Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\file.exe

"C:\Users\user\Desktop\file.exe"

Details

Is windows:	false
Is dropped:	false
PID:	6280
Target ID:	0
Parent PID:	2580
Name:	file.exe
Path:	C:\Users\user\Desktop\file.exe
Commandline:	"C:\Users\user\Desktop\file.exe"
Size:	10156848
MD5:	9D958B1B7187937C564F3A9E1C2F3541
Time:	19:06:49
Date:	28/09/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x140000000
Modulesize:	31391744
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
PE file contains section with special chars	System Summary
Creates a DirectInput object (often for capturing keystrokes)	Key, Mouse, Clipboard, Microphone and Screen Capturing	Input Capture
PE file contains more sections than normal	System Summary
PE file contains sections with non-standard names	Data Obfuscation
Sample file is different than original file name gathered from version info	System Summary
URLs found in memory or binary data	Networking
PE file has a big raw section	System Summary
PE / OLE file has a valid certificate	Compliance, System Summary
PE file has a high image base, often used for DLLs	System Summary
Submission file is bigger than most known malware samples	System Summary

URLs

Name

Malicious

http://www.cabal.com0/

unknown

Memdumps

Base Address

Regiontype

Protect

Malicious

1419DA000

unkown

page execute read

141277000

unkown

page readonly

1419DA000

unkown

page execute read

1412FD000

unkown

page read and write

1412FF000

unkown

page readonly

90E000

stack

page read and write

510000

heap

page read and write

140001000

unkown

page execute read

519000

heap

page read and write

51C000

heap

page read and write

140D85000

unkown

page write copy

70E000

stack

page read and write

1412F7000

unkown

page readonly

140D85000

unkown

page write copy

140001000

unkown

page execute read

14C000

stack

page read and write

80F000

stack

page read and write

1412FF000

unkown

page readonly

140000000

unkown

page readonly

141277000

unkown

page readonly

140B21000

unkown

page readonly

140000000

unkown

page readonly

190000

heap

page read and write

1412F7000

unkown

page readonly

140B21000

unkown

page readonly

1412FD000

unkown

page write copy

1A0000

heap

page read and write

There are 17 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
file.exe

Processes

URLs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportfile.exe

Processes

URLs

Memdumps

IOC Report
file.exe