Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\tZz1Ogtr2C.exe

"C:\Users\user\Desktop\tZz1Ogtr2C.exe"

Details

Is windows:	false
Is dropped:	false
PID:	752
Target ID:	0
Parent PID:	4084
Name:	tZz1Ogtr2C.exe
Path:	C:\Users\user\Desktop\tZz1Ogtr2C.exe
Commandline:	"C:\Users\user\Desktop\tZz1Ogtr2C.exe"
Size:	283648
MD5:	D6AFB0BC04FE2F54920119DE06A0E344
Time:	08:41:35
Date:	10/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xd10000
Modulesize:	286404
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Yara detected FormBook	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Machine Learning detection for sample	AV Detection
PE file does not import any functions	System Summary
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3)	System Summary	Software Packing
PE file contains only one section	System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Binary contains paths to debug symbols	Compliance, System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary

Memdumps

Base Address

Regiontype

Protect

Malicious

B30000

direct allocation

page read and write

D11000

unkown

page execute and read and write

C0F000

heap

page read and write

9A0000

direct allocation

page read and write

C04000

heap

page read and write

93C000

stack

page read and write

11F9000

direct allocation

page execute and read and write

D61000

heap

page read and write

C0F000

heap

page read and write

C0F000

heap

page read and write

B80000

direct allocation

page read and write

C06000

heap

page read and write

A54000

heap

page read and write

C0F000

heap

page read and write

BFA000

heap

page read and write

990000

heap

page read and write

10D0000

direct allocation

page execute and read and write

9DE000

stack

page read and write

980000

heap

page read and write

F1B000

heap

page read and write

F5F000

stack

page read and write

126E000

direct allocation

page execute and read and write

BFE000

heap

page read and write

C15000

heap

page read and write

C0F000

heap

page read and write

1550000

heap

page read and write

D10000

unkown

page readonly

B80000

direct allocation

page read and write

B80000

direct allocation

page read and write

B80000

direct allocation

page read and write

C15000

heap

page read and write

C0A000

heap

page read and write

D66000

heap

page read and write

A54000

heap

page read and write

B80000

direct allocation

page read and write

D60000

heap

page read and write

D11000

unkown

page execute read

C04000

heap

page read and write

C0B000

heap

page read and write

D61000

heap

page read and write

105F000

stack

page read and write

13A1000

direct allocation

page execute and read and write

C0A000

heap

page read and write

A50000

heap

page read and write

1044000

heap

page read and write

11FD000

direct allocation

page execute and read and write

BF0000

heap

page read and write

D10000

unkown

page readonly

1048000

heap

page read and write

139D000

direct allocation

page execute and read and write

A1E000

stack

page read and write

B80000

direct allocation

page read and write

E89000

heap

page read and write

10B9000

heap

page read and write

83D000

stack

page read and write

C0F000

heap

page read and write

1412000

direct allocation

page execute and read and write

There are 47 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
tZz1Ogtr2C.exe

Processes

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReporttZz1Ogtr2C.exe

Processes

Memdumps

IOC Report
tZz1Ogtr2C.exe