Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\GB72405.exe

"C:\Users\user\Desktop\GB72405.exe"

Details

Is windows:	false
Is dropped:	false
PID:	5948
Target ID:	0
Parent PID:	4552
Name:	GB72405.exe
Path:	C:\Users\user\Desktop\GB72405.exe
Commandline:	"C:\Users\user\Desktop\GB72405.exe"
Size:	3110227
MD5:	B13E8F3D2779AA2102E2C3DB3B2957D2
Time:	13:58:03
Date:	08/05/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	1228800
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
PE file has a writeable .text section	System Summary
PE file contains an invalid checksum	Data Obfuscation
PE file contains executable resources (Code or Archives)	System Summary
PE file contains sections with non-standard names	Data Obfuscation
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
Sample reads its own file content	System Summary
Spawns processes	System Summary	Process Injection
URLs found in memory or binary data	Networking
Submission file is bigger than most known malware samples	System Summary

C:\Users\user\Desktop\GB72405\GB72405_AHDF.001\OM_LOCAL_FLOPPY_1.44MB_S520_v1_1_DBSIGN\HDFloppyWrite.exe

"C:\Users\user\Desktop\GB72405\GB72405_AHDF.001\OM_LOCAL_FLOPPY_1.44MB_S520_v1_1_DBSIGN\HDFloppyWrite.exe" GB72405_AHDF.001\OM_LOCAL_FLOPPY_1.44MB_S520_v1_1_DBSIGN

Details

Is windows:	false
Is dropped:	true
PID:	7020
Target ID:	15
Parent PID:	5948
Name:	HDFloppyWrite.exe
Path:	C:\Users\user\Desktop\GB72405\GB72405_AHDF.001\OM_LOCAL_FLOPPY_1.44MB_S520_v1_1_DBSIGN\HDFloppyWrite.exe
Commandline:	"C:\Users\user\Desktop\GB72405\GB72405_AHDF.001\OM_LOCAL_FLOPPY_1.44MB_S520_v1_1_DBSIGN\HDFloppyWrite.exe" GB72405_AHDF.001\OM_LOCAL_FLOPPY_1.44MB_S520_v1_1_DBSIGN
Size:	617472
MD5:	D0509B5E9ECFB035B20942C012DE19EC
Time:	13:59:01
Date:	08/05/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	880640
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Drops PE files	Persistence and Installation Behavior
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

URLs

Name

Malicious

http://www.pkware.com/

unknown

Details

Name:	http://www.pkware.com/
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\GB72405.exe
Source:	GB72405.exe, 00000000.00000003.1039843785.00000000007B2000.00000004.00000020.00020000.00000000.sdmp
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

http://www.openssl.org/support/faq.html....................

unknown

http://www.openssl.org/support/faq.html

unknown

Memdumps

Base Address

Regiontype

Protect

Malicious

2670000

heap

page read and write

51A000

heap

page read and write

2ABF000

stack

page read and write

7B2000

heap

page read and write

7E3000

heap

page read and write

7CF000

heap

page read and write

7C7000

heap

page read and write

4D3000

unkown

page readonly

7C7000

heap

page read and write

7E2000

heap

page read and write

4C8000

unkown

page read and write

7C7000

heap

page read and write

4D2000

unkown

page read and write

7C8000

heap

page read and write

7A8000

heap

page read and write

7E1000

heap

page read and write

7D2000

heap

page read and write

3BAE000

stack

page read and write

2320000

heap

page read and write

819000

heap

page read and write

2449000

heap

page read and write

7DF000

heap

page read and write

7CF000

heap

page read and write

43B000

unkown

page execute read

532000

heap

page read and write

4D4000

unkown

page execute and write copy

79E000

heap

page read and write

19D000

stack

page read and write

51C000

heap

page read and write

529000

unkown

page execute and read and write

7EF000

heap

page read and write

2330000

heap

page read and write

48D000

unkown

page readonly

7D0000

heap

page read and write

4CCF000

stack

page read and write

7E1000

heap

page read and write

2310000

heap

page read and write

2AFE000

stack

page read and write

675000

heap

page read and write

A9F000

stack

page read and write

750000

direct allocation

page execute and read and write

7CE000

heap

page read and write

519000

heap

page read and write

6D0000

heap

page read and write

23E1000

heap

page read and write

7D2000

heap

page read and write

7D9000

heap

page read and write

48D000

unkown

page readonly

515000

heap

page read and write

9A000

stack

page read and write

7E2000

heap

page read and write

7D6000

heap

page read and write

4EA000

heap

page read and write

806000

heap

page read and write

3CAF000

stack

page read and write

24A9000

heap

page read and write

7A2000

heap

page read and write

7FA000

heap

page read and write

7D1000

heap

page read and write

79E000

heap

page read and write

24A5000

heap

page read and write

2D3E000

stack

page read and write

95F000

stack

page read and write

530000

heap

page read and write

4CC000

unkown

page write copy

700000

heap

page read and write

7E2000

heap

page read and write

B6F000

stack

page read and write

7B8000

heap

page read and write

526000

heap

page read and write

2440000

heap

page read and write

9A000

stack

page read and write

81E000

stack

page read and write

4EE000

heap

page read and write

4FD000

heap

page read and write

2360000

heap

page read and write

7D2000

heap

page read and write

96F000

stack

page read and write

2BFF000

stack

page read and write

6FE000

stack

page read and write

2D7E000

stack

page read and write

2370000

heap

page read and write

7F4000

heap

page read and write

400000

unkown

page readonly

7A6000

heap

page read and write

7B2000

heap

page read and write

500000

heap

page read and write

50E000

heap

page read and write

2C3E000

stack

page read and write

526000

unkown

page execute and read and write

401000

unkown

page execute and read and write

517000

heap

page read and write

99E000

stack

page read and write

7F7000

heap

page read and write

506000

heap

page read and write

7C4000

heap

page read and write

7B3000

heap

page read and write

79B000

heap

page read and write

7DF000

heap

page read and write

7D2000

heap

page read and write

802000

heap

page read and write

7E1000

heap

page read and write

2674000

heap

page read and write

4990000

heap

page read and write

3F50000

trusted library allocation

page read and write

265E000

stack

page read and write

2330000

heap

page read and write

7E1000

heap

page read and write

670000

heap

page read and write

7B5000

heap

page read and write

521000

heap

page read and write

770000

heap

page read and write

4BCE000

stack

page read and write

4E0C000

stack

page read and write

523000

heap

page read and write

500000

heap

page read and write

4CD000

unkown

page write copy

4D0C000

stack

page read and write

5F0000

heap

page read and write

7D2000

heap

page read and write

2E7F000

stack

page read and write

7E9000

heap

page read and write

24A0000

heap

page read and write

7DC000

heap

page read and write

4D1000

unkown

page write copy

520000

heap

page read and write

7D1000

heap

page read and write

4980000

heap

page read and write

4B8000

unkown

page read and write

7D2000

heap

page read and write

4E0000

heap

page read and write

6BE000

stack

page read and write

3B6F000

stack

page read and write

1D0000

heap

page read and write

79A000

heap

page read and write

79A000

heap

page read and write

198000

stack

page read and write

3A6E000

stack

page read and write

7D1000

heap

page read and write

85E000

stack

page read and write

7AD000

heap

page read and write

7E2000

heap

page read and write

511000

heap

page read and write

4CB000

unkown

page read and write

77E000

heap

page read and write

400000

unkown

page readonly

4D1000

unkown

page read and write

2430000

heap

page read and write

4CC000

unkown

page read and write

720000

heap

page read and write

4120000

trusted library allocation

page read and write

77A000

heap

page read and write

51F000

heap

page read and write

65E000

stack

page read and write

2374000

heap

page read and write

610000

heap

page read and write

7D1000

heap

page read and write

71E000

stack

page read and write

43E000

unkown

page execute read

2324000

heap

page read and write

A6F000

stack

page read and write

2445000

heap

page read and write

7D1000

heap

page read and write

504000

heap

page read and write

4B5000

unkown

page readonly

7BA000

heap

page read and write

There are 156 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
GB72405.exe

Files

Processes

URLs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportGB72405.exe

Files

Processes

URLs

Memdumps

IOC Report
GB72405.exe