Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Vmprotect.6275.24214.exe

"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Vmprotect.6275.24214.exe"

Details

Is windows:	false
Is dropped:	false
PID:	3180
Target ID:	0
Parent PID:	1028
Name:	SecuriteInfo.com.Trojan.Win64.Vmprotect.6275.24214.exe
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Vmprotect.6275.24214.exe
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Vmprotect.6275.24214.exe"
Size:	14430720
MD5:	7B5EAD3041EC05071EE6B28913D72547
Time:	19:36:04
Date:	24/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff682dd0000
Modulesize:	23007232
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
PE file contains section with special chars	System Summary
PE file contains sections with non-standard names	Data Obfuscation
Sample file is different than original file name gathered from version info	System Summary
Sample is known by Antivirus	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file has a big raw section	System Summary
PE file has a high image base, often used for DLLs	System Summary
Submission file is bigger than most known malware samples	System Summary

Memdumps

Base Address

Regiontype

Protect

Malicious

7FF682DD0000

unkown

page readonly

228D3084000

heap

page read and write

7FF682E1D000

unkown

page read and write

228D30BE000

heap

page read and write

228D309C000

heap

page read and write

228D30BC000

heap

page read and write

FCE66FB000

stack

page read and write

7FF682DE9000

unkown

page execute read

228D30BE000

heap

page read and write

228D30C3000

heap

page read and write

228D4B30000

heap

page read and write

7FF6843BF000

unkown

page readonly

7FF682DE7000

unkown

page read and write

228D4950000

trusted library allocation

page read and write

7FF6835FD000

unkown

page execute read

7FF6835FC000

unkown

page read and write

7FF682DD1000

unkown

page execute read

228D30CF000

heap

page read and write

228D30C4000

heap

page read and write

FCE67FE000

stack

page read and write

228D4930000

heap

page read and write

7FF682DE8000

unkown

page readonly

228D3080000

heap

page read and write

7FF682E23000

unkown

page execute read

7FF682DE1000

unkown

page readonly

228D30C3000

heap

page read and write

228D4950000

trusted library allocation

page read and write

7FF6835FC000

unkown

page write copy

7FF6835FD000

unkown

page execute read

228D30BE000

heap

page read and write

228D3090000

heap

page read and write

228D30A8000

heap

page read and write

228D49D0000

heap

page read and write

228D30C3000

heap

page read and write

228D2F50000

heap

page read and write

228D3060000

heap

page read and write

FCE68FE000

stack

page read and write

228D30D0000

heap

page read and write

7FF682DD0000

unkown

page readonly

7FF683FFD000

unkown

page execute read

7FF683FFD000

unkown

page execute read

228D3030000

heap

page read and write

7FF6843BF000

unkown

page readonly

228D30D0000

heap

page read and write

There are 34 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
SecuriteInfo.com.Trojan.Win64.Vmprotect.6275.24214.exe

Processes

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportSecuriteInfo.com.Trojan.Win64.Vmprotect.6275.24214.exe

Processes

Memdumps

IOC Report
SecuriteInfo.com.Trojan.Win64.Vmprotect.6275.24214.exe