Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

7sAylAXBOb.exe

PE32 executable (GUI) Intel 80386, for MS Windows

initial sample

Details

Filetype:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	6.767324484908409
Filename:	7sAylAXBOb.exe
Filesize:	359424
MD5:	85179ac6aec3b32a40b06f35cfc6594b
SHA1:	6700b84fa70c4b5ccab8688db32ac71a2aafeeb6
SHA256:	c634f44560fe43def439cbf47ba668dfee9905d2e5cae1bac2789e59f82e8526
SHA512:	589b192dbc3e541a440ce52439acf746091556ca73418d3e4fe0d15003d27bb0e42afe3365a6d3f86445b509a2968d59d38a07d24b7c7ad5b28222dcb74addaf
SSDEEP:	6144:m2dGPhmZjeu5aWA5l+xullevSa/iS5LNGaMGuTEIZzdK2dxP4QoO0kTajqO/jOiL:mxPg32l+s/fa/HLGaMGuhdxAjOeqbiJN
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q!...O...O...O...4...O...N...O..B....O...@...O..B....O.Rich..O.........................PE..L....&zV.....................z.....

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
Contains functionality to dynamically determine API calls	Data Obfuscation, Anti Debugging	Native API
Contains functionality to enumerate running services	Malware Analysis System Evasion	System Service Discovery
Contains functionality which may be used to detect a debugger (GetProcessHeap)	Anti Debugging
Creates files inside the system directory	System Summary	Masquerading
Deletes files inside the Windows folder	System Summary	File Deletion
Detected potential crypto function	System Summary	Process Discovery Archive Collected Data
Drops PE files	Persistence and Installation Behavior
Extensive use of GetProcAddress (often used to hide API calls)	Hooking and other Techniques for Hiding and Protection
Uses 32bit PE files	Compliance, System Summary
Uses code obfuscation techniques (call, push, ret)	Data Obfuscation	Obfuscated Files or Information
Contains functionality to create a new security descriptor	HIPS / PFW / Operating System Protection Evasion
Contains functionality to create services	System Summary
Contains functionality to download additional files from the internet	Networking
Contains functionality to enum processes or threads	System Summary	Process Discovery
Contains functionality to enumerate / list files inside a directory	Spreading, Malware Analysis System Evasion	File and Directory Discovery
Contains functionality to modify services (start/stop/modify)	System Summary	Service Execution Windows Service System Time Discovery System Information Discovery
Contains functionality to query local / system time	Language, Device and Operating System Detection	System Time Discovery System Information Discovery
Contains functionality to query windows version	Language, Device and Operating System Detection
Contains functionality to register a service control handler (likely the sample is a service DLL)	System Summary
Contains functionality to start windows services	Boot Survival
PE file has an executable .text section and no other executable section	System Summary
Program exit points	Malware Analysis System Evasion
Reads software policies	System Summary
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
Tries to load missing DLLs	System Summary	DLL Side-Loading
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary

C:\zqzhokrkxswikv\akk3nwj1mabelfu4.exe

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

Details

File:	C:\zqzhokrkxswikv\akk3nwj1mabelfu4.exe
Category:	dropped
Dump:	akk3nwj1mabelfu4.exe.0.dr
ID:	dr_2
Target ID:	0
Process:	C:\Users\user\Desktop\7sAylAXBOb.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	6.767324484908409
Encrypted:	false
Ssdeep:	6144:m2dGPhmZjeu5aWA5l+xullevSa/iS5LNGaMGuTEIZzdK2dxP4QoO0kTajqO/jOiL:mxPg32l+s/fa/HLGaMGuhdxAjOeqbiJN
Size:	359424
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for dropped file	AV Detection
Machine Learning detection for dropped file	AV Detection
Contains functionality to query network adapater information	Malware Analysis System Evasion	System Network Configuration Discovery
Creates files inside the system directory	System Summary	Masquerading
Drops PE files	Persistence and Installation Behavior
Uses Microsoft's Enhanced Cryptographic Provider	Cryptography	Encrypted Channel
Program exit points	Malware Analysis System Evasion
Queries the cryptographic machine GUID	Language, Device and Operating System Detection	System Information Discovery
Spawns processes	System Summary	Process Injection
Tries to load missing DLLs	System Summary	DLL Side-Loading

C:\zqzhokrkxswikv\gyyuuofs.exe

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

Details

File:	C:\zqzhokrkxswikv\gyyuuofs.exe
Category:	dropped
Dump:	gyyuuofs.exe.3.dr
ID:	dr_4
Target ID:	3
Process:	C:\zqzhokrkxswikv\nlsxqvtcr.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	6.767324484908409
Encrypted:	false
Ssdeep:	6144:m2dGPhmZjeu5aWA5l+xullevSa/iS5LNGaMGuTEIZzdK2dxP4QoO0kTajqO/jOiL:mxPg32l+s/fa/HLGaMGuhdxAjOeqbiJN
Size:	359424
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for dropped file	AV Detection
Machine Learning detection for dropped file	AV Detection
Creates files inside the system directory	System Summary	Masquerading
Drops PE files	Persistence and Installation Behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)	Malware Analysis System Evasion
Sample execution stops while process was sleeping (likely an evasion)	Malware Analysis System Evasion
Creates mutexes	System Summary
Program exit points	Malware Analysis System Evasion
Spawns processes	System Summary	Process Injection
Tries to load missing DLLs	System Summary	DLL Side-Loading

C:\zqzhokrkxswikv\nlsxqvtcr.exe

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

Details

File:	C:\zqzhokrkxswikv\nlsxqvtcr.exe
Category:	dropped
Dump:	nlsxqvtcr.exe.2.dr
ID:	dr_3
Target ID:	2
Process:	C:\zqzhokrkxswikv\akk3nwj1mabelfu4.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	6.767324484908409
Encrypted:	false
Ssdeep:	6144:m2dGPhmZjeu5aWA5l+xullevSa/iS5LNGaMGuTEIZzdK2dxP4QoO0kTajqO/jOiL:mxPg32l+s/fa/HLGaMGuhdxAjOeqbiJN
Size:	359424
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for dropped file	AV Detection
Machine Learning detection for dropped file	AV Detection
Creates files inside the system directory	System Summary	Masquerading
Drops PE files	Persistence and Installation Behavior
Sample execution stops while process was sleeping (likely an evasion)	Malware Analysis System Evasion
Contains medium sleeps (>= 30s)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Program exit points	Malware Analysis System Evasion
Queries a list of all running processes	Malware Analysis System Evasion	Process Discovery
Spawns processes	System Summary	Process Injection
Tries to load missing DLLs	System Summary	DLL Side-Loading

C:\Windows\zqzhokrkxswikv\tpcbuesrb

Non-ISO extended-ASCII text, with no line terminators

dropped

Details

File:	C:\Windows\zqzhokrkxswikv\tpcbuesrb
Category:	dropped
Dump:	tpcbuesrb.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\7sAylAXBOb.exe
Type:	Non-ISO extended-ASCII text, with no line terminators
Entropy:	3.584962500721156
Encrypted:	false
Ssdeep:	3:t0san:Tan
Size:	12
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Creates files inside the system directory	System Summary	Masquerading
Deletes files inside the Windows folder	System Summary	File Deletion

C:\zqzhokrkxswikv\tpcbuesrb

Non-ISO extended-ASCII text, with no line terminators

dropped

Details

File:	C:\zqzhokrkxswikv\tpcbuesrb
Category:	dropped
Dump:	tpcbuesrb0.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Users\user\Desktop\7sAylAXBOb.exe
Type:	Non-ISO extended-ASCII text, with no line terminators
Entropy:	3.584962500721156
Encrypted:	false
Ssdeep:	3:t0san:Tan
Size:	12
Whitelisted:	false
Reputation:	low

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\7sAylAXBOb.exe

"C:\Users\user\Desktop\7sAylAXBOb.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7164
Target ID:	0
Parent PID:	3504
Name:	7sAylAXBOb.exe
Path:	C:\Users\user\Desktop\7sAylAXBOb.exe
Commandline:	"C:\Users\user\Desktop\7sAylAXBOb.exe"
Size:	359424
MD5:	85179AC6AEC3B32A40B06F35CFC6594B
Time:	10:25:00
Date:	03/07/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x630000
Modulesize:	372736
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
Spawns processes	System Summary	Process Injection
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary

C:\zqzhokrkxswikv\akk3nwj1mabelfu4.exe

"C:\zqzhokrkxswikv\akk3nwj1mabelfu4.exe"

Details

Is windows:	false
Is dropped:	true
PID:	5776
Target ID:	2
Parent PID:	7164
Name:	akk3nwj1mabelfu4.exe
Path:	C:\zqzhokrkxswikv\akk3nwj1mabelfu4.exe
Commandline:	"C:\zqzhokrkxswikv\akk3nwj1mabelfu4.exe"
Size:	359424
MD5:	85179AC6AEC3B32A40B06F35CFC6594B
Time:	10:25:00
Date:	03/07/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xe20000
Modulesize:	372736
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Spawns processes	System Summary	Process Injection

C:\zqzhokrkxswikv\nlsxqvtcr.exe

Details

Is windows:	false
Is dropped:	true
PID:	660
Target ID:	3
Parent PID:	632
Name:	nlsxqvtcr.exe
Path:	C:\zqzhokrkxswikv\nlsxqvtcr.exe
Commandline:	C:\zqzhokrkxswikv\nlsxqvtcr.exe
Size:	359424
MD5:	85179AC6AEC3B32A40B06F35CFC6594B
Time:	10:25:01
Date:	03/07/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x760000
Modulesize:	372736
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Spawns processes	System Summary	Process Injection

C:\zqzhokrkxswikv\gyyuuofs.exe

lbgkkmbemhiq "c:\zqzhokrkxswikv\nlsxqvtcr.exe"

Details

Is windows:	false
Is dropped:	true
PID:	3104
Target ID:	4
Parent PID:	660
Name:	gyyuuofs.exe
Path:	C:\zqzhokrkxswikv\gyyuuofs.exe
Commandline:	lbgkkmbemhiq "c:\zqzhokrkxswikv\nlsxqvtcr.exe"
Size:	359424
MD5:	85179AC6AEC3B32A40B06F35CFC6594B
Time:	10:25:03
Date:	03/07/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xe10000
Modulesize:	372736
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Spawns processes	System Summary	Process Injection

C:\zqzhokrkxswikv\nlsxqvtcr.exe

"C:\zqzhokrkxswikv\nlsxqvtcr.exe"

Details

Is windows:	false
Is dropped:	true
PID:	1688
Target ID:	5
Parent PID:	5776
Name:	nlsxqvtcr.exe
Path:	C:\zqzhokrkxswikv\nlsxqvtcr.exe
Commandline:	"C:\zqzhokrkxswikv\nlsxqvtcr.exe"
Size:	359424
MD5:	85179AC6AEC3B32A40B06F35CFC6594B
Time:	10:25:04
Date:	03/07/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x760000
Modulesize:	372736
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Spawns processes	System Summary	Process Injection

C:\zqzhokrkxswikv\nlsxqvtcr.exe

"c:\zqzhokrkxswikv\nlsxqvtcr.exe"

Details

Is windows:	false
Is dropped:	true
PID:	4536
Target ID:	12
Parent PID:	3104
Name:	nlsxqvtcr.exe
Path:	C:\zqzhokrkxswikv\nlsxqvtcr.exe
Commandline:	"c:\zqzhokrkxswikv\nlsxqvtcr.exe"
Size:	359424
MD5:	85179AC6AEC3B32A40B06F35CFC6594B
Time:	10:26:24
Date:	03/07/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x760000
Modulesize:	372736
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Spawns processes	System Summary	Process Injection

C:\zqzhokrkxswikv\gyyuuofs.exe

lbgkkmbemhiq "c:\zqzhokrkxswikv\nlsxqvtcr.exe"

Details

Is windows:	false
Is dropped:	true
PID:	4600
Target ID:	13
Parent PID:	4536
Name:	gyyuuofs.exe
Path:	C:\zqzhokrkxswikv\gyyuuofs.exe
Commandline:	lbgkkmbemhiq "c:\zqzhokrkxswikv\nlsxqvtcr.exe"
Size:	359424
MD5:	85179AC6AEC3B32A40B06F35CFC6594B
Time:	10:26:25
Date:	03/07/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xfd0000
Modulesize:	372736
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Spawns processes	System Summary	Process Injection

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager

Details

Is windows:	true
Is dropped:	false
PID:	2148
Target ID:	9
Parent PID:	632
Name:	svchost.exe
Path:	C:\Windows\System32\svchost.exe
Commandline:	C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
Size:	55320
MD5:	B7F884C1B74A263F746EE12A5F7C9F6A
Time:	10:25:47
Date:	03/07/2024
Reason:	newprocess
Reputation:	high
Is admin:	false
Is elevated:	true
Modulebase:	0x7ff77afe0000
Modulesize:	65536
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Windows Processes Suspicious Parent Directory	System Summary
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

http://familybridge.net/index.php?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsI

unknown

Domains

Name

Malicious

thoughprobable.net

3.94.10.34

englishproud.net

44.221.84.105

figurewithout.net

34.246.200.160

familybridge.net

77.247.183.155

picturecomplete.net

unknown

becausekitchen.net

unknown

expectwagon.net

unknown

cigarettewelcome.net

unknown

englishwhose.net

unknown

rightkitchen.net

unknown

eitherexcept.net

unknown

machineenough.net

unknown

becausenature.net

unknown

foreignwithout.net

unknown

whetherwithout.net

unknown

rightwithout.net

unknown

suddenproud.net

unknown

cigarettewhose.net

unknown

familywhose.net

unknown

childrenprobable.net

unknown

eitherwhose.net

unknown

cigaretteproud.net

unknown

englisharound.net

unknown

childrenwelcome.net

unknown

englishwelcome.net

unknown

suddenenough.net

unknown

figureproud.net

unknown

foreignnature.net

unknown

whetherprobable.net

unknown

becausewelcome.net

unknown

thoughwelcome.net

unknown

becausewithout.net

unknown

eitheraround.net

unknown

personenough.net

unknown

becausegovern.net

unknown

childrenexcept.net

unknown

rightcomplete.net

unknown

foreigngovern.net

unknown

englishexcept.net

unknown

whethernature.net

unknown

foreignproud.net

unknown

personwithout.net

unknown

suddenwithout.net

unknown

thoughcomplete.net

unknown

becauseprobable.net

unknown

eitherbridge.net

unknown

personneedle.net

unknown

rightprobable.net

unknown

childrenkitchen.net

unknown

whetherproud.net

unknown

picturewithout.net

unknown

suddennature.net

unknown

personproud.net

unknown

familyproud.net

unknown

childrenproud.net

unknown

pictureproud.net

unknown

becausearound.net

unknown

eitherwagon.net

unknown

picturearound.net

unknown

familycomplete.net

unknown

cigaretteprobable.net

unknown

machineneedle.net

unknown

englishbridge.net

unknown

eithercomplete.net

unknown

thoughwagon.net

unknown

becauseproud.net

unknown

picturekitchen.net

unknown

familywelcome.net

unknown

foreigncomplete.net

unknown

familybicycle.net

unknown

englishprobable.net

unknown

expectneedle.net

unknown

machinewagon.net

unknown

personcomplete.net

unknown

machinecomplete.net

unknown

expectcomplete.net

unknown

whetheraround.net

unknown

foreignneedle.net

unknown

figureprobable.net

unknown

whetherwelcome.net

unknown

machinewelcome.net

unknown

rightproud.net

unknown

expectenough.net

unknown

englishkitchen.net

unknown

expectprobable.net

unknown

expectproud.net

unknown

persongovern.net

unknown

childrenbridge.net

unknown

figurekitchen.net

unknown

picturewelcome.net

unknown

suddengovern.net

unknown

familyaround.net

unknown

expectnature.net

unknown

machinewithout.net

unknown

suddencomplete.net

15.197.192.55

hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com

52.86.6.113

childrenbicycle.net

217.70.152.246

familykitchen.net

3.64.163.50

hdr-nlb7-aebd5d615260636b.elb.us-east-1.amazonaws.com

34.205.242.146

becausewagon.net

15.197.192.55

There are 90 hidden domains, click here to show them.

IPs

Domain

Country

Malicious

3.94.10.34

thoughprobable.net

United States

Details

IP:	3.94.10.34
TargetID:	3
Current Path:	C:\zqzhokrkxswikv\nlsxqvtcr.exe
Country:	United States
Countrycode:	USA
ASN number:	14618
ASN name:	AMAZON-AESUS
Private:	false
Domain:	thoughprobable.net

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic	Networking

77.247.183.155

familybridge.net

Netherlands

Details

IP:	77.247.183.155
TargetID:	3
Current Path:	C:\zqzhokrkxswikv\nlsxqvtcr.exe
Country:	Netherlands
Countrycode:	NLD
ASN number:	43350
ASN name:	NFORCENL
Private:	false
Domain:	familybridge.net

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic	Networking

34.246.200.160

figurewithout.net

United States

Details

IP:	34.246.200.160
TargetID:	3
Current Path:	C:\zqzhokrkxswikv\nlsxqvtcr.exe
Country:	United States
Countrycode:	USA
ASN number:	16509
ASN name:	AMAZON-02US
Private:	false
Domain:	figurewithout.net

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic	Networking

44.221.84.105

englishproud.net

United States

Details

IP:	44.221.84.105
TargetID:	3
Current Path:	C:\zqzhokrkxswikv\nlsxqvtcr.exe
Country:	United States
Countrycode:	USA
ASN number:	14618
ASN name:	AMAZON-AESUS
Private:	false
Domain:	englishproud.net

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic	Networking

52.86.6.113

hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com

United States

34.205.242.146

hdr-nlb7-aebd5d615260636b.elb.us-east-1.amazonaws.com

United States

217.70.152.246

childrenbicycle.net

Italy

15.197.192.55

suddencomplete.net

United States

3.64.163.50

familykitchen.net

United States

Memdumps

Base Address

Regiontype

Protect

Malicious

1CE0000

trusted library allocation

page read and write

1CD0000

trusted library allocation

page read and write

CD0000

heap

page read and write

630000

unkown

page readonly

760000

unkown

page readonly

1950000

heap

page read and write

F94000

heap

page read and write

EBA000

heap

page read and write

18B0000

trusted library allocation

page read and write

1CE0000

trusted library allocation

page read and write

18B0000

trusted library allocation

page read and write

B59000

stack

page read and write

1CD0000

trusted library allocation

page read and write

D37000

heap

page read and write

C10000

trusted library allocation

page read and write

2D903FE000

stack

page read and write

760000

unkown

page readonly

18B0000

trusted library allocation

page read and write

1CD0000

trusted library allocation

page read and write

1CE0000

trusted library allocation

page read and write

18B0000

trusted library allocation

page read and write

EE2000

heap

page read and write

1450000

trusted library allocation

page read and write

EA9000

heap

page read and write

BFC000

stack

page read and write

B20000

heap

page read and write

18B0000

trusted library allocation

page read and write

E11000

unkown

page execute read

E09000

stack

page read and write

D30000

heap

page read and write

103C000

stack

page read and write

10B0000

trusted library allocation

page read and write

1170000

heap

page read and write

10A0000

heap

page read and write

E62000

unkown

page readonly

1430000

trusted library allocation

page read and write

18B0000

trusted library allocation

page read and write

CC0000

heap

page read and write

EDB000

heap

page read and write

17575802000

trusted library allocation

page read and write

D0C000

stack

page read and write

1B4F000

stack

page read and write

D30000

heap

page read and write

ED1000

heap

page read and write

18B0000

trusted library allocation

page read and write

18B0000

trusted library allocation

page read and write

7A2000

unkown

page readonly

1960000

heap

page read and write

172F000

stack

page read and write

150E000

stack

page read and write

67E000

unkown

page readonly

18B0000

trusted library allocation

page read and write

ED6000

heap

page read and write

4154000

heap

page read and write

146D000

stack

page read and write

1CD0000

trusted library allocation

page read and write

1CD0000

trusted library allocation

page read and write

EDF000

heap

page read and write

1CD0000

trusted library allocation

page read and write

241F000

stack

page read and write

1CD0000

trusted library allocation

page read and write

1CD0000

trusted library allocation

page read and write

BA0000

heap

page read and write

10B0000

trusted library allocation

page read and write

DFA000

heap

page read and write

1DD0000

trusted library allocation

page read and write

1110000

heap

page read and write

12CE000

stack

page read and write

298E000

stack

page read and write

C10000

trusted library allocation

page read and write

761000

unkown

page execute read

C10000

trusted library allocation

page read and write

1CD0000

trusted library allocation

page read and write

18B0000

trusted library allocation

page read and write

1EE0000

heap

page read and write

1CE0000

trusted library allocation

page read and write

1CD0000

trusted library allocation

page read and write

F94000

heap

page read and write

18B0000

trusted library allocation

page read and write

1EE1000

heap

page read and write

18B0000

trusted library allocation

page read and write

18B0000

trusted library allocation

page read and write

1CD0000

trusted library allocation

page read and write

18B0000

trusted library allocation

page read and write

17575202000

heap

page read and write

18B0000

trusted library allocation

page read and write

630000

unkown

page readonly

17575030000

heap

page read and write

20DD000

stack

page read and write

1CD0000

trusted library allocation

page read and write

148D000

stack

page read and write

1A4E000

stack

page read and write

1D40000

heap

page read and write

631000

unkown

page execute read

18B0000

trusted library allocation

page read and write

17575010000

heap

page read and write

18B0000

trusted library allocation

page read and write

18B0000

trusted library allocation

page read and write

18B0000

trusted library allocation

page read and write

10B0000

trusted library allocation

page read and write

7FC000

stack

page read and write

1CD0000

trusted library allocation

page read and write

C10000

trusted library allocation

page read and write

1DD0000

trusted library allocation

page read and write

7AD000

unkown

page read and write

18B0000

trusted library allocation

page read and write

761000

unkown

page execute read

1CD0000

trusted library allocation

page read and write

18B0000

trusted library allocation

page read and write

4110000

heap

page read and write

631000

unkown

page execute read

7AD000

unkown

page write copy

EDE000

heap

page read and write

1810000

heap

page read and write

22DF000

stack

page read and write

DA0000

heap

page read and write

1287000

heap

page read and write

1CD0000

trusted library allocation

page read and write

F94000

heap

page read and write

18B0000

trusted library allocation

page read and write

18B0000

trusted library allocation

page read and write

18B0000

trusted library allocation

page read and write

231E000

stack

page read and write

18B0000

trusted library allocation

page read and write

10B0000

trusted library allocation

page read and write

F90000

heap

page read and write

1A0D000

stack

page read and write

1D51000

heap

page read and write

FC0000

heap

page read and write

EDA000

heap

page read and write

10B0000

trusted library allocation

page read and write

E20000

unkown

page readonly

13F4000

heap

page read and write

18B0000

trusted library allocation

page read and write

1D50000

heap

page read and write

1CD0000

trusted library allocation

page read and write

18B0000

trusted library allocation

page read and write

175757A0000

trusted library allocation

page read and write

1B5E000

stack

page read and write

2D8FEFE000

unkown

page readonly

ED6000

heap

page read and write

7A2000

unkown

page readonly

18B0000

trusted library allocation

page read and write

26E0000

heap

page read and write

FD0000

unkown

page readonly

10B0000

trusted library allocation

page read and write

1CE0000

trusted library allocation

page read and write

2D902FE000

unkown

page readonly

118D000

stack

page read and write

EE3000

heap

page read and write

288E000

stack

page read and write

1CD0000

trusted library allocation

page read and write

11B0000

heap

page read and write

7AD000

unkown

page read and write

2D900FE000

unkown

page readonly

E20000

unkown

page readonly

EF4000

heap

page read and write

18B0000

trusted library allocation

page read and write

1012000

unkown

page readonly

EDE000

heap

page read and write

F94000

heap

page read and write

67D000

unkown

page read and write

29CF000

stack

page read and write

18B0000

trusted library allocation

page read and write

7AE000

unkown

page readonly

E21000

unkown

page execute read

67E000

unkown

page readonly

1CD0000

trusted library allocation

page read and write

7AD000

unkown

page write copy

18B0000

trusted library allocation

page read and write

13CA000

heap

page read and write

1CD0000

trusted library allocation

page read and write

C10000

trusted library allocation

page read and write

F94000

heap

page read and write

7A2000

unkown

page readonly

CD7000

heap

page read and write

9C9000

stack

page read and write

113C000

stack

page read and write

F5E000

stack

page read and write

11F0000

heap

page read and write

13EB000

heap

page read and write

1B50000

trusted library allocation

page read and write

7A2000

unkown

page readonly

18B0000

trusted library allocation

page read and write

1DD0000

trusted library allocation

page read and write

1B50000

trusted library allocation

page read and write

1DD0000

trusted library allocation

page read and write

1CCE000

stack

page read and write

18B0000

trusted library allocation

page read and write

F94000

heap

page read and write

1CD0000

trusted library allocation

page read and write

EA5000

heap

page read and write

FD1000

unkown

page execute read

E62000

unkown

page readonly

1CD0000

trusted library allocation

page read and write

1B1E000

stack

page read and write

F69000

stack

page read and write

4A8F000

stack

page read and write

EE6000

heap

page read and write

13C0000

heap

page read and write

F94000

heap

page read and write

672000

unkown

page readonly

EDB000

heap

page read and write

1CD0000

trusted library allocation

page read and write

F6D000

stack

page read and write

18B0000

trusted library allocation

page read and write

101E000

unkown

page readonly

C00000

heap

page read and write

14C0000

heap

page read and write

F94000

heap

page read and write

F94000

heap

page read and write

ED0000

heap

page read and write

B5D000

stack

page read and write

18B0000

trusted library allocation

page read and write

18B0000

trusted library allocation

page read and write

18B0000

trusted library allocation

page read and write

E1D000

heap

page read and write

1B8E000

stack

page read and write

10B0000

trusted library allocation

page read and write

F80000

heap

page read and write

18B0000

trusted library allocation

page read and write

7AE000

unkown

page readonly

167F000

stack

page read and write

1757523F000

heap

page read and write

101D000

unkown

page write copy

2FE0000

heap

page read and write

196E000

stack

page read and write

CD5000

heap

page read and write

1DCF000

stack

page read and write

21DF000

stack

page read and write

2D8FCFE000

unkown

page readonly

AFC000

stack

page read and write

18B0000

trusted library allocation

page read and write

18B0000

trusted library allocation

page read and write

F94000

heap

page read and write

17575213000

heap

page read and write

CFC000

stack

page read and write

4100000

heap

page read and write

18B0000

trusted library allocation

page read and write

18B0000

trusted library allocation

page read and write

10B0000

trusted library allocation

page read and write

18B0000

trusted library allocation

page read and write

18B0000

trusted library allocation

page read and write

1811000

heap

page read and write

E52000

unkown

page readonly

18B0000

trusted library allocation

page read and write

1139000

stack

page read and write

EDE000

heap

page read and write

C10000

trusted library allocation

page read and write

17575200000

heap

page read and write

1C8F000

stack

page read and write

EDE000

heap

page read and write

EC0000

heap

page read and write

F94000

heap

page read and write

EE9000

heap

page read and write

7AE000

unkown

page readonly

F2F000

stack

page read and write

101E000

unkown

page readonly

F94000

heap

page read and write

18B0000

trusted library allocation

page read and write

18B0000

trusted library allocation

page read and write

4660000

trusted library allocation

page read and write

18B0000

trusted library allocation

page read and write

18B0000

trusted library allocation

page read and write

760000

unkown

page readonly

18B0000

trusted library allocation

page read and write

1CE0000

trusted library allocation

page read and write

7AE000

unkown

page readonly

13CE000

heap

page read and write

10B0000

trusted library allocation

page read and write

761000

unkown

page execute read

18B0000

trusted library allocation

page read and write

1B50000

trusted library allocation

page read and write

7A2000

unkown

page readonly

761000

unkown

page execute read

1012000

unkown

page readonly

18B0000

trusted library allocation

page read and write

18B0000

trusted library allocation

page read and write

18B0000

trusted library allocation

page read and write

18B0000

trusted library allocation

page read and write

E21000

unkown

page execute read

10B0000

trusted library allocation

page read and write

F94000

heap

page read and write

18B0000

trusted library allocation

page read and write

7AE000

unkown

page readonly

2D8FFFE000

stack

page read and write

1CD0000

trusted library allocation

page read and write

AF9000

stack

page read and write

18B0000

trusted library allocation

page read and write

18B0000

trusted library allocation

page read and write

E10000

unkown

page readonly

15BE000

stack

page read and write

10B0000

trusted library allocation

page read and write

18B0000

trusted library allocation

page read and write

E6E000

unkown

page readonly

CA0000

heap

page read and write

760000

unkown

page readonly

18B0000

trusted library allocation

page read and write

1DD0000

trusted library allocation

page read and write

18B0000

trusted library allocation

page read and write

1961000

heap

page read and write

14A6000

heap

page read and write

2D901FC000

stack

page read and write

F94000

heap

page read and write

7A2000

unkown

page readonly

13CF000

stack

page read and write

101D000

unkown

page read and write

7AD000

unkown

page write copy

18B0000

trusted library allocation

page read and write

111A000

heap

page read and write

F94000

heap

page read and write

18B0000

trusted library allocation

page read and write

1CD0000

trusted library allocation

page read and write

1A6F000

stack

page read and write

CD0000

heap

page read and write

17575110000

heap

page read and write

7AD000

unkown

page read and write

E6D000

unkown

page write copy

E6D000

unkown

page read and write

1757522B000

heap

page read and write

1CD0000

trusted library allocation

page read and write

E5E000

unkown

page readonly

1811000

heap

page read and write

140E000

stack

page read and write

1250000

heap

page read and write

DF0000

heap

page read and write

CBE000

stack

page read and write

EDE000

heap

page read and write

18B0000

trusted library allocation

page read and write

1CE0000

trusted library allocation

page read and write

1480000

heap

page read and write

18B0000

trusted library allocation

page read and write

2D8FBFD000

stack

page read and write

CF9000

stack

page read and write

18B0000

trusted library allocation

page read and write

10B0000

trusted library allocation

page read and write

F94000

heap

page read and write

EA0000

heap

page read and write

E5E000

unkown

page readonly

EDF000

heap

page read and write

17575302000

heap

page read and write

1B90000

heap

page read and write

18B0000

trusted library allocation

page read and write

E5D000

unkown

page write copy

2ACF000

stack

page read and write

EB0000

heap

page read and write

1DD0000

trusted library allocation

page read and write

A5C000

stack

page read and write

2D8F87B000

stack

page read and write

1487000

heap

page read and write

18B0000

trusted library allocation

page read and write

1DD0000

trusted library allocation

page read and write

CD7000

heap

page read and write

1189000

stack

page read and write

F1E000

stack

page read and write

1530000

heap

page read and write

1510000

heap

page read and write

108C000

stack

page read and write

1CD0000

trusted library allocation

page read and write

E52000

unkown

page readonly

761000

unkown

page execute read

D7E000

stack

page read and write

1CD0000

trusted library allocation

page read and write

672000

unkown

page readonly

D2E000

stack

page read and write

1CD0000

trusted library allocation

page read and write

1537000

heap

page read and write

18B0000

trusted library allocation

page read and write

18B0000

trusted library allocation

page read and write

10B0000

trusted library allocation

page read and write

18B0000

trusted library allocation

page read and write

1961000

heap

page read and write

10B0000

trusted library allocation

page read and write

1410000

heap

page read and write

1CD0000

trusted library allocation

page read and write

F94000

heap

page read and write

18B0000

trusted library allocation

page read and write

E5D000

unkown

page read and write

1CD0000

trusted library allocation

page read and write

10B0000

trusted library allocation

page read and write

10B0000

trusted library allocation

page read and write

FD0000

unkown

page readonly

E11000

unkown

page execute read

18B0000

trusted library allocation

page read and write

EF7000

heap

page read and write

E0C000

stack

page read and write

18B0000

trusted library allocation

page read and write

7AE000

unkown

page readonly

18B0000

trusted library allocation

page read and write

18B0000

trusted library allocation

page read and write

2D8FDFE000

stack

page read and write

EBE000

heap

page read and write

760000

unkown

page readonly

10B0000

trusted library allocation

page read and write

760000

unkown

page readonly

F94000

heap

page read and write

F94000

heap

page read and write

F94000

heap

page read and write

1285000

heap

page read and write

E6E000

unkown

page readonly

18B0000

trusted library allocation

page read and write

1DD0000

trusted library allocation

page read and write

761000

unkown

page execute read

1961000

heap

page read and write

E10000

unkown

page readonly

FD1000

unkown

page execute read

F94000

heap

page read and write

10AF000

stack

page read and write

18B0000

trusted library allocation

page read and write

18B0000

trusted library allocation

page read and write

1CD0000

trusted library allocation

page read and write

18B0000

trusted library allocation

page read and write

4150000

heap

page read and write

11B4000

heap

page read and write

18B0000

trusted library allocation

page read and write

10B0000

trusted library allocation

page read and write

18B0000

trusted library allocation

page read and write

D20000

heap

page read and write

10B0000

trusted library allocation

page read and write

1280000

heap

page read and write

1CD0000

trusted library allocation

page read and write

1CD0000

trusted library allocation

page read and write

2D904FE000

unkown

page readonly

16BF000

stack

page read and write

18B0000

trusted library allocation

page read and write

67D000

unkown

page write copy

18B0000

trusted library allocation

page read and write

1DD0000

trusted library allocation

page read and write

1B50000

trusted library allocation

page read and write

There are 419 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
7sAylAXBOb.exe

Files

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report7sAylAXBOb.exe

Files

Processes

URLs

Domains

IPs

Memdumps

IOC Report
7sAylAXBOb.exe