Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\1234.exe

"C:\Users\user\Desktop\1234.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7492
Target ID:	0
Parent PID:	4056
Name:	1234.exe
Path:	C:\Users\user\Desktop\1234.exe
Commandline:	"C:\Users\user\Desktop\1234.exe"
Size:	696320
MD5:	E4836D25516A1658D3CBAD157ACACCB2
Time:	02:55:22
Date:	25/11/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	761856
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Machine Learning detection for sample	AV Detection
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
URLs found in memory or binary data	Networking

URLs

Name

Malicious

http://www.eyuyan.com)DVarFileInfo$

unknown

Domains

Name

Malicious

s-part-0035.t-0009.t-msedge.net

13.107.246.63

time.windows.com

unknown

Memdumps

Base Address

Regiontype

Protect

Malicious

22C0000

heap

page read and write

4B4000

unkown

page readonly

492000

unkown

page write copy

22F9000

heap

page read and write

19C000

stack

page read and write

2730000

trusted library allocation

page read and write

5AE000

heap

page read and write

306E000

stack

page read and write

49F000

unkown

page read and write

4A3000

unkown

page read and write

51E000

stack

page read and write

22F0000

heap

page read and write

540000

heap

page read and write

5A2000

heap

page read and write

2230000

heap

page read and write

302F000

stack

page read and write

496000

unkown

page write copy

400000

unkown

page readonly

56E000

heap

page read and write

22C4000

heap

page read and write

5C6000

heap

page read and write

401000

unkown

page execute read

4D0000

heap

page read and write

22F5000

heap

page read and write

5AB000

heap

page read and write

400000

unkown

page readonly

21C0000

heap

page read and write

229E000

stack

page read and write

492000

unkown

page write copy

2240000

heap

page read and write

47E000

unkown

page readonly

4B4000

unkown

page readonly

401000

unkown

page execute read

4A3000

unkown

page write copy

530000

heap

page read and write

56A000

heap

page read and write

97000

stack

page read and write

4AF000

unkown

page read and write

2234000

heap

page read and write

47E000

unkown

page readonly

82F000

stack

page read and write

5AA000

heap

page read and write

4C0000

heap

page read and write

494000

unkown

page read and write

5A6000

heap

page read and write

560000

heap

page read and write

316F000

stack

page read and write

There are 37 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
1234.exe

Processes

URLs

Domains

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report1234.exe

Processes

URLs

Domains

Memdumps

IOC Report
1234.exe