Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\Commercial Invoice Packing list.exe

"C:\Users\user\Desktop\Commercial Invoice Packing list.exe"

Details

Is windows:	false
Is dropped:	false
PID:	3232
Target ID:	0
Parent PID:	4056
Name:	Commercial Invoice Packing list.exe
Path:	C:\Users\user\Desktop\Commercial Invoice Packing list.exe
Commandline:	"C:\Users\user\Desktop\Commercial Invoice Packing list.exe"
Size:	1400397
MD5:	584C4505475C015B4A7B0B73B60A6E73
Time:	09:31:17
Date:	30/09/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	741376
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Initial sample is a PE file and has a suspicious name	System Summary
Machine Learning detection for sample	AV Detection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
PE file contains an invalid checksum	Data Obfuscation
Sigma detected: Uncommon Svchost Parent Process	System Summary
Uses 32bit PE files	Compliance, System Summary
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
Sigma detected: Windows Processes Suspicious Parent Directory	System Summary
Spawns processes	System Summary	Process Injection
Submission file is bigger than most known malware samples	System Summary

C:\Windows\SysWOW64\svchost.exe

"C:\Users\user\Desktop\Commercial Invoice Packing list.exe"

Details

Is windows:	true
Is dropped:	false
PID:	4508
Target ID:	2
Parent PID:	3232
Name:	svchost.exe
Path:	C:\Windows\SysWOW64\svchost.exe
Commandline:	"C:\Users\user\Desktop\Commercial Invoice Packing list.exe"
Size:	46504
MD5:	1ED18311E3DA35942DB37D15FA40CC5B
Time:	09:31:23
Date:	30/09/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x160000
Modulesize:	53248
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Yara detected FormBook	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Sigma detected: Uncommon Svchost Parent Process	System Summary
Sigma detected: Windows Processes Suspicious Parent Directory	System Summary
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

Memdumps

Base Address

Regiontype

Protect

Malicious

3A40000

direct allocation

page read and write

400000

system

page execute and read and write

4246000

heap

page read and write

3D0E000

heap

page read and write

3D0E000

heap

page read and write

3DB6000

heap

page read and write

3413000

heap

page read and write

45ED000

heap

page read and write

3923000

heap

page read and write

4246000

heap

page read and write

3D0B000

heap

page read and write

4246000

heap

page read and write

3DB4000

heap

page read and write

3413000

heap

page read and write

3DA0000

heap

page read and write

3A00000

heap

page read and write

3D03000

heap

page read and write

41C8000

heap

page read and write

41C1000

heap

page read and write

3DA8000

heap

page read and write

3DB6000

heap

page read and write

3A90000

direct allocation

page read and write

41C8000

heap

page read and write

41C8000

heap

page read and write

3DBB000

heap

page read and write

4246000

heap

page read and write

327D000

stack

page read and write

3413000

heap

page read and write

3402000

heap

page read and write

4246000

heap

page read and write

41C8000

heap

page read and write

3617000

heap

page read and write

3605000

heap

page read and write

4246000

heap

page read and write

3413000

heap

page read and write

3D0D000

heap

page read and write

3ECD000

direct allocation

page execute and read and write

3DB9000

heap

page read and write

4246000

heap

page read and write

3D02000

heap

page read and write

3A90000

direct allocation

page read and write

4246000

heap

page read and write

3413000

heap

page read and write

3DA7000

heap

page read and write

4246000

heap

page read and write

3D04000

heap

page read and write

490000

unkown

page write copy

4246000

heap

page read and write

3413000

heap

page read and write

3DAA000

heap

page read and write

3DAE000

heap

page read and write

3D01000

heap

page read and write

41C8000

heap

page read and write

3D00000

heap

page read and write

3D01000

heap

page read and write

41C8000

heap

page read and write

41C1000

heap

page read and write

3413000

heap

page read and write

3D04000

heap

page read and write

3DB4000

heap

page read and write

3D07000

heap

page read and write

4246000

heap

page read and write

41C8000

heap

page read and write

3B9E000

heap

page read and write

41C8000

heap

page read and write

41C7000

heap

page read and write

3D2D000

direct allocation

page execute and read and write

3AA0000

direct allocation

page read and write

4246000

heap

page read and write

3DA5000

heap

page read and write

4246000

heap

page read and write

41C8000

heap

page read and write

3617000

heap

page read and write

4246000

heap

page read and write

3D05000

heap

page read and write

41C8000

heap

page read and write

3DA0000

heap

page read and write

3D05000

heap

page read and write

45EE000

heap

page read and write

3280000

heap

page read and write

3D00000

heap

page read and write

3C42000

heap

page read and write

3D0B000

heap

page read and write

32A0000

heap

page read and write

3DB2000

heap

page read and write

3A3F000

stack

page read and write

3413000

heap

page read and write

3D9E000

direct allocation

page execute and read and write

41C8000

heap

page read and write

4246000

heap

page read and write

3D0E000

heap

page read and write

4246000

heap

page read and write

3DBD000

heap

page read and write

3605000

heap

page read and write

3413000

heap

page read and write

41C8000

heap

page read and write

400000

unkown

page readonly

3D0D000

heap

page read and write

3CF7000

heap

page read and write

41C8000

heap

page read and write

41C8000

heap

page read and write

3413000

heap

page read and write

3DA5000

heap

page read and write

3D00000

heap

page read and write

3701000

heap

page read and write

3DAD000

heap

page read and write

3413000

heap

page read and write

3D0F000

heap

page read and write

323D000

stack

page read and write

41C8000

heap

page read and write

45E8000

heap

page read and write

41C8000

heap

page read and write

41C8000

heap

page read and write

3D02000

heap

page read and write

3D01000

heap

page read and write

4246000

heap

page read and write

3DB5000

heap

page read and write

3D04000

heap

page read and write

3413000

heap

page read and write

41C8000

heap

page read and write

4246000

heap

page read and write

3DB2000

heap

page read and write

41C8000

heap

page read and write

4246000

heap

page read and write

3D0A000

heap

page read and write

3DAA000

heap

page read and write

4246000

heap

page read and write

41C8000

heap

page read and write

4246000

heap

page read and write

3DA4000

heap

page read and write

45E8000

heap

page read and write

41C8000

heap

page read and write

3D29000

direct allocation

page execute and read and write

41C8000

heap

page read and write

3413000

heap

page read and write

3D0C000

heap

page read and write

41C8000

heap

page read and write

4246000

heap

page read and write

3612000

heap

page read and write

41C8000

heap

page read and write

3D05000

heap

page read and write

4246000

heap

page read and write

3AA0000

direct allocation

page read and write

3DA9000

heap

page read and write

3D0A000

heap

page read and write

41C8000

heap

page read and write

3D06000

heap

page read and write

4246000

heap

page read and write

4246000

heap

page read and write

41C8000

heap

page read and write

3F42000

direct allocation

page execute and read and write

4001000

heap

page read and write

3413000

heap

page read and write

3D04000

heap

page read and write

41C8000

heap

page read and write

401000

unkown

page execute read

41C8000

heap

page read and write

3C00000

direct allocation

page execute and read and write

3DB9000

heap

page read and write

32D0000

heap

page read and write

3400000

heap

page read and write

3AA0000

direct allocation

page read and write

41C8000

heap

page read and write

41C8000

heap

page read and write

3B2D000

heap

page read and write

4246000

heap

page read and write

3413000

heap

page read and write

3DA2000

heap

page read and write

4246000

heap

page read and write

3413000

heap

page read and write

41C8000

heap

page read and write

33B0000

heap

page read and write

3DB0000

heap

page read and write

41C8000

heap

page read and write

41C8000

heap

page read and write

3413000

heap

page read and write

4246000

heap

page read and write

3413000

heap

page read and write

4246000

heap

page read and write

3D0A000

heap

page read and write

3DB5000

heap

page read and write

41D1000

heap

page read and write

3413000

heap

page read and write

41C8000

heap

page read and write

3DBA000

heap

page read and write

3D0F000

heap

page read and write

3413000

heap

page read and write

482000

unkown

page readonly

3DB0000

heap

page read and write

3B29000

heap

page read and write

3DBB000

heap

page read and write

3413000

heap

page read and write

4246000

heap

page read and write

3D0E000

heap

page read and write

3413000

heap

page read and write

3D08000

heap

page read and write

3D0F000

heap

page read and write

3DBC000

heap

page read and write

3DAD000

heap

page read and write

3DB9000

heap

page read and write

41C8000

heap

page read and write

3AA0000

direct allocation

page read and write

3D08000

heap

page read and write

3D01000

heap

page read and write

1655000

heap

page read and write

41C1000

heap

page read and write

41C8000

heap

page read and write

41C8000

heap

page read and write

4246000

heap

page read and write

45EA000

heap

page read and write

3DBE000

heap

page read and write

3DB8000

heap

page read and write

4246000

heap

page read and write

41C8000

heap

page read and write

3DB8000

heap

page read and write

393E000

stack

page read and write

3DB3000

heap

page read and write

3D0F000

heap

page read and write

3ED1000

direct allocation

page execute and read and write

33FE000

stack

page read and write

4AB000

unkown

page readonly

45E9000

heap

page read and write

4246000

heap

page read and write

3413000

heap

page read and write

4246000

heap

page read and write

3413000

heap

page read and write

4246000

heap

page read and write

45EF000

heap

page read and write

3D01000

heap

page read and write

3D0B000

heap

page read and write

3D08000

heap

page read and write

3800000

heap

page read and write

33C0000

direct allocation

page read and write

45E9000

heap

page read and write

41C8000

heap

page read and write

4246000

heap

page read and write

3600000

heap

page read and write

45E7000

heap

page read and write

3DAE000

heap

page read and write

3DA8000

heap

page read and write

41C8000

heap

page read and write

4246000

heap

page read and write

3DA7000

heap

page read and write

4246000

heap

page read and write

3DA2000

heap

page read and write

4246000

heap

page read and write

3D02000

heap

page read and write

3D04000

heap

page read and write

45E7000

heap

page read and write

3D0C000

heap

page read and write

3413000

heap

page read and write

4246000

heap

page read and write

3D00000

heap

page read and write

38FF000

stack

page read and write

3D01000

heap

page read and write

41C8000

heap

page read and write

3DBD000

heap

page read and write

3DBA000

heap

page read and write

4246000

heap

page read and write

3DA3000

heap

page read and write

41C8000

heap

page read and write

4246000

heap

page read and write

3413000

heap

page read and write

3413000

heap

page read and write

41C8000

heap

page read and write

3C41000

heap

page read and write

3DA0000

heap

page read and write

45EF000

heap

page read and write

3413000

heap

page read and write

There are 259 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
Commercial Invoice Packing list.exe

Files

Processes

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportCommercial Invoice Packing list.exe

Files

Processes

Memdumps

IOC Report
Commercial Invoice Packing list.exe