Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\MSIAB95.exe

"C:\Users\user\Desktop\MSIAB95.exe"

Details

Is windows:	true
Is dropped:	false
PID:	6644
Target ID:	0
Parent PID:	2580
Name:	MSIAB95.exe
Path:	C:\Users\user\Desktop\MSIAB95.exe
Commandline:	"C:\Users\user\Desktop\MSIAB95.exe"
Size:	712704
MD5:	F49FA6E44A93CCD5D9B9630C82176C15
Time:	21:52:13
Date:	23/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	712704
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3)	System Summary	Software Packing
PE file has an executable .text section and no other executable section	System Summary
Sample might require command line arguments	System Summary	Command and Scripting Interpreter

Memdumps

Base Address

Regiontype

Protect

Malicious

77F000

stack

page read and write

780000

heap

page read and write

9A000

stack

page read and write

885000

heap

page read and write

400000

unkown

page readonly

78C000

heap

page read and write

7E0000

heap

page read and write

2D60000

heap

page read and write

4AD000

unkown

page readonly

6CB76000

unkown

page read and write

61E000

stack

page read and write

6CB7A000

unkown

page write copy

670000

heap

page read and write

78E000

heap

page read and write

78E000

heap

page read and write

86D000

heap

page read and write

2A10000

heap

page read and write

21EF000

stack

page read and write

2C01000

heap

page read and write

78E000

heap

page read and write

7D0000

heap

page read and write

19C000

stack

page read and write

850000

heap

page read and write

630000

direct allocation

page execute read

2260000

direct allocation

page read and write

2C00000

heap

page read and write

401000

unkown

page execute read

78E000

heap

page read and write

78D000

heap

page read and write

1F0000

heap

page read and write

6CA60000

unkown

page readonly

4AD000

unkown

page readonly

2250000

heap

page read and write

401000

unkown

page execute read

78E000

heap

page read and write

78B000

heap

page read and write

6CA61000

unkown

page execute read

6CB7C000

unkown

page readonly

580000

heap

page read and write

7D9000

heap

page read and write

5DE000

stack

page read and write

6CB74000

unkown

page read and write

660000

heap

page read and write

783000

heap

page read and write

85B000

heap

page read and write

2A00000

heap

page read and write

788000

heap

page read and write

78E000

heap

page read and write

4AC000

unkown

page read and write

400000

unkown

page readonly

78E000

heap

page read and write

There are 41 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
MSIAB95.tmp

Processes

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportMSIAB95.tmp

Processes

Memdumps

IOC Report
MSIAB95.tmp