	Compliance, System Summary
PE file has a high image base, often used for DLLs	System Summary
Submission file is bigger than most known malware samples	System Summary

URLs

Name

Malicious

https://github.com/rsms/inter)InterRegular3.019;RSMS;Inter-RegularInter

unknown

http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLRalewayThinRalewayRomanWeightExtraLight

unknown

http://theleagueofmoveabletype.comhttp://pixelspread.comThis

unknown

http://ns.useplus.org/ldf/xmp/1.0/

unknown

http://iptc.org/std/Iptc4xmpExt/2008-02-29/

unknown

http://pixelspread.comThis

unknown

http://www.gimp.org/xmp/

unknown

https://rsms.me/This

unknown

http://scripts.sil.org/OFLhttp://sc

unknown

http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLOpen

unknown

http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLRalewayThinRalewayRomanWeightExtraLightLightMedi

unknown

There are 1 hidden URLs, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

1FCE8D16000

heap

page read and write

7FF7DFE64000

unkown

page write copy

7FF7DFE62000

unkown

page write copy

7FF7DFD41000

unkown

page execute read

7FF7DFE62000

unkown

page write copy

7FF7DFD41000

unkown

page execute read

1FCE8D1C000

heap

page read and write

7FF7DFD40000

unkown

page readonly

996717C000

stack

page read and write

99674FE000

stack

page read and write

7FF7DFE15000

unkown

page readonly

7FF7DFE63000

unkown

page read and write

99675FF000

stack

page read and write

1FCE8CD0000

heap

page read and write

99676FF000

stack

page read and write

7FF7DFD40000

unkown

page readonly

1FCE8D10000

heap

page read and write

7FF7DFE72000

unkown

page readonly

1FCE8CC0000

heap

page read and write

7FF7DFE12000

unkown

page readonly

7FF7DFE72000

unkown

page readonly

7FF7DFE12000

unkown

page read and write

There are 12 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
sj-pulse-ui.exe

Processes

URLs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportsj-pulse-ui.exe

Processes

URLs

Memdumps

IOC Report
sj-pulse-ui.exe