Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\MbYnGuRGnm.exe

Details

Is windows:	false
Is dropped:	false
PID:	7532
Target ID:	0
Parent PID:	2592
Name:	MbYnGuRGnm.exe
Path:	C:\Users\user\Desktop\MbYnGuRGnm.exe
Commandline:	C:\Users\user\Desktop\MbYnGuRGnm.exe
Size:	334336
MD5:	F671843CFDE5C734CE07AA5A35E32934
Time:	14:38:43
Date:	18/03/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	660912
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
URLs found in memory or binary data	Networking
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary

URLs

Name

Malicious

http://nsis.sf.net/NSIS_Error

unknown

Details

Name:	http://nsis.sf.net/NSIS_Error
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\MbYnGuRGnm.exe
Source:	MbYnGuRGnm.exe, 00000000.00000002.1282798108.0000000000618000.00000004.00000020.00020000.00000000.sdmp
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

http://nsis.sf.net/NSIS_ErrorError

unknown

Memdumps

Base Address

Regiontype

Protect

Malicious

400000

unkown

page readonly

2309000

heap

page read and write

5DE000

stack

page read and write

645000

heap

page read and write

62C000

heap

page read and write

2300000

heap

page read and write

400000

unkown

page readonly

441000

unkown

page read and write

422000

unkown

page read and write

2305000

heap

page read and write

610000

heap

page read and write

645000

heap

page read and write

63D000

heap

page read and write

618000

heap

page read and write

5500000

trusted library allocation

page read and write

641000

heap

page read and write

64E000

heap

page read and write

648000

heap

page read and write

644000

heap

page read and write

401000

unkown

page execute read

274F000

stack

page read and write

80E000

stack

page read and write

2250000

heap

page read and write

94F000

stack

page read and write

595000

heap

page read and write

431000

unkown

page read and write

5E0000

heap

page read and write

288F000

stack

page read and write

84E000

stack

page read and write

4120000

heap

page read and write

54F0000

heap

page read and write

98E000

stack

page read and write

663000

heap

page read and write

9A000

stack

page read and write

278E000

stack

page read and write

22A0000

heap

page read and write

648000

heap

page read and write

401000

unkown

page execute read

408000

unkown

page write copy

590000

heap

page read and write

66B000

heap

page read and write

641000

heap

page read and write

19A000

stack

page read and write

408000

unkown

page read and write

458000

unkown

page readonly

22A4000

heap

page read and write

458000

unkown

page readonly

A8F000

stack

page read and write

22EE000

stack

page read and write

4B0000

heap

page read and write

There are 40 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
MbYnGuRGnm.exe

Processes

URLs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportMbYnGuRGnm.exe

Processes

URLs

Memdumps

IOC Report
MbYnGuRGnm.exe