Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\5ZLQrKA4ge.exe

"C:\Users\user\Desktop\5ZLQrKA4ge.exe"

Details

Is windows:	false
Is dropped:	false
PID:	6200
Target ID:	0
Parent PID:	4004
Name:	5ZLQrKA4ge.exe
Path:	C:\Users\user\Desktop\5ZLQrKA4ge.exe
Commandline:	"C:\Users\user\Desktop\5ZLQrKA4ge.exe"
Size:	284672
MD5:	F7DEFBFEAFC669EDB9F091E02EBFC851
Time:	08:41:23
Date:	10/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x110000
Modulesize:	287620
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Yara detected FormBook	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Machine Learning detection for sample	AV Detection
PE file does not import any functions	System Summary
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3)	System Summary	Software Packing
PE file contains only one section	System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Binary contains paths to debug symbols	Compliance, System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary

Memdumps

Base Address

Regiontype

Protect

Malicious

500000

direct allocation

page read and write

111000

unkown

page execute and read and write

550000

direct allocation

page read and write

110000

unkown

page readonly

5DF000

heap

page read and write

550000

direct allocation

page read and write

5E5000

heap

page read and write

110000

unkown

page readonly

5E5000

heap

page read and write

949000

heap

page read and write

C19000

direct allocation

page execute and read and write

550000

direct allocation

page read and write

5DF000

heap

page read and write

5DF000

heap

page read and write

550000

direct allocation

page read and write

F4000

heap

page read and write

170000

direct allocation

page read and write

5DF000

heap

page read and write

5DF000

heap

page read and write

791000

heap

page read and write

5CE000

heap

page read and write

F0000

heap

page read and write

791000

heap

page read and write

5DA000

heap

page read and write

9D000

stack

page read and write

5D6000

heap

page read and write

5D4000

heap

page read and write

79B000

heap

page read and write

C8E000

direct allocation

page execute and read and write

550000

direct allocation

page read and write

5D4000

heap

page read and write

DBD000

direct allocation

page execute and read and write

AE7000

heap

page read and write

100000

heap

page read and write

F4000

heap

page read and write

160000

heap

page read and write

AF0000

direct allocation

page execute and read and write

E32000

direct allocation

page execute and read and write

8BE000

heap

page read and write

5DF000

heap

page read and write

C1D000

direct allocation

page execute and read and write

A76000

heap

page read and write

5DB000

heap

page read and write

A72000

heap

page read and write

5C0000

heap

page read and write

4FC000

stack

page read and write

5DA000

heap

page read and write

DC1000

direct allocation

page execute and read and write

111000

unkown

page execute read

550000

direct allocation

page read and write

1010000

heap

page read and write

5CA000

heap

page read and write

790000

heap

page read and write

There are 43 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
5ZLQrKA4ge.exe

Processes

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report5ZLQrKA4ge.exe

Processes

Memdumps

IOC Report
5ZLQrKA4ge.exe