Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\y83WAR4vQc.exe

"C:\Users\user\Desktop\y83WAR4vQc.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7444
Target ID:	0
Parent PID:	4056
Name:	y83WAR4vQc.exe
Path:	C:\Users\user\Desktop\y83WAR4vQc.exe
Commandline:	"C:\Users\user\Desktop\y83WAR4vQc.exe"
Size:	41984
MD5:	4EFFE13B0F91976BD70825F2EFF1077A
Time:	07:54:33
Date:	25/11/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	422072
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
PE file contains an invalid checksum	Data Obfuscation
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
URLs found in memory or binary data	Networking

URLs

Name

Malicious

http://nsis.sf.net/NSIS_Error

unknown

Details

Name:	http://nsis.sf.net/NSIS_Error
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\y83WAR4vQc.exe
Source:	y83WAR4vQc.exe, 00000000.00000002.1362400372.000000000062E000.00000004.00000020.00020000.00000000.sdmp
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

http://nsis.sf.net/NSIS_ErrorError

unknown

Memdumps

Base Address

Regiontype

Protect

Malicious

2254000

heap

page read and write

62A000

heap

page read and write

2190000

heap

page read and write

19A000

stack

page read and write

91F000

stack

page read and write

269E000

stack

page read and write

65B000

heap

page read and write

656000

heap

page read and write

670000

heap

page read and write

81F000

stack

page read and write

21F0000

heap

page read and write

431000

unkown

page read and write

400000

unkown

page readonly

65B000

heap

page read and write

408000

unkown

page write copy

217E000

stack

page read and write

99000

stack

page read and write

2199000

heap

page read and write

62E000

heap

page read and write

401000

unkown

page execute read

408000

unkown

page read and write

470000

heap

page read and write

401000

unkown

page execute read

211E000

stack

page read and write

5FE000

stack

page read and write

65E000

heap

page read and write

441000

unkown

page read and write

2200000

heap

page read and write

465000

unkown

page readonly

3FF0000

trusted library allocation

page read and write

4E0000

heap

page read and write

4CE000

stack

page read and write

2250000

heap

page read and write

2130000

heap

page read and write

422000

unkown

page read and write

465000

unkown

page readonly

656000

heap

page read and write

65F000

heap

page read and write

279F000

stack

page read and write

480000

heap

page read and write

400000

unkown

page readonly

4E5000

heap

page read and write

2195000

heap

page read and write

620000

heap

page read and write

20C0000

heap

page read and write

There are 35 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
y83WAR4vQc.exe

Processes

URLs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporty83WAR4vQc.exe

Processes

URLs

Memdumps

IOC Report
y83WAR4vQc.exe