Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

file.exe

PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows

initial sample

Details

Filetype:	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	7.934984400968034
Filename:	file.exe
Filesize:	845312
MD5:	a7530e8548b1c43ec37d872bedec07f5
SHA1:	985df304b2180a496395a7433839ac3994cb3fbf
SHA256:	6ef1b5587295ea40447d1e9b4a3530779d568a1bf684241c33790cb8b1e95501
SHA512:	8f762569386ab220181c7d970d3d2b85abab7e5a99325cd5df2e041dea92bbfbf7acc228f735d862dc2f16ea4c585bded70473efef7084bfc99cfc8d4aea2ba1
SSDEEP:	12288:7ewO+TW+8LeXbSIrEPrWgV9dxNV31xAm0UuuA+hJdF44gPqbK8TNMxWhYhRT44z6:2Le+9V9dxNh1xANuA+nTKVxWYRT4W
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......f............................Z.... ....@...... .......................@............@...@......@............... .....

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Malicious sample detected (through community Yara rule)	System Summary
Multi AV Scanner detection for submitted file	AV Detection
.NET source code contains potential unpacker	Data Obfuscation
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion
Machine Learning detection for sample	AV Detection
Modifies the context of a thread in another process (thread injection)	HIPS / PFW / Operating System Protection Evasion
Tries to harvest and steal browser information (history, passwords, etc)	Stealing of Sensitive Information	OS Credential Dumping Data from Local System
Tries to steal Mail credentials (via file / registry access)	Stealing of Sensitive Information	Email Collection
Allocates memory with a write watch (potentially for evading sandboxes)	Malware Analysis System Evasion
Contains long sleeps (>= 3 min)	Malware Analysis System Evasion
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Detected potential crypto function	System Summary	Archive Collected Data Encrypted Channel
Enables debug privileges	Anti Debugging
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)	Malware Analysis System Evasion
Found inlined nop instructions (likely shell or obfuscated code)	Software Vulnerabilities	Obfuscated Files or Information
May sleep (evasive loops) to hinder dynamic analysis	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection
Sample file is different than original file name gathered from version info	System Summary
Uses code obfuscation techniques (call, push, ret)	Data Obfuscation
Yara signature match	System Summary
Binary may include packed or encrypted code	Data Obfuscation
PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3)	System Summary	Software Packing
Contains medium sleeps (>= 30s)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Creates files inside the user directory	System Summary	Masquerading
Creates guard pages, often used to prevent reverse engineering and debugging	Anti Debugging	Disable or Modify Tools
Creates mutexes	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Queries a list of all running processes	Malware Analysis System Evasion	Process Discovery
Queries the cryptographic machine GUID	Language, Device and Operating System Detection	System Information Discovery
Reads software policies	System Summary
SQL strings found in memory and binary data	System Summary
Sample is known by Antivirus	System Summary
Tries to load missing DLLs	System Summary	DLL Side-Loading
URLs found in memory or binary data	Networking
Uses an in-process (OLE) Automation server	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
Checks if Microsoft Office is installed	System Summary
PE file contains a COM descriptor data directory	System Summary
Uses Microsoft Silverlight	System Summary

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\file.exe.log

CSV text

dropped

Details

File:	C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\file.exe.log
Category:	dropped
Dump:	file.exe.log.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\file.exe
Type:	CSV text
Entropy:	5.380493107040482
Encrypted:	false
Ssdeep:	24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNl+84xp3/VclT:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhAA
Size:	1510
Whitelisted:	false
Reputation:	moderate

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
Sample file is different than original file name gathered from version info	System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3)	System Summary	Software Packing
Creates files inside the user directory	System Summary	Masquerading
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\file.exe

"C:\Users\user\Desktop\file.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7436
Target ID:	0
Parent PID:	4056
Name:	file.exe
Path:	C:\Users\user\Desktop\file.exe
Commandline:	"C:\Users\user\Desktop\file.exe"
Size:	845312
MD5:	A7530E8548B1C43EC37D872BEDEC07F5
Time:	06:35:19
Date:	01/07/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x520000
Modulesize:	868352
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Yara detected Snake Keylogger	Stealing of Sensitive Information, Remote Access Functionality
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Machine Learning detection for sample	AV Detection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3)	System Summary	Software Packing
Creates files inside the user directory	System Summary	Masquerading
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
Spawns processes	System Summary	Process Injection
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

C:\Users\user\Desktop\file.exe

Details

Is windows:	false
Is dropped:	false
PID:	7532
Target ID:	2
Parent PID:	7436
Name:	file.exe
Path:	C:\Users\user\Desktop\file.exe
Commandline:	C:\Users\user\Desktop\file.exe
Size:	845312
MD5:	A7530E8548B1C43EC37D872BEDEC07F5
Time:	06:35:21
Date:	01/07/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x650000
Modulesize:	868352
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Yara detected Snake Keylogger	Stealing of Sensitive Information, Remote Access Functionality
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Machine Learning detection for sample	AV Detection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3)	System Summary	Software Packing
Creates files inside the user directory	System Summary	Masquerading
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
Spawns processes	System Summary	Process Injection
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

URLs

Name

Malicious

https://reallyfreegeoip.org

unknown

http://checkip.dyndns.org

unknown

https://reallyfreegeoip.org/xml/8.46.123.33p

unknown

http://checkip.dyndns.org/

193.122.130.0

http://checkip.dyndns.com

unknown

https://reallyfreegeoip.org/xml/8.46.123.33

188.114.96.3

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

unknown

http://103.130.147.85

unknown

http://checkip.dyndns.org/q

unknown

http://reallyfreegeoip.org

unknown

https://reallyfreegeoip.org/xml/

unknown

There are 1 hidden URLs, click here to show them.

Domains

Name

Malicious

reallyfreegeoip.org

188.114.96.3

Details

Name:	reallyfreegeoip.org
IP:	188.114.96.3
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Tries to detect the country of the analysis system (by using the IP)	Location Tracking
HTTP GET or POST without a user agent	Networking
May check the online IP address of the machine	Networking	System Network Configuration Discovery
Uses insecure TLS / SSL version for HTTPS connection	Compliance, Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

checkip.dyndns.org

unknown

Details

Name:	checkip.dyndns.org
TargetID:	-1

Signature Hits	Behavior Group	Mitre Attack
May check the online IP address of the machine	Networking	System Network Configuration Discovery
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

checkip.dyndns.com

193.122.130.0

IPs

Domain

Country

Malicious

188.114.96.3

reallyfreegeoip.org

European Union

Details

IP:	188.114.96.3
TargetID:	2
Current Path:	C:\Users\user\Desktop\file.exe
Country:	European Union
Countrycode:	EU
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	reallyfreegeoip.org

Signature Hits	Behavior Group	Mitre Attack
Uses insecure TLS / SSL version for HTTPS connection	Compliance, Networking

193.122.130.0

checkip.dyndns.com

United States

Registry

Path

Value

Malicious

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\file_RASAPI32

EnableFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\file_RASAPI32

EnableAutoFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\file_RASAPI32

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\file_RASAPI32

FileTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\file_RASAPI32

ConsoleTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\file_RASAPI32

MaxFileSize

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\file_RASAPI32

FileDirectory

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\file_RASMANCS

EnableFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\file_RASMANCS

EnableAutoFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\file_RASMANCS

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\file_RASMANCS

FileTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\file_RASMANCS

ConsoleTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\file_RASMANCS

MaxFileSize

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\file_RASMANCS

FileDirectory

There are 4 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

140002000

remote allocation

page execute and read and write

3901000

trusted library allocation

page read and write

13C95000

trusted library allocation

page read and write

36B1000

trusted library allocation

page read and write

13AA1000

trusted library allocation

page read and write

EA8000

heap

page read and write

3240000

heap

page read and write

7FFAAC54D000

trusted library allocation

page execute and read and write

DF0000

heap

page read and write

3633000

heap

page read and write

3858000

trusted library allocation

page read and write

D70000

heap

page read and write

7FFAAC5E0000

trusted library allocation

page execute and read and write

140000000

remote allocation

page execute and read and write

3893000

trusted library allocation

page read and write

18C0000

heap

page execute and read and write

1030000

trusted library allocation

page read and write

1E3DE000

stack

page read and write

7FFAAC54B000

trusted library allocation

page execute and read and write

7FFAAC53D000

trusted library allocation

page execute and read and write

E03000

heap

page read and write

7FFAAC5D6000

trusted library allocation

page read and write

18B0000

trusted library allocation

page read and write

3801000

trusted library allocation

page read and write

37A5000

trusted library allocation

page read and write

7FFAAC54D000

trusted library allocation

page execute and read and write

386D000

trusted library allocation

page read and write

7FFAAC710000

trusted library allocation

page read and write

DF6000

heap

page read and write

7FFAAC6C2000

trusted library allocation

page read and write

E33000

heap

page read and write

1ED20000

heap

page read and write

3998000

trusted library allocation

page read and write

3680000

heap

page read and write

136B1000

trusted library allocation

page read and write

37A2000

trusted library allocation

page read and write

7FF4DEEE0000

trusted library allocation

page execute and read and write

3868000

trusted library allocation

page read and write

7FFAAC720000

trusted library allocation

page execute and read and write

7FFAAC520000

trusted library allocation

page read and write

1D6FF000

stack

page read and write

1040000

trusted library allocation

page read and write

1D0E000

stack

page read and write

1C1B1000

heap

page read and write

D50000

heap

page read and write

7FFAAC713000

trusted library allocation

page read and write

F70000

heap

page read and write

1010000

trusted library allocation

page read and write

7FFAAC544000

trusted library allocation

page read and write

39A1000

trusted library allocation

page read and write

3991000

trusted library allocation

page read and write

39EC000

trusted library allocation

page read and write

3864000

trusted library allocation

page read and write

1C7DE000

stack

page read and write

5F0000

unkown

page readonly

1043000

trusted library allocation

page read and write

37B5000

trusted library allocation

page read and write

7FFB0BA42000

unkown

page readonly

13723000

trusted library allocation

page read and write

7FFAAC530000

trusted library allocation

page read and write

1085000

heap

page read and write

39AF000

trusted library allocation

page read and write

3860000

trusted library allocation

page read and write

7FFAAC6E0000

trusted library allocation

page read and write

3880000

trusted library allocation

page read and write

7FFAAC533000

trusted library allocation

page read and write

1CC40000

heap

page read and write

38BA000

trusted library allocation

page read and write

1E7DE000

stack

page read and write

E2F000

heap

page read and write

39E5000

trusted library allocation

page read and write

7FFAAC54B000

trusted library allocation

page execute and read and write

13748000

trusted library allocation

page read and write

1CE90000

trusted library section

page read and write

7FFAAC606000

trusted library allocation

page execute and read and write

E40000

heap

page read and write

7FFAAC700000

trusted library allocation

page execute and read and write

C2D000

stack

page read and write

3812000

trusted library allocation

page read and write

E69000

heap

page read and write

37B9000

trusted library allocation

page read and write

E48000

heap

page read and write

7FFAAC533000

trusted library allocation

page read and write

1373F000

trusted library allocation

page read and write

7FFAAC744000

trusted library allocation

page read and write

31FE000

stack

page read and write

323F000

stack

page read and write

38EE000

trusted library allocation

page read and write

1DAFE000

stack

page read and write

7FFAAC6E0000

trusted library allocation

page read and write

7FFAAC5E0000

trusted library allocation

page execute and read and write

7FFAAC522000

trusted library allocation

page read and write

1C20C000

stack

page read and write

7FFAAC730000

trusted library allocation

page read and write

11B0000

heap

page execute and read and write

37E9000

trusted library allocation

page read and write

3650000

heap

page read and write

7FFAAC5D0000

trusted library allocation

page read and write

13A98000

trusted library allocation

page read and write

1C6C4000

heap

page read and write

1C170000

heap

page read and write

7FFAAC5D6000

trusted library allocation

page read and write

3850000

trusted library allocation

page read and write

E6C000

heap

page read and write

E77000

heap

page read and write

7FFAAC57C000

trusted library allocation

page execute and read and write

39AB000

trusted library allocation

page read and write

398D000

trusted library allocation

page read and write

3B31000

trusted library allocation

page read and write

1C1AF000

heap

page read and write

7FFB0BA40000

unkown

page read and write

7FFAAC73D000

trusted library allocation

page read and write

1CB40000

heap

page read and write

7FFAAC53D000

trusted library allocation

page execute and read and write

DF2000

heap

page read and write

32A0000

heap

page read and write

520000

unkown

page readonly

1E8FE000

stack

page read and write

7FFAAC710000

trusted library allocation

page read and write

3854000

trusted library allocation

page read and write

DC6000

heap

page read and write

1C5F0000

heap

page read and write

7FFAAC640000

trusted library allocation

page execute and read and write

13E04000

trusted library allocation

page read and write

7FFAAC606000

trusted library allocation

page execute and read and write

E2D000

heap

page read and write

1C290000

heap

page execute and read and write

385C000

trusted library allocation

page read and write

3530000

heap

page execute and read and write

EA5000

heap

page read and write

522000

unkown

page readonly

1C5D0000

trusted library section

page read and write

E01000

heap

page read and write

37C9000

trusted library allocation

page read and write

39B4000

trusted library allocation

page read and write

7FFAAC520000

trusted library allocation

page read and write

36AE000

stack

page read and write

EA0000

heap

page read and write

39DF000

trusted library allocation

page read and write

7FFAAC6F0000

trusted library allocation

page read and write

1EBDE000

stack

page read and write

1D2FF000

stack

page read and write

7FFAAC523000

trusted library allocation

page execute and read and write

31B3000

heap

page read and write

7FFAAC6D0000

trusted library allocation

page execute and read and write

DEC000

heap

page read and write

3630000

heap

page read and write

EE0000

trusted library allocation

page read and write

D90000

heap

page read and write

1BAC0000

trusted library allocation

page read and write

1E300000

heap

page read and write

7FFAAC57C000

trusted library allocation

page execute and read and write

37A8000

trusted library allocation

page read and write

7FFB0BA20000

unkown

page readonly

E7D000

heap

page read and write

7FFAAC739000

trusted library allocation

page read and write

1C6F0000

trusted library section

page read and write

15CE000

stack

page read and write

1CB3C000

stack

page read and write

7FFAAC720000

trusted library allocation

page read and write

F38000

heap

page read and write

137E000

stack

page read and write

E7F000

heap

page read and write

1905000

heap

page read and write

3A2B000

trusted library allocation

page read and write

3A8F000

stack

page read and write

7D0000

heap

page read and write

7FFAAC6E8000

trusted library allocation

page read and write

7FFAAC544000

trusted library allocation

page read and write

38A6000

trusted library allocation

page read and write

7FFAAC524000

trusted library allocation

page read and write

13754000

trusted library allocation

page read and write

38DC000

trusted library allocation

page read and write

3A91000

trusted library allocation

page read and write

11C0000

heap

page read and write

7FFB0BA45000

unkown

page readonly

7FFAAC540000

trusted library allocation

page read and write

7FFAAC540000

trusted library allocation

page read and write

DF2000

stack

page read and write

3689000

heap

page read and write

7FFAAC6C0000

trusted library allocation

page read and write

13A91000

trusted library allocation

page read and write

3BB3000

trusted library allocation

page read and write

7FFAAC5DC000

trusted library allocation

page execute and read and write

37AB000

trusted library allocation

page read and write

7FFAAC640000

trusted library allocation

page execute and read and write

11C5000

heap

page read and write

DCC000

heap

page read and write

7B0000

heap

page read and write

1786000

heap

page read and write

7FFB0BA36000

unkown

page readonly

1DEFE000

stack

page read and write

13BAB000

trusted library allocation

page read and write

3817000

trusted library allocation

page read and write

3520000

trusted library section

page read and write

7FFB0BA21000

unkown

page execute read

7FFAAC524000

trusted library allocation

page read and write

7FFAAC717000

trusted library allocation

page read and write

1E2FB000

stack

page read and write

1080000

heap

page read and write

7FFAAC700000

trusted library allocation

page execute and read and write

E00000

heap

page read and write

380A000

trusted library allocation

page read and write

31B0000

heap

page read and write

1BE2D000

stack

page read and write

7FFAAC6F0000

trusted library allocation

page execute and read and write

DC0000

heap

page read and write

7FFAAC52D000

trusted library allocation

page execute and read and write

38D8000

trusted library allocation

page read and write

7FFAAC6D0000

trusted library allocation

page read and write

380E000

trusted library allocation

page read and write

140022000

remote allocation

page execute and read and write

37AE000

trusted library allocation

page read and write

39F2000

trusted library allocation

page read and write

7FFAAC52D000

trusted library allocation

page execute and read and write

EAC000

heap

page read and write

177E000

stack

page read and write

F75000

heap

page read and write

1890000

heap

page read and write

7A0000

heap

page read and write

C70000

heap

page read and write

7FFAAC6C0000

trusted library allocation

page read and write

F00000

trusted library allocation

page read and write

1C208000

heap

page read and write

7FFAAC530000

trusted library allocation

page read and write

7FFAAC5DC000

trusted library allocation

page execute and read and write

1900000

heap

page read and write

1C710000

heap

page read and write

1C730000

heap

page read and write

7FFAAC6EB000

trusted library allocation

page read and write

7FFAAC523000

trusted library allocation

page execute and read and write

19CF000

stack

page read and write

7FFAAC5D0000

trusted library allocation

page read and write

There are 223 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
file.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportfile.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
file.exe