Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\MSIAB95.exe

"C:\Users\user\Desktop\MSIAB95.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7716
Target ID:	0
Parent PID:	2580
Name:	MSIAB95.exe
Path:	C:\Users\user\Desktop\MSIAB95.exe
Commandline:	"C:\Users\user\Desktop\MSIAB95.exe"
Size:	712704
MD5:	F49FA6E44A93CCD5D9B9630C82176C15
Time:	21:44:58
Date:	23/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	712704
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3)	System Summary	Software Packing
PE file has an executable .text section and no other executable section	System Summary
Sample might require command line arguments	System Summary	Command and Scripting Interpreter

Memdumps

Base Address

Regiontype

Protect

Malicious

81D000

heap

page read and write

81E000

heap

page read and write

655000

heap

page read and write

19C000

stack

page read and write

22B0000

heap

page read and write

81B000

heap

page read and write

620000

heap

page read and write

401000

unkown

page execute read

400000

unkown

page readonly

510000

heap

page read and write

2AF1000

heap

page read and write

20BF000

stack

page read and write

813000

heap

page read and write

740000

heap

page read and write

4AC000

unkown

page read and write

9A000

stack

page read and write

81E000

heap

page read and write

4AD000

unkown

page readonly

7D0000

heap

page read and write

2289000

heap

page read and write

63D000

heap

page read and write

818000

heap

page read and write

401000

unkown

page execute read

2280000

heap

page read and write

400000

unkown

page readonly

810000

heap

page read and write

81E000

heap

page read and write

81C000

heap

page read and write

81E000

heap

page read and write

81E000

heap

page read and write

2AF0000

heap

page read and write

1F0000

heap

page read and write

81E000

heap

page read and write

62B000

heap

page read and write

22C0000

trusted library allocation

page read and write

50E000

stack

page read and write

530000

heap

page read and write

4AD000

unkown

page readonly

610000

trusted library allocation

page execute read

750000

heap

page read and write

20C0000

heap

page read and write

81E000

heap

page read and write

4B0000

heap

page read and write

There are 33 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
MSIAB95.exe

Processes

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportMSIAB95.exe

Processes

Memdumps

IOC Report
MSIAB95.exe