Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\Login_msifar.txt.exe

"C:\Users\user\Desktop\Login_msifar.txt.exe"

Details

Is windows:	false
Is dropped:	false
PID:	3560
Target ID:	0
Parent PID:	1028
Name:	Login_msifar.txt.exe
Path:	C:\Users\user\Desktop\Login_msifar.txt.exe
Commandline:	"C:\Users\user\Desktop\Login_msifar.txt.exe"
Size:	978432
MD5:	13DD101017041158BE942E586719CDF1
Time:	10:19:14
Date:	24/12/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	1003520
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Suspicious Double Extension File Execution	System Summary
Uses an obfuscated file name to hide its real file extension (double extension)	Hooking and other Techniques for Hiding and Protection	Masquerading Obfuscated Files or Information
PE file contains executable resources (Code or Archives)	System Summary
Uses 32bit PE files	Compliance, System Summary
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery
PE file has an executable .text section and no other executable section	System Summary
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
URLs found in memory or binary data	Networking
PE file contains a debug data directory	System Summary

URLs

Name

Malicious

https://autohotkey.com

unknown

https://autohotkey.comCould

unknown

Memdumps

Base Address

Regiontype

Protect

Malicious

AD4000

heap

page read and write

AC1000

heap

page read and write

4B8000

unkown

page readonly

9C0000

heap

page read and write

4B8000

unkown

page readonly

A98000

heap

page read and write

4CE000

unkown

page readonly

A60000

trusted library section

page read and write

2B90000

heap

page read and write

401000

unkown

page execute read

4CE000

unkown

page readonly

AD1000

heap

page read and write

4E2000

unkown

page read and write

ADA000

heap

page read and write

9B0000

heap

page read and write

AFA000

heap

page read and write

A90000

heap

page read and write

8EF000

stack

page read and write

4EC000

unkown

page readonly

AD3000

heap

page read and write

ADD000

heap

page read and write

110000

heap

page read and write

8E6000

stack

page read and write

4EC000

unkown

page readonly

ADC000

heap

page read and write

401000

unkown

page execute read

1F0000

heap

page read and write

9C4000

heap

page read and write

8FC000

stack

page read and write

400000

unkown

page readonly

4E4000

unkown

page read and write

1570000

heap

page read and write

4E2000

unkown

page write copy

A50000

trusted library section

page read and write

A70000

trusted library section

page read and write

9A000

stack

page read and write

4E7000

unkown

page read and write

1578000

heap

page read and write

4E6000

unkown

page write copy

8DF000

stack

page read and write

4E3000

unkown

page write copy

8CE000

stack

page read and write

D0000

heap

page read and write

ADC000

heap

page read and write

1530000

heap

page read and write

400000

unkown

page readonly

There are 36 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
Login_msifar.txt.exe

Processes

URLs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportLogin_msifar.txt.exe

Processes

URLs

Memdumps

IOC Report
Login_msifar.txt.exe