Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\3lOLt0TUE4.exe

"C:\Users\user\Desktop\3lOLt0TUE4.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7548
Target ID:	0
Parent PID:	2580
Name:	3lOLt0TUE4.exe
Path:	C:\Users\user\Desktop\3lOLt0TUE4.exe
Commandline:	"C:\Users\user\Desktop\3lOLt0TUE4.exe"
Size:	1869824
MD5:	731497243F4C710C562DD084DCD34EC1
Time:	08:01:09
Date:	25/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x140000000
Modulesize:	2752512
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
PE file contains sections with non-standard names	Data Obfuscation
Sample file is different than original file name gathered from version info	System Summary
PE file has a writable .reloc section	System Summary
PE file has an executable .reloc section	System Summary
Sample is known by Antivirus	System Summary
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
PE file has a big raw section	System Summary
PE file has a high image base, often used for DLLs	System Summary
Submission file is bigger than most known malware samples	System Summary

Memdumps

Base Address

Regiontype

Protect

Malicious

26CF000

stack

page read and write

140000000

unkown

page readonly

140070000

unkown

page readonly

2780000

direct allocation

page read and write

14F000

stack

page read and write

451000

direct allocation

page execute and read and write

78F000

stack

page read and write

140070000

unkown

page readonly

4C7000

heap

page read and write

14004C000

unkown

page readonly

460000

direct allocation

page read and write

2440000

direct allocation

page read and write

2720000

direct allocation

page read and write

140065000

unkown

page read and write

88E000

stack

page read and write

14D000

stack

page read and write

14006A000

unkown

page readonly

4C0000

heap

page read and write

140001000

unkown

page execute read

140000000

unkown

page readonly

28B0000

heap

page read and write

470000

heap

page read and write

28B8000

heap

page read and write

14004C000

unkown

page readonly

140065000

unkown

page write copy

2080000

direct allocation

page read and write

2030000

direct allocation

page read and write

140001000

unkown

page execute read

1A0000

heap

page read and write

140071000

unkown

page execute and write copy

400000

direct allocation

page execute and read and write

1C0000

heap

page read and write

140072000

unkown

page execute and read and write

4F3000

heap

page read and write

25CE000

stack

page read and write

2700000

heap

page read and write

140071000

unkown

page execute and write copy

14006A000

unkown

page readonly

190000

heap

page read and write

There are 29 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
3lOLt0TUE4.exe

Processes

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report3lOLt0TUE4.exe

Processes

Memdumps

IOC Report
3lOLt0TUE4.exe