Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\2852oQ7OHx.exe

"C:\Users\user\Desktop\2852oQ7OHx.exe"

Details

Is windows:	true
Is dropped:	false
PID:	4508
Target ID:	0
Parent PID:	1028
Name:	2852oQ7OHx.exe
Path:	C:\Users\user\Desktop\2852oQ7OHx.exe
Commandline:	"C:\Users\user\Desktop\2852oQ7OHx.exe"
Size:	471040
MD5:	19C5DE2EE75B5E364378B511EA5B960B
Time:	01:30:03
Date:	30/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	471040
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Contains functionality to start a terminal service	Remote Access Functionality	Remote Desktop Protocol
Machine Learning detection for sample	AV Detection
Sample might require command line arguments	System Summary	Command and Scripting Interpreter

Memdumps

Base Address

Regiontype

Protect

Malicious

451000

unkown

page readonly

9D000

stack

page read and write

46D000

unkown

page readonly

6C0000

heap

page read and write

400000

unkown

page readonly

401000

unkown

page execute read

451000

unkown

page readonly

590000

heap

page read and write

401000

unkown

page execute read

19E000

stack

page read and write

466000

unkown

page write copy

46D000

unkown

page readonly

400000

unkown

page readonly

466000

unkown

page write copy

There are 4 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
2852oQ7OHx.mem

Processes

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report2852oQ7OHx.mem

Processes

Memdumps

IOC Report
2852oQ7OHx.mem