Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\5dtLgMI0Rh.exe

"C:\Users\user\Desktop\5dtLgMI0Rh.exe"

Details

Is windows:	false
Is dropped:	false
PID:	6152
Target ID:	0
Parent PID:	1028
Name:	5dtLgMI0Rh.exe
Path:	C:\Users\user\Desktop\5dtLgMI0Rh.exe
Commandline:	"C:\Users\user\Desktop\5dtLgMI0Rh.exe"
Size:	2650112
MD5:	B341AC1A1A31D085C9FFDFD4B83C88B8
Time:	16:23:30
Date:	28/03/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff72e910000
Modulesize:	2682880
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Sample file is different than original file name gathered from version info	System Summary
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file has a big raw section	System Summary
PE file has a high image base, often used for DLLs	System Summary
Submission file is bigger than most known malware samples	System Summary

Memdumps

Base Address

Regiontype

Protect

Malicious

7FF72EB9A000

unkown

page readonly

7FF72EB9E000

unkown

page readonly

7FF72EB9E000

unkown

page readonly

2605D42C000

heap

page read and write

2605D420000

heap

page read and write

2605D390000

heap

page read and write

2605D3C0000

heap

page read and write

2605D3A0000

heap

page read and write

7FF72E911000

unkown

page execute read

7FF72E935000

unkown

page readonly

7FF72E911000

unkown

page execute read

7FF72E910000

unkown

page readonly

7C0CAFF000

stack

page read and write

7FF72E935000

unkown

page readonly

7FF72E910000

unkown

page readonly

2605D790000

heap

page read and write

7FF72EB9A000

unkown

page readonly

There are 7 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
5dtLgMI0Rh.exe

Processes

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report5dtLgMI0Rh.exe

Processes

Memdumps

IOC Report
5dtLgMI0Rh.exe