Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\AIO.exe

"C:\Users\user\Desktop\AIO.exe"

Details

Is windows:	false
Is dropped:	false
PID:	4572
Target ID:	0
Parent PID:	5856
Name:	AIO.exe
Path:	C:\Users\user\Desktop\AIO.exe
Commandline:	"C:\Users\user\Desktop\AIO.exe"
Size:	4077056
MD5:	9C1181704C48D62DE14C5F682C4F5D5E
Time:	07:55:02
Date:	23/09/2022
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x1a0000
Modulesize:	4489216
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Installs a raw input device (often for capturing keystrokes)	Key, Mouse, Clipboard, Microphone and Screen Capturing	Input Capture
PE file contains more sections than normal	System Summary
PE file contains sections with non-standard names	Data Obfuscation
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011)	System Summary	Software Packing
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
Spawns processes	System Summary	Process Injection
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file has a big raw section	System Summary
PE file has a big code size	System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	4536
Target ID:	1
Parent PID:	4572
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	625664
MD5:	EA777DEEA782E8B4D7C7C33BBF8A4496
Time:	07:55:03
Date:	23/09/2022
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7fcd70000
Modulesize:	651264
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

IPs

Domain

Country

Malicious

185.25.204.244

unknown

Italy

Details

IP:	185.25.204.244
TargetID:	0
Current Path:	C:\Users\user\Desktop\AIO.exe
Country:	Italy
Countrycode:	ITA
ASN number:	60798
ASN name:	ASSERVEREASYIT
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

2228A620000

heap

page read and write

2D0000

unkown

page readonly

47A000

unkown

page readonly

C000086000

direct allocation

page read and write

C000084000

direct allocation

page read and write

C00003F000

direct allocation

page read and write

C000090000

direct allocation

page read and write

C00001A000

direct allocation

page read and write

1A0000

unkown

page readonly

C0000E2000

direct allocation

page read and write

C000035000

direct allocation

page read and write

C000070000

direct allocation

page read and write

C000023000

direct allocation

page read and write

402000

unkown

page write copy

C00008A000

direct allocation

page read and write

9405BFE000

stack

page read and write

2228A870000

heap

page read and write

2228A420000

heap

page read and write

C000004000

direct allocation

page read and write

C000038000

direct allocation

page read and write

2228A820000

direct allocation

page read and write

9405DFE000

stack

page read and write

409000

unkown

page write copy

C0000BC000

direct allocation

page read and write

94063FF000

stack

page read and write

C00006C000

direct allocation

page read and write

C0000BA000

direct allocation

page read and write

C00001E000

direct allocation

page read and write

C000052000

direct allocation

page read and write

C0000C6000

direct allocation

page read and write

41C000

unkown

page read and write

2228A5A4000

direct allocation

page read and write

2D0000

unkown

page readonly

57C000

unkown

page write copy

2228A628000

heap

page read and write

407000

unkown

page write copy

C00002E000

direct allocation

page read and write

C00008E000

direct allocation

page read and write

C0000B2000

direct allocation

page read and write

C0000A2000

direct allocation

page read and write

4BE000

unkown

page readonly

4BE000

unkown

page readonly

C00000E000

direct allocation

page read and write

C000043000

direct allocation

page read and write

416000

unkown

page read and write

2228A840000

direct allocation

page read and write

569000

unkown

page readonly

C0000AE000

direct allocation

page read and write

C000094000

direct allocation

page read and write

417000

unkown

page write copy

222B0180000

direct allocation

page read and write

C000020000

direct allocation

page read and write

C00005E000

direct allocation

page read and write

2228A875000

heap

page read and write

C000018000

direct allocation

page read and write

2228A5A9000

direct allocation

page read and write

C0000DA000

direct allocation

page read and write

C0000C2000

direct allocation

page read and write

41B000

unkown

page write copy

C0000AC000

direct allocation

page read and write

2228A5A0000

direct allocation

page read and write

C00000C000

direct allocation

page read and write

C000006000

direct allocation

page read and write

474000

unkown

page read and write

1A0000

unkown

page readonly

222B0184000

direct allocation

page read and write

C000002000

direct allocation

page read and write

41A000

unkown

page read and write

C0000AA000

direct allocation

page read and write

C00005B000

direct allocation

page read and write

C000074000

direct allocation

page read and write

2228A430000

direct allocation

page read and write

94059FD000

stack

page read and write

C00009C000

direct allocation

page read and write

2228A5AB000

direct allocation

page read and write

C0000C4000

direct allocation

page read and write

C00003A000

direct allocation

page read and write

C0000B8000

direct allocation

page read and write

2228A580000

heap

page read and write

C000088000

direct allocation

page read and write

94065FF000

stack

page read and write

C000098000

direct allocation

page read and write

9405FFF000

stack

page read and write

44D000

unkown

page read and write

569000

unkown

page readonly

2228A560000

heap

page read and write

1A1000

unkown

page execute read

C0000D8000

direct allocation

page read and write

C0000BE000

direct allocation

page read and write

1A1000

unkown

page execute read

2228A824000

direct allocation

page read and write

57C000

unkown

page write copy

C000016000

direct allocation

page read and write

47A000

unkown

page readonly

C0000CC000

direct allocation

page read and write

C00004E000

direct allocation

page read and write

57D000

unkown

page readonly

402000

unkown

page read and write

C000010000

direct allocation

page read and write

C000033000

direct allocation

page read and write

408000

unkown

page read and write

C000014000

direct allocation

page read and write

94061FE000

stack

page read and write

57D000

unkown

page readonly

There are 94 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
AIO.exe

Processes

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportAIO.exe

Processes

IPs

Memdumps

IOC Report
AIO.exe