Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.45.17732.20664.exe

"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.45.17732.20664.exe"

Details

Is windows:	false
Is dropped:	false
PID:	2132
Target ID:	0
Parent PID:	1028
Name:	SecuriteInfo.com.Trojan.DownloaderNET.45.17732.20664.exe
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.45.17732.20664.exe
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.45.17732.20664.exe"
Size:	139264
MD5:	422BD6B228BC054BD1C22DE49F706A0F
Time:	14:36:10
Date:	28/09/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff6e1210000
Modulesize:	290816
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Sample file is different than original file name gathered from version info	System Summary
Sample is known by Antivirus	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file has a high image base, often used for DLLs	System Summary

IPs

Domain

Country

Malicious

219.150.121.100

unknown

China

Details

IP:	219.150.121.100
TargetID:	0
Current Path:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownloaderNET.45.17732.20664.exe
Country:	China
Countrycode:	CHN
ASN number:	4134
ASN name:	CHINANET-BACKBONENo31Jin-rongStreetCN
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

25959550000

direct allocation

page execute and read and write

7FF6E1235000

unkown

page execute and write copy

7FF6E1242000

unkown

page execute and write copy

7FF6E1210000

unkown

page readonly

999472D000

stack

page read and write

259596C0000

trusted library allocation

page read and write

25959569000

heap

page read and write

7FF6E1243000

unkown

page write copy

25959660000

heap

page read and write

25959560000

heap

page read and write

7FF6E1243000

unkown

page read and write

7FF6E1211000

unkown

page execute and read and write

259596A0000

heap

page read and write

7FF6E123B000

unkown

page execute and read and write

9994CFD000

stack

page read and write

7FF6E1241000

unkown

page execute and read and write

25959470000

heap

page read and write

25959690000

heap

page read and write

25959550000

trusted library allocation

page read and write

7FF6E1210000

unkown

page readonly

There are 10 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
SecuriteInfo.com.Trojan.DownloaderNET.45.17732.20664.exe

Processes

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportSecuriteInfo.com.Trojan.DownloaderNET.45.17732.20664.exe

Processes

IPs

Memdumps

IOC Report
SecuriteInfo.com.Trojan.DownloaderNET.45.17732.20664.exe