Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\OVERDUE SOA.exe

"C:\Users\user\Desktop\OVERDUE SOA.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7644
Target ID:	0
Parent PID:	4084
Name:	OVERDUE SOA.exe
Path:	C:\Users\user\Desktop\OVERDUE SOA.exe
Commandline:	"C:\Users\user\Desktop\OVERDUE SOA.exe"
Size:	1363445
MD5:	D84AE7497316EEE6D5DBE3BFE559224F
Time:	22:31:02
Date:	26/09/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	741376
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
PE file contains an invalid checksum	Data Obfuscation
Sample file is different than original file name gathered from version info	System Summary
Sigma detected: Uncommon Svchost Parent Process	System Summary
Uses 32bit PE files	Compliance, System Summary
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
Sigma detected: Windows Processes Suspicious Parent Directory	System Summary
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Windows\SysWOW64\svchost.exe

"C:\Users\user\Desktop\OVERDUE SOA.exe"

Details

Is windows:	true
Is dropped:	false
PID:	7740
Target ID:	2
Parent PID:	7644
Name:	svchost.exe
Path:	C:\Windows\SysWOW64\svchost.exe
Commandline:	"C:\Users\user\Desktop\OVERDUE SOA.exe"
Size:	46504
MD5:	1ED18311E3DA35942DB37D15FA40CC5B
Time:	22:31:06
Date:	26/09/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7d0000
Modulesize:	53248
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Yara detected FormBook	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Sigma detected: Uncommon Svchost Parent Process	System Summary
Sigma detected: Windows Processes Suspicious Parent Directory	System Summary
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

Memdumps

Base Address

Regiontype

Protect

Malicious

2E00000

direct allocation

page read and write

400000

system

page execute and read and write

4449000

heap

page read and write

406B000

heap

page read and write

4575000

heap

page read and write

2813000

heap

page read and write

4057000

heap

page read and write

406B000

heap

page read and write

4AB000

unkown

page readonly

4072000

heap

page read and write

406B000

heap

page read and write

2813000

heap

page read and write

444B000

heap

page read and write

319E000

direct allocation

page execute and read and write

2A17000

heap

page read and write

490000

unkown

page write copy

406B000

heap

page read and write

406B000

heap

page read and write

406B000

heap

page read and write

406B000

heap

page read and write

406B000

heap

page read and write

4445000

heap

page read and write

4057000

heap

page read and write

406B000

heap

page read and write

406B000

heap

page read and write

3FEB000

heap

page read and write

4443000

heap

page read and write

44DF000

heap

page read and write

45E0000

direct allocation

page read and write

4440000

heap

page read and write

406B000

heap

page read and write

406B000

heap

page read and write

43F0000

direct allocation

page read and write

2F2D000

heap

page read and write

406B000

heap

page read and write

44E0000

heap

page read and write

406B000

heap

page read and write

44E7000

heap

page read and write

4073000

heap

page read and write

32CD000

direct allocation

page execute and read and write

44EF000

heap

page read and write

44E1000

heap

page read and write

4590000

direct allocation

page read and write

406B000

heap

page read and write

406B000

heap

page read and write

540000

direct allocation

page read and write

406B000

heap

page read and write

44E4000

heap

page read and write

46BD000

direct allocation

page read and write

2813000

heap

page read and write

46B9000

direct allocation

page read and write

4449000

heap

page read and write

406B000

heap

page read and write

406B000

heap

page read and write

406B000

heap

page read and write

406B000

heap

page read and write

472E000

direct allocation

page read and write

44E8000

heap

page read and write

2A05000

heap

page read and write

406B000

heap

page read and write

3FEB000

heap

page read and write

44E0000

heap

page read and write

4441000

heap

page read and write

406B000

heap

page read and write

406B000

heap

page read and write

4448000

heap

page read and write

4440000

direct allocation

page read and write

444D000

heap

page read and write

1B0000

heap

page read and write

444C000

heap

page read and write

17C000

stack

page read and write

67F000

stack

page read and write

312D000

direct allocation

page execute and read and write

2813000

heap

page read and write

44E5000

heap

page read and write

44EC000

heap

page read and write

406B000

heap

page read and write

44EC000

heap

page read and write

40B3000

heap

page read and write

2813000

heap

page read and write

44EB000

heap

page read and write

44EA000

heap

page read and write

13D000

stack

page read and write

44ED000

heap

page read and write

406B000

heap

page read and write

406B000

heap

page read and write

2A05000

heap

page read and write

470D000

direct allocation

page read and write

2813000

heap

page read and write

46B9000

direct allocation

page read and write

406B000

heap

page read and write

406B000

heap

page read and write

2800000

heap

page read and write

406B000

heap

page read and write

457F000

heap

page read and write

2F9E000

heap

page read and write

444B000

heap

page read and write

4063000

heap

page read and write

3000000

direct allocation

page execute and read and write

444D000

heap

page read and write

477E000

direct allocation

page read and write

406B000

heap

page read and write

400000

unkown

page readonly

44EF000

heap

page read and write

406B000

heap

page read and write

444D000

heap

page read and write

44DC000

heap

page read and write

4445000

heap

page read and write

44EC000

heap

page read and write

44E2000

heap

page read and write

406B000

heap

page read and write

406B000

heap

page read and write

406B000

heap

page read and write

44E8000

heap

page read and write

32D1000

direct allocation

page execute and read and write

44E9000

heap

page read and write

4449000

heap

page read and write

406B000

heap

page read and write

401000

unkown

page execute read

406B000

heap

page read and write

3FEB000

heap

page read and write

2A17000

heap

page read and write

406B000

heap

page read and write

4445000

heap

page read and write

40DD000

heap

page read and write

406B000

heap

page read and write

4513000

direct allocation

page read and write

406B000

heap

page read and write

406B000

heap

page read and write

3342000

direct allocation

page execute and read and write

406B000

heap

page read and write

2802000

heap

page read and write

43F0000

direct allocation

page read and write

406B000

heap

page read and write

2813000

heap

page read and write

406B000

heap

page read and write

44E1000

heap

page read and write

46BD000

direct allocation

page read and write

2D23000

heap

page read and write

406B000

heap

page read and write

444F000

heap

page read and write

4440000

direct allocation

page read and write

2813000

heap

page read and write

444F000

heap

page read and write

406B000

heap

page read and write

2813000

heap

page read and write

4440000

direct allocation

page read and write

4443000

heap

page read and write

4709000

direct allocation

page read and write

44D9000

heap

page read and write

44E5000

heap

page read and write

470D000

direct allocation

page read and write

406B000

heap

page read and write

444F000

heap

page read and write

44E7000

heap

page read and write

406B000

heap

page read and write

3129000

direct allocation

page execute and read and write

2813000

heap

page read and write

2813000

heap

page read and write

2813000

heap

page read and write

406B000

heap

page read and write

406B000

heap

page read and write

406B000

heap

page read and write

2813000

heap

page read and write

482000

unkown

page readonly

406B000

heap

page read and write

4513000

direct allocation

page read and write

4448000

heap

page read and write

7BF000

stack

page read and write

4440000

heap

page read and write

44EC000

heap

page read and write

4446000

heap

page read and write

456B000

heap

page read and write

4447000

heap

page read and write

44D0000

heap

page read and write

4442000

heap

page read and write

4446000

heap

page read and write

6BE000

stack

page read and write

406B000

heap

page read and write

4709000

direct allocation

page read and write

406B000

heap

page read and write

406B000

heap

page read and write

2813000

heap

page read and write

40BB000

heap

page read and write

2813000

heap

page read and write

4442000

heap

page read and write

406B000

heap

page read and write

44E5000

heap

page read and write

2A12000

heap

page read and write

4445000

heap

page read and write

444E000

heap

page read and write

2813000

heap

page read and write

2813000

heap

page read and write

2E00000

heap

page read and write

46B9000

direct allocation

page read and write

450000

heap

page read and write

2A00000

heap

page read and write

406B000

heap

page read and write

4444000

heap

page read and write

2B01000

heap

page read and write

406B000

heap

page read and write

2F73000

heap

page read and write

406B000

heap

page read and write

477E000

direct allocation

page read and write

44DB000

heap

page read and write

44E9000

heap

page read and write

44EE000

heap

page read and write

444F000

heap

page read and write

2813000

heap

page read and write

4449000

heap

page read and write

406B000

heap

page read and write

406B000

heap

page read and write

530000

heap

page read and write

44DB000

heap

page read and write

2813000

heap

page read and write

43A3000

heap

page read and write

406B000

heap

page read and write

406B000

heap

page read and write

2813000

heap

page read and write

4447000

heap

page read and write

406B000

heap

page read and write

2813000

heap

page read and write

406B000

heap

page read and write

3FEB000

heap

page read and write

406B000

heap

page read and write

2813000

heap

page read and write

2FFE000

heap

page read and write

456E000

heap

page read and write

2E50000

direct allocation

page read and write

406B000

heap

page read and write

406B000

heap

page read and write

444C000

heap

page read and write

444D000

heap

page read and write

406B000

heap

page read and write

4590000

direct allocation

page read and write

406B000

heap

page read and write

2E34000

heap

page read and write

2E50000

direct allocation

page read and write

2813000

heap

page read and write

406B000

heap

page read and write

3FEB000

heap

page read and write

3FFB000

heap

page read and write

2F29000

heap

page read and write

44ED000

heap

page read and write

44D7000

heap

page read and write

406B000

heap

page read and write

44E6000

heap

page read and write

406B000

heap

page read and write

406B000

heap

page read and write

4575000

heap

page read and write

406B000

heap

page read and write

44E8000

heap

page read and write

57E000

stack

page read and write

406B000

heap

page read and write

44EB000

heap

page read and write

406B000

heap

page read and write

406C000

heap

page read and write

43A7000

heap

page read and write

2813000

heap

page read and write

4447000

heap

page read and write

2813000

heap

page read and write

4444000

heap

page read and write

4448000

heap

page read and write

406B000

heap

page read and write

2813000

heap

page read and write

44EC000

heap

page read and write

406B000

heap

page read and write

2813000

heap

page read and write

4442000

heap

page read and write

444A000

heap

page read and write

472E000

direct allocation

page read and write

406B000

heap

page read and write

4442000

heap

page read and write

406B000

heap

page read and write

406B000

heap

page read and write

406B000

heap

page read and write

472E000

direct allocation

page read and write

406B000

heap

page read and write

2C01000

heap

page read and write

44D8000

heap

page read and write

4563000

direct allocation

page read and write

44D0000

heap

page read and write

406B000

heap

page read and write

457B000

heap

page read and write

406B000

heap

page read and write

406B000

heap

page read and write

44D8000

heap

page read and write

43F0000

direct allocation

page read and write

406B000

heap

page read and write

44ED000

heap

page read and write

1D0000

heap

page read and write

4443000

heap

page read and write

406B000

heap

page read and write

406B000

heap

page read and write

2E50000

direct allocation

page read and write

44EA000

heap

page read and write

2813000

heap

page read and write

457A000

heap

page read and write

2E50000

direct allocation

page read and write

444F000

heap

page read and write

4445000

heap

page read and write

4590000

direct allocation

page read and write

406B000

heap

page read and write

44E7000

heap

page read and write

406B000

heap

page read and write

44E1000

heap

page read and write

4445000

heap

page read and write

406B000

heap

page read and write

45E0000

direct allocation

page read and write

44EB000

heap

page read and write

46BD000

direct allocation

page read and write

4513000

direct allocation

page read and write

2C00000

heap

page read and write

406B000

heap

page read and write

444F000

heap

page read and write

4444000

heap

page read and write

40DE000

heap

page read and write

44EC000

heap

page read and write

2E50000

direct allocation

page read and write

406B000

heap

page read and write

406B000

heap

page read and write

4563000

direct allocation

page read and write

406B000

heap

page read and write

406B000

heap

page read and write

406B000

heap

page read and write

2E50000

direct allocation

page read and write

There are 316 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
OVERDUE SOA.exe

Files

Processes

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportOVERDUE SOA.exe

Files

Processes

Memdumps

IOC Report
OVERDUE SOA.exe