Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\build.exe

"C:\Users\user\Desktop\build.exe"

Details

Is windows:	false
Is dropped:	false
PID:	3732
Target ID:	0
Parent PID:	1028
Name:	build.exe
Path:	C:\Users\user\Desktop\build.exe
Commandline:	"C:\Users\user\Desktop\build.exe"
Size:	307712
MD5:	974E76D4B0DDB3706CF174819D200516
Time:	18:06:54
Date:	01/07/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x70000
Modulesize:	335872
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Yara detected RedLine Stealer	Stealing of Sensitive Information, Remote Access Functionality
Machine Learning detection for sample	AV Detection
Binary contains a suspicious time stamp	Data Obfuscation	Timestomp
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
URLs found in memory or binary data	Networking
Binary contains paths to debug symbols	Compliance, System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

URLs

Name

Malicious

people-climbing.gl.at.ply.gg:54251

http://tempuri.org/Entity/Id10Response

unknown

http://tempuri.org/Entity/Id24LR

unknown

http://tempuri.org/Entity/Id8Response

unknown

http://tempuri.org/Entity/Id22LR

unknown

http://tempuri.org/Entity/Id20LR

unknown

http://tempuri.org/Entity/Id12Response

unknown

http://schemas.xmlsoap.org/soap/envelope/

unknown

http://tempuri.org/Entity/Id2Response

unknown

http://tempuri.org/Entity/Id21Response

unknown

http://tempuri.org/Entity/Id19LR

unknown

http://tempuri.org/Entity/Id23Response

unknown

http://tempuri.org/Entity/Id17LR

unknown

http://tempuri.org/Entity/Id15LR

unknown

http://tempuri.org/Entity/Id9LR

unknown

http://tempuri.org/Entity/Id19Response

unknown

http://tempuri.org/Entity/Id13LR

unknown

http://tempuri.org/Entity/Id7LR

unknown

http://tempuri.org/Entity/Id11LR

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse

unknown

http://schemas.xmlsoap.org/ws/2004/08/addressing/fault

unknown

http://tempuri.org/Entity/Id17Response

unknown

http://tempuri.org/Entity/Id1LR

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence

unknown

http://tempuri.org/Entity/Id5LR

unknown

http://tempuri.org/Entity/Id20Response

unknown

http://tempuri.org/Entity/Id3LR

unknown

http://tempuri.org/Entity/Id15Response

unknown

http://tempuri.org/Entity/Id13Response

unknown

http://tempuri.org/Entity/Id4Response

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty

unknown

http://tempuri.org/Entity/Id6Response

unknown

https://api.ip.sb/ip

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement

unknown

http://tempuri.org/Entity/Id23LR

unknown

http://tempuri.org/Entity/Id7Response

unknown

http://tempuri.org/Entity/Id21LR

unknown

http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous

unknown

http://tempuri.org/x

unknown

http://tempuri.org/Entity/Id11Response

unknown

http://tempuri.org/Entity/Id9Response

unknown

http://tempuri.org/Entity/Id22Response

unknown

http://tempuri.org/Entity/Id24Response

unknown

http://tempuri.org/Entity/Id1Response

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested

unknown

http://tempuri.org/Entity/Id18LR

unknown

http://tempuri.org/Entity/Id16LR

unknown

http://tempuri.org/Entity/Id8LR

unknown

http://tempuri.org/Entity/Id14LR

unknown

http://tempuri.org/Entity/Id6LR

unknown

http://tempuri.org/Entity/Id18Response

unknown

http://tempuri.org/Entity/

unknown

http://tempuri.org/Entity/Id12LR

unknown

http://schemas.xmlsoap.org/ws/2004/08/addressing

unknown

http://tempuri.org/Entity/Id10LR

unknown

http://tempuri.org/Entity/Id4LR

unknown

http://tempuri.org/Entity/Id2LR

unknown

http://schemas.xmlsoap.org/ws/2005/02/rmX

unknown

http://tempuri.org/Entity/Id3Response

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage

unknown

http://tempuri.org/Entity/Id16Response

unknown

http://tempuri.org/Entity/Id5Response

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence

unknown

http://schemas.xmlsoap.org/soap/actor/next

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns

unknown

http://tempuri.org/Entity/Id14Response

unknown

There are 56 hidden URLs, click here to show them.

Domains

Name

Malicious

people-climbing.gl.at.ply.gg

147.185.221.20

Details

Name:	people-climbing.gl.at.ply.gg
IP:	147.185.221.20
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

147.185.221.20

people-climbing.gl.at.ply.gg

United States

Details

IP:	147.185.221.20
TargetID:	0
Current Path:	C:\Users\user\Desktop\build.exe
Country:	United States
Countrycode:	USA
ASN number:	12087
ASN name:	SALSGIVERUS
Private:	false
Domain:	people-climbing.gl.at.ply.gg

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

Memdumps

Base Address

Regiontype

Protect

Malicious

72000

unkown

page readonly

6A0000

trusted library allocation

page read and write

4950000

heap

page read and write

B20000

heap

page execute and read and write

243E000

trusted library allocation

page read and write

6C5000

heap

page read and write

24A0000

heap

page read and write

243B000

trusted library allocation

page read and write

8FE000

heap

page read and write

5860000

trusted library allocation

page execute and read and write

B6000

unkown

page readonly

8B2000

heap

page read and write

5870000

trusted library allocation

page execute and read and write

26B1000

trusted library allocation

page read and write

274E000

trusted library allocation

page read and write

5890000

trusted library allocation

page read and write

2434000

trusted library allocation

page read and write

897000

heap

page read and write

4A50000

trusted library allocation

page read and write

87E000

heap

page read and write

1C0000

heap

page read and write

5727000

heap

page read and write

2700000

trusted library allocation

page read and write

7D5000

trusted library allocation

page execute and read and write

4B3E000

stack

page read and write

2430000

trusted library allocation

page read and write

938000

heap

page read and write

57E0000

trusted library allocation

page read and write

4FB1000

trusted library allocation

page read and write

4988000

trusted library allocation

page read and write

4A40000

trusted library allocation

page read and write

680000

trusted library allocation

page read and write

6B2000

trusted library allocation

page read and write

2485000

trusted library allocation

page read and write

7CE000

stack

page read and write

4930000

heap

page execute and read and write

56E0000

heap

page read and write

5717000

heap

page read and write

7F550000

trusted library allocation

page execute and read and write

B40000

heap

page read and write

870000

heap

page read and write

4A70000

heap

page read and write

34B1000

trusted library allocation

page read and write

694000

trusted library allocation

page read and write

6C0000

heap

page read and write

2451000

trusted library allocation

page read and write

968000

heap

page read and write

4FF0000

trusted library allocation

page read and write

34BF000

trusted library allocation

page read and write

4FA2000

trusted library allocation

page read and write

2478000

trusted library allocation

page read and write

4A73000

heap

page read and write

690000

trusted library allocation

page read and write

4FC0000

trusted library allocation

page read and write

2490000

trusted library allocation

page read and write

5880000

trusted library allocation

page read and write

5800000

trusted library allocation

page read and write

4960000

trusted library allocation

page read and write

24B1000

trusted library allocation

page read and write

4F80000

trusted library allocation

page read and write

650000

heap

page read and write

4FCE000

trusted library allocation

page read and write

58E0000

trusted library allocation

page execute and read and write

A7000

unkown

page readonly

4FAE000

trusted library allocation

page read and write

1D0000

heap

page read and write

2480000

trusted library allocation

page read and write

27EC000

trusted library allocation

page read and write

6BA000

trusted library allocation

page execute and read and write

2662000

trusted library allocation

page read and write

69D000

trusted library allocation

page execute and read and write

58A0000

trusted library allocation

page execute and read and write

245D000

trusted library allocation

page read and write

4FBA000

trusted library allocation

page read and write

60E000

stack

page read and write

860000

trusted library allocation

page read and write

4985000

trusted library allocation

page read and write

6A3000

trusted library allocation

page read and write

4F7000

stack

page read and write

498A000

trusted library allocation

page read and write

4F91000

trusted library allocation

page read and write

572C000

heap

page read and write

4FE0000

trusted library allocation

page read and write

B10000

trusted library allocation

page read and write

34D1000

trusted library allocation

page read and write

8A5000

heap

page read and write

6B0000

trusted library allocation

page read and write

244E000

trusted library allocation

page read and write

4F8B000

trusted library allocation

page read and write

4B40000

heap

page read and write

7D2000

trusted library allocation

page read and write

5810000

trusted library allocation

page read and write

242D000

stack

page read and write

2470000

trusted library allocation

page read and write

283B000

trusted library allocation

page read and write

963000

heap

page read and write

4FC5000

trusted library allocation

page read and write

70000

unkown

page readonly

4900000

trusted library allocation

page read and write

58C0000

trusted library allocation

page read and write

5732000

heap

page read and write

15A000

stack

page read and write

6AD000

trusted library allocation

page execute and read and write

4970000

trusted library allocation

page execute and read and write

4F3F000

stack

page read and write

25BF000

trusted library allocation

page read and write

56DE000

stack

page read and write

4FCB000

trusted library allocation

page read and write

7DB000

trusted library allocation

page execute and read and write

4FD0000

trusted library allocation

page read and write

570A000

heap

page read and write

4962000

trusted library allocation

page read and write

2456000

trusted library allocation

page read and write

956000

heap

page read and write

45AE000

stack

page read and write

2613000

trusted library allocation

page read and write

878000

heap

page read and write

28D8000

trusted library allocation

page read and write

57F0000

trusted library allocation

page read and write

850000

trusted library allocation

page execute and read and write

4980000

trusted library allocation

page read and write

2462000

trusted library allocation

page read and write

693000

trusted library allocation

page execute and read and write

4F7E000

stack

page read and write

84E000

stack

page read and write

6B6000

trusted library allocation

page execute and read and write

2442000

trusted library allocation

page read and write

4A61000

trusted library allocation

page read and write

2889000

trusted library allocation

page read and write

B30000

trusted library allocation

page read and write

2436000

trusted library allocation

page read and write

7E0000

heap

page read and write

5000000

trusted library allocation

page execute and read and write

23EF000

stack

page read and write

4F96000

trusted library allocation

page read and write

A2000

unkown

page readonly

570D000

heap

page read and write

58B0000

trusted library allocation

page read and write

7D7000

trusted library allocation

page execute and read and write

279D000

trusted library allocation

page read and write

There are 130 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
build.exe

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportbuild.exe

Processes

URLs

Domains

IPs

Memdumps

IOC Report
build.exe