Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Windows\System32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Details

Is windows:	true
Is dropped:	false
PID:	6384
Target ID:	0
Parent PID:	796
Name:	OpenWith.exe
Path:	C:\Windows\System32\OpenWith.exe
Commandline:	C:\Windows\system32\OpenWith.exe -Embedding
Size:	111120
MD5:	D179D03728E95E040A889F760C1FC402
Time:	18:38:08
Date:	23/05/2022
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff79acd0000
Modulesize:	122880
Wow64:	false

Memdumps

Base Address

Regiontype

Protect

Malicious

1528CC50000

heap

page read and write

21C10FE000

stack

page read and write

1528CC10000

heap

page read and write

1528CC80000

heap

page read and write

21C107E000

stack

page read and write

21C0D5E000

stack

page read and write

1528CC55000

heap

page read and write

1528CBE0000

heap

page read and write

21C0CDA000

stack

page read and write

1528E5A0000

heap

page read and write

21C117E000

stack

page read and write

1528CCBB000

heap

page read and write

21C0DDE000

stack

page read and write

1528CAA0000

heap

page read and write

1528CC89000

heap

page read and write

There are 5 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
Velaro-Setup-3.0.1.exe.004

Processes

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportVelaro-Setup-3.0.1.exe.004

Processes

Memdumps

IOC Report
Velaro-Setup-3.0.1.exe.004