Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\obs64.scr.exe

Details

Is windows:	false
Is dropped:	false
PID:	344
Target ID:	0
Parent PID:	3452
Name:	obs64.scr.exe
Path:	C:\Users\user\Desktop\obs64.scr.exe
Commandline:	C:\Users\user\Desktop\obs64.scr.exe
Size:	9445713
MD5:	8A43B78256248131B7EF4EC9CE5DC5C2
Time:	16:41:54
Date:	29/11/2022
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	8445952
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
PE file contains section with special chars	System Summary
PE file contains an invalid checksum	Data Obfuscation
PE file contains executable resources (Code or Archives)	System Summary
PE file contains sections with non-standard names	Data Obfuscation
Uses 32bit PE files	Compliance, System Summary
Sample is known by Antivirus	System Summary
PE file has a big raw section	System Summary
Submission file is bigger than most known malware samples	System Summary

URLs

Name

Malicious

http://www.airc.privt.com/tutorials/irc_commands2Incomplete

unknown

Memdumps

Base Address

Regiontype

Protect

Malicious

9B000

stack

page read and write

F07000

heap

page read and write

EEC000

heap

page read and write

2951000

heap

page read and write

DB4000

heap

page read and write

30000

heap

page read and write

DB4000

heap

page read and write

2AA0000

heap

page read and write

4CE000

unkown

page read and write

DB4000

heap

page read and write

ED2000

heap

page read and write

2AA8000

heap

page read and write

DB4000

heap

page read and write

D1E000

stack

page read and write

DB4000

heap

page read and write

751000

unkown

page execute read

D90000

heap

page read and write

DB4000

heap

page read and write

DB4000

heap

page read and write

EB0000

heap

page read and write

DFE000

heap

page read and write

DA0000

heap

page read and write

19C000

stack

page read and write

32E0000

trusted library allocation

page read and write

E30000

trusted library allocation

page read and write

F07000

heap

page read and write

4CA0000

trusted library allocation

page read and write

C0D000

unkown

page readonly

32D0000

heap

page read and write

EBA000

heap

page read and write

2AA5000

heap

page read and write

DE0000

trusted library allocation

page read and write

401000

unkown

page execute read

DA4000

heap

page read and write

504000

unkown

page execute read

DB4000

heap

page read and write

EEB000

heap

page read and write

10AF000

stack

page read and write

DF9000

heap

page read and write

DF9000

heap

page read and write

DB4000

heap

page read and write

C0D000

unkown

page readonly

D80000

trusted library allocation

page read and write

32E7000

trusted library allocation

page read and write

DB5000

heap

page read and write

DC0000

trusted library allocation

page execute read

ED8000

heap

page read and write

EEB000

heap

page read and write

DB0000

heap

page read and write

1F0000

trusted library allocation

page read and write

DB4000

heap

page read and write

11AF000

stack

page read and write

DB4000

heap

page read and write

DB4000

heap

page read and write

EEF000

heap

page read and write

4C20000

trusted library allocation

page read and write

E90000

trusted library allocation

page read and write

EDF000

heap

page read and write

ECE000

heap

page read and write

DB4000

heap

page read and write

DB5000

heap

page read and write

2AB0000

trusted library allocation

page read and write

DB4000

heap

page read and write

EEB000

heap

page read and write

EF2000

heap

page read and write

400000

unkown

page readonly

751000

unkown

page execute read

DF0000

heap

page read and write

4FE000

unkown

page read and write

DB4000

heap

page read and write

EEB000

heap

page read and write

DFC000

heap

page read and write

32E3000

trusted library allocation

page read and write

2950000

heap

page read and write

400000

unkown

page readonly

DB4000

heap

page read and write

4D9000

unkown

page execute read

DB5000

heap

page read and write

DB4000

heap

page read and write

DB4000

heap

page read and write

DF1000

heap

page read and write

DF6000

heap

page read and write

DB4000

heap

page read and write

EE0000

heap

page read and write

D5E000

stack

page read and write

2951000

heap

page read and write

ECE000

heap

page read and write

DB4000

heap

page read and write

ED6000

heap

page read and write

E80000

heap

page read and write

There are 80 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
obs64.scr.exe

Processes

URLs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportobs64.scr.exe

Processes

URLs

Memdumps

IOC Report
obs64.scr.exe