Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\NXK7tvxiAh.exe

"C:\Users\user\Desktop\NXK7tvxiAh.exe"

Details

Is windows:	false
Is dropped:	false
PID:	3228
Target ID:	0
Parent PID:	1028
Name:	NXK7tvxiAh.exe
Path:	C:\Users\user\Desktop\NXK7tvxiAh.exe
Commandline:	"C:\Users\user\Desktop\NXK7tvxiAh.exe"
Size:	7168
MD5:	4F121EA16B6D93625750722B82B68566
Time:	22:28:55
Date:	07/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x140000000
Modulesize:	17016
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Found malware configuration	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Yara detected Metasploit Payload	Remote Access Functionality
Yara detected Metasploit Payload	Remote Access Functionality
Machine Learning detection for sample	AV Detection
PE file contains an invalid checksum	Data Obfuscation
PE file contains sections with non-standard names	Data Obfuscation
Sample is known by Antivirus	System Summary
PE file has a high image base, often used for DLLs	System Summary

IPs

Domain

Country

Malicious

47.239.242.141

unknown

United States

Details

IP:	47.239.242.141
TargetID:	0
Current Path:	C:\Users\user\Desktop\NXK7tvxiAh.exe
Country:	United States
Countrycode:	USA
ASN number:	20115
ASN name:	CHARTER-20115US
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

140004000

unkown

page execute and write copy

140004000

unkown

page execute and write copy

5F0000

heap

page read and write

190000

heap

page read and write

14D000

stack

page read and write

5F6000

heap

page read and write

180000

heap

page read and write

140000000

unkown

page readonly

600000

heap

page read and write

140000000

unkown

page readonly

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
NXK7tvxiAh.exe

Processes

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportNXK7tvxiAh.exe

Processes

IPs

Memdumps

IOC Report
NXK7tvxiAh.exe