Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe

"C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe"

Details

Is windows:	false
Is dropped:	false
PID:	3376
Target ID:	0
Parent PID:	1028
Name:	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe"
Size:	150016
MD5:	02B1BC1D92B390560C7D7FF9AA8E4E79
Time:	03:34:01
Date:	05/07/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	434176
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011)	System Summary	Software Packing
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary

Memdumps

Base Address

Regiontype

Protect

Malicious

2240000

heap

page read and write

400000

unkown

page readonly

750000

heap

page read and write

1F0000

heap

page read and write

940000

heap

page read and write

560000

heap

page read and write

759000

heap

page read and write

790000

heap

page read and write

75B000

heap

page read and write

790000

heap

page read and write

75B000

heap

page read and write

975000

heap

page read and write

5AE000

stack

page read and write

792000

heap

page read and write

2124000

direct allocation

page read and write

920000

heap

page read and write

540000

heap

page read and write

400000

unkown

page readonly

29DE000

stack

page read and write

930000

direct allocation

page execute and read and write

756000

heap

page read and write

99000

stack

page read and write

19C000

stack

page read and write

401000

unkown

page execute and read and write

3EA0000

trusted library allocation

page read and write

747000

heap

page read and write

7A5000

heap

page read and write

2124000

direct allocation

page read and write

72E000

heap

page read and write

75B000

heap

page read and write

720000

heap

page read and write

445000

unkown

page execute and write copy

2250000

heap

page read and write

299F000

stack

page read and write

6AF000

stack

page read and write

979000

heap

page read and write

757000

heap

page read and write

2120000

direct allocation

page read and write

469000

unkown

page read and write

759000

heap

page read and write

72A000

heap

page read and write

45F000

unkown

page execute and read and write

970000

heap

page read and write

289E000

stack

page read and write

2ADF000

stack

page read and write

468000

unkown

page write copy

943000

heap

page read and write

There are 37 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe

Processes

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportSecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe

Processes

Memdumps

IOC Report
SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe