Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\8xfH5IUIWU.exe

"C:\Users\user\Desktop\8xfH5IUIWU.exe"

Details

Is windows:	false
Is dropped:	false
PID:	2124
Target ID:	0
Parent PID:	1028
Name:	8xfH5IUIWU.exe
Path:	C:\Users\user\Desktop\8xfH5IUIWU.exe
Commandline:	"C:\Users\user\Desktop\8xfH5IUIWU.exe"
Size:	3241472
MD5:	A2C74B5AAD6F1E7DC6B11A61C5AE2C46
Time:	15:09:56
Date:	31/08/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7a7440000
Modulesize:	15147008
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Detected unpacking (changes PE section rights)	Data Obfuscation	Software Packing
Machine Learning detection for sample	AV Detection
PE file has nameless sections	System Summary
PE file contains an invalid checksum	Data Obfuscation
PE file contains more sections than normal	System Summary
PE file contains sections with non-standard names	Data Obfuscation
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011)	System Summary	Software Packing
Sample reads its own file content	System Summary
URLs found in memory or binary data	Networking
PE file has a big raw section	System Summary
PE file has a high image base, often used for DLLs	System Summary
Submission file is bigger than most known malware samples	System Summary

URLs

Name

Malicious

https://gcc.gnu.org/bugs/):

unknown

https://enigmaprotector.com/taggant/spv.crl0

unknown

https://enigmaprotector.com/taggant/user.crl0

unknown

Memdumps

Base Address

Regiontype

Protect

Malicious

E5349FE000

stack

page read and write

7FF7A7474000

unkown

page readonly

1F37AA6C000

heap

page read and write

7FF7A746C000

unkown

page readonly

1F37A8C0000

heap

page read and write

1F37A860000

trusted library allocation

page read and write

7FF7A7440000

unkown

page readonly

7FF7A7474000

unkown

page execute and write copy

7FF7A7954000

unkown

page execute and read and write

E531DFF000

stack

page read and write

E5319FE000

stack

page read and write

7FF7A7464000

unkown

page execute and write copy

1F37AE80000

heap

page read and write

7FF7A7475000

unkown

page execute and read and write

1F37A68B000

heap

page read and write

E5355FE000

stack

page read and write

7FF7A746C000

unkown

page execute and write copy

1F378A60000

heap

page read and write

1F37B2B6000

heap

page read and write

1F37A580000

heap

page read and write

7FF7A7D2C000

unkown

page execute and read and write

7FF483210000

direct allocation

page execute and read and write

7FF7A7828000

unkown

page execute and read and write

E5341FF000

stack

page read and write

E5335FF000

stack

page read and write

1F37A7C0000

heap

page read and write

7FF7A7441000

unkown

page execute read

1F37A630000

heap

page read and write

7FF8C7240000

direct allocation

page execute and read and write

1F37B2A0000

trusted library allocation

page read and write

1F378AC5000

heap

page read and write

1F378AC0000

heap

page read and write

1F378B0C000

heap

page read and write

7FF7A746F000

unkown

page read and write

7FF7A7470000

unkown

page execute and write copy

1F378B00000

heap

page read and write

7FF7A7441000

unkown

page execute and write copy

1F37A8D0000

heap

page read and write

E5359FE000

stack

page read and write

7FF7A7462000

unkown

page read and write

1F37A699000

heap

page read and write

1F37A6C3000

heap

page read and write

1F37A9A2000

heap

page read and write

E5361FF000

stack

page read and write

7FF7A7462000

unkown

page execute and write copy

7FF7A7464000

unkown

page readonly

1F37A5A0000

heap

page read and write

7FF7A7FF3000

unkown

page execute and write copy

1F37AEEB000

heap

page read and write

E5329FF000

stack

page read and write

1F378A90000

heap

page read and write

1F37A860000

trusted library allocation

page read and write

E5339FE000

stack

page read and write

7FF7A7FF3000

unkown

page execute and read and write

7FF7A7FF0000

unkown

page execute and write copy

1F37A860000

trusted library allocation

page read and write

E5315F8000

stack

page read and write

E535DFF000

stack

page read and write

1F37AF23000

heap

page read and write

E532DFF000

stack

page read and write

1F37A9E4000

heap

page read and write

E5351FE000

stack

page read and write

1F378B06000

heap

page read and write

1F37AF0E000

heap

page read and write

E5365FE000

stack

page read and write

E5321FF000

stack

page read and write

1F37A5B0000

heap

page read and write

7FF7A77EA000

unkown

page execute and read and write

7FF7A7440000

unkown

page readonly

E5345FF000

stack

page read and write

E533DFF000

stack

page read and write

7FF7A7851000

unkown

page execute and read and write

7FF7A77FE000

unkown

page execute and read and write

7FF7A77FA000

unkown

page execute and read and write

1F37A6C0000

heap

page read and write

1F37A860000

trusted library allocation

page read and write

E5325FE000

stack

page read and write

E5331FF000

stack

page read and write

1F37A8B0000

heap

page read and write

1F37A940000

heap

page read and write

E534DFE000

stack

page read and write

1F378A50000

heap

page read and write

There are 72 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
8xfH5IUIWU.exe

Processes

URLs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report8xfH5IUIWU.exe

Processes

URLs

Memdumps

IOC Report
8xfH5IUIWU.exe