Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\8NU1qpOatQ.exe

"C:\Users\user\Desktop\8NU1qpOatQ.exe"

Details

Is windows:	false
Is dropped:	false
PID:	3676
Target ID:	0
Parent PID:	4084
Name:	8NU1qpOatQ.exe
Path:	C:\Users\user\Desktop\8NU1qpOatQ.exe
Commandline:	"C:\Users\user\Desktop\8NU1qpOatQ.exe"
Size:	749408
MD5:	A0C776661815D65A51C4D4C7DA408F4D
Time:	10:56:21
Date:	01/11/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff753400000
Modulesize:	736256
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
PE file contains an invalid checksum	Data Obfuscation
PE file contains sections with non-standard names	Data Obfuscation
Sample file is different than original file name gathered from version info	System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
URLs found in memory or binary data	Networking
PE file contains a valid data directory to section mapping	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE / OLE file has a valid certificate	Compliance, System Summary
PE file has a high image base, often used for DLLs	System Summary

URLs

Name

Malicious

https://cloudnetworkverify.com/

unknown

https://cloudnetworkverify.com/RouteHelper.dll

unknown

https://cloudnetworkverify.com/MI

unknown

https://cloudnetworkverify.com/lH

unknown

https://cloudnetworkverify.com/windows/verify

unknown

https://cloudnetworkverify.com/windows/verifyc94s

unknown

https://cloudnetworkverify.com/ll

unknown

https://cloudnetworkverify.com/windows/verify_

unknown

https://cloudnetworkverify.com/windows/verifyed

unknown

https://cloudnetworkverify.com/windows/verifyn

unknown

https://cloudnetworkverify.com/CS4/Dc

unknown

There are 1 hidden URLs, click here to show them.

Domains

Name

Malicious

cloudnetworkverify.com

unknown

Details

Name:	cloudnetworkverify.com
TargetID:	-1

Signature Hits	Behavior Group	Mitre Attack
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)	Networking
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

1E3FD881000

heap

page read and write

7FF753400000

unkown

page execute and write copy

1E3FD38E000

heap

page read and write

7FF753400000

unkown

page execute and write copy

1E3FBAFD000

heap

page read and write

7FF7534B2000

unkown

page execute and write copy

1E3FD917000

heap

page read and write

1E3FBB03000

heap

page read and write

1E3FD8F6000

heap

page read and write

1E3FD3C0000

heap

page read and write

1E3FBB05000

heap

page read and write

1E3FBA98000

heap

page read and write

7FF75345A000

unkown

page execute and read and write

B1B92FB000

stack

page read and write

7FF753497000

unkown

page execute and write copy

1E3FD3C5000

heap

page read and write

1E3FBB90000

heap

page read and write

1E3FD8FD000

heap

page read and write

7FF753481000

unkown

page execute and write copy

7FF753497000

unkown

page execute and write copy

7FF75347D000

unkown

page execute and write copy

B1B91FF000

stack

page read and write

7FF7534B2000

unkown

page execute and write copy

1E3FD530000

heap

page read and write

1E3FBB41000

heap

page read and write

1E3FBAEE000

heap

page read and write

1E3FBB3C000

heap

page read and write

7FF75348D000

unkown

page execute and write copy

1E3FBB6E000

heap

page read and write

1E3FD397000

heap

page read and write

7FF753447000

unkown

page execute and read and write

1E3FD90D000

heap

page read and write

7FF75347D000

unkown

page execute and write copy

7FF753481000

unkown

page execute and write copy

1E3FBB7A000

heap

page read and write

1E3FBB73000

heap

page read and write

1E3FD350000

heap

page read and write

1E3FD3BB000

heap

page read and write

B1B95FF000

stack

page read and write

1E3FBAAA000

heap

page read and write

1E3FD535000

heap

page read and write

1E3FD932000

heap

page read and write

1E3FD380000

heap

page read and write

B1B93FD000

stack

page read and write

B1B94FF000

stack

page read and write

1E3FBB48000

heap

page read and write

7FF753476000

unkown

page execute and write copy

B1B8FFF000

stack

page read and write

7FF75348D000

unkown

page execute and write copy

1E3FBB7E000

heap

page read and write

7FF75345D000

unkown

page execute and write copy

1E3FD8DD000

heap

page read and write

1E3FBA90000

heap

page read and write

1E3FD3A1000

heap

page read and write

B1B90FE000

stack

page read and write

B1B8EFE000

stack

page read and write

B1B8DFF000

stack

page read and write

7FF75345E000

unkown

page execute and write copy

1E3FD880000

heap

page read and write

B1B8CF6000

stack

page read and write

7FF753476000

unkown

page execute and write copy

1E3FD901000

heap

page read and write

1E3FB9A0000

heap

page read and write

7FF753448000

unkown

page execute and write copy

There are 54 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
8NU1qpOatQ.exe

Processes

URLs

Domains

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report8NU1qpOatQ.exe

Processes

URLs

Domains

Memdumps

IOC Report
8NU1qpOatQ.exe