Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\putty1.exe

"C:\Users\user\Desktop\putty1.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7828
Target ID:	0
Parent PID:	4084
Name:	putty1.exe
Path:	C:\Users\user\Desktop\putty1.exe
Commandline:	"C:\Users\user\Desktop\putty1.exe"
Size:	1490208
MD5:	F43852A976EDCAB5A7C82D248CE242D2
Time:	15:29:57
Date:	03/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xde0000
Modulesize:	1507328
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
PE file contains sections with non-standard names	Data Obfuscation
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
URLs found in memory or binary data	Networking
PE file contains a valid data directory to section mapping	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE / OLE file has a valid certificate	Compliance, System Summary
Submission file is bigger than most known malware samples	System Summary

URLs

Name

Malicious

http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#

unknown

http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t

unknown

https://sectigo.com/CPS0

unknown

http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#

unknown

http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y

unknown

http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0

unknown

http://ocsp.sectigo.com0

unknown

https://www.chiark.greenend.org.uk/~sgtatham/putty/

unknown

https://www.chiark.greenend.org.uk/~sgtatham/putty/0

unknown

http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#

unknown

Memdumps

Base Address

Regiontype

Protect

Malicious

1645000

heap

page read and write

16E2000

heap

page read and write

16A2000

heap

page read and write

167E000

heap

page read and write

EEA000

unkown

page readonly

EE2000

unkown

page write copy

442F000

stack

page read and write

DE0000

unkown

page readonly

1640000

heap

page read and write

EA9000

unkown

page readonly

EE2000

unkown

page read and write

FD5000

stack

page read and write

40DF000

stack

page read and write

1620000

heap

page read and write

14E7000

heap

page read and write

36A0000

trusted library allocation

page read and write

45E1000

heap

page read and write

3FDE000

stack

page read and write

12FA000

stack

page read and write

3110000

unkown

page read and write

3120000

heap

page read and write

42EF000

stack

page read and write

45E0000

heap

page read and write

1650000

heap

page read and write

3254000

heap

page read and write

322E000

stack

page read and write

DE1000

unkown

page execute read

3F9F000

stack

page read and write

1420000

heap

page read and write

EE4000

unkown

page read and write

1340000

heap

page read and write

41EE000

stack

page read and write

169E000

heap

page read and write

16E5000

heap

page read and write

EA9000

unkown

page readonly

DE0000

unkown

page readonly

1649000

heap

page read and write

15F0000

heap

page read and write

DE1000

unkown

page execute read

EEA000

unkown

page readonly

14E5000

heap

page read and write

432E000

stack

page read and write

3250000

heap

page read and write

1670000

heap

page read and write

167A000

heap

page read and write

14E0000

heap

page read and write

There are 36 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
putty1.exe

Processes

URLs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportputty1.exe

Processes

URLs

Memdumps

IOC Report
putty1.exe