Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\5Uvn8Uyob8.exe

"C:\Users\user\Desktop\5Uvn8Uyob8.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7496
Target ID:	0
Parent PID:	2580
Name:	5Uvn8Uyob8.exe
Path:	C:\Users\user\Desktop\5Uvn8Uyob8.exe
Commandline:	"C:\Users\user\Desktop\5Uvn8Uyob8.exe"
Size:	226256
MD5:	DB0BCC378F0895C40AD9BD5F9F7F0B11
Time:	05:45:59
Date:	31/08/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff6872e0000
Modulesize:	245760
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
PE / OLE file has an invalid certificate	System Summary
PE file contains sections with non-standard names	Data Obfuscation
Sample file is different than original file name gathered from version info	System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Spawns processes	System Summary	Process Injection
PE file contains a valid data directory to section mapping	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file has a high image base, often used for DLLs	System Summary

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	7504
Target ID:	1
Parent PID:	7496
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	05:45:59
Date:	31/08/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7699e0000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

http://code.jquery.com/

unknown

http://119.45.147.28/jquery-3.3.2.slim.min.js

http://119.45.147.28:443/jquery-3.3.2.slim.min.js

https://119.45.147.28/F

unknown

https://119.45.147.28/jquery-3.3.2.slim.min.jsi

unknown

https://119.45.147.28/jquery-3.3.2.slim.min.jsm:

unknown

http://code.jquery.com/Rs

unknown

https://119.45.147.28/jquery-3.3.2.slim.min.js

unknown

https://119.45.147.28/su

unknown

https://119.45.147.28/jquery-3.3.2.slim.min.jsd4_

unknown

https://119.45.147.28/jquery-3.3.2.slim.min.jsM

unknown

https://119.45.147.28/jquery-3.3.2.slim.min.jsY

unknown

https://119.45.147.28/query-3.3.2.slim.min.js1

unknown

https://119.45.147.28/

unknown

https://119.45.147.28/e

unknown

https://119.45.147.28/jquery-3.3.2.slim.min.jsu

unknown

There are 6 hidden URLs, click here to show them.

IPs

Domain

Country

Malicious

119.45.147.28

unknown

China

Details

IP:	119.45.147.28
TargetID:	0
Current Path:	C:\Users\user\Desktop\5Uvn8Uyob8.exe
Country:	China
Countrycode:	CHN
ASN number:	45090
ASN name:	CNNIC-TENCENT-NET-APShenzhenTencentComputerSystemsCompa
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Suricata IDS alerts with low severity for network traffic	Networking
Connects to IPs without corresponding DNS lookups	Networking
URLs found in memory or binary data	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

21DEDA70000

direct allocation

page execute read

2214F2C000

stack

page read and write

7FF687305000

unkown

page readonly

22158FE000

stack

page read and write

21DEDB09000

heap

page read and write

21DEDAF0000

heap

page read and write

7FF687308000

unkown

page readonly

2215BFD000

stack

page read and write

7FF6872FF000

unkown

page write copy

21DEF4F5000

heap

page read and write

7FF6872FF000

unkown

page write copy

22154FA000

unkown

page read and write

21DEDA30000

heap

page read and write

21DEDA20000

heap

page read and write

7FF687302000

unkown

page readonly

22157FE000

stack

page read and write

22159F8000

stack

page read and write

21DEDB0C000

heap

page read and write

7FF687302000

unkown

page readonly

21DEDB40000

heap

page read and write

2215AFD000

stack

page read and write

21DEF4C0000

remote allocation

page read and write

21DEDAF0000

heap

page read and write

21DEF4C0000

remote allocation

page read and write

21DEDAB0000

heap

page read and write

21DEDAEE000

heap

page read and write

7FF687300000

unkown

page read and write

21DEDB47000

heap

page read and write

21DEDB40000

heap

page read and write

7FF6872F5000

unkown

page readonly

7FF6872E1000

unkown

page execute read

21DEDB40000

heap

page read and write

21DEDB1C000

heap

page read and write

21DEDB2E000

heap

page read and write

21DEF4F0000

heap

page read and write

21DEDB19000

heap

page read and write

7FF6872E1000

unkown

page execute read

21DEDB2E000

heap

page read and write

7FF687305000

unkown

page readonly

7FF6872F5000

unkown

page readonly

21DEDABB000

heap

page read and write

7FF687308000

unkown

page readonly

21DEDB2E000

heap

page read and write

21DEDB40000

heap

page read and write

21DEDB19000

heap

page read and write

21DEDB1D000

heap

page read and write

7FF6872E0000

unkown

page readonly

7FF6872E0000

unkown

page readonly

21DEDB47000

heap

page read and write

21DEDA80000

heap

page read and write

21DEF4C0000

remote allocation

page read and write

21DEDB2E000

heap

page read and write

21DEDB0C000

heap

page read and write

There are 43 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
5Uvn8Uyob8.exe

Processes

URLs

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report5Uvn8Uyob8.exe

Processes

URLs

IPs

Memdumps

IOC Report
5Uvn8Uyob8.exe