Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Windows\System32\notepad.exe

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Desktop\batch file malware.bat.txt

Details

Is windows:	true
Is dropped:	false
PID:	7624
Target ID:	0
Parent PID:	3964
Name:	notepad.exe
Path:	C:\Windows\System32\notepad.exe
Commandline:	"C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Desktop\batch file malware.bat.txt
Size:	201216
MD5:	27F71B12CB585541885A31BE22F61C83
Time:	00:05:47
Date:	19/04/2025
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7d6920000
Modulesize:	229376
Wow64:	false

URLs

Name

Malicious

https://umpmfss.top/files/files/Amount.zip?da05d1c18e22cab98c

unknown

Details

Name:	https://umpmfss.top/files/files/Amount.zip?da05d1c18e22cab98c
TargetID:	0
From Memory:	true
Current Path:	C:\Windows\System32\notepad.exe
Source:	notepad.exe, 00000000.00000002.2413137464.0000026469A96000.00000004.00000020.00020000.00000000.sdmp, notepad.exe, 00000000.00000002.2413137464.0000026469ABB000.00000004.00000020.00020000.00000000.sdmp, batch file malware.bat.txt

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

Download

26469A50000

heap

page read and write

2646B430000

heap

page read and write

26469990000

heap

page read and write

26469A7B000

heap

page read and write

2646B41C000

heap

page read and write

2646B603000

heap

page read and write

8B07C78000

stack

page read and write

26469A80000

heap

page read and write

26469A96000

heap

page read and write

26469A78000

heap

page read and write

26469A48000

heap

page read and write

26469A72000

heap

page read and write

2646DB60000

heap

page read and write

2646B600000

heap

page read and write

2646D360000

trusted library allocation

page read and write

26469A40000

heap

page read and write

26469950000

heap

page read and write

26469ABB000

heap

page read and write

8B07DFD000

stack

page read and write

8B07EFF000

stack

page read and write

2646B410000

heap

page read and write

26469A7F000

heap

page read and write

2646B415000

heap

page read and write

26469A7B000

heap

page read and write

26469870000

heap

page read and write

2646B310000

trusted library allocation

page read and write

There are 16 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
batch file malware.bat.txt

Processes

URLs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportbatch file malware.bat.txt

Processes

URLs

Memdumps

IOC Report
batch file malware.bat.txt