Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1319884.13784.6616.exe

"C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1319884.13784.6616.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7532
Target ID:	0
Parent PID:	2580
Name:	SecuriteInfo.com.Heuristic.HEUR.AGEN.1319884.13784.6616.exe
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1319884.13784.6616.exe
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1319884.13784.6616.exe"
Size:	94378
MD5:	9BB41DD377BD7E4F5CE55360442DF5FA
Time:	12:37:06
Date:	13/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	86016
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
PE file contains more sections than normal	System Summary
PE file contains sections with non-standard names	Data Obfuscation
PE file has an executable .text section and no other executable section	System Summary
Spawns processes	System Summary	Process Injection
URLs found in memory or binary data	Networking

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	7540
Target ID:	1
Parent PID:	7532
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	12:37:06
Date:	13/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7699e0000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://raw.githubusercontent.com/devxdfps/pqsup/main/FinalizarUmProcesso.exe

unknown

https://raw.githubusercontent.com/devxdfps/pqsup/main/FinalizarUmProcesso.exeDownload

unknown

Memdumps

Base Address

Regiontype

Protect

Malicious

414000

unkown

page readonly

400000

unkown

page readonly

7AC000

heap

page read and write

406000

unkown

page readonly

40F000

unkown

page readonly

61C000

stack

page read and write

414000

unkown

page readonly

400000

unkown

page readonly

40F000

unkown

page readonly

A9F000

stack

page read and write

C9F000

stack

page read and write

401000

unkown

page execute read

40A000

unkown

page read and write

7A6000

heap

page read and write

7A0000

heap

page read and write

80000

heap

page read and write

160000

heap

page read and write

406000

unkown

page readonly

40B000

unkown

page write copy

401000

unkown

page execute read

40A000

unkown

page write copy

There are 11 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
SecuriteInfo.com.Heuristic.HEUR.AGEN.1319884.13784.6616.exe

Processes

URLs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportSecuriteInfo.com.Heuristic.HEUR.AGEN.1319884.13784.6616.exe

Processes

URLs

Memdumps

IOC Report
SecuriteInfo.com.Heuristic.HEUR.AGEN.1319884.13784.6616.exe