IOC Report
msiexec.exe

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\msiexec.exe

"C:\Users\user\Desktop\msiexec.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7352
Target ID:	0
Parent PID:	2580
Name:	msiexec.exe
Class:	system-tools
Path:	C:\Users\user\Desktop\msiexec.exe
Commandline:	"C:\Users\user\Desktop\msiexec.exe"
Size:	176128
MD5:	C0D3BDDE74C1EC82F75681D4D5ED44C8
Time:	10:57:06
Date:	01/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7e8910000
Modulesize:	180224
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: System File Execution Location Anomaly	System Summary
Binary contains a suspicious time stamp	Data Obfuscation	Timestomp
PE file contains sections with non-standard names	Data Obfuscation
Sample file is different than original file name gathered from version info	System Summary
PE file has an executable .text section and no other executable section	System Summary
PE file contains a valid data directory to section mapping	System Summary
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a mix of data directories often seen in goodware	System Summary
PE file has a high image base, often used for DLLs	System Summary

Memdumps

Base Address

Regiontype

Protect

Malicious

7EF5F28000

stack

page read and write

1FB0B440000

heap

page read and write

7FF7E891F000

unkown

page write copy

1FB0B651000

heap

page read and write

1FB0B651000

heap

page read and write

1FB0B620000

heap

page read and write

1FB0B655000

heap

page read and write

7FF7E891B000

unkown

page readonly

1FB0D0B0000

heap

page read and write

1FB0B661000

heap

page read and write

1FB0B667000

heap

page read and write

1FB0B665000

heap

page read and write

1FB0B655000

heap

page read and write

1FB0B661000

heap

page read and write

7FF7E8911000

unkown

page execute read

7EF627E000

stack

page read and write

7EF62FF000

stack

page read and write

1FB0EC60000

trusted library allocation

page read and write

7EF637E000

stack

page read and write

1FB0B610000

heap

page read and write

1FB0B655000

heap

page read and write

1FB0B662000

heap

page read and write

1FB0B682000

heap

page read and write

1FB0B61B000

heap

page read and write

1FB0B651000

heap

page read and write

1FB0D0B4000

heap

page read and write

1FB0B648000

heap

page read and write

1FB0B62B000

heap

page read and write

1FB0B560000

heap

page read and write

1FB0B667000

heap

page read and write

1FB0D430000

heap

page read and write

1FB0B65D000

heap

page read and write

7EF5FAE000

stack

page read and write

1FB0B65C000

heap

page read and write

7FF7E8922000

unkown

page readonly

1FB0B645000

heap

page read and write

7FF7E891F000

unkown

page read and write

1FB0B661000

heap

page read and write

1FB0B520000

heap

page readonly

7FF7E8923000

unkown

page write copy

7FF7E891B000

unkown

page readonly

7FF7E8922000

unkown

page readonly

1FB0B661000

heap

page read and write

1FB0B530000

heap

page read and write

1FB0D400000

heap

page read and write

1FB0B65D000

heap

page read and write

7FF7E8911000

unkown

page execute read

7FF7E8910000

unkown

page readonly

1FB0B65D000

heap

page read and write

1FB0B615000

heap

page read and write

1FB0B682000

heap

page read and write

1FB0B661000

heap

page read and write

7FF7E8924000

unkown

page readonly

7FF7E8910000

unkown

page readonly

1FB0B66C000

heap

page read and write

There are 45 hidden memdumps, click here to show them.