Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe

"C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe"

Details

Is windows:	false
Is dropped:	false
PID:	3648
Target ID:	0
Parent PID:	1028
Name:	07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe
Path:	C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe
Commandline:	"C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe"
Size:	321536
MD5:	9E849D8E3B0B04BC6A5962972E56E62A
Time:	07:35:51
Date:	01/07/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x440000
Modulesize:	368640
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Found malware configuration	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
Sample uses string decryption to hide its real strings	AV Detection
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary

URLs

Name

Malicious

contintnetksows.shop

Details

Name:	contintnetksows.shop
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
LummaC encrypted strings found	HIPS / PFW / Operating System Protection Evasion	PowerShell Deobfuscate/Decode Files or Information
Sample uses string decryption to hide its real strings	AV Detection

ellaboratepwsz.xyzu

Details

Name:	ellaboratepwsz.xyzu
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
LummaC encrypted strings found	HIPS / PFW / Operating System Protection Evasion	PowerShell Deobfuscate/Decode Files or Information
Sample uses string decryption to hide its real strings	AV Detection

potterryisiw.shop

Details

Name:	potterryisiw.shop
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
LummaC encrypted strings found	HIPS / PFW / Operating System Protection Evasion	PowerShell Deobfuscate/Decode Files or Information
Sample uses string decryption to hide its real strings	AV Detection

penetratedpoopp.xyz

Details

Name:	penetratedpoopp.xyz
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
LummaC encrypted strings found	HIPS / PFW / Operating System Protection Evasion	PowerShell Deobfuscate/Decode Files or Information
Sample uses string decryption to hide its real strings	AV Detection

swellfrrgwwos.xyz

Details

Name:	swellfrrgwwos.xyz
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
LummaC encrypted strings found	HIPS / PFW / Operating System Protection Evasion	PowerShell Deobfuscate/Decode Files or Information
Sample uses string decryption to hide its real strings	AV Detection

towerxxuytwi.xyzd

Details

Name:	towerxxuytwi.xyzd
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
LummaC encrypted strings found	HIPS / PFW / Operating System Protection Evasion	PowerShell Deobfuscate/Decode Files or Information
Sample uses string decryption to hide its real strings	AV Detection

foodypannyjsud.shop

Details

Name:	foodypannyjsud.shop
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
LummaC encrypted strings found	HIPS / PFW / Operating System Protection Evasion	PowerShell Deobfuscate/Decode Files or Information
Sample uses string decryption to hide its real strings	AV Detection

pedestriankodwu.xyz

Details

Name:	pedestriankodwu.xyz
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
LummaC encrypted strings found	HIPS / PFW / Operating System Protection Evasion	PowerShell Deobfuscate/Decode Files or Information
Sample uses string decryption to hide its real strings	AV Detection

Memdumps

Base Address

Regiontype

Protect

Malicious

877000

heap

page read and write

47F000

unkown

page readonly

440000

unkown

page readonly

690000

heap

page read and write

440000

unkown

page readonly

5FC000

stack

page read and write

650000

heap

page read and write

872000

heap

page read and write

850000

heap

page read and write

441000

unkown

page execute read

47F000

unkown

page readonly

4FC000

stack

page read and write

48A000

unkown

page read and write

482000

unkown

page write copy

640000

heap

page read and write

494000

unkown

page readonly

85E000

heap

page read and write

441000

unkown

page execute read

482000

unkown

page write copy

494000

unkown

page readonly

85A000

heap

page read and write

There are 11 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe

Processes

URLs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe

Processes

URLs

Memdumps

IOC Report
07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35_dump.exe