Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\AutoHotkey.exe

"C:\Users\user\Desktop\AutoHotkey.exe"

Details

Is windows:	false
Is dropped:	false
PID:	6236
Target ID:	0
Parent PID:	4004
Name:	AutoHotkey.exe
Path:	C:\Users\user\Desktop\AutoHotkey.exe
Commandline:	"C:\Users\user\Desktop\AutoHotkey.exe"
Size:	912384
MD5:	A88DB4D095E6D5A0B43BA59A20E5BF5D
Time:	07:19:21
Date:	16/01/2025
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	950272
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
OS version to string mapping found (often used in BOTs)	Stealing of Sensitive Information
Uses 32bit PE files	Compliance, System Summary
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery
PE file has an executable .text section and no other executable section	System Summary
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
URLs found in memory or binary data	Networking

URLs

Name

Malicious

https://autohotkey.com

unknown

https://autohotkey.comCould

unknown

Memdumps

Base Address

Regiontype

Protect

Malicious

BF2000

heap

page read and write

C15000

heap

page read and write

92E000

stack

page read and write

5C50000

trusted library allocation

page read and write

C02000

heap

page read and write

BEB000

heap

page read and write

C1B000

heap

page read and write

AB9000

heap

page read and write

100000

heap

page read and write

14CF000

stack

page read and write

2DF4000

heap

page read and write

A70000

heap

page read and write

2DF0000

heap

page read and write

400000

unkown

page readonly

4AD000

unkown

page readonly

AD0000

heap

page read and write

1E0000

heap

page read and write

401000

unkown

page execute read

C1B000

heap

page read and write

4D4000

unkown

page write copy

4DB000

unkown

page read and write

BD0000

heap

page read and write

9D0000

heap

page read and write

4D4000

unkown

page read and write

8DF000

stack

page read and write

AB5000

heap

page read and write

4AD000

unkown

page readonly

BF5000

heap

page read and write

4D6000

unkown

page read and write

4D5000

unkown

page write copy

BF9000

heap

page read and write

8CF000

stack

page read and write

4C0000

unkown

page readonly

9F0000

heap

page read and write

9A000

stack

page read and write

4DE000

unkown

page readonly

8EE000

stack

page read and write

4C0000

unkown

page readonly

8D8000

stack

page read and write

10CE000

stack

page read and write

BD8000

heap

page read and write

AC0000

heap

page read and write

96E000

stack

page read and write

BF5000

heap

page read and write

400000

unkown

page readonly

4DE000

unkown

page readonly

AB0000

heap

page read and write

401000

unkown

page execute read

BEE000

heap

page read and write

There are 39 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
AutoHotkey.exe

Processes

URLs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportAutoHotkey.exe

Processes

URLs

Memdumps

IOC Report
AutoHotkey.exe