Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\ProduKey.exe

Details

Is windows:	false
Is dropped:	false
PID:	4460
Target ID:	0
Parent PID:	3528
Name:	ProduKey.exe
Path:	C:\Users\user\Desktop\ProduKey.exe
Commandline:	C:\Users\user\Desktop\ProduKey.exe
Size:	96464
MD5:	9260E593A0F2D798FDDC16A7B19AD808
Time:	18:27:36
Date:	07/02/2023
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	94208
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
URLs found in memory or binary data	Networking
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
PE file contains a mix of resources often seen in goodware	System Summary
PE / OLE file has a valid certificate	Compliance, System Summary

URLs

Name

Malicious

http://www.nirsoft.net/utils/product_cd_key_viewer.html/stext/shtml/sverhtml/sxml/stab/scomma/stabul

unknown

Details

Name:	http://www.nirsoft.net/utils/product_cd_key_viewer.html/stext/shtml/sverhtml/sxml/stab/scomma/stabul
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\ProduKey.exe
Source:	ProduKey.exe
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

http://www.nirsoft.net/

unknown

http://www.nirsoft.net/utils/product_cd_key_viewer.html

unknown

Memdumps

Base Address

Regiontype

Protect

Malicious

24B1C680000

heap

page read and write

BC0000

heap

page read and write

24B1D3C0000

trusted library allocation

page read and write

400000

unkown

page readonly

BCE000

heap

page read and write

24B1C7D6000

heap

page read and write

448000

heap

page read and write

401000

unkown

page execute read

B6DB16B000

stack

page read and write

24B1D600000

trusted library allocation

page read and write

46F000

heap

page read and write

2600000

trusted library allocation

page read and write

BB0000

heap

page read and write

B6DB679000

stack

page read and write

476000

heap

page read and write

413000

unkown

page readonly

24B1CA59000

heap

page read and write

467000

heap

page read and write

46B000

heap

page read and write

40F000

unkown

page readonly

22A4000

heap

page read and write

24B1D650000

trusted library allocation

page read and write

24B1CA55000

heap

page read and write

24B1C6A0000

heap

page read and write

22A0000

heap

page read and write

2680000

heap

page read and write

413000

unkown

page readonly

400000

unkown

page readonly

24B1C540000

heap

page read and write

24B1C7DE000

heap

page read and write

B6DB6F9000

stack

page read and write

3A00000

heap

page read and write

269D000

heap

page read and write

24B1C7FE000

heap

page read and write

19C000

stack

page read and write

24B1C710000

trusted library allocation

page read and write

46C000

heap

page read and write

440000

heap

page read and write

24B1C7DD000

heap

page read and write

B6DB47E000

stack

page read and write

8AF000

stack

page read and write

BCB000

heap

page read and write

412000

unkown

page write copy

24B1C7DD000

heap

page read and write

24B1C798000

heap

page read and write

B6DB5FF000

stack

page read and write

5BE000

stack

page read and write

3C7F000

stack

page read and write

401000

unkown

page execute read

24B1C790000

heap

page read and write

3F10000

trusted library allocation

page read and write

24B1D5E0000

heap

page readonly

5D0000

heap

page read and write

40F000

unkown

page readonly

24B1C7E0000

heap

page read and write

95000

stack

page read and write

B6DB1ED000

stack

page read and write

412000

unkown

page read and write

470000

heap

page read and write

B6DB579000

stack

page read and write

268D000

heap

page read and write

24B1D5F0000

trusted library allocation

page read and write

24B1CA60000

trusted library allocation

page read and write

2688000

heap

page read and write

24B1C550000

trusted library allocation

page read and write

3B7E000

stack

page read and write

420000

heap

page read and write

24B1D5D0000

trusted library allocation

page read and write

24B1CA50000

heap

page read and write

30000

heap

page read and write

46F000

heap

page read and write

24B1C720000

trusted library allocation

page read and write

473000

heap

page read and write

B6DB4F9000

stack

page read and write

24B1C780000

trusted library allocation

page read and write

There are 65 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
ProduKey.exe

Processes

URLs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportProduKey.exe

Processes

URLs

Memdumps

IOC Report
ProduKey.exe