Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\adobe.exe.bin.exe

"C:\Users\user\Desktop\adobe.exe.bin.exe"

Details

Is windows:	false
Is dropped:	false
PID:	6580
Target ID:	0
Parent PID:	4088
Name:	adobe.exe.bin.exe
Path:	C:\Users\user\Desktop\adobe.exe.bin.exe
Commandline:	"C:\Users\user\Desktop\adobe.exe.bin.exe"
Size:	2426880
MD5:	15C4B0373CCF36B67C7AEBFE2E2ACE0F
Time:	08:39:49
Date:	13/03/2025
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff6fd9b0000
Modulesize:	11898880
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Yara detected Xmrig cryptocurrency miner	Bitcoin Miner
PE file has nameless sections	System Summary
PE file contains an invalid checksum	Data Obfuscation
PE file contains more sections than normal	System Summary
PE file contains sections with non-standard names	Data Obfuscation
Sigma detected: Communication To Uncommon Destination Ports	System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011)	System Summary	Software Packing
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
Spawns processes	System Summary	Process Injection
PE file has a big raw section	System Summary
PE file has a high image base, often used for DLLs	System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	6504
Target ID:	1
Parent PID:	6580
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	08:39:49
Date:	13/03/2025
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff642da0000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

Domains

Name

Malicious

donate.v2.xmrig.com

199.247.27.41

Details

Name:	donate.v2.xmrig.com
IP:	199.247.27.41
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

domainup619.icu

185.189.68.38

IPs

Domain

Country

Malicious

178.128.242.134

unknown

Netherlands

Details

IP:	178.128.242.134
TargetID:	0
Current Path:	C:\Users\user\Desktop\adobe.exe.bin.exe
Country:	Netherlands
Countrycode:	NLD
ASN number:	14061
ASN name:	DIGITALOCEAN-ASNUS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Detected Stratum mining protocol	Bitcoin Miner
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Suricata IDS alerts with low severity for network traffic	Networking

185.188.182.40

unknown

Russian Federation

Details

IP:	185.188.182.40
TargetID:	0
Current Path:	C:\Users\user\Desktop\adobe.exe.bin.exe
Country:	Russian Federation
Countrycode:	RUS
ASN number:	50113
ASN name:	SUPERSERVERSDATACENTERRU
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Detected Stratum mining protocol	Bitcoin Miner
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Sigma detected: Communication To Uncommon Destination Ports	System Summary

Memdumps

Base Address

Regiontype

Protect

Malicious

21A684F0000

heap

page read and write

21A6828A000

heap

page read and write

252A8BE000

unkown

page read and write

21A6FE27000

heap

page read and write

21A68627000

heap

page read and write

21A6B827000

heap

page read and write

125A2755000

heap

page read and write

125A2600000

unkown

page readonly

125A443A000

unkown

page read and write

7FF6FE3D2000

unkown

page execute and write copy

21A68420000

heap

page read and write

125A25B0000

unkown

page read and write

125A2750000

heap

page read and write

7FF6FDF14000

unkown

page execute and write copy

125A23A0000

heap

page read and write

125A2390000

unkown

page readonly

125A4568000

unkown

page read and write

125A2747000

unkown

page read and write

21A67D5F000

direct allocation

page execute and read and write

125A62E0000

unkown

page read and write

7FF6FD9B1000

unkown

page execute and write copy

125A4840000

unkown

page readonly

125A23E0000

heap

page read and write

252ACFB000

unkown

page read and write

252AC7E000

unkown

page readonly

E1153FB000

stack

page read and write

125A494E000

unkown

page read and write

125A454E000

unkown

page read and write

125A6BE0000

unkown

page read and write

21A662BC000

heap

page read and write

21A67BD0000

heap

page read and write

125A23D1000

unkown

page readonly

125A4304000

unkown

page read and write

21A66358000

heap

page read and write

21A67E7F000

heap

page read and write

125A273E000

unkown

page read and write

21A68390000

heap

page read and write

21A662B0000

heap

page read and write

125A44A2000

unkown

page read and write

21A6C227000

heap

page read and write

21A6EA27000

heap

page read and write

252AAFE000

unkown

page read and write

E1159FE000

stack

page read and write

252ABFC000

unkown

page read and write

E114EFE000

stack

page read and write

21A6AE27000

heap

page read and write

125A441A000

unkown

page read and write

21A6F427000

heap

page read and write

E1155FC000

stack

page read and write

252A8C4000

unkown

page read and write

21A67D90000

heap

page read and write

7FF6FDB60000

unkown

page execute and write copy

125A456C000

unkown

page read and write

21A67D70000

direct allocation

page execute and read and write

125A62B0000

unkown

page readonly

125A23E8000

heap

page read and write

125A43B0000

unkown

page read and write

7FF6FDF00000

unkown

page execute and write copy

125A4366000

unkown

page read and write

252AB7E000

unkown

page readonly

21A67D58000

direct allocation

page execute and read and write

125A4440000

unkown

page read and write

21A69A27000

heap

page read and write

E114FFE000

stack

page read and write

125A4526000

unkown

page read and write

21A67BE0000

heap

page read and write

21A67F30000

heap

page read and write

21A67C55000

heap

page read and write

E1150FE000

stack

page read and write

21A67DA0000

heap

page read and write

7FF6FDF19000

unkown

page execute and write copy

21A66220000

heap

page read and write

21A67C50000

heap

page read and write

125A44E4000

unkown

page read and write

125A25F0000

unkown

page read and write

125A4B30000

unkown

page read and write

21A6D627000

heap

page read and write

125A63E0000

unkown

page read and write

7FF6FDF12000

unkown

page execute and write copy

125A2643000

heap

page read and write

21A6CC27000

heap

page read and write

21A684C9000

heap

page read and write

21A6A427000

heap

page read and write

252A8C6000

unkown

page read and write

21A684F0000

heap

page read and write

125A62D0000

unkown

page readonly

21A662B6000

heap

page read and write

21A67D50000

direct allocation

page execute and read and write

252AD7E000

unkown

page readonly

21A67EA1000

direct allocation

page execute and read and write

125A4240000

unkown

page read and write

E1157FE000

stack

page read and write

21A683A0000

heap

page read and write

21A684D1000

heap

page read and write

21A68471000

heap

page read and write

21A67B80000

direct allocation

page execute read

125A2640000

heap

page read and write

21A6E027000

heap

page read and write

21A67F33000

heap

page read and write

21A684E1000

heap

page read and write

125A275B000

heap

page read and write

E1156FE000

stack

page read and write

21A66365000

heap

page read and write

21A684A2000

heap

page read and write

E1153FE000

stack

page read and write

E1159FB000

stack

page read and write

7FF6FDBAC000

unkown

page execute and write copy

21A67BC0000

heap

page read and write

21A67E8B000

heap

page read and write

21A66140000

heap

page read and write

125A23B0000

unkown

page read and write

E1152FE000

stack

page read and write

E114918000

stack

page read and write

125A2650000

unkown

page read and write

E1154FC000

stack

page read and write

7FF6FDF0F000

unkown

page execute and write copy

E1158FE000

stack

page read and write

125A4434000

unkown

page read and write

21A67E60000

heap

page read and write

125A42A2000

unkown

page read and write

125A4504000

unkown

page read and write

21A69027000

heap

page read and write

7FF6FD9B0000

unkown

page readonly

125A2AF1000

unkown

page readonly

21A684D9000

heap

page read and write

21A67D80000

direct allocation

page execute and read and write

21A67B50000

heap

page read and write

21A67DE0000

heap

page read and write

21A67EB1000

direct allocation

page execute and read and write

21A66250000

heap

page read and write

There are 120 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
adobe.exe.bin.exe

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportadobe.exe.bin.exe

Processes

Domains

IPs

Memdumps

IOC Report
adobe.exe.bin.exe