Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

setup.exe

PE32 executable (GUI) Intel 80386, for MS Windows

initial sample

Details

Filetype:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	7.950488194711155
Filename:	setup.exe
Filesize:	1942016
MD5:	eaa443f37443cb7221d63e0891243384
SHA1:	d3242326b2ac1ae6e9817a49df33c3a79e209aee
SHA256:	bef6f82a9c4064f8639e804036f460bafdd01eec87a355e247775d315b76db13
SHA512:	8405c44c1eea8578224eb6495f689d66e4e2f6503c0bf08d3c111e4e307603a35089649296ebf89b76d339c9517a83133b741c655097a9fe319f25aae1f6afdb
SSDEEP:	49152:6YyPZ96v5ohNyPiYPl5A7E2+P75+Zg6RenX1IAhTiz8wPT:kBSPiYNK7mP91/TOQ
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>................

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Detected unpacking (changes PE section rights)	Data Obfuscation	Software Packing
Multi AV Scanner detection for submitted file	AV Detection
Hides threads from debuggers	Anti Debugging
Machine Learning detection for sample	AV Detection
PE file contains section with special chars	System Summary
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)	Boot Survival
Tries to detect sandboxes / dynamic malware analysis system (registry check)	Malware Analysis System Evasion
Tries to detect virtualization through RDTSC time measurements	Malware Analysis System Evasion	Virtualization/Sandbox Evasion Security Software Discovery
Tries to evade debugger and weak emulator (self modifying code)	Malware Analysis System Evasion
Checks if the current process is being debugged	Anti Debugging
Contains functionality for execution timing, often used to detect debuggers	Malware Analysis System Evasion, Anti Debugging
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion
Creates files inside the system directory	System Summary	Masquerading
Creates job files (autostart)	Boot Survival	Scheduled Task/Job
Drops PE files	Persistence and Installation Behavior
PE file contains sections with non-standard names	Data Obfuscation
Uses 32bit PE files	Compliance, System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011)	System Summary
Checks the free space of harddrives	Malware Analysis System Evasion
Creates temporary files	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Queries a list of all running drivers	Malware Analysis System Evasion
Queries a list of all running processes	Malware Analysis System Evasion
Reads ini files	System Summary	File and Directory Discovery
Reads software policies	System Summary
Sample is known by Antivirus	System Summary
Sample might require command line arguments	System Summary
Sample reads its own file content	System Summary
Tries to load missing DLLs	System Summary	DLL Side-Loading
Uses an in-process (OLE) Automation server	System Summary
PE file has a big raw section	System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
Category:	dropped
Dump:	axplong.exe.0.dr
ID:	dr_2
Target ID:	0
Process:	C:\Users\user\Desktop\setup.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	7.950488194711155
Encrypted:	false
Ssdeep:	49152:6YyPZ96v5ohNyPiYPl5A7E2+P75+Zg6RenX1IAhTiz8wPT:kBSPiYNK7mP91/TOQ
Size:	1942016
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for dropped file	AV Detection
Detected unpacking (changes PE section rights)	Data Obfuscation	Software Packing
Hides threads from debuggers	Anti Debugging	Security Software Discovery Virtualization/Sandbox Evasion
Machine Learning detection for dropped file	AV Detection
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)	Boot Survival	Security Software Discovery
Tries to detect sandboxes / dynamic malware analysis system (registry check)	Malware Analysis System Evasion	Security Software Discovery
Tries to detect sandboxes and other dynamic analysis tools (window names)	Anti Debugging	Security Software Discovery Virtualization/Sandbox Evasion
Abnormal high CPU Usage	System Summary
Checks for debuggers (devices)	Anti Debugging	Security Software Discovery Virtualization/Sandbox Evasion
Checks if the current process is being debugged	Anti Debugging	Security Software Discovery Virtualization/Sandbox Evasion
Contains capabilities to detect virtual machines	Malware Analysis System Evasion	Security Software Discovery Virtualization/Sandbox Evasion
Contains functionality to query CPU information (cpuid)	Language, Device and Operating System Detection	System Information Discovery
Contains functionality to read the PEB	Anti Debugging
Contains long sleeps (>= 3 min)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Detected potential crypto function	System Summary	Encrypted Channel Archive Collected Data
Drops PE files	Persistence and Installation Behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Uses code obfuscation techniques (call, push, ret)	Data Obfuscation	Obfuscated Files or Information
Contains functionality to download additional files from the internet	Networking	Ingress Tool Transfer
Contains functionality to query local / system time	Language, Device and Operating System Detection	System Information Discovery System Time Discovery
Contains medium sleeps (>= 30s)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Creates mutexes	System Summary
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
Spawns processes	System Summary	Process Injection
Tries to load missing DLLs	System Summary	DLL Side-Loading

C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe:Zone.Identifier

ASCII text, with CRLF line terminators

modified

Details

File:	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe:Zone.Identifier
Category:	modified
Dump:	axplong.exe_Zone.Identifier.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Users\user\Desktop\setup.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	3.95006375643621
Encrypted:	false
Ssdeep:	3:ggPYV:rPYV
Size:	26
Whitelisted:	false
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for dropped file	AV Detection
Detected unpacking (changes PE section rights)	Data Obfuscation	Software Packing
Hides threads from debuggers	Anti Debugging	Security Software Discovery Virtualization/Sandbox Evasion
Machine Learning detection for dropped file	AV Detection
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)	Boot Survival	Security Software Discovery
Tries to detect sandboxes / dynamic malware analysis system (registry check)	Malware Analysis System Evasion	Security Software Discovery
Tries to detect sandboxes and other dynamic analysis tools (window names)	Anti Debugging	Security Software Discovery Virtualization/Sandbox Evasion
Abnormal high CPU Usage	System Summary
Checks for debuggers (devices)	Anti Debugging	Security Software Discovery Virtualization/Sandbox Evasion
Checks if the current process is being debugged	Anti Debugging	Security Software Discovery Virtualization/Sandbox Evasion
Contains capabilities to detect virtual machines	Malware Analysis System Evasion	Security Software Discovery Virtualization/Sandbox Evasion
Contains functionality to query CPU information (cpuid)	Language, Device and Operating System Detection	System Information Discovery
Contains functionality to read the PEB	Anti Debugging
Contains long sleeps (>= 3 min)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Detected potential crypto function	System Summary	Encrypted Channel Archive Collected Data
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Uses code obfuscation techniques (call, push, ret)	Data Obfuscation	Obfuscated Files or Information
Contains functionality to download additional files from the internet	Networking	Ingress Tool Transfer
Contains functionality to query local / system time	Language, Device and Operating System Detection	System Information Discovery System Time Discovery
Contains medium sleeps (>= 30s)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Creates mutexes	System Summary
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
Tries to load missing DLLs	System Summary	DLL Side-Loading

C:\Windows\Tasks\axplong.job

data

dropped

Details

File:	C:\Windows\Tasks\axplong.job
Category:	dropped
Dump:	axplong.job.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\setup.exe
Type:	data
Entropy:	3.4217877499171836
Encrypted:	false
Ssdeep:	6:VG9k61/XpRKUEZ+lX1YC7UPelkDdtPjgsW2YRZuy0l1sBEt0:VcfpRKQ1h7keeDHjzvYRQV1sit0
Size:	286
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Creates files inside the system directory	System Summary	Masquerading
Creates job files (autostart)	Boot Survival	Scheduled Task/Job

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\setup.exe

"C:\Users\user\Desktop\setup.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7348
Target ID:	0
Parent PID:	2580
Name:	setup.exe
Path:	C:\Users\user\Desktop\setup.exe
Commandline:	"C:\Users\user\Desktop\setup.exe"
Size:	1942016
MD5:	EAA443F37443CB7221D63E0891243384
Time:	18:24:56
Date:	01/07/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x360000
Modulesize:	5050368
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Detected unpacking (changes PE section rights)	Data Obfuscation	Software Packing
Multi AV Scanner detection for submitted file	AV Detection
Yara detected Amadeys stealer DLL	Stealing of Sensitive Information
Machine Learning detection for sample	AV Detection
PE file contains section with special chars	System Summary
PE file contains an invalid checksum	Data Obfuscation
PE file contains sections with non-standard names	Data Obfuscation
Uses 32bit PE files	Compliance, System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011)	System Summary	Software Packing
Sample is known by Antivirus	System Summary
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
Sample reads its own file content	System Summary
Spawns processes	System Summary	Process Injection
PE file has a big raw section	System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

Details

Is windows:	false
Is dropped:	true
PID:	7548
Target ID:	1
Parent PID:	1044
Name:	axplong.exe
Path:	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
Commandline:	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
Size:	1942016
MD5:	EAA443F37443CB7221D63E0891243384
Time:	18:25:00
Date:	01/07/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x1000000
Modulesize:	5050368
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Detected unpacking (changes PE section rights)	Data Obfuscation	Software Packing
Yara detected Amadeys stealer DLL	Stealing of Sensitive Information
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Drops PE files	Persistence and Installation Behavior
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
Spawns processes	System Summary	Process Injection

C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe

"C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe"

Details

Is windows:	false
Is dropped:	true
PID:	7564
Target ID:	2
Parent PID:	7348
Name:	axplong.exe
Path:	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
Commandline:	"C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe"
Size:	1942016
MD5:	EAA443F37443CB7221D63E0891243384
Time:	18:25:00
Date:	01/07/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x1000000
Modulesize:	5050368
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Detected unpacking (changes PE section rights)	Data Obfuscation	Software Packing
Yara detected Amadeys stealer DLL	Stealing of Sensitive Information
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Drops PE files	Persistence and Installation Behavior
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

http://77.91.77.81/

unknown

Details

Name:	http://77.91.77.81/
TargetID:	1
From Memory:	true
Current Path:	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
Source:	axplong.exe, 00000001.00000002.4114826750.0000000001768000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
URLs found in memory or binary data	Networking

http://77.91.77.81/Kiru9gu/index.php

77.91.77.81

Details

Name:	http://77.91.77.81/Kiru9gu/index.php
IP:	77.91.77.81
TargetID:	1
From Memory:	false
Current Path:	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
Source:	network

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Snort IDS alert for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
HTTP GET or POST without a user agent	Networking
IP address seen in connection with other malware	Networking
Connects to IPs without corresponding DNS lookups	Networking
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

http://77.91.77.81/Kiru9gu/index.phpR-

unknown

http://77.91.77.81/Kiru9gu/index.phpl

unknown

http://77.91.77.81/Kiru9gu/index.phpem32

unknown

http://77.91.77.81/Kiru9gu/index.php2

unknown

http://77.91.77.81/Kiru9gu/index.phpoS

unknown

http://77.91.77.81/Kiru9gu/index.phpm32

unknown

http://77.91.77.81/Kiru9gu/index.phptI

unknown

IPs

Domain

Country

Malicious

77.91.77.81

unknown

Russian Federation

Details

IP:	77.91.77.81
TargetID:	1
Current Path:	C:\Users\user\AppData\Local\Temp\8254624243\axplong.exe
Country:	Russian Federation
Countrycode:	RUS
ASN number:	42861
ASN name:	FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Snort IDS alert for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
HTTP GET or POST without a user agent	Networking
Connects to IPs without corresponding DNS lookups	Networking
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

5530000

direct allocation

page read and write

1001000

unkown

page execute and read and write

361000

unkown

page execute and read and write

1001000

unkown

page execute and read and write

4BB0000

direct allocation

page read and write

4930000

direct allocation

page read and write

5700000

direct allocation

page execute and read and write

44B1000

heap

page read and write

3AAF000

stack

page read and write

DBC000

stack

page read and write

56B0000

direct allocation

page execute and read and write

346F000

stack

page read and write

DFB000

stack

page read and write

44B1000

heap

page read and write

3C2E000

stack

page read and write

73D000

stack

page read and write

E80000

direct allocation

page read and write

EE0000

direct allocation

page read and write

44B1000

heap

page read and write

44B1000

heap

page read and write

44B1000

heap

page read and write

EE0000

direct allocation

page read and write

14CE000

unkown

page execute and write copy

16F0000

direct allocation

page read and write

5720000

direct allocation

page execute and read and write

360000

unkown

page readonly

32ED000

heap

page read and write

DB0000

heap

page read and write

807B000

stack

page read and write

50B1000

heap

page read and write

F71000

heap

page read and write

685000

unkown

page execute and write copy

835000

heap

page read and write

44B1000

heap

page read and write

50B1000

heap

page read and write

E80000

direct allocation

page read and write

A1B000

heap

page read and write

50B1000

heap

page read and write

50B1000

heap

page read and write

44B1000

heap

page read and write

3F6E000

stack

page read and write

3C9000

unkown

page write copy

50B1000

heap

page read and write

50B1000

heap

page read and write

675000

unkown

page execute and read and write

3EAE000

stack

page read and write

1069000

unkown

page write copy

16D4000

heap

page read and write

44B1000

heap

page read and write

436F000

stack

page read and write

16D4000

heap

page read and write

50B1000

heap

page read and write

30AF000

stack

page read and write

50B1000

heap

page read and write

1783000

heap

page read and write

3D2F000

stack

page read and write

50B1000

heap

page read and write

44B1000

heap

page read and write

3E6E000

stack

page read and write

16D4000

heap

page read and write

44B1000

heap

page read and write

16D4000

heap

page read and write

16D4000

heap

page read and write

50B1000

heap

page read and write

1069000

unkown

page write copy

1325000

unkown

page execute and write copy

50B1000

heap

page read and write

462E000

stack

page read and write

44B1000

heap

page read and write

31EF000

stack

page read and write

44B1000

heap

page read and write

FDC000

heap

page read and write

3FEE000

stack

page read and write

50B1000

heap

page read and write

44B1000

heap

page read and write

56B0000

direct allocation

page execute and read and write

81BE000

stack

page read and write

3CEE000

stack

page read and write

4E6E000

stack

page read and write

1315000

unkown

page execute and read and write

44B1000

heap

page read and write

40EF000

stack

page read and write

44B1000

heap

page read and write

16D4000

heap

page read and write

16D4000

heap

page read and write

1324000

unkown

page execute and read and write

50B1000

heap

page read and write

E80000

direct allocation

page read and write

44B1000

heap

page read and write

4A6F000

stack

page read and write

44B1000

heap

page read and write

426E000

stack

page read and write

43AE000

stack

page read and write

44B1000

heap

page read and write

EF0000

heap

page read and write

44AF000

stack

page read and write

4D20000

direct allocation

page execute and read and write

FF0000

heap

page read and write

EE0000

direct allocation

page read and write

E80000

direct allocation

page read and write

32B0000

heap

page read and write

5591000

direct allocation

page read and write

44B1000

heap

page read and write

44B1000

heap

page read and write

EE0000

direct allocation

page read and write

50B1000

heap

page read and write

82C000

unkown

page execute and read and write

A0F000

stack

page read and write

A2C000

heap

page read and write

3FEE000

stack

page read and write

44B1000

heap

page read and write

4FFF000

stack

page read and write

4D40000

direct allocation

page execute and read and write

1610000

heap

page read and write

50C7000

heap

page read and write

44B1000

heap

page read and write

16D4000

heap

page read and write

D10000

heap

page read and write

12DD000

unkown

page execute and read and write

3DEF000

stack

page read and write

44B1000

heap

page read and write

16D4000

heap

page read and write

44B1000

heap

page read and write

FF0000

heap

page read and write

5D8F000

stack

page read and write

2CEF000

stack

page read and write

44B1000

heap

page read and write

2E6E000

stack

page read and write

16D4000

heap

page read and write

6AAE000

heap

page read and write

1324000

unkown

page execute and write copy

4AD0000

direct allocation

page execute and read and write

F10000

heap

page read and write

442F000

stack

page read and write

44B1000

heap

page read and write

16F0000

direct allocation

page read and write

44B1000

heap

page read and write

4D00000

direct allocation

page execute and read and write

2BEF000

stack

page read and write

44B1000

heap

page read and write

32E0000

heap

page read and write

E80000

direct allocation

page read and write

50B1000

heap

page read and write

50B1000

heap

page read and write

56E0000

direct allocation

page execute and read and write

50B1000

heap

page read and write

EE0000

direct allocation

page read and write

44B1000

heap

page read and write

1790000

heap

page read and write

FE0000

direct allocation

page read and write

4AF0000

direct allocation

page execute and read and write

179B000

heap

page read and write

5C8E000

stack

page read and write

EE0000

direct allocation

page read and write

770000

heap

page read and write

FC8000

heap

page read and write

50B1000

heap

page read and write

16D4000

heap

page read and write

50B1000

heap

page read and write

44B1000

heap

page read and write

44B1000

heap

page read and write

1069000

unkown

page read and write

EE0000

direct allocation

page read and write

60FE000

stack

page read and write

342B000

stack

page read and write

16D4000

heap

page read and write

4A80000

direct allocation

page execute and read and write

446E000

stack

page read and write

684000

unkown

page execute and read and write

37EE000

stack

page read and write

4731000

heap

page read and write

5DDE000

stack

page read and write

4D20000

direct allocation

page execute and read and write

50B1000

heap

page read and write

44B1000

heap

page read and write

50B1000

heap

page read and write

44B1000

heap

page read and write

50B1000

heap

page read and write

FE5000

heap

page read and write

4830000

trusted library allocation

page read and write

496E000

stack

page read and write

46ED000

stack

page read and write

66C000

unkown

page execute and read and write

2E2F000

stack

page read and write

346F000

stack

page read and write

50B1000

heap

page read and write

4DC0000

direct allocation

page execute and read and write

5C2F000

stack

page read and write

322E000

stack

page read and write

50B1000

heap

page read and write

29EF000

stack

page read and write

51B0000

trusted library allocation

page read and write

56F0000

direct allocation

page execute and read and write

E7E000

stack

page read and write

44B1000

heap

page read and write

4DB0000

direct allocation

page execute and read and write

4D20000

direct allocation

page execute and read and write

50B1000

heap

page read and write

EE0000

heap

page read and write

31EF000

stack

page read and write

5F7B000

stack

page read and write

11F7000

unkown

page execute and read and write

4991000

direct allocation

page read and write

170A000

heap

page read and write

50B1000

heap

page read and write

7E41000

heap

page read and write

4D50000

direct allocation

page execute and read and write

1600000

heap

page read and write

4CF0000

direct allocation

page execute and read and write

44AF000

stack

page read and write

35AF000

stack

page read and write

50B1000

heap

page read and write

4A70000

direct allocation

page execute and read and write

5750000

direct allocation

page execute and read and write

44B1000

heap

page read and write

50B1000

heap

page read and write

56C0000

direct allocation

page execute and read and write

3BEF000

stack

page read and write

4BEE000

stack

page read and write

4D60000

direct allocation

page execute and read and write

44B1000

heap

page read and write

2FAE000

stack

page read and write

44B1000

heap

page read and write

50C0000

heap

page read and write

FEE000

heap

page read and write

4A90000

direct allocation

page execute and read and write

28D0000

direct allocation

page execute and read and write

492F000

stack

page read and write

2FAE000

stack

page read and write

44B1000

heap

page read and write

6AB0000

heap

page read and write

2F6F000

stack

page read and write

50B1000

heap

page read and write

44B1000

heap

page read and write

28E4000

heap

page read and write

FDE000

stack

page read and write

44B1000

heap

page read and write

44B1000

heap

page read and write

44B1000

heap

page read and write

372E000

stack

page read and write

2AEF000

stack

page read and write

32D0000

direct allocation

page read and write

2AEF000

stack

page read and write

44B1000

heap

page read and write

7DE000

stack

page read and write

3BAE000

stack

page read and write

4FAE000

stack

page read and write

30EE000

stack

page read and write

4DA0000

direct allocation

page execute and read and write

DB5000

heap

page read and write

E80000

direct allocation

page read and write

422F000

stack

page read and write

44B1000

heap

page read and write

50B1000

heap

page read and write

3A2F000

stack

page read and write

4D20000

direct allocation

page execute and read and write

3BEF000

stack

page read and write

4C2E000

stack

page read and write

16D4000

heap

page read and write

15DD000

stack

page read and write

4D6E000

stack

page read and write

3F2F000

stack

page read and write

16D4000

heap

page read and write

336E000

stack

page read and write

E80000

direct allocation

page read and write

4A90000

direct allocation

page execute and read and write

60BE000

stack

page read and write

3D6E000

stack

page read and write

E3E000

stack

page read and write

50B1000

heap

page read and write

3C2000

unkown

page execute and read and write

44B1000

heap

page read and write

44B1000

heap

page read and write

601E000

stack

page read and write

4BAF000

stack

page read and write

50B1000

heap

page read and write

7E44000

heap

page read and write

44C1000

heap

page read and write

29EF000

stack

page read and write

842B000

stack

page read and write

DA0000

heap

page read and write

44B1000

heap

page read and write

44B1000

heap

page read and write

3FAF000

stack

page read and write

636E000

stack

page read and write

44B1000

heap

page read and write

684000

unkown

page execute and write copy

1324000

unkown

page execute and write copy

40AE000

stack

page read and write

16D4000

heap

page read and write

4A90000

direct allocation

page execute and read and write

44B1000

heap

page read and write

50B1000

heap

page read and write

44B1000

heap

page read and write

3D6E000

stack

page read and write

4730000

heap

page read and write

E80000

direct allocation

page read and write

EE0000

direct allocation

page read and write

44B1000

heap

page read and write

44B1000

heap

page read and write

4C6E000

stack

page read and write

4A90000

direct allocation

page execute and read and write

422F000

stack

page read and write

3EAE000

stack

page read and write

4D10000

direct allocation

page execute and read and write

1700000

heap

page read and write

4B00000

direct allocation

page execute and read and write

2D2E000

stack

page read and write

12DD000

unkown

page execute and read and write

56B0000

direct allocation

page execute and read and write

5710000

direct allocation

page execute and read and write

336E000

stack

page read and write

A10000

heap

page read and write

50B0000

heap

page read and write

7E4A000

heap

page read and write

352F000

stack

page read and write

44B1000

heap

page read and write

44B1000

heap

page read and write

1062000

unkown

page execute and read and write

44B1000

heap

page read and write

45B0000

trusted library allocation

page read and write

16D4000

heap

page read and write

4AAE000

stack

page read and write

16D4000

heap

page read and write

4AE0000

direct allocation

page execute and read and write

16D4000

heap

page read and write

332F000

stack

page read and write

50B1000

heap

page read and write

D9E000

stack

page read and write

4B20000

direct allocation

page execute and read and write

E97000

heap

page read and write

50B1000

heap

page read and write

E80000

direct allocation

page read and write

44B1000

heap

page read and write

4AA0000

direct allocation

page execute and read and write

5730000

direct allocation

page execute and read and write

44B1000

heap

page read and write

50B1000

heap

page read and write

852C000

stack

page read and write

50B1000

heap

page read and write

1001000

unkown

page execute and write copy

1000000

unkown

page readonly

361000

unkown

page execute and write copy

16D4000

heap

page read and write

44B1000

heap

page read and write

16F0000

direct allocation

page read and write

28E0000

heap

page read and write

7E43000

heap

page read and write

2E2F000

stack

page read and write

EE0000

direct allocation

page read and write

1ACF000

stack

page read and write

35EE000

stack

page read and write

E80000

direct allocation

page read and write

44B1000

heap

page read and write

16D4000

heap

page read and write

366F000

stack

page read and write

44B1000

heap

page read and write

44B1000

heap

page read and write

45EF000

stack

page read and write

16F0000

direct allocation

page read and write

4E2F000

stack

page read and write

50B1000

heap

page read and write

44B1000

heap

page read and write

44B1000

heap

page read and write

396F000

stack

page read and write

28B0000

direct allocation

page read and write

44B1000

heap

page read and write

50B1000

heap

page read and write

7E0000

heap

page read and write

63C000

stack

page read and write

38EF000

stack

page read and write

56B0000

direct allocation

page execute and read and write

44B1000

heap

page read and write

56D0000

direct allocation

page execute and read and write

44B1000

heap

page read and write

44B1000

heap

page read and write

16D4000

heap

page read and write

36EF000

stack

page read and write

EE0000

direct allocation

page read and write

56B0000

direct allocation

page execute and read and write

44B1000

heap

page read and write

1001000

unkown

page execute and write copy

E90000

heap

page read and write

44B1000

heap

page read and write

43AE000

stack

page read and write

106B000

unkown

page execute and read and write

4D80000

direct allocation

page execute and read and write

4D20000

direct allocation

page execute and read and write

412E000

stack

page read and write

56B0000

direct allocation

page execute and read and write

1741000

heap

page read and write

426E000

stack

page read and write

3AED000

stack

page read and write

56BC000

stack

page read and write

622F000

stack

page read and write

4A90000

direct allocation

page execute and read and write

632F000

stack

page read and write

4731000

heap

page read and write

4A90000

direct allocation

page execute and read and write

44B1000

heap

page read and write

41AF000

stack

page read and write

5F1D000

stack

page read and write

130C000

unkown

page execute and read and write

46AF000

stack

page read and write

EE0000

direct allocation

page read and write

44B1000

heap

page read and write

FE0000

direct allocation

page read and write

35EE000

stack

page read and write

4CEF000

stack

page read and write

496E000

stack

page read and write

44B1000

heap

page read and write

44B1000

heap

page read and write

35AF000

stack

page read and write

44B1000

heap

page read and write

F52000

heap

page read and write

1324000

unkown

page execute and read and write

106B000

unkown

page execute and read and write

50B1000

heap

page read and write

E80000

direct allocation

page read and write

19CE000

stack

page read and write

4D70000

direct allocation

page execute and read and write

50B1000

heap

page read and write

4731000

heap

page read and write

50B1000

heap

page read and write

1062000

unkown

page execute and read and write

50B1000

heap

page read and write

16F0000

direct allocation

page read and write

4D90000

direct allocation

page execute and read and write

32E7000

heap

page read and write

39AE000

stack

page read and write

1000000

unkown

page readonly

50B1000

heap

page read and write

44B1000

heap

page read and write

432E000

stack

page read and write

1000000

unkown

page read and write

1315000

unkown

page execute and read and write

50B1000

heap

page read and write

3AEE000

stack

page read and write

2E6E000

stack

page read and write

28AF000

stack

page read and write

14CE000

unkown

page execute and write copy

4EAB000

stack

page read and write

16D4000

heap

page read and write

44B1000

heap

page read and write

F5E000

stack

page read and write

6125000

heap

page read and write

356E000

stack

page read and write

4D2E000

stack

page read and write

4AC0000

direct allocation

page execute and read and write

14CC000

unkown

page execute and read and write

16D4000

heap

page read and write

44B1000

heap

page read and write

44B1000

heap

page read and write

7F40000

heap

page read and write

50B1000

heap

page read and write

16D4000

heap

page read and write

56A0000

direct allocation

page execute and read and write

44B0000

heap

page read and write

3C9000

unkown

page read and write

50B1000

heap

page read and write

3C2E000

stack

page read and write

50B1000

heap

page read and write

3A6E000

stack

page read and write

3D2F000

stack

page read and write

50B1000

heap

page read and write

3CB000

unkown

page execute and read and write

4C11000

direct allocation

page read and write

50B1000

heap

page read and write

6120000

heap

page read and write

44B1000

heap

page read and write

4D20000

direct allocation

page execute and read and write

EE0000

direct allocation

page read and write

556C000

stack

page read and write

3FAF000

stack

page read and write

3CAF000

stack

page read and write

44B1000

heap

page read and write

7F43000

heap

page read and write

41EE000

stack

page read and write

82BE000

stack

page read and write

50B1000

heap

page read and write

50B1000

heap

page read and write

14CC000

unkown

page execute and read and write

2D2E000

stack

page read and write

16F0000

direct allocation

page read and write

50B1000

heap

page read and write

1000000

unkown

page read and write

4F6F000

stack

page read and write

E80000

direct allocation

page read and write

4D30000

direct allocation

page execute and read and write

44B1000

heap

page read and write

456F000

stack

page read and write

44B1000

heap

page read and write

3B6F000

stack

page read and write

44B1000

heap

page read and write

492E000

stack

page read and write

7E40000

heap

page read and write

44B1000

heap

page read and write

F29000

heap

page read and write

6AA0000

heap

page read and write

2F6F000

stack

page read and write

16F0000

direct allocation

page read and write

36EF000

stack

page read and write

45AE000

stack

page read and write

16D4000

heap

page read and write

36AE000

stack

page read and write

382F000

stack

page read and write

1006000

heap

page read and write

830000

heap

page read and write

372E000

stack

page read and write

F1A000

heap

page read and write

4DA9000

stack

page read and write

412E000

stack

page read and write

50B1000

heap

page read and write

30AF000

stack

page read and write

44B1000

heap

page read and write

2CEF000

stack

page read and write

EE0000

direct allocation

page read and write

44B1000

heap

page read and write

646F000

stack

page read and write

50B1000

heap

page read and write

16D4000

heap

page read and write

392E000

stack

page read and write

44B1000

heap

page read and write

50B1000

heap

page read and write

322E000

stack

page read and write

50B1000

heap

page read and write

557000

unkown

page execute and read and write

1006000

heap

page read and write

4731000

heap

page read and write

32AE000

stack

page read and write

30EE000

stack

page read and write

1006000

heap

page read and write

4731000

heap

page read and write

50B1000

heap

page read and write

16D0000

heap

page read and write

39AE000

stack

page read and write

44B1000

heap

page read and write

4AB0000

direct allocation

page execute and read and write

170E000

heap

page read and write

167D000

stack

page read and write

EDE000

stack

page read and write

406F000

stack

page read and write

50B1000

heap

page read and write

360000

unkown

page read and write

4B10000

direct allocation

page execute and read and write

44B1000

heap

page read and write

3E6F000

stack

page read and write

16D4000

heap

page read and write

50B1000

heap

page read and write

6480000

heap

page read and write

44B1000

heap

page read and write

1768000

heap

page read and write

28B0000

direct allocation

page read and write

4731000

heap

page read and write

50B1000

heap

page read and write

F10000

heap

page read and write

F17000

heap

page read and write

50B1000

heap

page read and write

5EDD000

stack

page read and write

50AF000

stack

page read and write

44B1000

heap

page read and write

28B0000

direct allocation

page read and write

C30000

heap

page read and write

16D4000

heap

page read and write

5B2E000

stack

page read and write

63D000

unkown

page execute and read and write

32D0000

direct allocation

page read and write

50D0000

heap

page read and write

16BE000

stack

page read and write

50B1000

heap

page read and write

5740000

direct allocation

page execute and read and write

3AAF000

stack

page read and write

607E000

stack

page read and write

44B1000

heap

page read and write

44B1000

heap

page read and write

1069000

unkown

page read and write

16D4000

heap

page read and write

50B1000

heap

page read and write

44B1000

heap

page read and write

FDB000

heap

page read and write

FDF000

heap

page read and write

50B1000

heap

page read and write

44B1000

heap

page read and write

44B1000

heap

page read and write

16D4000

heap

page read and write

130C000

unkown

page execute and read and write

16F0000

direct allocation

page read and write

2BEF000

stack

page read and write

50B1000

heap

page read and write

34AE000

stack

page read and write

482E000

stack

page read and write

50B1000

heap

page read and write

16F0000

direct allocation

page read and write

5680000

direct allocation

page execute and read and write

44B1000

heap

page read and write

44EE000

stack

page read and write

50B1000

heap

page read and write

44B1000

heap

page read and write

11F7000

unkown

page execute and read and write

34AE000

stack

page read and write

E80000

direct allocation

page read and write

382F000

stack

page read and write

566F000

stack

page read and write

EE0000

direct allocation

page read and write

386E000

stack

page read and write

3E2E000

stack

page read and write

44B1000

heap

page read and write

E80000

direct allocation

page read and write

44B1000

heap

page read and write

817C000

stack

page read and write

436F000

stack

page read and write

42EF000

stack

page read and write

44B1000

heap

page read and write

82E000

unkown

page execute and write copy

7E41000

heap

page read and write

50B1000

heap

page read and write

585B000

stack

page read and write

FE0000

direct allocation

page read and write

810000

heap

page read and write

44B1000

heap

page read and write

40EF000

stack

page read and write

16F0000

direct allocation

page read and write

1006000

heap

page read and write

44B1000

heap

page read and write

16F0000

direct allocation

page read and write

50B1000

heap

page read and write

50B1000

heap

page read and write

8CB000

stack

page read and write

1325000

unkown

page execute and write copy

16D4000

heap

page read and write

50B1000

heap

page read and write

4CEF000

stack

page read and write

5690000

direct allocation

page execute and read and write

50B1000

heap

page read and write

44B1000

heap

page read and write

396F000

stack

page read and write

44B1000

heap

page read and write

54F0000

heap

page read and write

4A6F000

stack

page read and write

332F000

stack

page read and write

F9E000

stack

page read and write

50B1000

heap

page read and write

33EF000

stack

page read and write

47EF000

stack

page read and write

44B1000

heap

page read and write

472F000

stack

page read and write

16F0000

direct allocation

page read and write

16F0000

direct allocation

page read and write

44B1000

heap

page read and write

9CA000

stack

page read and write

44B1000

heap

page read and write

37AF000

stack

page read and write

F69000

heap

page read and write

32D0000

direct allocation

page read and write

4BEE000

stack

page read and write

50B1000

heap

page read and write

4EFC000

stack

page read and write

16D4000

heap

page read and write

50B1000

heap

page read and write

4731000

heap

page read and write

386E000

stack

page read and write

16F0000

direct allocation

page read and write

50B1000

heap

page read and write

EDE000

stack

page read and write

There are 654 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
setup.exe

Files

Processes

URLs

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportsetup.exe

Files

Processes

URLs

IPs

Memdumps

IOC Report
setup.exe