Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

4ee06ed334e98fe42fe34b41e528397a22f370bf165d40e07dbd6a2b6d88014d_payload.exe

PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows

initial sample

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\4ee06ed334e98fe42fe34b41e528397a22f370bf165d40e07dbd6a2b6d88014d_payload.exe.log

ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\tmp1E9A.tmp

SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2

dropped

C:\Users\user\AppData\Local\Temp\tmp1EAA.tmp

SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2

dropped

C:\Users\user\AppData\Local\Temp\tmp1EBB.tmp

SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2

dropped

C:\Users\user\AppData\Local\Temp\tmp1ECB.tmp

SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2

dropped

C:\Users\user\AppData\Local\Temp\tmp1EDC.tmp

SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2

dropped

C:\Users\user\AppData\Local\Temp\tmp1EED.tmp

SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2

dropped

C:\Users\user\AppData\Local\Temp\tmp1EFD.tmp

SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2

dropped

C:\Users\user\AppData\Local\Temp\tmp1EFE.tmp

SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2

dropped

C:\Users\user\AppData\Local\Temp\tmp3E62.tmp

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Temp\tmp3E72.tmp

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Temp\tmp55A0.tmp

SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2

dropped

C:\Users\user\AppData\Local\Temp\tmp55B0.tmp

SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2

dropped

C:\Users\user\AppData\Local\Temp\tmp55C1.tmp

SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2

dropped

C:\Users\user\AppData\Local\Temp\tmp55D2.tmp

SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3

dropped

C:\Users\user\AppData\Local\Temp\tmp55E2.tmp

dropped

C:\Users\user\AppData\Local\Temp\tmp76E8.tmp

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Temp\tmp76E9.tmp

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Temp\tmp76FA.tmp

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Temp\tmp770B.tmp

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Temp\tmp771B.tmp

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3

dropped

C:\Users\user\AppData\Local\Temp\tmp771C.tmp

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3

dropped

C:\Users\user\AppData\Local\Temp\tmp772D.tmp

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3

dropped

C:\Users\user\AppData\Local\Temp\tmp773D.tmp

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3

dropped

C:\Users\user\AppData\Local\Temp\tmp775E.tmp

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3

dropped

C:\Users\user\AppData\Local\Temp\tmpAF47.tmp

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3

dropped

C:\Users\user\AppData\Local\Temp\tmpAF58.tmp

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3

dropped

C:\Users\user\AppData\Local\Temp\tmpAF68.tmp

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3

dropped

C:\Users\user\AppData\Local\Temp\tmpAF79.tmp

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3

dropped

C:\Users\user\AppData\Local\Temp\tmpAF8A.tmp

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3

dropped

C:\Users\user\AppData\Local\Temp\tmpAFAA.tmp

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3

dropped

C:\Users\user\AppData\Local\Temp\tmpE726.tmp

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3

dropped

C:\Users\user\AppData\Local\Temp\tmpE746.tmp

SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Temp\tmpE757.tmp

SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Temp\tmpE768.tmp

SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Temp\tmpE769.tmp

SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Temp\tmpE779.tmp

SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Temp\tmpE77A.tmp

SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Temp\tmpE78B.tmp

SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2

dropped

C:\Users\user\AppData\Local\Temp\tmpF80F.tmp

ASCII text, with very long lines (1024), with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\tmpF81F.tmp

ASCII text, with very long lines (1024), with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\tmpF820.tmp

ASCII text, with very long lines (1024), with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\tmpF821.tmp

ASCII text, with very long lines (1024), with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\tmpF832.tmp

ASCII text, with very long lines (1024), with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\tmpF833.tmp

ASCII text, with very long lines (1024), with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\tmpF844.tmp

ASCII text, with very long lines (1024), with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\tmpF845.tmp

ASCII text, with very long lines (1024), with CRLF line terminators

dropped

There are 38 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\4ee06ed334e98fe42fe34b41e528397a22f370bf165d40e07dbd6a2b6d88014d_payload.exe

"C:\Users\user\Desktop\4ee06ed334e98fe42fe34b41e528397a22f370bf165d40e07dbd6a2b6d88014d_payload.exe"

Details

Is windows:	false
Is dropped:	false
PID:	4564
Target ID:	0
Parent PID:	2580
Name:	4ee06ed334e98fe42fe34b41e528397a22f370bf165d40e07dbd6a2b6d88014d_payload.exe
Path:	C:\Users\user\Desktop\4ee06ed334e98fe42fe34b41e528397a22f370bf165d40e07dbd6a2b6d88014d_payload.exe
Commandline:	"C:\Users\user\Desktop\4ee06ed334e98fe42fe34b41e528397a22f370bf165d40e07dbd6a2b6d88014d_payload.exe"
Size:	97792
MD5:	A2C08A55B2B269965A786A352398596D
Time:	00:00:54
Date:	19/05/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x100000
Modulesize:	122880
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Found malware configuration	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Yara detected RedLine Stealer	Stealing of Sensitive Information, Remote Access Functionality
Machine Learning detection for sample	AV Detection
Binary contains a suspicious time stamp	Data Obfuscation	Timestomp
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
Spawns processes	System Summary	Process Injection
URLs found in memory or binary data	Networking
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	5084
Target ID:	1
Parent PID:	4564
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	00:00:54
Date:	19/05/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7699e0000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

94.156.8.28:65012

http://94.156.8.28:65012/

94.156.8.28

https://ipinfo.io/ip%appdata%

unknown

https://duckduckgo.com/chrome_newtab

unknown

https://duckduckgo.com/ac/?q=

unknown

https://www.google.com/images/branding/product/ico/googleg_lodp.ico

unknown

http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous

unknown

http://tempuri.org/Endpoint/CheckConnectResponse

unknown

http://schemas.datacontract.org/2004/07/

unknown

http://schemas.xmlsoap.org/ws/2004/08/addressing/faultX

unknown

http://tempuri.org/Endpoint/EnvironmentSettings

unknown

https://api.ip.sb/geoip%USERPEnvironmentROFILE%

unknown

https://api.ip.sb

unknown

https://api.ip.sb/geoip

unknown

http://schemas.xmlsoap.org/soap/envelope/

unknown

https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=

unknown

http://tempuri.org/

unknown

http://tempuri.org/Endpoint/CheckConnect

unknown

https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=

unknown

https://www.ecosia.org/newtab/

unknown

http://tempuri.org/Endpoint/VerifyUpdateResponse

unknown

http://tempuri.org/Endpoint/SetEnviron

unknown

http://tempuri.org/Endpoint/SetEnvironment

unknown

http://tempuri.org/Endpoint/SetEnvironmentResponse

unknown

http://94.156.8.28:65012t-

unknown

http://tempuri.org/Endpoint/GetUpdates

unknown

https://ac.ecosia.org/autocomplete?q=

unknown

https://api.ipify.orgcookies//settinString.Removeg

unknown

http://schemas.xmlsoap.org/ws/2004/08/addressing

unknown

http://tempuri.org/Endpoint/GetUpdatesResponse

unknown

https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search

unknown

http://94.156.8.28:65012

unknown

http://tempuri.org/Endpoint/EnvironmentSettingsResponse

unknown

http://tempuri.org/Endpoint/VerifyUpdate

unknown

http://tempuri.org/0

unknown

http://94.156.8.28:6

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

unknown

https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=

unknown

http://schemas.xmlsoap.org/soap/actor/next

unknown

There are 29 hidden URLs, click here to show them.

Domains

Name

Malicious

api.ip.sb

unknown

IPs

Domain

Country

Malicious

94.156.8.28

unknown

Bulgaria

Details

IP:	94.156.8.28
TargetID:	0
Current Path:	C:\Users\user\Desktop\4ee06ed334e98fe42fe34b41e528397a22f370bf165d40e07dbd6a2b6d88014d_payload.exe
Country:	Bulgaria
Countrycode:	BGR
ASN number:	43561
ASN name:	NET1-ASBG
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
HTTP GET or POST without a user agent	Networking
Connects to IPs without corresponding DNS lookups	Networking
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

Registry

Path

Value

Malicious

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASAPI32

EnableFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASAPI32

EnableAutoFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASAPI32

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASAPI32

FileTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASAPI32

ConsoleTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASAPI32

MaxFileSize

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASAPI32

FileDirectory

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASMANCS

EnableFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASMANCS

EnableAutoFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASMANCS

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASMANCS

FileTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASMANCS

ConsoleTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASMANCS

MaxFileSize

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASMANCS

FileDirectory

There are 5 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

102000

unkown

page readonly

5BFE000

stack

page read and write

7190000

trusted library allocation

page execute and read and write

5ED2000

trusted library allocation

page read and write

7F6000

trusted library allocation

page execute and read and write

63EE000

stack

page read and write

5FD0000

trusted library allocation

page read and write

568000

heap

page read and write

805000

trusted library allocation

page execute and read and write

7F0000

trusted library allocation

page read and write

81F0000

heap

page read and write

23F0000

trusted library allocation

page read and write

60F000

heap

page read and write

6E90000

heap

page read and write

3429000

trusted library allocation

page read and write

4F8000

stack

page read and write

3419000

trusted library allocation

page read and write

6FB7000

heap

page read and write

5C0C000

heap

page read and write

7D0000

trusted library allocation

page read and write

5FE0000

trusted library allocation

page read and write

4910000

trusted library allocation

page read and write

6FF3000

heap

page read and write

2370000

heap

page read and write

56E000

heap

page read and write

78EE000

stack

page read and write

642E000

stack

page read and write

800000

trusted library allocation

page read and write

71A0000

trusted library allocation

page read and write

6010000

trusted library allocation

page execute and read and write

66D0000

trusted library allocation

page read and write

4ED0000

trusted library allocation

page execute and read and write

6700000

trusted library allocation

page execute and read and write

5EAA000

trusted library allocation

page read and write

C1B000

heap

page read and write

830000

trusted library allocation

page execute and read and write

64C0000

trusted library allocation

page read and write

6FCD000

heap

page read and write

5FDA000

trusted library allocation

page read and write

63AE000

stack

page read and write

860000

heap

page read and write

6430000

trusted library allocation

page read and write

7008000

heap

page read and write

4904000

trusted library allocation

page read and write

4DA0000

trusted library allocation

page execute and read and write

4D20000

trusted library allocation

page read and write

3698000

trusted library allocation

page read and write

6FD7000

heap

page read and write

6650000

heap

page read and write

3638000

trusted library allocation

page read and write

6000000

trusted library allocation

page execute and read and write

6660000

heap

page read and write

675E000

stack

page read and write

7D3000

trusted library allocation

page execute and read and write

4E40000

trusted library allocation

page execute and read and write

5CFE000

heap

page read and write

4D30000

trusted library allocation

page read and write

48FE000

stack

page read and write

24EF000

trusted library allocation

page read and write

6F6000

heap

page read and write

6436000

trusted library allocation

page read and write

80B000

trusted library allocation

page execute and read and write

33A1000

trusted library allocation

page read and write

4FE0000

trusted library allocation

page read and write

595000

heap

page read and write

5CF4000

heap

page read and write

4FEE000

trusted library allocation

page read and write

6FC2000

heap

page read and write

5C8A000

heap

page read and write

457D000

stack

page read and write

5CD0000

heap

page read and write

4A7E000

stack

page read and write

5D22000

trusted library allocation

page read and write

7011000

heap

page read and write

5CF9000

heap

page read and write

6462000

trusted library allocation

page read and write

6FE8000

heap

page read and write

4CC0000

trusted library allocation

page read and write

34B8000

trusted library allocation

page read and write

4CF1000

trusted library allocation

page read and write

6451000

trusted library allocation

page read and write

4D90000

trusted library allocation

page read and write

64B0000

trusted library allocation

page execute and read and write

7DD000

trusted library allocation

page execute and read and write

4E20000

trusted library allocation

page read and write

4CCB000

trusted library allocation

page read and write

527D000

stack

page read and write

5CE8000

heap

page read and write

5EB5000

trusted library allocation

page read and write

226E000

stack

page read and write

100000

unkown

page readonly

43A8000

trusted library allocation

page read and write

7D4000

trusted library allocation

page read and write

C10000

heap

page read and write

560000

heap

page read and write

5D30000

trusted library allocation

page execute and read and write

343C000

trusted library allocation

page read and write

490A000

trusted library allocation

page read and write

66E0000

trusted library allocation

page execute and read and write

5CD6000

heap

page read and write

6FFC000

heap

page read and write

613000

heap

page read and write

643F000

trusted library allocation

page read and write

6FD5000

heap

page read and write

6465000

trusted library allocation

page read and write

1AB000

stack

page read and write

5FB0000

trusted library allocation

page read and write

840000

trusted library allocation

page read and write

5CC7000

heap

page read and write

6D8D000

stack

page read and write

6434000

trusted library allocation

page read and write

5CA4000

heap

page read and write

254D000

trusted library allocation

page read and write

5CE3000

heap

page read and write

4E00000

trusted library allocation

page read and write

6590000

trusted library allocation

page read and write

5FF0000

trusted library allocation

page read and write

5C92000

heap

page read and write

6FC9000

heap

page read and write

4920000

trusted library allocation

page read and write

66B0000

trusted library allocation

page read and write

5EE0000

trusted library allocation

page read and write

3420000

trusted library allocation

page read and write

65EB000

stack

page read and write

6DE000

stack

page read and write

4DF0000

trusted library allocation

page read and write

587000

heap

page read and write

5ED5000

trusted library allocation

page read and write

7ED000

trusted library allocation

page execute and read and write

7F1B0000

trusted library allocation

page execute and read and write

6710000

trusted library allocation

page read and write

2841000

trusted library allocation

page read and write

5EA8000

trusted library allocation

page read and write

850000

heap

page execute and read and write

96F000

stack

page read and write

236E000

stack

page read and write

6448000

trusted library allocation

page read and write

6F90000

heap

page read and write

5D20000

trusted library allocation

page read and write

4E8D000

stack

page read and write

7E0000

trusted library allocation

page read and write

4FDF000

stack

page read and write

5E90000

trusted library allocation

page read and write

3430000

trusted library allocation

page read and write

4CEE000

trusted library allocation

page read and write

5CDE000

heap

page read and write

4A3F000

stack

page read and write

650000

heap

page read and write

6E0000

trusted library allocation

page read and write

2419000

trusted library allocation

page read and write

4CD1000

trusted library allocation

page read and write

2545000

trusted library allocation

page read and write

5FA0000

trusted library allocation

page read and write

5F8E000

stack

page read and write

5D80000

trusted library allocation

page execute and read and write

510000

heap

page read and write

6458000

trusted library allocation

page read and write

23A1000

trusted library allocation

page read and write

5C00000

heap

page read and write

701E000

heap

page read and write

4D80000

trusted library allocation

page read and write

5E8E000

stack

page read and write

2420000

trusted library allocation

page read and write

5EAF000

trusted library allocation

page read and write

5F4E000

stack

page read and write

4D01000

trusted library allocation

page read and write

64A0000

trusted library allocation

page read and write

4BBE000

stack

page read and write

5CCC000

heap

page read and write

6F98000

heap

page read and write

6444000

trusted library allocation

page read and write

6FE2000

heap

page read and write

807000

trusted library allocation

page execute and read and write

5D00000

trusted library allocation

page read and write

5EBF000

trusted library allocation

page read and write

4CE2000

trusted library allocation

page read and write

4FEB000

trusted library allocation

page read and write

6F0000

heap

page read and write

4CBE000

stack

page read and write

66F0000

trusted library allocation

page read and write

447C000

stack

page read and write

5EBA000

trusted library allocation

page read and write

802000

trusted library allocation

page read and write

7F2000

trusted library allocation

page read and write

608000

heap

page read and write

3423000

trusted library allocation

page read and write

6470000

trusted library allocation

page read and write

644E000

trusted library allocation

page read and write

5CDB000

heap

page read and write

3447000

trusted library allocation

page read and write

242D000

trusted library allocation

page read and write

8206000

heap

page read and write

3435000

trusted library allocation

page read and write

65A0000

heap

page read and write

4B7E000

stack

page read and write

4900000

trusted library allocation

page read and write

3538000

trusted library allocation

page read and write

4E1A000

trusted library allocation

page read and write

5E92000

trusted library allocation

page read and write

520000

heap

page read and write

7022000

heap

page read and write

5A2000

heap

page read and write

6FB2000

heap

page read and write

5EC0000

trusted library allocation

page read and write

605E000

stack

page read and write

820000

trusted library allocation

page read and write

A6E000

stack

page read and write

5ED0000

trusted library allocation

page read and write

52BE000

stack

page read and write

5FC0000

trusted library allocation

page read and write

4E1D000

trusted library allocation

page read and write

4D40000

trusted library allocation

page read and write

645D000

trusted library allocation

page read and write

4CD6000

trusted library allocation

page read and write

5E99000

trusted library allocation

page read and write

66A0000

trusted library allocation

page execute and read and write

5EC4000

trusted library allocation

page read and write

643C000

trusted library allocation

page read and write

2431000

trusted library allocation

page read and write

5D7E000

stack

page read and write

6FDF000

heap

page read and write

284D000

trusted library allocation

page read and write

69E000

stack

page read and write

64C7000

trusted library allocation

page read and write

4E30000

trusted library allocation

page read and write

6456000

trusted library allocation

page read and write

2390000

heap

page read and write

5C42000

heap

page read and write

4ECE000

stack

page read and write

6EA0000

heap

page read and write

C17000

heap

page read and write

2412000

trusted library allocation

page read and write

43A0000

trusted library allocation

page read and write

5E95000

trusted library allocation

page read and write

4930000

heap

page execute and read and write

59FE000

stack

page read and write

5AFE000

stack

page read and write

33B2000

trusted library allocation

page read and write

33AE000

trusted library allocation

page read and write

3477000

trusted library allocation

page read and write

4D70000

trusted library allocation

page execute and read and write

C00000

trusted library allocation

page read and write

6F9E000

heap

page read and write

There are 233 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
4ee06ed334e98fe42fe34b41e528397a22f370bf165d40e07dbd6a2b6d88014d_payload.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report4ee06ed334e98fe42fe34b41e528397a22f370bf165d40e07dbd6a2b6d88014d_payload.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
4ee06ed334e98fe42fe34b41e528397a22f370bf165d40e07dbd6a2b6d88014d_payload.exe