IOC Report
Mcafe.exe

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\Mcafe.exe

C:\Users\user\Desktop\Mcafe.exe

Details

Is windows:	false
Is dropped:	false
PID:	6080
Target ID:	0
Parent PID:	3452
Name:	Mcafe.exe
Path:	C:\Users\user\Desktop\Mcafe.exe
Commandline:	C:\Users\user\Desktop\Mcafe.exe
Size:	653824
MD5:	76166C4AD30E3DA0060F41FE59E465F1
Time:	11:10:15
Date:	28/05/2023
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff6c3130000
Modulesize:	675840
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
PE file contains sections with non-standard names	Data Obfuscation
PE file has an executable .text section and no other executable section	System Summary
PE file contains a valid data directory to section mapping	System Summary
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a mix of data directories often seen in goodware	System Summary
PE file has a high image base, often used for DLLs	System Summary

Memdumps

Base Address

Regiontype

Protect

Malicious

2727BA30000

trusted library allocation

page read and write

7FF6C3130000

unkown

page readonly

7691EFD000

stack

page read and write

7FF6C3145000

unkown

page write copy

73F6EFB000

stack

page read and write

7FF6C31CA000

unkown

page readonly

2727AAC0000

trusted library allocation

page read and write

7FF6C31B2000

unkown

page readonly

22894A90000

heap

page read and write

7FF6C3131000

unkown

page execute read

2727AC10000

heap

page read and write

2727AC10000

heap

page read and write

2727BA00000

trusted library allocation

page read and write

2727AC10000

heap

page read and write

2727B740000

trusted library allocation

page read and write

7FF6C314F000

unkown

page readonly

2727BA80000

trusted library allocation

page read and write

2727AB40000

heap

page read and write

7FF6C3147000

unkown

page readonly

2727AC2C000

heap

page read and write

73F6E7E000

stack

page read and write

2727ABC7000

heap

page read and write

2727AAB0000

heap

page read and write

7FF6C314F000

unkown

page readonly

2727ABC0000

heap

page read and write

7FF6C3131000

unkown

page execute read

73F6CFE000

stack

page read and write

2727AB20000

heap

page read and write

22894CA6000

heap

page read and write

73F6C7D000

stack

page read and write

7FF6C313D000

unkown

page readonly

2727B7B0000

trusted library allocation

page read and write

73F69AB000

stack

page read and write

7FF6C3130000

unkown

page readonly

2727AB79000

heap

page read and write

7FF6C313C000

unkown

page read and write

2727BA10000

heap

page readonly

7FF6C318E000

unkown

page readonly

2727AB75000

heap

page read and write

2727AD90000

trusted library allocation

page read and write

2727AC08000

heap

page read and write

73F6D79000

stack

page read and write

22894CA0000

heap

page read and write

2727BA20000

trusted library allocation

page read and write

7FF6C31B2000

unkown

page readonly

7FF6C3145000

unkown

page read and write

7FF6C3147000

unkown

page readonly

73F6DF9000

stack

page read and write

2727B750000

trusted library allocation

page read and write

2727AB70000

heap

page read and write

2727B7C0000

trusted library allocation

page read and write

7FF6C3149000

unkown

page readonly

7FF6C318E000

unkown

page readonly

7FF6C31C1000

unkown

page readonly

7FF6C31C1000

unkown

page readonly

22894BD0000

heap

page read and write

7FF6C3149000

unkown

page readonly

7FF6C313C000

unkown

page readonly

7FF6C31CA000

unkown

page readonly

There are 49 hidden memdumps, click here to show them.