Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\vovy0jYEM7.exe

'C:\Users\user\Desktop\vovy0jYEM7.exe'

Details

Is windows:	true
Is dropped:	false
PID:	6588
Target ID:	0
Parent PID:	6032
Name:	vovy0jYEM7.exe
Path:	C:\Users\user\Desktop\vovy0jYEM7.exe
Commandline:	'C:\Users\user\Desktop\vovy0jYEM7.exe'
Size:	143360
MD5:	AC98D2D71F3A4998ABE80DD6E0695FBA
Time:	03:47:07
Date:	28/03/2021
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	159744
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Urls found in memory or binary data	Networking

URLs

Name

Malicious

http://adrotate.sytes.net/cfgg.bin

unknown

Details

Name:	http://adrotate.sytes.net/cfgg.bin
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\vovy0jYEM7.exe
Source:	vovy0jYEM7.exe

Signature Hits	Behavior Group	Mitre Attack
Urls found in memory or binary data	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

401000

unkown image

page execute read

440000

heap default

page read and write

368000

unkown

page read and write

19C000

stack

page read and write

66E000

unkown

page read and write

422000

unkown image

page read and write

401000

unkown image

page execute read

36C000

unkown

page read and write

400000

unkown image

page readonly

400000

unkown image

page readonly

430000

unkown

page readonly

425000

unkown image

page readonly

8AF000

stack

page read and write

1F0000

unkown

page read and write

530000

heap default

page read and write

8B0000

unkown

page readonly

450000

unkown

page readonly

76F000

stack

page read and write

400000

unkown image

page readonly

20F0000

heap private

page read and write

7AE000

unkown

page read and write

520000

heap private

page read and write

9D000

unkown

page read and write

425000

unkown image

page readonly

53A000

heap default

page read and write

There are 15 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOCReport

Processes

URLs

Memdumps