Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe

"C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7004
Target ID:	0
Parent PID:	2580
Name:	OlympusViewer-win2-4-1.exe
Path:	C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe
Commandline:	"C:\Users\user\Desktop\OlympusViewer-win2-4-1.exe"
Size:	81938432
MD5:	19EC441C0BFA8E22AAE49ACEFE0ED8A6
Time:	09:50:04
Date:	18/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x1000000
Modulesize:	81952768
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
PE file contains executable resources (Code or Archives)	System Summary
Uses 32bit PE files	Compliance, System Summary
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery
PE file has an executable .text section and no other executable section	System Summary
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
PE file has a big raw section	System Summary
Submission file is bigger than most known malware samples	System Summary

Memdumps

Base Address

Regiontype

Protect

Malicious

420C000

unkown

page readonly

528000

heap

page read and write

1A0C000

unkown

page readonly

380C000

unkown

page readonly

528000

heap

page read and write

1001000

unkown

page execute read

516000

heap

page read and write

50D000

heap

page read and write

513000

heap

page read and write

515000

heap

page read and write

420C000

unkown

page readonly

513000

heap

page read and write

2E0C000

unkown

page readonly

528000

heap

page read and write

516000

heap

page read and write

528000

heap

page read and write

511000

heap

page read and write

513000

heap

page read and write

513000

heap

page read and write

516000

heap

page read and write

528000

heap

page read and write

513000

heap

page read and write

513000

heap

page read and write

100C000

unkown

page readonly

515000

heap

page read and write

560C000

unkown

page readonly

4C0C000

unkown

page readonly

528000

heap

page read and write

528000

heap

page read and write

2E0C000

unkown

page readonly

1000000

unkown

page readonly

240C000

unkown

page readonly

515000

heap

page read and write

50E000

heap

page read and write

511000

heap

page read and write

515000

heap

page read and write

511000

heap

page read and write

240C000

unkown

page readonly

50E000

heap

page read and write

513000

heap

page read and write

528000

heap

page read and write

513000

heap

page read and write

528000

heap

page read and write

513000

heap

page read and write

1A0C000

unkown

page readonly

380C000

unkown

page readonly

100C000

unkown

page readonly

100A000

unkown

page write copy

513000

heap

page read and write

528000

heap

page read and write

There are 40 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
OlympusViewer-win2-4-1.exe

Processes

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportOlympusViewer-win2-4-1.exe

Processes

Memdumps

IOC Report
OlympusViewer-win2-4-1.exe