Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\Wow.exe

"C:\Users\user\Desktop\Wow.exe"

Details

Is windows:	false
Is dropped:	false
PID:	6500
Target ID:	0
Parent PID:	2580
Name:	Wow.exe
Path:	C:\Users\user\Desktop\Wow.exe
Commandline:	"C:\Users\user\Desktop\Wow.exe"
Size:	7699456
MD5:	5758D89ED392E2190C44C5183A6D23A3
Time:	12:50:28
Date:	31/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	10473472
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
PE file contains an invalid checksum	Data Obfuscation
PE file contains executable resources (Code or Archives)	System Summary
PE file contains sections with non-standard names	Data Obfuscation
Uses 32bit PE files	Compliance, System Summary
URLs found in memory or binary data	Networking
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
PE file has a big raw section	System Summary
PE file has a big code size	System Summary
Submission file is bigger than most known malware samples	System Summary

URLs

Name

Malicious

http://support.worldofwarcraft.com/kb/

unknown

http://support.worldofwarcraft.com/kb/http://support.wowtaiwan.com.tw/kb/http://cn.kbase.blizzard.co

unknown

http://www.blizzard.com

unknown

http://support.worldofwarcraft.co.kr/kb/

unknown

http://support.wowtaiwan.com.tw/kb/

unknown

http://support.wow-europe.com/kb/

unknown

http://eu.tracker.worldofwarcraft.com:3724/announce

unknown

http://cn.kbase.blizzard.com/kb/wow/

unknown

http://us.tracker.worldofwarcraft.com:3724/announce

unknown

http://us.tracker.worldofwarcraft.com:3724/announcehttp://eu.tracker.worldofwarcraft.com:3724/announ

unknown

Memdumps

Base Address

Regiontype

Protect

Malicious

400000

unkown

page readonly

9E0000

unkown

page readonly

10B0000

heap

page read and write

1420000

heap

page read and write

AEE000

unkown

page write copy

AEE000

unkown

page write copy

B1C000

unkown

page write copy

AB6000

unkown

page write copy

2B10000

heap

page read and write

FE0000

heap

page read and write

AB6000

unkown

page write copy

401000

unkown

page execute read

FA0000

heap

page read and write

F6C000

stack

page read and write

106E000

stack

page read and write

DD3000

unkown

page readonly

B1C000

unkown

page write copy

100000

heap

page read and write

118B000

heap

page read and write

401000

unkown

page execute read

1E0000

heap

page read and write

9DF000

unkown

page readonly

9B000

stack

page read and write

1180000

heap

page read and write

2EEF000

stack

page read and write

400000

unkown

page readonly

DD3000

unkown

page readonly

2B13000

heap

page read and write

401000

unkown

page execute read

1199000

heap

page read and write

9DF000

unkown

page read and write

There are 21 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
Wow.exe

Processes

URLs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportWow.exe

Processes

URLs

Memdumps

IOC Report
Wow.exe