Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\DRAFT.exe

"C:\Users\user\Desktop\DRAFT.exe"

Details

Is windows:	false
Is dropped:	false
PID:	2828
Target ID:	0
Parent PID:	1028
Name:	DRAFT.exe
Path:	C:\Users\user\Desktop\DRAFT.exe
Commandline:	"C:\Users\user\Desktop\DRAFT.exe"
Size:	1056183
MD5:	9400D0D008F7333528EE573D03EFB057
Time:	02:50:56
Date:	01/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	790528
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Sigma detected: Uncommon Svchost Parent Process	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011)	System Summary	Software Packing
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
Sigma detected: Windows Processes Suspicious Parent Directory	System Summary
Spawns processes	System Summary	Process Injection
Submission file is bigger than most known malware samples	System Summary

C:\Windows\SysWOW64\svchost.exe

"C:\Users\user\Desktop\DRAFT.exe"

Details

Is windows:	true
Is dropped:	false
PID:	6776
Target ID:	2
Parent PID:	2828
Name:	svchost.exe
Path:	C:\Windows\SysWOW64\svchost.exe
Commandline:	"C:\Users\user\Desktop\DRAFT.exe"
Size:	46504
MD5:	1ED18311E3DA35942DB37D15FA40CC5B
Time:	02:51:02
Date:	01/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0xbf0000
Modulesize:	53248
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Yara detected FormBook	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Sigma detected: Uncommon Svchost Parent Process	System Summary
Sigma detected: Windows Processes Suspicious Parent Directory	System Summary
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

Domains

Name

Malicious

15.164.165.52.in-addr.arpa

unknown

Memdumps

Base Address

Regiontype

Protect

Malicious

3A80000

direct allocation

page read and write

400000

system

page execute and read and write

4271000

heap

page read and write

3413000

heap

page read and write

3413000

heap

page read and write

3D36000

heap

page read and write

42EF000

heap

page read and write

3BE8000

heap

page read and write

3600000

heap

page read and write

4271000

heap

page read and write

3A7F000

stack

page read and write

4271000

heap

page read and write

3400000

heap

page read and write

3D3D000

heap

page read and write

3413000

heap

page read and write

4271000

heap

page read and write

3D3B000

heap

page read and write

42EF000

heap

page read and write

4271000

heap

page read and write

42EF000

heap

page read and write

42EF000

heap

page read and write

3413000

heap

page read and write

427A000

heap

page read and write

4271000

heap

page read and write

3BEA000

heap

page read and write

3C80000

heap

page read and write

3BE9000

heap

page read and write

3D27000

heap

page read and write

3D9E000

direct allocation

page execute and read and write

3C8F000

heap

page read and write

3413000

heap

page read and write

3D2D000

heap

page read and write

3BED000

heap

page read and write

3C9C000

heap

page read and write

397E000

stack

page read and write

383E000

stack

page read and write

3AE0000

direct allocation

page read and write

3413000

heap

page read and write

3C85000

heap

page read and write

4271000

heap

page read and write

4B9000

unkown

page write copy

4271000

heap

page read and write

3BEA000

heap

page read and write

42EF000

heap

page read and write

3BE6000

heap

page read and write

3605000

heap

page read and write

3A00000

heap

page read and write

3AE0000

direct allocation

page read and write

3C91000

heap

page read and write

3BE9000

heap

page read and write

3BEB000

heap

page read and write

42EF000

heap

page read and write

3BE5000

heap

page read and write

3ECD000

direct allocation

page execute and read and write

4271000

heap

page read and write

4271000

heap

page read and write

3413000

heap

page read and write

3BEB000

heap

page read and write

4271000

heap

page read and write

4271000

heap

page read and write

3BE4000

heap

page read and write

3D37000

heap

page read and write

4271000

heap

page read and write

3BE5000

heap

page read and write

4271000

heap

page read and write

3C9A000

heap

page read and write

3413000

heap

page read and write

3413000

heap

page read and write

3C8A000

heap

page read and write

42EF000

heap

page read and write

4271000

heap

page read and write

3BEC000

heap

page read and write

3413000

heap

page read and write

4271000

heap

page read and write

3413000

heap

page read and write

3310000

heap

page read and write

4271000

heap

page read and write

3B2D000

heap

page read and write

42EF000

heap

page read and write

3C8F000

heap

page read and write

3AE0000

direct allocation

page read and write

4270000

heap

page read and write

42EF000

heap

page read and write

3413000

heap

page read and write

3BE6000

heap

page read and write

42EF000

heap

page read and write

3413000

heap

page read and write

3D2E000

heap

page read and write

3BE1000

heap

page read and write

3413000

heap

page read and write

4271000

heap

page read and write

4271000

heap

page read and write

42EF000

heap

page read and write

4271000

heap

page read and write

42EF000

heap

page read and write

3BED000

heap

page read and write

3C87000

heap

page read and write

3C9C000

heap

page read and write

42EF000

heap

page read and write

3C83000

heap

page read and write

3C9D000

heap

page read and write

3BE2000

heap

page read and write

42EF000

heap

page read and write

42EF000

heap

page read and write

4271000

heap

page read and write

3402000

heap

page read and write

3C8F000

heap

page read and write

3B9E000

heap

page read and write

3D38000

heap

page read and write

3C80000

heap

page read and write

3BE7000

heap

page read and write

3413000

heap

page read and write

42EF000

heap

page read and write

42EF000

heap

page read and write

3C92000

heap

page read and write

4271000

heap

page read and write

42EF000

heap

page read and write

3C96000

heap

page read and write

3612000

heap

page read and write

3C88000

heap

page read and write

3413000

heap

page read and write

42EF000

heap

page read and write

3ED1000

direct allocation

page execute and read and write

3BEA000

heap

page read and write

3C8F000

heap

page read and write

3BEE000

heap

page read and write

32C0000

heap

page read and write

3C9D000

heap

page read and write

4271000

heap

page read and write

3C90000

heap

page read and write

3BE0000

heap

page read and write

3C80000

heap

page read and write

3BE0000

heap

page read and write

3D29000

direct allocation

page execute and read and write

3AD0000

direct allocation

page read and write

4271000

heap

page read and write

4271000

heap

page read and write

3413000

heap

page read and write

4271000

heap

page read and write

42EF000

heap

page read and write

3C92000

heap

page read and write

325D000

stack

page read and write

3BE9000

heap

page read and write

3AD0000

direct allocation

page read and write

3BE0000

heap

page read and write

42EF000

heap

page read and write

42EF000

heap

page read and write

3413000

heap

page read and write

4271000

heap

page read and write

4271000

heap

page read and write

3C95000

heap

page read and write

2EE8000

heap

page read and write

3BEF000

heap

page read and write

3BED000

heap

page read and write

3BE1000

heap

page read and write

3413000

heap

page read and write

3605000

heap

page read and write

42EF000

heap

page read and write

3C91000

heap

page read and write

4271000

heap

page read and write

4271000

heap

page read and write

4271000

heap

page read and write

3C90000

heap

page read and write

42EF000

heap

page read and write

4001000

heap

page read and write

3BE5000

heap

page read and write

426A000

heap

page read and write

3BE3000

heap

page read and write

3C9F000

heap

page read and write

4271000

heap

page read and write

42EF000

heap

page read and write

3C95000

heap

page read and write

3617000

heap

page read and write

329C000

stack

page read and write

3BE1000

heap

page read and write

3B29000

heap

page read and write

3C96000

heap

page read and write

3BE6000

heap

page read and write

3413000

heap

page read and write

3BE2000

heap

page read and write

426A000

heap

page read and write

4271000

heap

page read and write

3C8D000

heap

page read and write

3C82000

heap

page read and write

3D39000

heap

page read and write

393F000

stack

page read and write

3D2D000

direct allocation

page execute and read and write

42EF000

heap

page read and write

3D3D000

heap

page read and write

3413000

heap

page read and write

42EF000

heap

page read and write

42EF000

heap

page read and write

42EF000

heap

page read and write

3413000

heap

page read and write

4271000

heap

page read and write

4271000

heap

page read and write

3C9D000

heap

page read and write

3617000

heap

page read and write

3800000

direct allocation

page read and write

42EF000

heap

page read and write

3BEB000

heap

page read and write

4271000

heap

page read and write

3C00000

direct allocation

page execute and read and write

4271000

heap

page read and write

3BED000

heap

page read and write

3F42000

direct allocation

page execute and read and write

400000

unkown

page readonly

42EF000

heap

page read and write

42EF000

heap

page read and write

42EF000

heap

page read and write

3C96000

heap

page read and write

3BE5000

heap

page read and write

42EF000

heap

page read and write

3BE2000

heap

page read and write

42EF000

heap

page read and write

4271000

heap

page read and write

3BE4000

heap

page read and write

3BE4000

heap

page read and write

3413000

heap

page read and write

3413000

heap

page read and write

3C8B000

heap

page read and write

3800000

heap

page read and write

3BE7000

heap

page read and write

3C91000

heap

page read and write

3C99000

heap

page read and write

3701000

heap

page read and write

3413000

heap

page read and write

3BE9000

heap

page read and write

3923000

heap

page read and write

4271000

heap

page read and write

3C9B000

heap

page read and write

4271000

heap

page read and write

3D3B000

heap

page read and write

3C83000

heap

page read and write

42EF000

heap

page read and write

3BE4000

heap

page read and write

42EF000

heap

page read and write

477000

unkown

page execute and write copy

3D36000

heap

page read and write

3BE2000

heap

page read and write

3AE0000

direct allocation

page read and write

2FD3000

heap

page read and write

3BE6000

heap

page read and write

3413000

heap

page read and write

3C99000

heap

page read and write

3C9C000

heap

page read and write

426A000

heap

page read and write

42EF000

heap

page read and write

3413000

heap

page read and write

32E0000

heap

page read and write

4271000

heap

page read and write

3BE6000

heap

page read and write

3BEA000

heap

page read and write

42EF000

heap

page read and write

33F0000

heap

page read and write

3BE7000

heap

page read and write

3C88000

heap

page read and write

42EF000

heap

page read and write

3C98000

heap

page read and write

42EF000

heap

page read and write

3413000

heap

page read and write

4271000

heap

page read and write

3C90000

heap

page read and write

4271000

heap

page read and write

3D27000

heap

page read and write

3C8E000

heap

page read and write

42EF000

heap

page read and write

There are 257 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
DRAFT.exe

Files

Processes

Domains

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportDRAFT.exe

Files

Processes

Domains

Memdumps

IOC Report
DRAFT.exe