Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\file.exe

"C:\Users\user\Desktop\file.exe"

Details

Is windows:	false
Is dropped:	false
PID:	3556
Target ID:	0
Parent PID:	1028
Name:	file.exe
Path:	C:\Users\user\Desktop\file.exe
Commandline:	"C:\Users\user\Desktop\file.exe"
Size:	3653120
MD5:	D51EB63974474A6E7547C8F3EE8F5C93
Time:	18:04:56
Date:	30/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff6d1a10000
Modulesize:	5824512
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Machine Learning detection for sample	AV Detection
PE file contains sections with non-standard names	Data Obfuscation
Sample file is different than original file name gathered from version info	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file has a big raw section	System Summary
PE file has a high image base, often used for DLLs	System Summary
Submission file is bigger than most known malware samples	System Summary

URLs

Name

Malicious

http://193.169.105.15:3000/download/seyhhdBuild.exeC:

unknown

Memdumps

Base Address

Regiontype

Protect

Malicious

7FF6D1C21000

unkown

page execute read

3BE99FE000

stack

page read and write

1A3BBB30000

heap

page read and write

1A3BB962000

heap

page read and write

7FF6D1A21000

unkown

page execute read

1A3BBA20000

trusted library allocation

page read and write

7FF6D1A10000

unkown

page readonly

7FF6D1A10000

unkown

page readonly

1A3BB952000

heap

page read and write

7FF6D1C20000

unkown

page read and write

3BE956B000

stack

page read and write

1A3BB958000

heap

page read and write

7FF6D1A20000

unkown

page readonly

1A3BBA64000

heap

page read and write

7FF6D1A5B000

unkown

page execute read

1A3BB963000

heap

page read and write

1A3BB7B0000

heap

page read and write

3BE98FE000

stack

page read and write

7FF6D1F9B000

unkown

page readonly

1A3BB92C000

heap

page read and write

1A3BB8B0000

heap

page read and write

1A3BB890000

heap

page read and write

1A3BB8E0000

heap

page read and write

1A3BB920000

heap

page read and write

1A3BB900000

trusted library allocation

page read and write

1A3BB952000

heap

page read and write

7FF6D1A55000

unkown

page read and write

1A3BB950000

heap

page read and write

7FF6D1A11000

unkown

page execute read

7FF6D1A1B000

unkown

page readonly

7FF6D1C21000

unkown

page execute read

7FF6D1F9B000

unkown

page readonly

1A3BBA60000

heap

page read and write

7FF6D1A1F000

unkown

page read and write

1A3BBB20000

heap

page read and write

There are 25 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
file.exe

Processes

URLs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportfile.exe

Processes

URLs

Memdumps

IOC Report
file.exe