Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\qOiBFeRq7X.exe

"C:\Users\user\Desktop\qOiBFeRq7X.exe"

Details

Is windows:	false
Is dropped:	false
PID:	2512
Target ID:	0
Parent PID:	5692
Name:	qOiBFeRq7X.exe
Path:	C:\Users\user\Desktop\qOiBFeRq7X.exe
Commandline:	"C:\Users\user\Desktop\qOiBFeRq7X.exe"
Size:	4145664
MD5:	E350CBAB3B64E8F7E523619721392D21
Time:	07:55:17
Date:	23/09/2022
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xf20000
Modulesize:	4554752
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Installs a raw input device (often for capturing keystrokes)	Key, Mouse, Clipboard, Microphone and Screen Capturing	Input Capture
PE file contains more sections than normal	System Summary
PE file contains sections with non-standard names	Data Obfuscation
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011)	System Summary	Software Packing
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
Spawns processes	System Summary	Process Injection
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file has a big raw section	System Summary
PE file has a big code size	System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	5384
Target ID:	1
Parent PID:	2512
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	625664
MD5:	EA777DEEA782E8B4D7C7C33BBF8A4496
Time:	07:55:18
Date:	23/09/2022
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff6da640000
Modulesize:	651264
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

IPs

Domain

Country

Malicious

185.25.204.244

unknown

Italy

Details

IP:	185.25.204.244
TargetID:	0
Current Path:	C:\Users\user\Desktop\qOiBFeRq7X.exe
Country:	Italy
Countrycode:	ITA
ASN number:	60798
ASN name:	ASSERVEREASYIT
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

1351000

unkown

page readonly

11CF000

unkown

page read and write

C0000AC000

direct allocation

page read and write

2D0DA4A0000

direct allocation

page read and write

C000035000

direct allocation

page read and write

12FD000

unkown

page write copy

C000043000

direct allocation

page read and write

C00009E000

direct allocation

page read and write

FEDE5FD000

stack

page read and write

118A000

unkown

page read and write

FEDF1FE000

stack

page read and write

C00009A000

direct allocation

page read and write

2D0DA660000

heap

page read and write

2D0DA2A0000

heap

page read and write

C000110000

direct allocation

page read and write

118B000

unkown

page write copy

2D0DA604000

direct allocation

page read and write

1051000

unkown

page readonly

C00002E000

direct allocation

page read and write

C000086000

direct allocation

page read and write

2D0FFF72000

direct allocation

page read and write

C000088000

direct allocation

page read and write

1377000

unkown

page readonly

11FC000

unkown

page readonly

2D0DA280000

heap

page read and write

F20000

unkown

page readonly

C0000B4000

direct allocation

page read and write

1184000

unkown

page read and write

C000002000

direct allocation

page read and write

C000100000

direct allocation

page read and write

C00000E000

direct allocation

page read and write

C00008A000

direct allocation

page read and write

1199000

unkown

page write copy

C000004000

direct allocation

page read and write

C000116000

direct allocation

page read and write

2D0DA210000

heap

page read and write

1375000

unkown

page readonly

2D0DA665000

heap

page read and write

119C000

unkown

page read and write

C000010000

direct allocation

page read and write

C000014000

direct allocation

page read and write

C00008E000

direct allocation

page read and write

FEDE9FF000

stack

page read and write

2D0DA4A9000

direct allocation

page read and write

119D000

unkown

page write copy

1240000

unkown

page readonly

C00004E000

direct allocation

page read and write

FEDE7FF000

stack

page read and write

C000025000

direct allocation

page read and write

C00001A000

direct allocation

page read and write

C00003A000

direct allocation

page read and write

C0000C4000

direct allocation

page read and write

2D0DA220000

direct allocation

page read and write

C0000CE000

direct allocation

page read and write

2D0DA600000

direct allocation

page read and write

C0000C0000

direct allocation

page read and write

11FC000

unkown

page readonly

FEDEFFE000

stack

page read and write

C000020000

direct allocation

page read and write

C000084000

direct allocation

page read and write

C000052000

direct allocation

page read and write

C0000B0000

direct allocation

page read and write

1189000

unkown

page write copy

2D0DA4AB000

direct allocation

page read and write

C000092000

direct allocation

page read and write

C0000BA000

direct allocation

page read and write

1198000

unkown

page read and write

11F6000

unkown

page read and write

C000124000

direct allocation

page read and write

C000112000

direct allocation

page read and write

12FE000

unkown

page readonly

F21000

unkown

page execute read

12FE000

unkown

page readonly

C000012000

direct allocation

page read and write

2D0DA2D0000

heap

page read and write

C00000C000

direct allocation

page read and write

2D0FFF70000

direct allocation

page read and write

F21000

unkown

page execute read

C000045000

direct allocation

page read and write

C000114000

direct allocation

page read and write

FEDEDFF000

stack

page read and write

2D0DA4A4000

direct allocation

page read and write

C00005B000

direct allocation

page read and write

C0000A4000

direct allocation

page read and write

C000122000

direct allocation

page read and write

C000018000

direct allocation

page read and write

C000016000

direct allocation

page read and write

2D0DA2D8000

heap

page read and write

2D0DA620000

direct allocation

page read and write

1375000

unkown

page readonly

1051000

unkown

page readonly

C00006C000

direct allocation

page read and write

1240000

unkown

page readonly

C00001E000

direct allocation

page read and write

C000006000

direct allocation

page read and write

C0000AE000

direct allocation

page read and write

C000033000

direct allocation

page read and write

1184000

unkown

page write copy

12FD000

unkown

page write copy

C0000BC000

direct allocation

page read and write

119E000

unkown

page read and write

C0000C6000

direct allocation

page read and write

C000038000

direct allocation

page read and write

C00011A000

direct allocation

page read and write

F20000

unkown

page readonly

C000074000

direct allocation

page read and write

1377000

unkown

page readonly

1351000

unkown

page readonly

C00005E000

direct allocation

page read and write

11C8000

unkown

page read and write

C000023000

direct allocation

page read and write

FEDEBFE000

stack

page read and write

C000070000

direct allocation

page read and write

There are 103 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
qOiBFeRq7X.exe

Processes

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportqOiBFeRq7X.exe

Processes

IPs

Memdumps

IOC Report
qOiBFeRq7X.exe