Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\adminpriv.exe

"C:\Users\user\Desktop\adminpriv.exe"

Details

Is windows:	false
Is dropped:	false
PID:	2008
Target ID:	5
Parent PID:	5344
Name:	adminpriv.exe
Path:	C:\Users\user\Desktop\adminpriv.exe
Commandline:	"C:\Users\user\Desktop\adminpriv.exe"
Size:	252928
MD5:	5CAE01AEA8ED390CE9BEC17B6C1237E4
Time:	18:13:59
Date:	23/04/2024
Reason:	newprocess
Reputation:	moderate
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff746c10000
Modulesize:	270336
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Sample file is different than original file name gathered from version info	System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
URLs found in memory or binary data	Networking
PE file contains a valid data directory to section mapping	System Summary
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a mix of data directories often seen in goodware	System Summary
PE file has a high image base, often used for DLLs	System Summary

URLs

Name

Malicious

https://github.com/M2Team/NSudo

unknown

https://forums.mydigitallife.net/threads/59268/

unknown

Memdumps

Base Address

Regiontype

Protect

Malicious

25CDEE60000

heap

page read and write

25CDCF10000

heap

page read and write

7FF746C2E000

unkown

page readonly

25CDCEBF000

heap

page read and write

25CDCE98000

heap

page read and write

25CDE920000

heap

page read and write

7FF746C3D000

unkown

page readonly

7FF746C11000

unkown

page execute read

25CDE835000

heap

page read and write

25CDE730000

heap

page read and write

25CDE923000

heap

page read and write

7FF746C3D000

unkown

page readonly

25CDEE6F000

heap

page read and write

7FF746C3B000

unkown

page write copy

25CDCF05000

heap

page read and write

25CDE800000

trusted library section

page read and write

7FF746C10000

unkown

page readonly

25CDE830000

heap

page read and write

25CDCEE1000

heap

page read and write

25CDCEA3000

heap

page read and write

25CDCF09000

heap

page read and write

25CDE7E0000

trusted library section

page read and write

25CDEF60000

trusted library allocation

page read and write

25CDE840000

heap

page read and write

7FF746C3B000

unkown

page read and write

25CDCDF0000

heap

page read and write

25CDCF03000

heap

page read and write

7FF746C2E000

unkown

page readonly

25CDCECE000

heap

page read and write

25CDE7F0000

trusted library section

page read and write

25CDCF45000

heap

page read and write

25CDCEFB000

heap

page read and write

D11E13A000

stack

page read and write

7FF746C10000

unkown

page readonly

25CDCEE7000

heap

page read and write

D11E7FE000

stack

page read and write

25CDCEEF000

heap

page read and write

7FF746C11000

unkown

page execute read

D11E8FE000

stack

page read and write

25CDCEBB000

heap

page read and write

25CDCE90000

heap

page read and write

25CDCCB0000

heap

page read and write

There are 32 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
adminpriv.exe

Processes

URLs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportadminpriv.exe

Processes

URLs

Memdumps

IOC Report
adminpriv.exe