Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\install_numarkidjliveii+(1).exe

"C:\Users\user\Desktop\install_numarkidjliveii+(1).exe"

Details

Is windows:	false
Is dropped:	false
PID:	7308
Target ID:	0
Parent PID:	2580
Name:	install_numarkidjliveii+(1).exe
Path:	C:\Users\user\Desktop\install_numarkidjliveii+(1).exe
Commandline:	"C:\Users\user\Desktop\install_numarkidjliveii+(1).exe"
Size:	940952
MD5:	049A333248120D695C0B344F9698DE4E
Time:	08:53:48
Date:	17/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x8d0000
Modulesize:	200704
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample reads its own file content	System Summary
URLs found in memory or binary data	Networking
PE file contains a valid data directory to section mapping	System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a mix of data directories often seen in goodware	System Summary
PE / OLE file has a valid certificate	Compliance, System Summary

URLs

Name

Malicious

http://www.virtualdj.com/0/

unknown

http://www.winimage.com/zLibDll

unknown

http://crl.thawte.com/ThawteTimestampingCA.crl0

unknown

http://www.symauth.com/cps0(

unknown

http://www.symauth.com/rpa00

unknown

http://ocsp.thawte.com0

unknown

Memdumps

Base Address

Regiontype

Protect

Malicious

8D1000

unkown

page execute read

73C000

heap

page read and write

8B5000

heap

page read and write

40D0000

trusted library allocation

page read and write

8F6000

unkown

page readonly

3F8000

stack

page read and write

740000

heap

page read and write

8D0000

unkown

page readonly

740000

heap

page read and write

8F6000

unkown

page readonly

74A000

heap

page read and write

8EA000

unkown

page readonly

8EA000

unkown

page readonly

2F9000

stack

page read and write

71E000

heap

page read and write

860000

heap

page read and write

73D000

heap

page read and write

738000

heap

page read and write

650000

heap

page read and write

70E000

stack

page read and write

744000

heap

page read and write

238E000

heap

page read and write

710000

heap

page read and write

8F4000

unkown

page read and write

748000

heap

page read and write

ADE000

stack

page read and write

670000

heap

page read and write

870000

heap

page read and write

738000

heap

page read and write

745000

heap

page read and write

258F000

stack

page read and write

8B0000

heap

page read and write

8B9000

heap

page read and write

BDF000

stack

page read and write

3D00000

heap

page read and write

8F4000

unkown

page write copy

3D04000

heap

page read and write

248E000

stack

page read and write

741000

heap

page read and write

744000

heap

page read and write

680000

heap

page read and write

73C000

heap

page read and write

73C000

heap

page read and write

740000

heap

page read and write

740000

heap

page read and write

734000

heap

page read and write

71A000

heap

page read and write

6CE000

stack

page read and write

8D0000

unkown

page readonly

8D1000

unkown

page execute read

There are 40 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
install_numarkidjliveii+(1).exe

Processes

URLs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportinstall_numarkidjliveii+(1).exe

Processes

URLs

Memdumps

IOC Report
install_numarkidjliveii+(1).exe