Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\Setup.exe

"C:\Users\user\Desktop\Setup.exe"

Details

Is windows:	false
Is dropped:	false
PID:	4852
Target ID:	0
Parent PID:	2580
Name:	Setup.exe
Path:	C:\Users\user\Desktop\Setup.exe
Commandline:	"C:\Users\user\Desktop\Setup.exe"
Size:	1371648
MD5:	67890FCC5A391A8914E9FFAF209ABECD
Time:	09:19:53
Date:	28/03/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x140000000
Modulesize:	1417216
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
OS version to string mapping found (often used in BOTs)	Stealing of Sensitive Information
PE file contains sections with non-standard names	Data Obfuscation
Sample file is different than original file name gathered from version info	System Summary
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery
Sample is known by Antivirus	System Summary
URLs found in memory or binary data	Networking
PE file has a high image base, often used for DLLs	System Summary
Submission file is bigger than most known malware samples	System Summary

URLs

Name

Malicious

https://autohotkey.com

unknown

https://autohotkey.comCould

unknown

Memdumps

Base Address

Regiontype

Protect

Malicious

140125000

unkown

page execute

7EF000

stack

page read and write

8FE000

heap

page read and write

7F8000

stack

page read and write

8C0000

heap

page read and write

140132000

unkown

page readonly

7D2000

stack

page read and write

8F9000

heap

page read and write

2BB0000

heap

page read and write

1400F1000

unkown

page readonly

190000

heap

page read and write

140001000

unkown

page execute read

1400F1000

unkown

page readonly

8F9000

heap

page read and write

2A60000

heap

page read and write

8F5000

heap

page read and write

903000

heap

page read and write

8F1000

heap

page read and write

2C10000

heap

page read and write

8C7000

heap

page read and write

140001000

unkown

page execute read

8EA000

heap

page read and write

8F5000

heap

page read and write

140128000

unkown

page readonly

12B0000

heap

page read and write

4BBE000

stack

page read and write

12B5000

heap

page read and write

800000

heap

page read and write

140125000

unkown

page execute

140000000

unkown

page readonly

4FBF000

stack

page read and write

8F1000

heap

page read and write

140110000

unkown

page write copy

916000

heap

page read and write

1400DF000

unkown

page readonly

8F1000

heap

page read and write

7DF000

stack

page read and write

14011D000

unkown

page readonly

11BE000

stack

page read and write

140119000

unkown

page read and write

8F9000

heap

page read and write

7E3000

stack

page read and write

8F5000

heap

page read and write

140132000

unkown

page readonly

8F5000

heap

page read and write

140000000

unkown

page readonly

8E6000

heap

page read and write

2A70000

heap

page read and write

8F9000

heap

page read and write

916000

heap

page read and write

1400DF000

unkown

page readonly

140128000

unkown

page readonly

170000

heap

page read and write

14011D000

unkown

page readonly

DBE000

stack

page read and write

140110000

unkown

page read and write

90000

heap

page read and write

2BB3000

heap

page read and write

911000

heap

page read and write

8D7000

heap

page read and write

904000

heap

page read and write

There are 51 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
Setup.exe

Processes

URLs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportSetup.exe

Processes

URLs

Memdumps

IOC Report
Setup.exe