Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\null.exe

"C:\Users\user\Desktop\null.exe"

Details

Is windows:	false
Is dropped:	false
PID:	6420
Target ID:	1
Parent PID:	5060
Name:	null.exe
Path:	C:\Users\user\Desktop\null.exe
Commandline:	"C:\Users\user\Desktop\null.exe"
Size:	116224
MD5:	B4DD22013AEFAE6F721F0B67BE61DC91
Time:	18:52:17
Date:	23/05/2022
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7a43a0000
Modulesize:	135168
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Launches processes in debugging mode, may be used to hinder debugging	Anti Debugging	Disable or Modify Tools
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Spawns processes	System Summary	Process Injection
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file has a high image base, often used for DLLs	System Summary

C:\Users\user\Desktop\null.exe

Details

Is windows:	false
Is dropped:	false
PID:	860
Target ID:	2
Parent PID:	916
Name:	null.exe
Path:	C:\Users\user\Desktop\null.exe
Commandline:	C:\Users\user\Desktop\null.exe
Size:	116224
MD5:	B4DD22013AEFAE6F721F0B67BE61DC91
Time:	18:52:17
Date:	23/05/2022
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7a43a0000
Modulesize:	135168
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Launches processes in debugging mode, may be used to hinder debugging	Anti Debugging	Disable or Modify Tools
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Spawns processes	System Summary	Process Injection
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file has a high image base, often used for DLLs	System Summary

C:\Users\user\Desktop\null.exe

-a

Details

Is windows:	false
Is dropped:	false
PID:	4584
Target ID:	3
Parent PID:	860
Name:	null.exe
Path:	C:\Users\user\Desktop\null.exe
Commandline:	-a
Size:	116224
MD5:	B4DD22013AEFAE6F721F0B67BE61DC91
Time:	18:52:17
Date:	23/05/2022
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7a43a0000
Modulesize:	135168
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Launches processes in debugging mode, may be used to hinder debugging	Anti Debugging	Disable or Modify Tools
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Spawns processes	System Summary	Process Injection
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file has a high image base, often used for DLLs	System Summary

Domains

Name

Malicious

t1.hinitial.com

95.85.91.147

IPs

Domain

Country

Malicious

95.85.91.147

t1.hinitial.com

Russian Federation

Memdumps

Base Address

Regiontype

Protect

Malicious

AE0000

heap

page read and write

D80000

heap

page read and write

1027000

heap

page read and write

7FF7A43BF000

unkown

page readonly

1300000

heap

page read and write

7FF7A43A0000

unkown

page readonly

14B5000

heap

page read and write

1013000

heap

page read and write

13F0000

heap

page read and write

7FF7A43BB000

unkown

page read and write

7FF7A43A0000

unkown

page readonly

940000

heap

page read and write

7FF7A43BB000

unkown

page write copy

1026000

heap

page read and write

1040000

heap

page read and write

F3F000

stack

page read and write

1014000

heap

page read and write

B70000

heap

page read and write

7FF7A43BF000

unkown

page readonly

1020000

heap

page read and write

7FF7A43BF000

unkown

page readonly

7FF7A43BB000

unkown

page write copy

7FF7A43A1000

unkown

page execute read

7FF7A43BF000

unkown

page readonly

7FF7A43BB000

unkown

page write copy

180C000

stack

page read and write

2E20000

heap

page read and write

EFC000

stack

page read and write

7FF7A43BB000

unkown

page read and write

7FF7A43B5000

unkown

page readonly

FF0000

heap

page read and write

101F000

heap

page read and write

B94000

heap

page read and write

D8C000

heap

page read and write

B40000

heap

page read and write

1026000

heap

page read and write

7FF7A43BB000

unkown

page read and write

7FF7A43B5000

unkown

page readonly

13EE000

stack

page read and write

1022000

heap

page read and write

7FF7A43BF000

unkown

page readonly

7FF7A43A0000

unkown

page readonly

BA1000

heap

page read and write

7FF7A43BF000

unkown

page readonly

7FF7A43B5000

unkown

page readonly

7FF7A43B5000

unkown

page readonly

10F0000

heap

page read and write

7FF7A43B5000

unkown

page readonly

7FF7A43A0000

unkown

page readonly

7FF7A43A1000

unkown

page execute read

1026000

heap

page read and write

7FF7A43A1000

unkown

page execute read

10D0000

heap

page read and write

190F000

stack

page read and write

11EF000

stack

page read and write

2C60000

heap

page read and write

D00000

heap

page read and write

1100000

heap

page read and write

B78000

heap

page read and write

10F5000

heap

page read and write

2CA0000

heap

page read and write

7FF7A43A0000

unkown

page readonly

114E000

stack

page read and write

7FF7A43A0000

unkown

page readonly

7FF7A43B5000

unkown

page readonly

124F000

stack

page read and write

FF9000

heap

page read and write

12EF000

stack

page read and write

B91000

heap

page read and write

CFC000

stack

page read and write

B3C000

stack

page read and write

8E0000

heap

page read and write

2E26000

heap

page read and write

7FF7A43A1000

unkown

page execute read

104F000

stack

page read and write

1020000

heap

page read and write

7FF7A43A1000

unkown

page execute read

A00000

heap

page read and write

14B0000

heap

page read and write

7FF7A43A1000

unkown

page execute read

There are 70 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
null.exe

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportnull.exe

Processes

Domains

IPs

Memdumps

IOC Report
null.exe