Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\4QamAQhoxB.exe

"C:\Users\user\Desktop\4QamAQhoxB.exe"

Details

Is windows:	false
Is dropped:	false
PID:	2360
Target ID:	0
Parent PID:	1028
Name:	4QamAQhoxB.exe
Path:	C:\Users\user\Desktop\4QamAQhoxB.exe
Commandline:	"C:\Users\user\Desktop\4QamAQhoxB.exe"
Size:	21362688
MD5:	1ADA2C6796A3486B79C5EB47FCE9B19C
Time:	01:20:02
Date:	03/07/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xe30000
Modulesize:	21389312
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
Yara detected Costura Assembly Loader	Data Obfuscation
Yara detected Generic Downloader	Networking
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file has a big raw section	System Summary
PE file contains a COM descriptor data directory	System Summary
PE file has a big code size	System Summary
Submission file is bigger than most known malware samples	System Summary

Domains

Name

Malicious

stevenhead.ddns.net

157.20.182.5

Details

Name:	stevenhead.ddns.net
IP:	157.20.182.5
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Uses dynamic DNS services	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

booosisnhead.ddns.net

unknown

IPs

Domain

Country

Malicious

157.20.182.5

stevenhead.ddns.net

unknown

Details

IP:	157.20.182.5
TargetID:	0
Current Path:	C:\Users\user\Desktop\4QamAQhoxB.exe
ASN number:	24297
ASN name:	FCNUniversityPublicCorporationOsakaJP
Private:	false
Domain:	stevenhead.ddns.net

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

Memdumps

Base Address

Regiontype

Protect

Malicious

1832000

unkown

page readonly

4521000

trusted library allocation

page read and write

457F000

trusted library allocation

page read and write

27B9000

heap

page read and write

272E000

heap

page read and write

6A65000

trusted library allocation

page read and write

5528000

trusted library allocation

page read and write

2747000

heap

page read and write

4390000

trusted library allocation

page read and write

66FE000

stack

page read and write

2954000

trusted library allocation

page read and write

232C000

stack

page read and write

2232000

unkown

page readonly

2BE0000

heap

page read and write

71BE000

stack

page read and write

6A42000

trusted library allocation

page read and write

707E000

stack

page read and write

2B82000

trusted library allocation

page read and write

6A57000

trusted library allocation

page read and write

2960000

heap

page read and write

5525000

trusted library allocation

page read and write

E30000

unkown

page readonly

43FE000

stack

page read and write

2B73000

trusted library allocation

page read and write

6B06000

heap

page read and write

2B92000

trusted library allocation

page read and write

2BD0000

trusted library allocation

page read and write

23E5000

heap

page read and write

2953000

trusted library allocation

page execute and read and write

703E000

stack

page read and write

451E000

stack

page read and write

6F3E000

stack

page read and write

4572000

trusted library allocation

page read and write

6A90000

heap

page read and write

2B80000

trusted library allocation

page read and write

2717000

heap

page read and write

2B87000

trusted library allocation

page execute and read and write

23F0000

heap

page read and write

5521000

trusted library allocation

page read and write

2390000

heap

page read and write

2710000

heap

page read and write

6BB0000

heap

page execute and read and write

2B8A000

trusted library allocation

page execute and read and write

717E000

stack

page read and write

26F9000

stack

page read and write

2292000

unkown

page readonly

457A000

trusted library allocation

page read and write

273A000

heap

page read and write

4574000

trusted library allocation

page read and write

2BC0000

trusted library allocation

page execute and read and write

6A63000

trusted library allocation

page read and write

6A70000

heap

page read and write

23E0000

heap

page read and write

2783000

heap

page read and write

E32000

unkown

page readonly

65FE000

stack

page read and write

43B0000

heap

page read and write

2940000

trusted library allocation

page read and write

4569000

trusted library allocation

page read and write

295D000

trusted library allocation

page execute and read and write

2B9B000

trusted library allocation

page execute and read and write

456C000

trusted library allocation

page read and write

2BB0000

trusted library allocation

page read and write

6BA0000

trusted library allocation

page read and write

2B97000

trusted library allocation

page execute and read and write

2B90000

trusted library allocation

page read and write

4410000

heap

page execute and read and write

6BC0000

heap

page read and write

72BF000

stack

page read and write

There are 59 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
4QamAQhoxB.exe

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report4QamAQhoxB.exe

Processes

Domains

IPs

Memdumps

IOC Report
4QamAQhoxB.exe