Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\fTq2vadDnr.exe

"C:\Users\user\Desktop\fTq2vadDnr.exe"

Details

Is windows:	false
Is dropped:	false
PID:	1384
Target ID:	0
Parent PID:	3504
Name:	fTq2vadDnr.exe
Path:	C:\Users\user\Desktop\fTq2vadDnr.exe
Commandline:	"C:\Users\user\Desktop\fTq2vadDnr.exe"
Size:	285696
MD5:	2BD589148EBCD5E8F3E38E03DAC1BCF2
Time:	08:42:29
Date:	10/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x1f0000
Modulesize:	288404
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Yara detected FormBook	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Machine Learning detection for sample	AV Detection
PE file does not import any functions	System Summary
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3)	System Summary	Software Packing
PE file contains only one section	System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Binary contains paths to debug symbols	Compliance, System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary

Domains

Name

Malicious

s-part-0017.t-0009.t-msedge.net

13.107.246.45

Memdumps

Base Address

Regiontype

Protect

Malicious

1F1000

unkown

page execute and read and write

600000

direct allocation

page read and write

A5F000

heap

page read and write

EE1000

direct allocation

page execute and read and write

8A1000

heap

page read and write

8AB000

heap

page read and write

37E000

stack

page read and write

33D000

stack

page read and write

67F000

heap

page read and write

3C0000

direct allocation

page read and write

67A000

heap

page read and write

1B0000

heap

page read and write

9CE000

heap

page read and write

67F000

heap

page read and write

DAE000

direct allocation

page execute and read and write

1A0000

heap

page read and write

67A000

heap

page read and write

FF0000

heap

page read and write

7C4000

heap

page read and write

67F000

heap

page read and write

66E000

heap

page read and write

67B000

heap

page read and write

3C0000

direct allocation

page read and write

340000

direct allocation

page read and write

A9F000

stack

page read and write

C10000

direct allocation

page execute and read and write

3C0000

direct allocation

page read and write

BFD000

heap

page read and write

66A000

heap

page read and write

3BE000

stack

page read and write

3C0000

direct allocation

page read and write

1F0000

unkown

page readonly

8A0000

heap

page read and write

674000

heap

page read and write

B8C000

heap

page read and write

3C0000

direct allocation

page read and write

1F1000

unkown

page execute read

7C4000

heap

page read and write

676000

heap

page read and write

8A1000

heap

page read and write

D39000

direct allocation

page execute and read and write

67F000

heap

page read and write

67F000

heap

page read and write

1F0000

unkown

page readonly

67F000

heap

page read and write

B9F000

stack

page read and write

685000

heap

page read and write

674000

heap

page read and write

3C0000

direct allocation

page read and write

685000

heap

page read and write

F52000

direct allocation

page execute and read and write

EDD000

direct allocation

page execute and read and write

7C0000

heap

page read and write

660000

heap

page read and write

D3D000

direct allocation

page execute and read and write

B88000

heap

page read and write

14D000

stack

page read and write

There are 47 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
fTq2vadDnr.exe

Processes

Domains

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportfTq2vadDnr.exe

Processes

Domains

Memdumps

IOC Report
fTq2vadDnr.exe