IOC Report
file.exe

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\file.exe

"C:\Users\user\Desktop\file.exe"

Details

Is windows:	false
Is dropped:	false
PID:	6136
Target ID:	0
Parent PID:	1028
Name:	file.exe
Path:	C:\Users\user\Desktop\file.exe
Commandline:	"C:\Users\user\Desktop\file.exe"
Size:	5800616
MD5:	33B62D366AC20DE98DEDFAF74B4AFEFC
Time:	12:18:53
Date:	27/08/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x140000000
Modulesize:	2387968
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Machine Learning detection for sample	AV Detection
Sample reads its own file content	System Summary
URLs found in memory or binary data	Networking
Submission file is bigger than most known malware samples	System Summary

URLs

Name

IP

Malicious

http://aia.entrust.net/ts1-chain256.cer01

unknown

https://gcc.gnu.org/bugs/):

unknown

http://crl.entrust.net/ts1ca.crl0

unknown

http://ocsp.entrust.net03

unknown

http://ocsp.entrust.net02

unknown

http://www.entrust.net/rpa03

unknown

http://crl.entrust.net/2048ca.crl0

unknown

https://www.entrust.net/rpa0

unknown

Memdumps

Base Address

Regiontype

Protect

Malicious

7FF848A50000

direct allocation

page execute and read and write

1A5000

heap

page read and write

140000000

unkown

page readonly

F2F000

stack

page read and write

9E7000

heap

page read and write

14023A000

unkown

page execute and write copy

7F8000

stack

page read and write

140020000

unkown

page read and write

936000

heap

page read and write

90000

heap

page read and write

9D8000

heap

page read and write

140194000

unkown

page execute and write copy

14002D000

unkown

page read and write

1400FE000

unkown

page readonly

1A0000

heap

page read and write

9B8000

heap

page read and write

14023A000

unkown

page execute and write copy

9D8000

heap

page read and write

140054000

unkown

page execute read

140021000

unkown

page readonly

140001000

unkown

page execute read

9DB000

heap

page read and write

140205000

unkown

page execute and write copy

9BC000

heap

page read and write

140031000

unkown

page execute read

140205000

unkown

page execute and read and write

140235000

unkown

page execute and write copy

826000

heap

page read and write

93C000

heap

page read and write

9E2000

heap

page read and write

170000

heap

page read and write

9B8000

heap

page read and write

936000

heap

page read and write

140194000

unkown

page execute and write copy

9D8000

heap

page read and write

9C2000

heap

page read and write

1B0000

heap

page read and write

1E0000

heap

page read and write

140054000

unkown

page execute read

930000

heap

page read and write

140234000

unkown

page execute and write copy

971000

heap

page read and write

140230000

unkown

page execute and read and write

93C000

heap

page read and write

140000000

unkown

page readonly

14020C000

unkown

page execute and write copy

140234000

unkown

page execute and read and write

1400FE000

unkown

page readonly

132E000

stack

page read and write

There are 39 hidden memdumps, click here to show them.