Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\sq4TBEDm0b.exe

"C:\Users\user\Desktop\sq4TBEDm0b.exe"

Details

Is windows:	false
Is dropped:	false
PID:	6900
Target ID:	0
Parent PID:	4004
Name:	sq4TBEDm0b.exe
Path:	C:\Users\user\Desktop\sq4TBEDm0b.exe
Commandline:	"C:\Users\user\Desktop\sq4TBEDm0b.exe"
Size:	8388608
MD5:	DDE7257C1717972D4F8CF9A48288B894
Time:	12:05:08
Date:	29/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x140000000
Modulesize:	135168
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
PE file contains an invalid checksum	Data Obfuscation
PE file does not import any functions	System Summary
Sample file is different than original file name gathered from version info	System Summary
Binary contains device paths (device paths are often used for kernel mode <-> user mode communication)	System Summary
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a mix of data directories often seen in goodware	System Summary
PE file has a high image base, often used for DLLs	System Summary
Submission file is bigger than most known malware samples	System Summary

Domains

Name

Malicious

s-part-0017.t-0009.t-msedge.net

13.107.246.45

Memdumps

Base Address

Regiontype

Protect

Malicious

140011000

unkown

page write copy

14001D000

unkown

page readonly

140002000

unkown

page readonly

14001F000

unkown

page readonly

14001E000

unkown

page execute read

14001E000

unkown

page execute read

140011000

unkown

page write copy

140001000

unkown

page execute read

140000000

unkown

page readonly

14001D000

unkown

page readonly

14001F000

unkown

page readonly

140000000

unkown

page readonly

140002000

unkown

page readonly

140004000

unkown

page write copy

140001000

unkown

page execute read

140004000

unkown

page write copy

There are 6 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
sq4TBEDm0b.exe

Processes

Domains

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportsq4TBEDm0b.exe

Processes

Domains

Memdumps

IOC Report
sq4TBEDm0b.exe