Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\4NsDuAp8TA.exe

"C:\Users\user\Desktop\4NsDuAp8TA.exe"

Details

Is windows:	false
Is dropped:	false
PID:	1124
Target ID:	0
Parent PID:	1028
Name:	4NsDuAp8TA.exe
Path:	C:\Users\user\Desktop\4NsDuAp8TA.exe
Commandline:	"C:\Users\user\Desktop\4NsDuAp8TA.exe"
Size:	165400
MD5:	CAE6F54148013B927ED9F993F739AE2E
Time:	14:08:53
Date:	08/05/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	4001792
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
PE file contains an invalid checksum	Data Obfuscation
PE file contains executable resources (Code or Archives)	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
URLs found in memory or binary data	Networking

URLs

Name

Malicious

http://nsis.sf.net/NSIS_Error

unknown

http://nsis.sf.net/NSIS_ErrorError

unknown

http://nsis.sf.net/NSIS_Error(

unknown

Details

Name:	http://nsis.sf.net/NSIS_Error(
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\4NsDuAp8TA.exe
Source:	4NsDuAp8TA.exe, 00000000.00000002.2045049060.0000000000ADE000.00000004.00000020.00020000.00000000.sdmp
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

ADE000

heap

page read and write

A9E000

stack

page read and write

409000

unkown

page read and write

B28000

heap

page read and write

B07000

heap

page read and write

B0B000

heap

page read and write

980000

heap

page read and write

B03000

heap

page read and write

8C0000

heap

page read and write

24AE000

stack

page read and write

19A000

stack

page read and write

B07000

heap

page read and write

B0B000

heap

page read and write

2560000

heap

page read and write

995000

heap

page read and write

984000

heap

page read and write

2A6E000

stack

page read and write

400000

unkown

page readonly

AD0000

heap

page read and write

407000

unkown

page readonly

90E000

stack

page read and write

7A8000

unkown

page read and write

AA0000

heap

page read and write

2629000

heap

page read and write

CCF000

stack

page read and write

94E000

stack

page read and write

409000

unkown

page write copy

7A1000

unkown

page read and write

B0E000

heap

page read and write

2625000

heap

page read and write

795000

unkown

page read and write

400000

unkown

page readonly

401000

unkown

page execute read

990000

heap

page read and write

2580000

heap

page read and write

401000

unkown

page execute read

7BF000

unkown

page readonly

ADA000

heap

page read and write

7E0000

heap

page read and write

2620000

heap

page read and write

7BF000

unkown

page readonly

4410000

trusted library allocation

page read and write

B28000

heap

page read and write

407000

unkown

page readonly

2B6F000

stack

page read and write

2550000

heap

page read and write

99000

stack

page read and write

24EE000

stack

page read and write

There are 38 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
4NsDuAp8TA.exe

Processes

URLs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report4NsDuAp8TA.exe

Processes

URLs

Memdumps

IOC Report
4NsDuAp8TA.exe