IOC Report
Yu4oufkUC8.exe

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\Yu4oufkUC8.exe

"C:\Users\user\Desktop\Yu4oufkUC8.exe"

Details

Is windows:	false
Is dropped:	false
PID:	5640
Target ID:	0
Parent PID:	4084
Name:	Yu4oufkUC8.exe
Path:	C:\Users\user\Desktop\Yu4oufkUC8.exe
Commandline:	"C:\Users\user\Desktop\Yu4oufkUC8.exe"
Size:	454452
MD5:	A15F95B58098883533E018A0F90564BB
Time:	02:37:02
Date:	27/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xf30000
Modulesize:	98304
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
PE file contains an invalid checksum	Data Obfuscation
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a mix of data directories often seen in goodware	System Summary

Memdumps

Base Address

Regiontype

Protect

Malicious

331B000

heap

page read and write

3334000

heap

page read and write

3280000

heap

page read and write

4F34000

heap

page read and write

36D0000

heap

page read and write

3290000

heap

page read and write

330C000

heap

page read and write

3341000

heap

page read and write

34EE000

stack

page read and write

3300000

heap

page read and write

3340000

heap

page read and write

3340000

heap

page read and write

3317000

heap

page read and write

3301000

heap

page read and write

334C000

heap

page read and write

35BE000

stack

page read and write

3340000

heap

page read and write

3334000

heap

page read and write

331C000

heap

page read and write

F30000

unkown

page readonly

3340000

heap

page read and write

357E000

stack

page read and write

330E000

heap

page read and write

34F0000

heap

page read and write

3340000

heap

page read and write

330B000

heap

page read and write

323C000

stack

page read and write

3344000

heap

page read and write

3316000

heap

page read and write

3344000

heap

page read and write

32E0000

heap

page read and write

F30000

unkown

page readonly

3347000

heap

page read and write

F31000

unkown

page execute read

F43000

unkown

page readonly

3307000

heap

page read and write

3341000

heap

page read and write

F42000

unkown

page write copy

3320000

heap

page read and write

32DE000

stack

page read and write

3334000

heap

page read and write

353E000

stack

page read and write

F42000

unkown

page read and write

3340000

heap

page read and write

35FF000

stack

page read and write

4F00000

heap

page read and write

5040000

heap

page read and write

3342000

heap

page read and write

3338000

heap

page read and write

F43000

unkown

page readonly

3338000

heap

page read and write

F31000

unkown

page execute read

3334000

heap

page read and write

3338000

heap

page read and write

3338000

heap

page read and write

3309000

heap

page read and write

3334000

heap

page read and write

2FDA000

stack

page read and write

3307000

heap

page read and write

3344000

heap

page read and write

330B000

heap

page read and write

3338000

heap

page read and write

3338000

heap

page read and write

32E8000

heap

page read and write

3352000

heap

page read and write

4F30000

heap

page read and write

331D000

heap

page read and write

There are 57 hidden memdumps, click here to show them.