Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\file.exe

"C:\Users\user\Desktop\file.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7492
Target ID:	0
Parent PID:	2580
Name:	file.exe
Path:	C:\Users\user\Desktop\file.exe
Commandline:	"C:\Users\user\Desktop\file.exe"
Size:	427008
MD5:	EFA0B9C13BDE82281933A7A8C82D7C44
Time:	20:14:57
Date:	30/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x10000
Modulesize:	450560
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

Memdumps

Base Address

Regiontype

Protect

Malicious

24C1000

trusted library allocation

page read and write

615000

heap

page read and write

B9E000

stack

page read and write

2490000

heap

page execute and read and write

10C000

stack

page read and write

640000

trusted library allocation

page read and write

12000

unkown

page readonly

667000

trusted library allocation

page execute and read and write

634000

trusted library allocation

page read and write

2388000

trusted library allocation

page read and write

620000

trusted library allocation

page read and write

830000

heap

page execute and read and write

66B000

trusted library allocation

page execute and read and write

690000

trusted library allocation

page execute and read and write

245C000

stack

page read and write

642000

trusted library allocation

page read and write

610000

heap

page read and write

24B0000

heap

page read and write

63D000

trusted library allocation

page execute and read and write

26D1000

trusted library allocation

page read and write

180000

heap

page read and write

6B8000

heap

page read and write

49F8000

stack

page read and write

82C000

stack

page read and write

890000

heap

page read and write

6DB000

heap

page read and write

6F5000

heap

page read and write

4FB000

stack

page read and write

99E000

stack

page read and write

731000

heap

page read and write

5E000

unkown

page readonly

840000

heap

page read and write

6BE000

heap

page read and write

633000

trusted library allocation

page execute and read and write

6A0000

trusted library allocation

page read and write

170000

heap

page read and write

BD0000

heap

page read and write

10000

unkown

page readonly

45BE000

stack

page read and write

6B0000

heap

page read and write

7EE000

stack

page read and write

749000

heap

page read and write

65A000

trusted library allocation

page execute and read and write

6D8000

heap

page read and write

6E5000

heap

page read and write

34C1000

trusted library allocation

page read and write

657000

trusted library allocation

page execute and read and write

860000

trusted library allocation

page read and write

1CE000

stack

page read and write

6DD000

heap

page read and write

6F3000

heap

page read and write

There are 41 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
file.exe

Processes

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportfile.exe

Processes

Memdumps

IOC Report
file.exe