Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\xbOnlYALvtUq.exe

Details

Is windows:	false
Is dropped:	false
PID:	3472
Target ID:	0
Parent PID:	1028
Name:	xbOnlYALvtUq.exe
Path:	C:\Users\user\Desktop\xbOnlYALvtUq.exe
Commandline:	C:\Users\user\Desktop\xbOnlYALvtUq.exe
Size:	24064
MD5:	2BDC913D338E004AC337CFE9A44ABC55
Time:	03:35:47
Date:	21/11/2023
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7a0000
Modulesize:	49152
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Yara detected Njrat	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Yara detected zgRAT	Stealing of Sensitive Information, Remote Access Functionality
Machine Learning detection for sample	AV Detection
Modifies the windows firewall	Lowering of HIPS / PFW / Operating System Security Settings	Disable or Modify Tools
Uses netsh to modify the Windows network and firewall settings	Lowering of HIPS / PFW / Operating System Security Settings	Disable or Modify Tools
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
Spawns processes	System Summary	Process Injection
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

C:\Windows\SysWOW64\netsh.exe

netsh firewall add allowedprogram "C:\Users\user\Desktop\xbOnlYALvtUq.exe" "xbOnlYALvtUq.exe" ENABLE

Details

Is windows:	true
Is dropped:	false
PID:	5148
Target ID:	2
Parent PID:	3472
Name:	netsh.exe
Path:	C:\Windows\SysWOW64\netsh.exe
Commandline:	netsh firewall add allowedprogram "C:\Users\user\Desktop\xbOnlYALvtUq.exe" "xbOnlYALvtUq.exe" ENABLE
Size:	82432
MD5:	4E89A1A088BE715D6C946E55AB07C7DF
Time:	03:35:54
Date:	21/11/2023
Reason:	newprocess
Reputation:	moderate
Is admin:	true
Is elevated:	true
Modulebase:	0x1080000
Modulesize:	122880
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Modifies the windows firewall	Lowering of HIPS / PFW / Operating System Security Settings	Disable or Modify Tools
Uses netsh to modify the Windows network and firewall settings	Lowering of HIPS / PFW / Operating System Security Settings	Disable or Modify Tools
Spawns processes	System Summary	Process Injection

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	2316
Target ID:	3
Parent PID:	5148
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	03:35:54
Date:	21/11/2023
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff6d64d0000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

0.tcp.sa.ngrok.io

Details

Name:	0.tcp.sa.ngrok.io
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\xbOnlYALvtUq.exe
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Multi AV Scanner detection for domain / URL	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

Domains

Name

Malicious

0.tcp.sa.ngrok.io

18.228.115.60

Details

Name:	0.tcp.sa.ngrok.io
IP:	18.228.115.60
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Snort IDS alert for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

18.228.115.60

0.tcp.sa.ngrok.io

United States

Details

IP:	18.228.115.60
TargetID:	0
Current Path:	C:\Users\user\Desktop\xbOnlYALvtUq.exe
Country:	United States
Countrycode:	USA
ASN number:	16509
ASN name:	AMAZON-02US
Private:	false
Domain:	0.tcp.sa.ngrok.io

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic	Networking
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

Registry

Path

Value

Malicious

HKEY_CURRENT_USER

Details

TargetID:	0
Path:	HKEY_CURRENT_USER
Value name:	di
Value data:	!

Signature Hits	Behavior Group	Mitre Attack
Stores large binary data to the registry	Hooking and other Techniques for Hiding and Protection	Modify Registry
Reads software policies	System Summary	System Information Discovery

HKEY_CURRENT_USER\Environment

SEE_MASK_NOZONECHECKS

HKEY_CURRENT_USER\SOFTWARE\5bfe00b9b88f2456727afb4cd20491af

[kl]

HKEY_CURRENT_USER\SOFTWARE\5bfe00b9b88f2456727afb4cd20491af

3fc6b884fbc29ec00482827c26669b2b

Details

TargetID:	0
Path:	HKEY_CURRENT_USER\SOFTWARE\5bfe00b9b88f2456727afb4cd20491af
Value name:	3fc6b884fbc29ec00482827c26669b2b
Value data:	4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0E 1F BA 0E 00 B4 09 CD 21 B8 01 4C CD 21 54 68 69 73 20 70 72 6F 67 72 61 6D 20 63 61 6E 6E 6F 74 20 62 65 20 72 75 6E 20 69 6E 20 44 4F 53 20 6D 6F 64 65 2E 0D 0D 0A 24 00 00 00 00 00 00 00 50 45 00 00 4C 01 03 00 CE 20 A9 52 00 00 00 00 00 00 00 00 E0 00 0E 21 0B 01 08 00 00 36 01 00 00 04 00 00 00 00 00 00 CE 55 01 00 00 20 00 00 00 60 01 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 A0 01 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 80 55 01 00 4B 00 00 00 00 60 01 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 01 00 0C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2E 74 65 78 74 00 00 00 D4 35 01 00 00 20 00 00 00 36 01 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 72 73 72 63 00 00 00 10 00 00 00 00 60 01 00 00 02 00 00 00 38 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2E 72 65 6C 6F 63 00 00 0C 00 00 00 00 80 01 00 00 02 00 00 00 3A 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 B0 55 01 00 00 00 00 00 48 00 00 00 02 00 05 00 20 CA 00 00 50 71 00 00 01 00 00 00 00 00 00 00 70 3B 01 00 22 17 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 13 30 05 00 EB 00 00 00 01 00 00 11 20 01 00 00 00 FE 0E 01 00 38 00 00 00 00 FE 0C 01 00 45 06 00 00 00 42 00 00 00 93 00 00 00 67 00 00 00 27 00 00 00 36 00 00 00 05 00 00 00 38 3D 00 00 00 FE 0D 00 00 28 03 00 00 0A 28 05 00 00 06 20 0E 00 00 00 3C 19 00 00 00 20 03 00 00 00 38 BC FF FF FF 38 15 00 00 00 20 04 00 00 00 38 AD FF FF FF 72 01 00 00 70 73 04 00 00 0A 7A 2A 17 80 01 00 00 04 20 02 00 00 00 7E 8C 00 00 04 7B 9C 00 00 04 39 87 FF FF FF 26 20 00 00 00 00 38 7C FF FF FF 28 03 00 00 06 20 E7 07 00 00 20 06 00 00 00 20 03 00 00 00 73 05 00 00 0A 28 04 00 00 06 FE 0E 00 00 20 05 00 00 00 38 50 FF FF FF 7E 01 00 00 04 3A A4 FF FF FF 20 00 00 00 00 7E 8C 00 00 04 7B 86 00 00 04 3A 32 FF FF FF 26 20 00 00 00 00 38 27 FF FF FF 00 1A 28 01 00 00 06 2A 00 1E 00 28 06 00 00 0A 2A 3E 00 FE 09 00 00 FE 09 01 00 28 07 00 00 0A 2A 2E 00 FE 09 00 00 28 08 00 00 0A 2A 26 7E 02 00 00 04 14 FE 01 2A 00 00 1A 7E 02 00 00 04 2A 00 13 30 03 00 92 00 00 00 02 00 00 11 20 01 00 00 00 FE 0E 00 00 38 00 00 00 00 FE 0C 00 00 45 03 00 00 00 06 00 00 00 4B 00 00 00 05 00 00 00 38 01 00 00 00 2A 20 7D 6E 68 B2 20 19 A8 52 2D 58 20 CF 76 2B F6 61 7E 8C 00 00 04 7B 57 00 00 04 61 28 18 00 00 06 80 06 00 00 04 20 01 00 00 00 7E 8C 00 00 04 7B AC 00 00 04 39 AF FF FF FF 26 20 02 00 00 00 38 A4 FF FF FF 28 17 00 00 06 20 00 00 00 00 7E 8C 00 00 04 7B 7C 00 00 04 3A 8B FF FF FF 26 20 00 00 00 00 38 80 FF FF FF 00 00 13 30 03 00 EA 00 00 00 02 00 00 11 28 15 01 00 06 38 00 00 00 00 02 28 09 00 00 0A 20 03 00 00 00 38 09 00 00 00 38 E1 FF FF FF FE 0C 00 00 45 07 00 00 00 45 00 00 00 06 00 00 00 6B 00 00 00 80 00 00 00 91 00 00 00 05 00 00 00 1F 00 00 00 38 40 00 00 00 2A 02 73 0A 00 00 0A 7D 0B 00 00 04 20 05 00 00 00 FE 0E 00 00 38 BC FF FF FF 02 16 7D 09 00 00 04 20 00 00 00 00 7E 8C 00 00 04 7B 61 00 00 04 39 A5 FF FF FF 26 20 00 00 00 00 38 9A FF FF FF 02 16 7D 0A 00 00 04 20 01 00 00 00 7E 8C 00 00 04 7B 8A 00 00 04 39 7F FF FF FF 26 20 01 00 00 00 38 74 FF FF FF 02 72 EA 00 00 70 7D 08 00 00 04 20 06 00 00 00 38 5F FF FF FF 02 16 7D 05 00 00 04 20 04 00 00 00 38 4E FF FF FF 02 73 0B 00 00 0A 7D 07 00 00 04 20 02 00 00 00 38 39 FF FF FF 00 00 1B 30 06 00 D1 02 00 00 03 00 00 11 20 01 00 00 00 FE 0E 01 00 38 00 00 00 00 FE 0C 01 00 45 02 00 00 00 05 00 00 00 06 00 00 00 38 00 00 00 00 2A 00 02 7B 07 00 00 04 13 05 20 00 00 00 00 7E 8C 00 00 04 7B C2 00 00 04 3A 0F 00 00 00 26 20 01 00 00 00 38 04 00 00 00 FE 0C 00 00 45 03 00 00 00 2B 00 00 00 05 00 00 00 BB 01 00 00 38 26 00 00 00 11 05 28 1B 00 00 06 20 00 00 00 00 7E 8C 00 00 04 7B C5 00 00 04 3A CF FF FF FF 26 20 00 00 00 00 38 C4 FF FF FF 00 73 0C 00 00 0A 13 06 20 00 00 00 00 7E 8C 00 00 04 7B 86 00 00 04 3A 0F 00 00 00 26 20 01 00 00 00 38 04 00 00 00 FE 0C 02 00 45 07 00 00 00 B1 00 00 00 C2 00 00 00 1B 00 00 00 5C 00 00 00 89 00 00 00 05 00 00 00 FC 00 00 00 38 AC 00 00 00 11 06 03 16 03 8E B7 28 1E 00 00 06 20 02 00 00 00 38 C4 FF FF FF 02 7B 07 00 00 04 28 1F 00 00 06 11 06 6F 0D 00 00 0A 16 11 06 6F 0E 00 00 0A B7 16 6F 0F 00 00 0A 26 20 00 00 00 00 7E 8C 00 00 04 7B 8D 00 00 04 39 8E FF FF FF 26 20 00 00 00 00 38 83 FF FF FF 11 06 11 08 16 11 08 8E B7 28 1E 00 00 06 20 05 00 00 00 7E 8C 00 00 04 7B 70 00 00 04 39 61 FF FF FF 26 20 04 00 00 00 38 56 FF FF FF 12 04 28 0C 00 00 06 13 08 20 03 00 00 00 7E 8C 00 00 04 7B B4 00 00 04 39 39 FF FF FF 26 20 03 00 00 00 38 2E FF FF FF 11 06 28 20 00 00 06 20 06 00 00 00 38 1D FF FF FF 03 8E B7 28 1C 00 00 06 20 33 85 72 35 20 FC 96 0D 0B 61 20 A8 73 24 73 61 7E 8C 00 00 04 7B 7A 00 00 04 61 28 18 00 00 06 28 1D 00 00 06 13 04 20 04 00 00 00 38 E3 FE FF FF DD 4A FE FF FF 11 05 28 21 00 00 06 20 00 00 00 00 7E 8C 00 00 04 7B 54 00 00 04 39 0F 00 00 00 26 20 00 00 00 00 38 04 00 00 00 FE 0C 09 00 45 01 00 00 00 05 00 00 00 38 00 00 00 00 DC 20 02 00 00 00 38 34 FE FF FF DD 02 FE FF FF 25 28 22 00 00 06 13 07 20 00 00 00 00 7E 8C 00 00 04 7B 52 00 00 04 39 0F 00 00 00 26 20 00 00 00 00 38 04 00 00 00 FE 0C 03 00 45 03 00 00 00 29 00 00 00 4F 00 00 00 05 00 00 00 38 24 00 00 00 28 23 00 00 06 20 00 00 00 00 7E 8C 00 00 04 7B 57 00 00 04 39 D1 FF FF FF 26 20 01 00 00 00 38 C6 FF FF FF 02 17 7D 05 00 00 04 20 02 00 00 00 7E 8C 00 00 04 7B 78 00 00 04 39 AB FF FF FF 26 20 02 00 00 00 38 A0 FF FF FF DD 72 FD FF FF 20 00 00 00 00 7E 8C 00 00 04 7B 84 00 00 04 3A 4C FD FF FF 26 20 00 00 00 00 38 41 FD FF FF 00 00 00 41 34 00 00 02 00 00 00 8E 00 00 00 4C 01 00 00 DA 01 00 00 39 00 00 00 00 00 00 00 00 00 00 00 26 00 00 00 FC 01 00 00 22 02 00 00 90 00 00 00 0C 00 00 01 13 30 03 00 51 00 00 00 02 00 00 11 20 01 00 00 00 FE 0E 00 00 38 00 00 00 00 FE 0C 00 00 45 02 00 00 00 05 00 00 00 06 00 00 00 38 00 00 00 00 2A 02 0F 01 28 0C 00 00 06 28 24 00 00 06 20 00 00 00 00 7E 8C 00 00 04 7B 53 00 00 04 39 CC FF FF FF 26 20 00 00 00 00 38 C1 FF FF FF 00 00 00 13 30 03 00 0D 00 00 00 04 00 00 11 28 10 00 00 0A 02 50 28 25 00 00 06 2A 00 00 00 13 30 03 00 0D 00 00 00 05 00 00 11 28 10 00 00 0A 03 50 28 26 00 00 06 2A 00 00 00 13 30 03 00 82 00 00 00 06 00 00 11 20 02 00 00 00 FE 0E 00 00 38 00 00 00 00 FE 0C 00 00 45 03 00 00 00 38 00 00 00 39 00 00 00 05 00 00 00 38 33 00 00 00 02 25 FE 07 0F 00 00 06 73 11 00 00 0A 73 12 00 00 0A 13 01 20 01 00 00 00 7E 8C 00 00 04 7B 9A 00 00 04 3A C2 FF FF FF 26 20 00 00 00 00 38 B7 FF FF FF 2A 11 01 6F 13 00 00 0A 20 00 00 00 00 7E 8C 00 00 04 7B 92 00 00 04 39 9B FF FF FF 26 20 00 00 00 00 38 90 FF FF FF 00 00 1B 30 06 00 7B 0A 00 00 07 00 00 11 20 02 00 00 00 FE 0E 15 00 38 00 00 00 00 FE 0C 15 00 45 0B 00 00 00 DD 00 00 00 91 02 00 00 C5 09 00 00 6D 02 00 00 EB 09 00 00 05 00 00 00 A2 02 00 00 16 00 00 00 90 02 00 00 11 0A 00 00 A0 01 00 00 38 D8 00 00 00 02 17 7D 05 00 00 04 20 04 00 00 00 38 B9 FF FF FF 00 02 7B 07 00 00 04 6F 14 00 00 0A 20 00 00 00 00 7E 8C 00 00 04 7B 6D 00 00 04 3A 0F 00 00 00 26 20 00 00 00 00 38 04 00 00 00 FE 0C 19 00 45 01 00 00 00 05 00 00 00 38 00 00 00 00 DD 86 00 00 00 25 28 22 00 00 06 13 0D 20 01 00 00 00 7E 8C 00 00 04 7B 60 00 00 04 39 0F 00 00 00 26 20 01 00 00 00 38 04 00 00 00 FE 0C 17 00 45 02 00 00 00 29 00 00 00 05 00 00 00 38 24 00 00 00 28 23 00 00 06 20 00 00 00 00 7E 8C 00 00 04 7B B4 00 00 04 39 D5 FF FF FF 26 20 00 00 00 00 38 CA FF FF FF DD 20 00 00 00 20 00 00 00 00 7E 8C 00 00 04 7B AA 00 00 04 39 FD FE FF FF 26 20 00 00 00 00 38 F2 FE FF FF 00 11 03 28 20 00 00 06 20 00 00 00 00 7E 8C 00 00 04 7B 76 00 00 04 3A 0F 00 00 00 26 20 00 00 00 00 38 04 00 00 00 FE 0C 07 00 45 01 00 00 00 05 00 00 00 38 00 00 00 00 DD 75 01 00 00 25 28 22 00 00 06 13 0E 20 01 00 00 00 7E 8C 00 00 04 7B 6B 00 00 04 3A 0F 00 00 00 26 20 00 00 00 00 38 04 00 00 00 FE 0C 10 00 45 02 00 00 00 29 00 00 00 05 00 00 00 38 24 00 00 00 28 23 00 00 06 20 00 00 00 00 7E 8C 00 00 04 7B 63 00 00 04 3A D5 FF FF FF 26 20 00 00 00 00 38 CA FF FF FF DD 0F 01 00 00 20 08 00 00 00 7E 8C 00 00 04 7B 81 00 00 04 39 3A FE FF FF 26 20 08 00 00 00 38 2F FE FF FF 00 02 7B 07 00 00 04 28 1F 00 00 06 16 28 34 00 00 06 20 00 00 00 00 7E 8C 00 00 04 7B C3 00 00 04 3A 0F 00 00 00 26 20 00 00 00 00 38 04 00 00 00 FE 0C 16 00 45 01 00 00 00 05 00 00 00 38 00 00 00 00 DD 2F FE FF FF 25 28 22 00 00 06 13 0C 20 01 00 00 00 7E 8C 00 00 04 7B C5 00 00 04 3A 0F 00 00 00 26 20 01 00 00 00 38 04 00 00 00 FE 0C 0A 00 45 02 00 00 00 29 00 00 00 05 00 00 00 38 24 00 00 00 28 23 00 00 06 20 00 00 00 00 7E 8C 00 00 04 7B 83 00 00 04 3A D5 FF FF FF 26 20 00 00 00 00 38 CA FF FF FF DD C9 FD FF FF 20 03 00 00 00 7E 8C 00 00 04 7B 98 00 00 04 39 6D FD FF FF 26 20 07 00 00 00 38 62 FD FF FF 15 6A 13 01 20 09 00 00 00 7E 8C 00 00 04 7B B7 00 00 04 39 4A FD FF FF 26 20 05 00 00 00 38 3F FD FF FF 2A 16 13 02 20 03 00 00 00 FE 0E 15 00 38 29 FD FF FF 00 02 7B 07 00 00 04 02 7B 03 00 00 04 02 7B 04 00 00 04 28 27 00 00 06 20 27 00 00 00 7E 8C 00 00 04 7B 9B 00 00 04 39 0F 00 00 00 26 20 0C 00 00 00 38 04 00 00 00 FE 0C 14 00 45 33 00 00 00 B5 03 00 00 9D 00 00 00 8B 01 00 00 05 04 00 00 53 05 00 00 F7 02 00 00 3F 01 00 00 C8 00 00 00 2A 03 00 00 CE 01 00 00 F3 03 00 00 33 02 00 00 FA 01 00 00 42 04 00 00 0B 02 00 00 2E 01 00 00 77 03 00 00 FF 04 00 00 4D 00 00 00 80 05 00 00 F7 00 00 00 DC 03 00 00 9E 05 00 00 28 05 00 00 C8 02 00 00 EC 04 00 00 60 00 00 00 8A 03 00 00 8F 05 00 00 8F 04 00 00 A6 01 00 00 8E 02 00 00 75 04 00 00 49 03 00 00 DD 04 00 00 B9 01 00 00 05 00 00 00 16 03 00 00 B5 04 00 00 60 01 00 00 0D 05 00 00 25 04 00 00 2C 00 00 00 79 00 00 00 53 02 00 00 0A 01 00 00 A4 02 00 00 66 03 00 00 77 02 00 00 16 04 00 00 3E 00 00 00 38 B0 03 00 00 02 11 05 28 2A 00 00 06 20 05 00 00 00 7E 8C 00 00 04 7B 9D 00 00 04 3A 0E FF FF FF 26 20 03 00 00 00 38 03 FF FF FF 1D 8D 0D 00 00 01 13 13 20 18 00 00 00 38 F1 FE FF FF 38 E2 03 00 00 20 08 00 00 00 38 E2 FE FF FF 11 01 16 6A 40 B7 04 00 00 20 23 00 00 00 38 CF FE FF FF 02 7B 05 00 00 04 3A 8C 00 00 00 20 31 00 00 00 FE 0E 14 00 38 B2 FE FF FF 02 7B 07 00 00 04 28 1F 00 00 06 11 00 16 11 00 8E B7 16 28 32 00 00 06 13 09 20 17 00 00 00 38 92 FE FF FF 11 01 11 03 28 31 00 00 06 DA 13 12 20 19 00 00 00 7E 8C 00 00 04 7B 7F 00 00 04 39 72 FE FF FF 26 20 1B 00 00 00 38 67 FE FF FF 11 13 1C 12 04 28 15 00 00 0A 28 16 00 00 0A A2 20 0A 00 00 00 7E 8C 00 00 04 7B A0 00 00 04 39 43 FE FF FF 26 20 15 00 00 00 38 38 FE FF FF DD 5B FB FF FF 20 02 00 00 00 FE 0E 14 00 38 21 FE FF FF DD 48 FB FF FF 20 00 00 00 00 7E 8C 00 00 04 7B AD 00 00 04 3A 0C FE FF FF 26 20 00 00 00 00 38 01 FE FF FF 72 EA 00 00 70 13 11 20 12 00 00 00 38 F0 FD FF FF 02 7B 07 00 00 04 28 1F 00 00 06 15 16 28 2B 00 00 06 26 20 29 00 00 00 FE 0E 14 00 38 CB FD FF FF 28 28 00 00 06 6F 17 00 00 0A 13 0F 20 01 00 00 00 7E 8C 00 00 04 7B 9C 00 00 04 3A AF FD FF FF 26 20 1E 00 00 00 38 A4 FD FF FF 02 7B 07 00 00 04 6F 18 00 00 0A 17 3C 89 02 00 00 20 06 00 00 00 38 89 FD FF FF 12 0F 28 19 00 00 0A 13 04 20 2A 00 00 00 38 76 FD FF FF 02 72 EA 00 00 70 6F 0B 00 00 06 20 11 00 00 00 38 61 FD FF FF 02 11 03 6F 0D 00 00 0A 28 33 00 00 06 20 0C 00 00 00 7E 8C 00 00 04 7B 76 00 00 04 3A 40 FD FF FF 26 20 08 00 00 00 38 35 FD FF FF 11 03 28 20 00 00 06 20 1D 00 00 00 38 24 FD FF FF 11 13 19 7E 06 00 00 04 A2 20 20 00 00 00 7E 8C 00 00 04 7B 62 00 00 04 3A 07 FD FF FF 26 20 12 00 00 00 38 FC FC FF FF 02 7B 07 00 00 04 6F 1A 00 00 0A 28 2D 00 00 06 13 18 20 1F 00 00 00 FE 0E 14 00 38 D8 FC FF FF 38 08 FE FF FF 20 16 00 00 00 7E 8C 00 00 04 7B C2 00 00 04 39 C3 FC FF FF 26 20 06 00 00 00 38 B8 FC FF FF 11 13 17 7E 06 00 00 04 A2 20 25 00 00 00 FE 0E 14 00 38 9D FC FF FF 11 18 15 40 1F 01 00 00 20 2D 00 00 00 FE 0E 14 00 38 87 FC FF FF 38 D0 FD

Signature Hits	Behavior Group	Mitre Attack
Stores large binary data to the registry	Hooking and other Techniques for Hiding and Protection	Modify Registry

Memdumps

Base Address

Regiontype

Protect

Malicious

7A2000

unkown

page readonly

59B0000

trusted library section

page read and write

2E11000

trusted library allocation

page read and write

10B2000

trusted library allocation

page execute and read and write

D0B000

heap

page read and write

56A0000

heap

page read and write

D3F000

heap

page read and write

D1F000

heap

page read and write

D03000

heap

page read and write

D3F000

heap

page read and write

51CD000

heap

page read and write

CD1000

heap

page read and write

688AA000

heap

page read and write

D23000

heap

page read and write

67B0000

heap

page read and write

D36000

heap

page read and write

D0A000

heap

page read and write

D81000

heap

page read and write

2EB2000

trusted library allocation

page read and write

18608000

heap

page read and write

5170000

unclassified section

page read and write

CC4000

heap

page read and write

1884C000

heap

page read and write

34923000

heap

page read and write

F30000

heap

page read and write

D3A000

heap

page read and write

D87000

heap

page read and write

CFA000

heap

page read and write

DA3000

heap

page read and write

D52000

heap

page read and write

504C000

stack

page read and write

D22000

heap

page read and write

D23000

heap

page read and write

D0B000

heap

page read and write

D35000

heap

page read and write

D34000

heap

page read and write

1070000

trusted library allocation

page read and write

59D0000

trusted library allocation

page execute and read and write

B70000

unclassified section

page readonly

5000000

heap

page read and write

D3F000

heap

page read and write

D1D000

heap

page read and write

D31000

heap

page read and write

34695000

heap

page read and write

D2C000

heap

page read and write

D3B000

heap

page read and write

595D000

stack

page read and write

DBE000

heap

page read and write

6C61000

heap

page read and write

5B2D000

stack

page read and write

55F0000

heap

page read and write

2E88000

trusted library allocation

page read and write

CFD000

heap

page read and write

D0A000

heap

page read and write

34868000

heap

page read and write

E2E000

stack

page read and write

D91000

heap

page read and write

D33000

heap

page read and write

D38000

heap

page read and write

51CD000

heap

page read and write

D35000

heap

page read and write

585B000

stack

page read and write

D52000

heap

page read and write

BC0000

heap

page read and write

189AF000

heap

page read and write

AEE000

unkown

page read and write

18814000

heap

page read and write

CB0000

heap

page read and write

CF0000

heap

page read and write

D06000

heap

page read and write

FF6000

heap

page read and write

CFF000

heap

page read and write

4AA0000

heap

page read and write

2E6A000

trusted library allocation

page read and write

B10000

heap

page read and write

1220000

heap

page read and write

1200000

trusted library allocation

page read and write

34491000

heap

page read and write

10C0000

trusted library allocation

page read and write

51CA000

heap

page read and write

DAE000

heap

page read and write

D2E000

heap

page read and write

188D7000

heap

page read and write

185C0000

heap

page read and write

C60000

heap

page read and write

1210000

trusted library allocation

page execute and read and write

1140000

heap

page read and write

51CF000

heap

page read and write

119C000

stack

page read and write

BA0000

heap

page read and write

2EBF000

trusted library allocation

page read and write

51CD000

heap

page read and write

D61000

heap

page read and write

B36000

stack

page read and write

EAE000

stack

page read and write

CFE000

heap

page read and write

51D9000

heap

page read and write

CF7000

heap

page read and write

964000

stack

page read and write

5A27000

heap

page read and write

18690000

heap

page read and write

D3A000

heap

page read and write

51D5000

heap

page read and write

1870A000

heap

page read and write

3469C000

heap

page read and write

7B0000

unclassified section

page readonly

10AA000

trusted library allocation

page execute and read and write

2ACE000

stack

page read and write

DAC000

heap

page read and write

67D7000

heap

page read and write

1090000

trusted library allocation

page read and write

D21000

heap

page read and write

D3B000

heap

page read and write

528E000

unkown

page read and write

344BF000

heap

page read and write

D37000

heap

page read and write

108A000

trusted library allocation

page execute and read and write

DA1000

heap

page read and write

D36000

heap

page read and write

34407000

heap

page read and write

D52000

heap

page read and write

D25000

heap

page read and write

5A20000

heap

page read and write

AF0000

heap

page read and write

D36000

heap

page read and write

10C2000

trusted library allocation

page read and write

D32000

heap

page read and write

62B0000

heap

page read and write

188F5000

heap

page read and write

CFB000

heap

page read and write

D61000

heap

page read and write

10CB000

trusted library allocation

page execute and read and write

10A0000

trusted library allocation

page read and write

D3B000

heap

page read and write

D3D000

heap

page read and write

D01000

heap

page read and write

51DB000

heap

page read and write

59AB000

stack

page read and write

95E000

stack

page read and write

5003000

heap

page read and write

189B8000

heap

page read and write

1077000

trusted library allocation

page read and write

3460C000

heap

page read and write

6899000

heap

page read and write

BF5000

heap

page read and write

51CE000

heap

page read and write

D22000

heap

page read and write

11B0000

trusted library allocation

page read and write

CDD000

heap

page read and write

D2C000

heap

page read and write

DAD000

heap

page read and write

5108000

stack

page read and write

DC7000

heap

page read and write

DA1000

heap

page read and write

DA1000

heap

page read and write

D06000

heap

page read and write

68660000

heap

page read and write

D3A000

heap

page read and write

68AE000

heap

page read and write

6811000

heap

page read and write

1082000

trusted library allocation

page execute and read and write

493E000

stack

page read and write

688A1000

heap

page read and write

D33000

heap

page read and write

5A2A000

heap

page read and write

CE8000

heap

page read and write

34230000

heap

page read and write

D84000

heap

page read and write

96B000

stack

page read and write

68910000

heap

page read and write

508B000

stack

page read and write

51C2000

heap

page read and write

113E000

stack

page read and write

DA9000

heap

page read and write

34888000

heap

page read and write

34977000

heap

page read and write

10F0000

heap

page read and write

D1D000

heap

page read and write

DA2000

heap

page read and write

D3F000

heap

page read and write

D2C000

heap

page read and write

D52000

heap

page read and write

CD1000

heap

page read and write

D0A000

heap

page read and write

D35000

heap

page read and write

6BDB000

heap

page read and write

DA3000

heap

page read and write

4E18000

trusted library allocation

page read and write

D08000

heap

page read and write

50CC000

stack

page read and write

D61000

heap

page read and write

D1F000

heap

page read and write

D2F000

heap

page read and write

D87000

heap

page read and write

D0B000

heap

page read and write

68A6000

heap

page read and write

D87000

heap

page read and write

5F0000

unclassified section

page readonly

CDD000

heap

page read and write

D62000

heap

page read and write

D08000

heap

page read and write

DA9000

heap

page read and write

7F4E0000

trusted library allocation

page execute and read and write

86B000

stack

page read and write

51A0000

heap

page read and write

519F000

stack

page read and write

D87000

heap

page read and write

51CE000

heap

page read and write

2ED6000

trusted library allocation

page read and write

D2F000

heap

page read and write

1E007000

heap

page read and write

D36000

heap

page read and write

68829000

heap

page read and write

D87000

heap

page read and write

6871D000

heap

page read and write

51DA000

heap

page read and write

D61000

heap

page read and write

CC1000

heap

page read and write

11C0000

trusted library allocation

page execute and read and write

62C0000

heap

page read and write

D0B000

heap

page read and write

D23000

heap

page read and write

5560000

trusted library allocation

page execute and read and write

CF7000

heap

page read and write

3E11000

trusted library allocation

page read and write

4FAE000

stack

page read and write

D3F000

heap

page read and write

D38000

heap

page read and write

B15000

heap

page read and write

10C7000

trusted library allocation

page execute and read and write

D2F000

heap

page read and write

D35000

heap

page read and write

96E000

stack

page read and write

D3D000

heap

page read and write

D0C000

heap

page read and write

A39000

stack

page read and write

C5E000

stack

page read and write

D2C000

heap

page read and write

9D0000

heap

page read and write

D0A000

heap

page read and write

3437A000

heap

page read and write

D33000

heap

page read and write

F9D000

stack

page read and write

D3A000

heap

page read and write

51D4000

heap

page read and write

6120000

heap

page read and write

CF7000

heap

page read and write

9A0000

unclassified section

page readonly

D1D000

heap

page read and write

C1E000

unkown

page read and write

D33000

heap

page read and write

D32000

heap

page read and write

FF0000

heap

page read and write

DAC000

heap

page read and write

D2D000

heap

page read and write

345D7000

heap

page read and write

5A2E000

heap

page read and write

DA5000

heap

page read and write

D29000

heap

page read and write

DA1000

heap

page read and write

688D4000

heap

page read and write

CD1000

heap

page read and write

6B90000

heap

page read and write

D38000

heap

page read and write

51D4000

heap

page read and write

34275000

heap

page read and write

5E0000

unclassified section

page readonly

51CD000

heap

page read and write

189BE000

heap

page read and write

4A7E000

stack

page read and write

D3A000

heap

page read and write

D08000

heap

page read and write

D25000

heap

page read and write

D3B000

heap

page read and write

CBB000

heap

page read and write

CFE000

heap

page read and write

BF0000

heap

page read and write

11F0000

heap

page execute and read and write

D33000

heap

page read and write

10A7000

trusted library allocation

page execute and read and write

CFB000

heap

page read and write

4C50000

heap

page read and write

D03000

heap

page read and write

10B0000

trusted library allocation

page read and write

11E0000

trusted library allocation

page read and write

CF1000

heap

page read and write

CE5000

heap

page read and write

DA9000

heap

page read and write

1226000

heap

page read and write

BB0000

heap

page read and write

51C2000

heap

page read and write

7A0000

unkown

page readonly

D2C000

heap

page read and write

CEF000

heap

page read and write

D25000

heap

page read and write

1092000

trusted library allocation

page execute and read and write

10BA000

trusted library allocation

page execute and read and write

55E0000

heap

page read and write

4C60000

heap

page read and write

DA1000

heap

page read and write

There are 290 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
xbOnlYALvtUq.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportxbOnlYALvtUq.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
xbOnlYALvtUq.exe