Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\0urFbKxdvL.exe

"C:\Users\user\Desktop\0urFbKxdvL.exe"

Details

Is windows:	false
Is dropped:	false
PID:	6868
Target ID:	0
Parent PID:	2580
Name:	0urFbKxdvL.exe
Path:	C:\Users\user\Desktop\0urFbKxdvL.exe
Commandline:	"C:\Users\user\Desktop\0urFbKxdvL.exe"
Size:	4338576
MD5:	0AE609594FBD4BB27287BD63BC9E9529
Time:	00:51:15
Date:	07/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x140000000
Modulesize:	258048
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
PE file contains an invalid checksum	Data Obfuscation
Sample file is different than original file name gathered from version info	System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
URLs found in memory or binary data	Networking
PE file contains a valid data directory to section mapping	System Summary
PE file has a high image base, often used for DLLs	System Summary
Submission file is bigger than most known malware samples	System Summary

URLs

Name

Malicious

http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0

unknown

http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t

unknown

https://sectigo.com/CPS0

unknown

http://ocsp.sectigo.com0

unknown

http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#

unknown

http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#

unknown

Memdumps

Base Address

Regiontype

Protect

Malicious

5D6000

heap

page read and write

140000000

unkown

page readonly

14C000

stack

page read and write

5DB000

heap

page read and write

140001000

unkown

page execute read

1C0000

heap

page read and write

7CF000

stack

page read and write

5CF000

stack

page read and write

14001D000

unkown

page read and write

5D0000

heap

page read and write

1E0000

direct allocation

page execute and read and write

140024000

unkown

page write copy

190000

heap

page read and write

140001000

unkown

page execute read

5E7000

heap

page read and write

14001E000

unkown

page write copy

140024000

unkown

page write copy

14001D000

unkown

page write copy

140031000

unkown

page readonly

180000

heap

page read and write

140031000

unkown

page readonly

140014000

unkown

page readonly

1FB0000

heap

page read and write

140014000

unkown

page readonly

140000000

unkown

page readonly

There are 15 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
0urFbKxdvL.exe

Processes

URLs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report0urFbKxdvL.exe

Processes

URLs

Memdumps

IOC Report
0urFbKxdvL.exe