Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

MpkkG8XzhJ.exe

PE32 executable (GUI) Intel 80386, for MS Windows

initial sample

Details

Filetype:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	6.814308062083348
Filename:	MpkkG8XzhJ.exe
Filesize:	344623
MD5:	51570f6e590151159f4761e2fb4ecd60
SHA1:	0cbfb5efe558a632fa1de3861c3b87389c987035
SHA256:	659abb39eec218de66e2c1d917b22149ead7b743d3fe968ef840ef22318060fd
SHA512:	38b767f85887d6f26dac90733f0a0d9e89df3cde2c3d084cab34a6bd7e9a002acd84b0261becd3c5078846e29544b7f7ad4ad96df364c8c9eeba1bd97c9321c5
SSDEEP:	6144:ntH/xNLaAOvIBd7lAAxWS1elIoSN6WX+t45qxN7M:ntH5NLaAdDhAAEIFcWX+t4oxNQ
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............w...w...w..<.V..w..<.T..w..<.U..w....Z..w.......w.......w.......w....$..w....4..w...w...v.......w.......w....X..w.......w.

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Allocates memory with a write watch (potentially for evading sandboxes)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion Security Software Discovery
Contains functionality to call native functions	System Summary
Contains functionality to check if a debugger is running (IsDebuggerPresent)	Anti Debugging
Contains functionality to communicate with device drivers	System Summary
Contains functionality to query CPU information (cpuid)	Language, Device and Operating System Detection
Contains functionality to query locales information (e.g. system language)	Language, Device and Operating System Detection
Contains functionality to read the PEB	Anti Debugging
Contains functionality which may be used to detect a debugger (GetProcessHeap)	Anti Debugging	Security Software Discovery
Detected potential crypto function	System Summary	Archive Collected Data Encrypted Channel
File is packed with WinRar	Data Obfuscation	Software Packing
Found evasive API chain (date check)	Malware Analysis System Evasion	Native API
Found potential string decryption / allocating functions	System Summary	Deobfuscate/Decode Files or Information
PE file contains sections with non-standard names	Data Obfuscation
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Searches for the Microsoft Outlook file path	System Summary	Email Collection
Uses 32bit PE files	Compliance, System Summary	Masquerading
Uses code obfuscation techniques (call, push, ret)	Data Obfuscation	Obfuscated Files or Information
Contains functionality for error logging	System Summary
Contains functionality to enumerate / list files inside a directory	Spreading, Malware Analysis System Evasion	File and Directory Discovery
Contains functionality to instantiate COM classes	System Summary
Contains functionality to load and extract PE file embedded resources	System Summary
Contains functionality to query local / system time	Language, Device and Operating System Detection	System Time Discovery
Contains functionality to query system information	Malware Analysis System Evasion
Contains functionality to query windows version	Language, Device and Operating System Detection
Contains functionality to register its own exception handler	Anti Debugging
Creates files inside the user directory	System Summary	Masquerading
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion
Might use command line arguments	System Summary	Masquerading
PE file has an executable .text section and no other executable section	System Summary
Program exit points	Malware Analysis System Evasion
Reads ini files	System Summary
Reads software policies	System Summary
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
Tries to load missing DLLs	System Summary	DLL Side-Loading
Uses an in-process (OLE) Automation server	System Summary
PE file contains a valid data directory to section mapping	System Summary	Security Software Discovery
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a mix of data directories often seen in goodware	System Summary

C:\Users\user\Desktop\????????? ???? ?? ????????? ??? ? 01.01.24.pdf.lnk

MS Windows shortcut, Item id list present, Has Description string, Has command line arguments, Icon number=0, ctime=Thu Nov 30 07:52:33 2023, mtime=Thu Nov 30 07:52:33 2023, atime=Thu Nov 30 07:52:33 2023, length=0, window=hide

dropped

Details

File:	C:\Users\user\Desktop\????????? ???? ?? ????????? ??? ? 01.01.24.pdf.lnk
Category:	dropped
Dump:	????????? ???? ?? ????????? ??? ? 01.01.24.pdf.lnk.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\MpkkG8XzhJ.exe
Type:	MS Windows shortcut, Item id list present, Has Description string, Has command line arguments, Icon number=0, ctime=Thu Nov 30 07:52:33 2023, mtime=Thu Nov 30 07:52:33 2023, atime=Thu Nov 30 07:52:33 2023, length=0, window=hide
Entropy:	5.972732311180514
Encrypted:	false
Ssdeep:	768:dPeFfZZEwj8l3fLSjDcljohJ8AtHMDjr4LunAX:dPUX8l2aFA1MDjrPU
Size:	25631
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Suspicious LNK Double Extension File Created	System Summary

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\MpkkG8XzhJ.exe

"C:\Users\user\Desktop\MpkkG8XzhJ.exe"

Details

Is windows:	false
Is dropped:	false
PID:	4928
Target ID:	0
Parent PID:	4004
Name:	MpkkG8XzhJ.exe
Path:	C:\Users\user\Desktop\MpkkG8XzhJ.exe
Commandline:	"C:\Users\user\Desktop\MpkkG8XzhJ.exe"
Size:	344623
MD5:	51570F6E590151159F4761E2FB4ECD60
Time:	09:41:20
Date:	30/09/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xb0000
Modulesize:	487424
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
PE file contains sections with non-standard names	Data Obfuscation
Sigma detected: Suspicious LNK Double Extension File Created	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
PE file contains a valid data directory to section mapping	System Summary
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a mix of data directories often seen in goodware	System Summary

Memdumps

Base Address

Regiontype

Protect

Malicious

2CED000

heap

page read and write

528A000

heap

page read and write

5295000

heap

page read and write

2D42000

heap

page read and write

B906000

heap

page read and write

2D1B000

heap

page read and write

2CFD000

heap

page read and write

2AE0000

heap

page readonly

52AF000

heap

page read and write

B90F000

heap

page read and write

B1000

unkown

page execute read

B9A9000

heap

page read and write

2696000

stack

page read and write

B964000

heap

page read and write

528A000

heap

page read and write

5292000

heap

page read and write

2D40000

heap

page read and write

2CC9000

heap

page read and write

2CD5000

heap

page read and write

5261000

heap

page read and write

B913000

heap

page read and write

52D0000

heap

page read and write

4C20000

heap

page read and write

529A000

heap

page read and write

2D38000

heap

page read and write

2CF9000

heap

page read and write

2C93000

heap

page read and write

B509000

heap

page read and write

7004000

heap

page read and write

2D20000

heap

page read and write

53B0000

heap

page read and write

B960000

heap

page read and write

2C75000

heap

page read and write

B968000

heap

page read and write

5299000

heap

page read and write

2CFD000

heap

page read and write

2D0C000

heap

page read and write

52B5000

heap

page read and write

2CD0000

heap

page read and write

2D1B000

heap

page read and write

2D23000

heap

page read and write

2D23000

heap

page read and write

4E60000

heap

page read and write

5295000

heap

page read and write

2CB1000

heap

page read and write

B905000

heap

page read and write

2D06000

heap

page read and write

2796000

stack

page read and write

2D14000

heap

page read and write

BF70000

trusted library allocation

page read and write

2D2A000

heap

page read and write

B90C000

heap

page read and write

2D3C000

heap

page read and write

E4000

unkown

page readonly

30ED000

heap

page read and write

2D14000

heap

page read and write

2D06000

heap

page read and write

2D3A000

heap

page read and write

52B9000

heap

page read and write

B9AA000

heap

page read and write

5295000

heap

page read and write

52D0000

heap

page read and write

5299000

heap

page read and write

2CF9000

heap

page read and write

52BB000

heap

page read and write

2C80000

heap

page read and write

B964000

heap

page read and write

52B5000

heap

page read and write

2C8F000

heap

page read and write

7F2A1000

trusted library allocation

page execute read

2D38000

heap

page read and write

2CF1000

heap

page read and write

52BB000

heap

page read and write

F3000

unkown

page read and write

B952000

heap

page read and write

277C000

stack

page read and write

52BB000

heap

page read and write

7123000

heap

page read and write

2CED000

heap

page read and write

B906000

heap

page read and write

B95A000

heap

page read and write

2D38000

heap

page read and write

52BB000

heap

page read and write

2D20000

heap

page read and write

F0000

unkown

page write copy

52E3000

heap

page read and write

2D1D000

heap

page read and write

52A0000

heap

page read and write

5261000

heap

page read and write

513C000

stack

page read and write

52A9000

heap

page read and write

52D3000

heap

page read and write

2CC9000

heap

page read and write

5292000

heap

page read and write

52C9000

heap

page read and write

B99B000

heap

page read and write

52D9000

heap

page read and write

52E0000

heap

page read and write

2CF0000

heap

page read and write

6630000

trusted library allocation

page read and write

B9A8000

heap

page read and write

B9A8000

heap

page read and write

2CF4000

heap

page read and write

BB5E000

stack

page read and write

2C8F000

heap

page read and write

2D1D000

heap

page read and write

2D45000

heap

page read and write

2CF9000

heap

page read and write

4FFD000

stack

page read and write

B0000

unkown

page readonly

2CDC000

heap

page read and write

B902000

heap

page read and write

52B5000

heap

page read and write

52B3000

heap

page read and write

2D06000

heap

page read and write

BF80000

trusted library allocation

page read and write

52A1000

heap

page read and write

B8DF000

stack

page read and write

B906000

heap

page read and write

5293000

heap

page read and write

2B5E000

stack

page read and write

52B5000

heap

page read and write

5295000

heap

page read and write

2D14000

heap

page read and write

5296000

heap

page read and write

2D3A000

heap

page read and write

B902000

heap

page read and write

B913000

heap

page read and write

4E50000

heap

page read and write

5293000

heap

page read and write

2D20000

heap

page read and write

2CA9000

heap

page read and write

5289000

heap

page read and write

5262000

heap

page read and write

5299000

heap

page read and write

6E30000

trusted library allocation

page read and write

7000000

heap

page read and write

5298000

heap

page read and write

52E0000

heap

page read and write

B964000

heap

page read and write

B965000

heap

page read and write

4BFA000

trusted library allocation

page read and write

2CC9000

heap

page read and write

2C7F000

heap

page read and write

B964000

heap

page read and write

2CF8000

heap

page read and write

B968000

heap

page read and write

52A9000

heap

page read and write

2D0C000

heap

page read and write

2D20000

heap

page read and write

2D0A000

heap

page read and write

52B3000

heap

page read and write

B955000

heap

page read and write

2D3C000

heap

page read and write

B952000

heap

page read and write

115000

unkown

page write copy

B955000

heap

page read and write

5299000

heap

page read and write

30E0000

heap

page read and write

5293000

heap

page read and write

2CED000

heap

page read and write

B500000

heap

page read and write

2CA9000

heap

page read and write

2D0F000

heap

page read and write

B9A8000

heap

page read and write

B9B8000

heap

page read and write

5289000

heap

page read and write

2CF0000

heap

page read and write

2D45000

heap

page read and write

5292000

heap

page read and write

5274000

heap

page read and write

5295000

heap

page read and write

52BE000

heap

page read and write

2D1D000

heap

page read and write

2D45000

heap

page read and write

5298000

heap

page read and write

2D1B000

heap

page read and write

B938000

heap

page read and write

B122000

trusted library allocation

page read and write

2D33000

heap

page read and write

2D2B000

heap

page read and write

2CED000

heap

page read and write

52BB000

heap

page read and write

2CD2000

heap

page read and write

2D20000

heap

page read and write

2D45000

heap

page read and write

5291000

heap

page read and write

2F4E000

stack

page read and write

52BB000

heap

page read and write

2E4D000

stack

page read and write

B95A000

heap

page read and write

2CF9000

heap

page read and write

2D06000

heap

page read and write

B9A8000

heap

page read and write

5274000

heap

page read and write

52BF000

heap

page read and write

2D38000

heap

page read and write

2D45000

heap

page read and write

52A1000

heap

page read and write

52A9000

heap

page read and write

2D3C000

heap

page read and write

114000

unkown

page read and write

2D23000

heap

page read and write

2C93000

heap

page read and write

2D28000

heap

page read and write

52D2000

heap

page read and write

2D14000

heap

page read and write

2D1D000

heap

page read and write

2C99000

heap

page read and write

B95A000

heap

page read and write

52A1000

heap

page read and write

7F2B0000

trusted library allocation

page execute read

2C58000

heap

page read and write

5274000

heap

page read and write

52E4000

heap

page read and write

2C50000

heap

page read and write

2C8D000

heap

page read and write

2CF9000

heap

page read and write

B7DE000

stack

page read and write

B95A000

heap

page read and write

52C1000

heap

page read and write

BCBD000

heap

page read and write

2D06000

heap

page read and write

2D1B000

heap

page read and write

2B15000

heap

page read and write

4B3E000

stack

page read and write

2D23000

heap

page read and write

52A1000

heap

page read and write

2D1B000

heap

page read and write

52BB000

heap

page read and write

5293000

heap

page read and write

2CBF000

heap

page read and write

B968000

heap

page read and write

5250000

heap

page read and write

5293000

heap

page read and write

528C000

heap

page read and write

B90C000

heap

page read and write

2CFF000

heap

page read and write

7200000

heap

page read and write

B968000

heap

page read and write

2D45000

heap

page read and write

2CA9000

heap

page read and write

5274000

heap

page read and write

B964000

heap

page read and write

2D28000

heap

page read and write

2D1B000

heap

page read and write

2D3A000

heap

page read and write

B968000

heap

page read and write

2D23000

heap

page read and write

2C99000

heap

page read and write

2CCF000

heap

page read and write

50FC000

stack

page read and write

52B0000

heap

page read and write

B969000

heap

page read and write

BF70000

trusted library allocation

page read and write

4FBF000

stack

page read and write

2C9F000

heap

page read and write

5299000

heap

page read and write

5289000

heap

page read and write

2D0D000

heap

page read and write

2CE4000

heap

page read and write

2C9F000

heap

page read and write

52E0000

heap

page read and write

2C99000

heap

page read and write

2D23000

heap

page read and write

116000

unkown

page readonly

4EBE000

stack

page read and write

2D0A000

heap

page read and write

740F000

stack

page read and write

52A2000

heap

page read and write

2D23000

heap

page read and write

2D08000

heap

page read and write

2D3B000

heap

page read and write

2C78000

heap

page read and write

4BE1000

trusted library allocation

page read and write

2C8F000

heap

page read and write

2CF0000

heap

page read and write

52BB000

heap

page read and write

52B8000

heap

page read and write

30E8000

heap

page read and write

52A1000

heap

page read and write

F5000

unkown

page read and write

2D41000

heap

page read and write

2D3A000

heap

page read and write

B9A8000

heap

page read and write

2D14000

heap

page read and write

52A2000

heap

page read and write

2D14000

heap

page read and write

B955000

heap

page read and write

52A2000

heap

page read and write

B968000

heap

page read and write

2BDE000

stack

page read and write

2B9D000

stack

page read and write

2B10000

heap

page read and write

2D14000

heap

page read and write

52A1000

heap

page read and write

2D23000

heap

page read and write

52BE000

heap

page read and write

BA5B000

stack

page read and write

2AF0000

heap

page read and write

B99A000

heap

page read and write

529F000

heap

page read and write

4C00000

heap

page read and write

2D1D000

heap

page read and write

2C94000

heap

page read and write

B914000

heap

page read and write

52E0000

heap

page read and write

52A9000

heap

page read and write

2D0C000

heap

page read and write

52BB000

heap

page read and write

2D1D000

heap

page read and write

5293000

heap

page read and write

2CF0000

heap

page read and write

B90E000

heap

page read and write

5295000

heap

page read and write

52A6000

heap

page read and write

4C24000

heap

page read and write

2D3C000

heap

page read and write

52A2000

heap

page read and write

B968000

heap

page read and write

700F000

heap

page read and write

2D0C000

heap

page read and write

2CF4000

heap

page read and write

2D23000

heap

page read and write

B0000

unkown

page readonly

B1000

unkown

page execute read

52E0000

heap

page read and write

528C000

heap

page read and write

5298000

heap

page read and write

2C9F000

heap

page read and write

52C7000

heap

page read and write

2D45000

heap

page read and write

2D14000

heap

page read and write

2D0C000

heap

page read and write

B95B000

heap

page read and write

2CF9000

heap

page read and write

4E60000

heap

page read and write

2D45000

heap

page read and write

2C89000

heap

page read and write

2A00000

heap

page read and write

5289000

heap

page read and write

2D1B000

heap

page read and write

2D1D000

heap

page read and write

2D20000

heap

page read and write

2D34000

heap

page read and write

2CA9000

heap

page read and write

B956000

heap

page read and write

2D38000

heap

page read and write

2D28000

heap

page read and write

2D38000

heap

page read and write

2D1D000

heap

page read and write

2D20000

heap

page read and write

2CF0000

heap

page read and write

2D3A000

heap

page read and write

7006000

heap

page read and write

7120000

heap

page read and write

2D20000

heap

page read and write

115000

unkown

page readonly

B9B7000

heap

page read and write

2CBF000

heap

page read and write

F0000

unkown

page read and write

5292000

heap

page read and write

2C78000

heap

page read and write

E4000

unkown

page readonly

52A0000

heap

page read and write

523E000

stack

page read and write

2CFD000

heap

page read and write

2D1B000

heap

page read and write

52D0000

heap

page read and write

718E000

stack

page read and write

4E60000

trusted library allocation

page read and write

2D3C000

heap

page read and write

2CED000

heap

page read and write

2CA9000

heap

page read and write

There are 364 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
MpkkG8XzhJ.exe

Files

Processes

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportMpkkG8XzhJ.exe

Files

Processes

Memdumps

IOC Report
MpkkG8XzhJ.exe