Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\skZwfU6wMR.exe

"C:\Users\user\Desktop\skZwfU6wMR.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7328
Target ID:	0
Parent PID:	4056
Name:	skZwfU6wMR.exe
Path:	C:\Users\user\Desktop\skZwfU6wMR.exe
Commandline:	"C:\Users\user\Desktop\skZwfU6wMR.exe"
Size:	458699
MD5:	339E94BFF01E66552E855E9ADE023163
Time:	02:37:02
Date:	27/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x330000
Modulesize:	98304
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
PE file contains an invalid checksum	Data Obfuscation
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a mix of data directories often seen in goodware	System Summary

Memdumps

Base Address

Regiontype

Protect

Malicious

292F000

heap

page read and write

2930000

heap

page read and write

26D0000

heap

page read and write

290D000

heap

page read and write

28F9000

heap

page read and write

331000

unkown

page execute read

2923000

heap

page read and write

42C0000

heap

page read and write

292F000

heap

page read and write

342000

unkown

page read and write

2927000

heap

page read and write

343000

unkown

page readonly

2905000

heap

page read and write

28BF000

stack

page read and write

28F5000

heap

page read and write

267C000

stack

page read and write

292F000

heap

page read and write

292F000

heap

page read and write

283F000

stack

page read and write

330000

unkown

page readonly

2923000

heap

page read and write

4360000

heap

page read and write

28D8000

heap

page read and write

292F000

heap

page read and write

287E000

stack

page read and write

292C000

heap

page read and write

2927000

heap

page read and write

28D0000

heap

page read and write

2A0E000

stack

page read and write

2931000

heap

page read and write

2927000

heap

page read and write

2923000

heap

page read and write

28C0000

heap

page read and write

290C000

heap

page read and write

2930000

heap

page read and write

263A000

stack

page read and write

2923000

heap

page read and write

2927000

heap

page read and write

292F000

heap

page read and write

342000

unkown

page write copy

2927000

heap

page read and write

2907000

heap

page read and write

4384000

heap

page read and write

343000

unkown

page readonly

27B0000

heap

page read and write

2A70000

heap

page read and write

292F000

heap

page read and write

2942000

heap

page read and write

331000

unkown

page execute read

330000

unkown

page readonly

2933000

heap

page read and write

28FB000

heap

page read and write

27FE000

stack

page read and write

293C000

heap

page read and write

4380000

heap

page read and write

2923000

heap

page read and write

2927000

heap

page read and write

2937000

heap

page read and write

2A4F000

stack

page read and write

28FD000

heap

page read and write

2933000

heap

page read and write

2933000

heap

page read and write

There are 52 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
skZwfU6wMR.exe

Processes

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportskZwfU6wMR.exe

Processes

Memdumps

IOC Report
skZwfU6wMR.exe