Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\RUMMY.EXE

"C:\Users\user\Desktop\RUMMY.EXE"

Details

Is windows:	false
Is dropped:	false
PID:	7092
Target ID:	0
Parent PID:	1028
Name:	RUMMY.EXE
Path:	C:\Users\user\Desktop\RUMMY.EXE
Commandline:	"C:\Users\user\Desktop\RUMMY.EXE"
Size:	151552
MD5:	D228499E249B66190ED130B1D27790EC
Time:	01:43:34
Date:	08/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	151552
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
URLs found in memory or binary data	Networking

URLs

Name

Malicious

http://unni.web.com

unknown

Memdumps

Base Address

Regiontype

Protect

Malicious

401000

unkown

page execute read

430000

heap

page read and write

6CB000

heap

page read and write

A90000

heap

page read and write

A98000

heap

page read and write

4A0000

heap

page read and write

400000

unkown

page readonly

261F000

stack

page read and write

406000

unkown

page write copy

3B60000

heap

page read and write

6AE000

heap

page read and write

404000

unkown

page readonly

19C000

stack

page read and write

2420000

heap

page read and write

407000

unkown

page readonly

6CF000

heap

page read and write

6AA000

heap

page read and write

22E4000

heap

page read and write

A80000

heap

page read and write

226E000

stack

page read and write

6CF000

heap

page read and write

6D5000

heap

page read and write

404000

unkown

page readonly

47E000

stack

page read and write

6D5000

heap

page read and write

A9C000

heap

page read and write

2424000

heap

page read and write

271F000

stack

page read and write

401000

unkown

page execute read

6A0000

heap

page read and write

22AE000

stack

page read and write

6F3000

heap

page read and write

2220000

heap

page read and write

6C6000

heap

page read and write

407000

unkown

page readonly

3EB0000

trusted library allocation

page read and write

1F0000

heap

page read and write

400000

unkown

page readonly

6CF000

heap

page read and write

96000

stack

page read and write

67F000

stack

page read and write

6EB000

heap

page read and write

406000

unkown

page read and write

6D6000

heap

page read and write

22E0000

heap

page read and write

There are 35 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
RUMMY.EXE

Processes

URLs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportRUMMY.EXE

Processes

URLs

Memdumps

IOC Report
RUMMY.EXE