Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\125.exe

"C:\Users\user\Desktop\125.exe"

Details

Is windows:	false
Is dropped:	false
PID:	6812
Target ID:	0
Parent PID:	2580
Name:	125.exe
Path:	C:\Users\user\Desktop\125.exe
Commandline:	"C:\Users\user\Desktop\125.exe"
Size:	19177181
MD5:	44B14057FF868E25AD444FAC098D89F0
Time:	18:41:01
Date:	19/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	122880
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
PE file contains sections with non-standard names	Data Obfuscation
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
Submission file is bigger than most known malware samples	System Summary

Memdumps

Base Address

Regiontype

Protect

Malicious

40D000

unkown

page readonly

83E000

heap

page read and write

832000

heap

page read and write

60E000

stack

page read and write

836000

heap

page read and write

7E0000

heap

page read and write

82A000

heap

page read and write

24EE000

stack

page read and write

40D000

unkown

page readonly

84C000

heap

page read and write

401000

unkown

page execute read

3C4E000

stack

page read and write

D0F000

stack

page read and write

7F9000

heap

page read and write

41A000

unkown

page write copy

810000

heap

page read and write

41D000

unkown

page write copy

7F5000

heap

page read and write

41D000

unkown

page write copy

82F000

heap

page read and write

832000

heap

page read and write

272E000

stack

page read and write

7F0000

heap

page read and write

837000

heap

page read and write

3DC4000

heap

page read and write

82A000

heap

page read and write

4310000

trusted library allocation

page read and write

833000

heap

page read and write

3C50000

heap

page read and write

832000

heap

page read and write

400000

unkown

page readonly

150000

heap

page read and write

B0E000

stack

page read and write

400000

unkown

page readonly

430F000

stack

page read and write

100000

heap

page read and write

832000

heap

page read and write

3DC0000

heap

page read and write

401000

unkown

page execute read

818000

heap

page read and write

26EF000

stack

page read and write

83D000

heap

page read and write

1BE000

stack

page read and write

170000

heap

page read and write

61C000

stack

page read and write

617000

stack

page read and write

9A000

stack

page read and write

82E000

heap

page read and write

14E000

stack

page read and write

41A000

unkown

page read and write

292F000

stack

page read and write

There are 41 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
125.exe

Processes

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report125.exe

Processes

Memdumps

IOC Report
125.exe