Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\51FZ8pgLbe.exe

"C:\Users\user\Desktop\51FZ8pgLbe.exe"

Details

Is windows:	false
Is dropped:	false
PID:	6976
Target ID:	0
Parent PID:	2580
Name:	51FZ8pgLbe.exe
Path:	C:\Users\user\Desktop\51FZ8pgLbe.exe
Commandline:	"C:\Users\user\Desktop\51FZ8pgLbe.exe"
Size:	3218944
MD5:	9C29717F4D12C30226F5F0FB1BD13FE5
Time:	07:51:56
Date:	26/12/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x530000
Modulesize:	3272704
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
PE file contains an invalid checksum	Data Obfuscation
Sample file is different than original file name gathered from version info	System Summary
Sigma detected: Communication To Uncommon Destination Ports	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
PE file contains a valid data directory to section mapping	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file imports many functions	System Summary
PE file has a big raw section	System Summary
PE file has a big code size	System Summary
Submission file is bigger than most known malware samples	System Summary

IPs

Domain

Country

Malicious

116.198.232.205

unknown

China

Details

IP:	116.198.232.205
TargetID:	0
Current Path:	C:\Users\user\Desktop\51FZ8pgLbe.exe
Country:	China
Countrycode:	CHN
ASN number:	137699
ASN name:	CHINATELECOM-JIANGSU-SUQIAN-IDCCHINATELECOMJiangsuSuqian
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Sigma detected: Communication To Uncommon Destination Ports	System Summary
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

32CF000

stack

page read and write

110A000

heap

page read and write

823000

unkown

page readonly

1100000

heap

page read and write

6A8000

unkown

page read and write

F05000

heap

page read and write

820000

unkown

page readonly

2BF0000

heap

page read and write

1140000

heap

page read and write

2B20000

heap

page read and write

104F000

stack

page read and write

530000

unkown

page readonly

2DF7000

heap

page read and write

531000

unkown

page execute read

C3B000

stack

page read and write

820000

unkown

page readonly

2AA0000

heap

page read and write

530000

unkown

page readonly

65A000

unkown

page readonly

33CF000

stack

page read and write

110E000

heap

page read and write

E80000

heap

page read and write

10F0000

heap

page read and write

2B0D000

stack

page read and write

2EC0000

heap

page read and write

2DED000

stack

page read and write

6A0000

unkown

page read and write

2FCF000

stack

page read and write

2E7E000

stack

page read and write

2DF4000

heap

page read and write

6A0000

unkown

page write copy

30CF000

stack

page read and write

F00000

heap

page read and write

2B23000

heap

page read and write

F4E000

unkown

page read and write

6B1000

unkown

page readonly

531000

unkown

page execute read

823000

unkown

page readonly

2AB0000

heap

page read and write

65A000

unkown

page readonly

D3C000

stack

page read and write

2B60000

heap

page read and write

2DF0000

heap

page read and write

123E000

stack

page read and write

2E3E000

stack

page read and write

6B1000

unkown

page readonly

127E000

stack

page read and write

DA0000

heap

page read and write

There are 38 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
51FZ8pgLbe.exe

Processes

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report51FZ8pgLbe.exe

Processes

IPs

Memdumps

IOC Report
51FZ8pgLbe.exe