Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\file.bin.exe

"C:\Users\user\Desktop\file.bin.exe"

Details

Is windows:	false
Is dropped:	false
PID:	6616
Target ID:	0
Parent PID:	2580
Name:	file.bin.exe
Path:	C:\Users\user\Desktop\file.bin.exe
Commandline:	"C:\Users\user\Desktop\file.bin.exe"
Size:	1658368
MD5:	3FD97C8116999264C370A1B7FAB80BA6
Time:	18:19:51
Date:	18/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x140000000
Modulesize:	1708032
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
PE file contains an invalid checksum	Data Obfuscation
PE file contains sections with non-standard names	Data Obfuscation
Binary contains device paths (device paths are often used for kernel mode <-> user mode communication)	System Summary
PE file has an executable .text section and no other executable section	System Summary
PE file contains a valid data directory to section mapping	System Summary
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
PE file contains a mix of data directories often seen in goodware	System Summary
PE file has a high image base, often used for DLLs	System Summary
Submission file is bigger than most known malware samples	System Summary

IPs

Domain

Country

Malicious

92.118.112.89

unknown

Russian Federation

Details

IP:	92.118.112.89
TargetID:	0
Current Path:	C:\Users\user\Desktop\file.bin.exe
Country:	Russian Federation
Countrycode:	RUS
ASN number:	209401
ASN name:	GUDAEV-ASRU
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

14012D000

unkown

page readonly

1400C0000

unkown

page readonly

140000000

unkown

page readonly

1C0000

heap

page read and write

510000

direct allocation

page read and write

190000

heap

page read and write

DCE000

direct allocation

page execute and read and write

140000000

unkown

page readonly

5A7000

heap

page read and write

140117000

unkown

page write copy

140001000

unkown

page execute read

1A0000

heap

page read and write

14012D000

unkown

page readonly

D70000

direct allocation

page execute and read and write

140117000

unkown

page read and write

5BF000

heap

page read and write

140118000

unkown

page write copy

5A0000

heap

page read and write

14C000

stack

page read and write

140001000

unkown

page execute read

E30000

heap

page read and write

1400C0000

unkown

page readonly

There are 12 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
file.bin.exe

Processes

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportfile.bin.exe

Processes

IPs

Memdumps

IOC Report
file.bin.exe