Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\LlDmBISVy0.exe

"C:\Users\user\Desktop\LlDmBISVy0.exe"

Details

Is windows:	false
Is dropped:	false
PID:	4488
Target ID:	0
Parent PID:	2580
Name:	LlDmBISVy0.exe
Path:	C:\Users\user\Desktop\LlDmBISVy0.exe
Commandline:	"C:\Users\user\Desktop\LlDmBISVy0.exe"
Size:	233984
MD5:	B9693B6541A22D01B100B867375279E6
Time:	12:18:00
Date:	10/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff755c20000
Modulesize:	249856
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Sample file is different than original file name gathered from version info	System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
URLs found in memory or binary data	Networking
PE file contains a valid data directory to section mapping	System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a mix of data directories often seen in goodware	System Summary
PE file has a high image base, often used for DLLs	System Summary

URLs

Name

Malicious

http://95.164.17.24:1224

unknown

https://hello.freeconference.com/login/access-code&HideSho&w&Close:/logo.icohttp://95.164.17.24:1224

unknown

https://hello.freeconference.com/login/access-code

unknown

Memdumps

Base Address

Regiontype

Protect

Malicious

7FF755C3D000

unkown

page write copy

7FF755C2B000

unkown

page read and write

7FF755C21000

unkown

page execute read

4C95FE000

stack

page read and write

7FF755C20000

unkown

page readonly

7FF755C20000

unkown

page readonly

7FF755C3D000

unkown

page read and write

7FF755C3E000

unkown

page readonly

7FF755C2C000

unkown

page readonly

108D872C000

heap

page read and write

4C96FF000

stack

page read and write

108D8729000

heap

page read and write

108D8630000

heap

page read and write

4C91EC000

stack

page read and write

4C94FE000

stack

page read and write

7FF755C2B000

unkown

page readonly

108D8720000

heap

page read and write

108D8550000

heap

page read and write

7FF755C21000

unkown

page execute read

7FF755C3E000

unkown

page readonly

There are 10 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
LlDmBISVy0.exe

Processes

URLs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportLlDmBISVy0.exe

Processes

URLs

Memdumps

IOC Report
LlDmBISVy0.exe