Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\LisectAVT_2403002C_59.exe

"C:\Users\user\Desktop\LisectAVT_2403002C_59.exe"

Details

Is windows:	false
Is dropped:	false
PID:	5868
Target ID:	0
Parent PID:	4084
Name:	LisectAVT_2403002C_59.exe
Path:	C:\Users\user\Desktop\LisectAVT_2403002C_59.exe
Commandline:	"C:\Users\user\Desktop\LisectAVT_2403002C_59.exe"
Size:	282121
MD5:	5A14CD37A8CB00B18ADA9C2500E53E5F
Time:	01:39:22
Date:	25/07/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x420000
Modulesize:	299008
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Found malware configuration	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
Sample uses string decryption to hide its real strings	AV Detection
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary

URLs

Name

Malicious

edurestunningcrackyow.fun

Details

Name:	edurestunningcrackyow.fun
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\LisectAVT_2403002C_59.exe
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
LummaC encrypted strings found	HIPS / PFW / Operating System Protection Evasion	PowerShell Deobfuscate/Decode Files or Information
Sample uses string decryption to hide its real strings	AV Detection

turkeyunlikelyofw.shop

Details

Name:	turkeyunlikelyofw.shop
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\LisectAVT_2403002C_59.exe
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
LummaC encrypted strings found	HIPS / PFW / Operating System Protection Evasion	PowerShell Deobfuscate/Decode Files or Information
Sample uses string decryption to hide its real strings	AV Detection

problemregardybuiwo.fun

Details

Name:	problemregardybuiwo.fun
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\LisectAVT_2403002C_59.exe
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
LummaC encrypted strings found	HIPS / PFW / Operating System Protection Evasion	PowerShell Deobfuscate/Decode Files or Information
Sample uses string decryption to hide its real strings	AV Detection

lighterepisodeheighte.fun

Details

Name:	lighterepisodeheighte.fun
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\LisectAVT_2403002C_59.exe
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
LummaC encrypted strings found	HIPS / PFW / Operating System Protection Evasion	PowerShell Deobfuscate/Decode Files or Information
Sample uses string decryption to hide its real strings	AV Detection

pooreveningfuseor.pwo

Details

Name:	pooreveningfuseor.pwo
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\LisectAVT_2403002C_59.exe
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
LummaC encrypted strings found	HIPS / PFW / Operating System Protection Evasion	PowerShell Deobfuscate/Decode Files or Information
Sample uses string decryption to hide its real strings	AV Detection

detectordiscusser.shop

Details

Name:	detectordiscusser.shop
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\LisectAVT_2403002C_59.exe
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
LummaC encrypted strings found	HIPS / PFW / Operating System Protection Evasion	PowerShell Deobfuscate/Decode Files or Information
Sample uses string decryption to hide its real strings	AV Detection

technologyenterdo.shop

Details

Name:	technologyenterdo.shop
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\LisectAVT_2403002C_59.exe
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
LummaC encrypted strings found	HIPS / PFW / Operating System Protection Evasion	PowerShell Deobfuscate/Decode Files or Information
Sample uses string decryption to hide its real strings	AV Detection

associationokeo.shop

Details

Name:	associationokeo.shop
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\LisectAVT_2403002C_59.exe
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
LummaC encrypted strings found	HIPS / PFW / Operating System Protection Evasion	PowerShell Deobfuscate/Decode Files or Information
Sample uses string decryption to hide its real strings	AV Detection

Memdumps

Base Address

Regiontype

Protect

Malicious

420000

unkown

page readonly

464000

unkown

page readonly

F7A000

heap

page read and write

F94000

heap

page read and write

2BD0000

heap

page read and write

456000

unkown

page readonly

D90000

heap

page read and write

456000

unkown

page readonly

462000

unkown

page read and write

F70000

heap

page read and write

F7E000

heap

page read and write

421000

unkown

page execute read

D3D000

stack

page read and write

EC0000

heap

page read and write

459000

unkown

page write copy

421000

unkown

page execute read

E70000

heap

page read and write

C3C000

stack

page read and write

459000

unkown

page write copy

420000

unkown

page readonly

464000

unkown

page readonly

There are 11 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
LisectAVT_2403002C_59.exe

Processes

URLs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportLisectAVT_2403002C_59.exe

Processes

URLs

Memdumps

IOC Report
LisectAVT_2403002C_59.exe