Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

TvfkTdK16A.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

initial sample

Details

Filetype:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	5.0813190261774706
Filename:	TvfkTdK16A.exe
Filesize:	307712
MD5:	204b989b2d91e1283fe6c42ac5ded27b
SHA1:	97070ba4ac2db42069e2e759590abe8f9aae166f
SHA256:	06dc28cd7bc98e05437352f0a38decb3644ade27db6522435395f02823ca5f0f
SHA512:	db80c08b2626ae01bab470a4d8d68d0a9e401498dc7155cd0769f66b99b615f168225405d106e430bc999d0536c58a8e450bca63217213a80ca1a275e4ea8ee8
SSDEEP:	3072:GcZqf7D34cp/0+mAYkygYdQ0ghnB1fA0PuTVAtkxz63R4eqiOL2bBOA:GcZqf7DIknGapB1fA0GTV8kMYL
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....H(...............0.................. ... ....@.. ....................... ............@................................

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection	Security Software Discovery
Found malware configuration	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)	Malware Analysis System Evasion	Security Software Discovery
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)	Malware Analysis System Evasion
Tries to harvest and steal browser information (history, passwords, etc)	Stealing of Sensitive Information	OS Credential Dumping Data from Local System
Tries to steal Crypto Currency Wallets	Stealing of Sensitive Information
AV process strings found (often used to terminate AV products)	Lowering of HIPS / PFW / Operating System Security Settings
Allocates memory with a write watch (potentially for evading sandboxes)	Malware Analysis System Evasion
Binary contains a suspicious time stamp	Data Obfuscation	Timestomp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)	Lowering of HIPS / PFW / Operating System Security Settings
Contains long sleeps (>= 3 min)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Detected potential crypto function	System Summary	Archive Collected Data Encrypted Channel
Enables debug privileges	Anti Debugging
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)	Malware Analysis System Evasion
May sleep (evasive loops) to hinder dynamic analysis	Malware Analysis System Evasion
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary	Masquerading
Uses code obfuscation techniques (call, push, ret)	Data Obfuscation	Obfuscated Files or Information
Contains medium sleeps (>= 30s)	Malware Analysis System Evasion
Creates files inside the user directory	System Summary	Masquerading
Creates guard pages, often used to prevent reverse engineering and debugging	Anti Debugging	Disable or Modify Tools
Creates mutexes	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Queries a list of all running processes	Malware Analysis System Evasion	Process Discovery
Queries process information (via WMI, Win32_Process)	System Summary	Windows Management Instrumentation
Queries the cryptographic machine GUID	Language, Device and Operating System Detection
Reads software policies	System Summary
Sample is known by Antivirus	System Summary
Tries to load missing DLLs	System Summary	DLL Side-Loading
URLs found in memory or binary data	Networking
Uses an in-process (OLE) Automation server	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\TvfkTdK16A.exe.log

ASCII text, with CRLF line terminators

dropped

Details

File:	C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\TvfkTdK16A.exe.log
Category:	dropped
Dump:	TvfkTdK16A.exe.log.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\TvfkTdK16A.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	5.33145931749415
Encrypted:	false
Ssdeep:	96:Pq5qHwCYqh3oPtI6eqzxP0aymTqdqlq7qqjqcEZ5D:Pq5qHwCYqh3qtI6eqzxP0atTqdqlq7qV
Size:	3094
Whitelisted:	false
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Found malware configuration	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
Binary contains a suspicious time stamp	Data Obfuscation	Timestomp
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
URLs found in memory or binary data	Networking
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\TvfkTdK16A.exe

"C:\Users\user\Desktop\TvfkTdK16A.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7420
Target ID:	0
Parent PID:	2580
Name:	TvfkTdK16A.exe
Path:	C:\Users\user\Desktop\TvfkTdK16A.exe
Commandline:	"C:\Users\user\Desktop\TvfkTdK16A.exe"
Size:	307712
MD5:	204B989B2D91E1283FE6C42AC5DED27B
Time:	22:11:57
Date:	26/07/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xcc0000
Modulesize:	335872
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Found malware configuration	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Yara detected RedLine Stealer	Stealing of Sensitive Information, Remote Access Functionality
Machine Learning detection for sample	AV Detection
Binary contains a suspicious time stamp	Data Obfuscation	Timestomp
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
URLs found in memory or binary data	Networking
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

URLs

Name

Malicious

52.143.157.240:1912

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text

unknown

http://schemas.xmlsoap.org/ws/2005/02/sc/sct

unknown

https://duckduckgo.com/chrome_newtab

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk

unknown

https://duckduckgo.com/ac/?q=

unknown

http://tempuri.org/Entity/Id23ResponseD

unknown

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary

unknown

http://tempuri.org/Entity/Id12Response

unknown

http://tempuri.org/

unknown

http://tempuri.org/Entity/Id2Response

unknown

http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1

unknown

http://tempuri.org/Entity/Id21Response

unknown

http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap

unknown

http://tempuri.org/Entity/Id9

unknown

http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID

unknown

http://tempuri.org/Entity/Id8

unknown

http://tempuri.org/Entity/Id5

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare

unknown

http://tempuri.org/Entity/Id4

unknown

http://tempuri.org/Entity/Id7

unknown

http://tempuri.org/Entity/Id6

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret

unknown

http://tempuri.org/Entity/Id19Response

unknown

http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/fault

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat

unknown

http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey

unknown

http://tempuri.org/Entity/Id15Response

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew

unknown

http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register

unknown

http://tempuri.org/Entity/Id6Response

unknown

http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey

unknown

https://api.ip.sb/ip

unknown

http://schemas.xmlsoap.org/ws/2004/04/sc

unknown

http://tempuri.org/Entity/Id1ResponseD

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel

unknown

http://tempuri.org/Entity/Id9Response

unknown

https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=

unknown

http://tempuri.org/Entity/Id20

unknown

http://tempuri.org/Entity/Id21

unknown

http://tempuri.org/Entity/Id22

unknown

http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1

unknown

http://tempuri.org/Entity/Id23

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1

unknown

http://tempuri.org/Entity/Id24

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue

unknown

http://tempuri.org/Entity/Id24Response

unknown

https://www.ecosia.org/newtab/

unknown

http://tempuri.org/Entity/Id1Response

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego

unknown

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey

unknown

http://schemas.xmlsoap.org/ws/2004/08/addressing

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion

unknown

http://schemas.xmlsoap.org/ws/2004/04/trust

unknown

http://tempuri.org/Entity/Id10

unknown

http://tempuri.org/Entity/Id11

unknown

http://tempuri.org/Entity/Id12

unknown

http://tempuri.org/Entity/Id16Response

unknown

http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel

unknown

http://tempuri.org/Entity/Id13

unknown

http://tempuri.org/Entity/Id14

unknown

http://tempuri.org/Entity/Id15

unknown

http://tempuri.org/Entity/Id16

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce

unknown

http://tempuri.org/Entity/Id17

unknown

http://tempuri.org/Entity/Id18

unknown

http://tempuri.org/Entity/Id5Response

unknown

http://tempuri.org/Entity/Id19

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns

unknown

http://tempuri.org/Entity/Id10Response

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/Renew

unknown

http://tempuri.org/Entity/Id8Response

unknown

http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey

unknown

http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0

unknown

http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT

unknown

http://schemas.xmlsoap.org/ws/2006/02/addressingidentity

unknown

http://schemas.xmlsoap.org/soap/envelope/

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey

unknown

http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1

unknown

https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust

unknown

https://duckduckgo.com/chrome_newtabS

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback

unknown

http://tempuri.org/Entity/Id3ResponseD

unknown

http://tempuri.org/Entity/Id23Response

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT

unknown

There are 90 hidden URLs, click here to show them.

IPs

Domain

Country

Malicious

52.143.157.240

unknown

United States

Details

IP:	52.143.157.240
TargetID:	0
Current Path:	C:\Users\user\Desktop\TvfkTdK16A.exe
Country:	United States
Countrycode:	USA
ASN number:	8075
ASN name:	MICROSOFT-CORP-MSN-AS-BLOCKUS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Registry

Path

Value

Malicious

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

Owner

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

SessionHash

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

Sequence

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

RegFiles0000

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

RegFilesHash

Memdumps

Base Address

Regiontype

Protect

Malicious

3106000

trusted library allocation

page read and write

CC2000

unkown

page readonly

4091000

trusted library allocation

page read and write

350D000

trusted library allocation

page read and write

7550000

trusted library allocation

page execute and read and write

12F5000

heap

page read and write

34CB000

trusted library allocation

page read and write

3640000

trusted library allocation

page read and write

6520000

trusted library allocation

page read and write

571E000

stack

page read and write

12F0000

heap

page read and write

34B8000

trusted library allocation

page read and write

5516000

trusted library allocation

page read and write

351D000

trusted library allocation

page read and write

65D7000

heap

page read and write

32C2000

trusted library allocation

page read and write

34E0000

trusted library allocation

page read and write

5550000

trusted library allocation

page read and write

65C3000

heap

page read and write

7A00000

trusted library allocation

page read and write

34D9000

trusted library allocation

page read and write

5B9B000

trusted library allocation

page read and write

3609000

trusted library allocation

page read and write

CF2000

unkown

page readonly

12C0000

heap

page read and write

70F5000

trusted library allocation

page read and write

797C000

stack

page read and write

618E000

stack

page read and write

55B0000

trusted library allocation

page read and write

6654000

heap

page read and write

32DC000

trusted library allocation

page read and write

11F3000

heap

page read and write

6594000

heap

page read and write

7FCA0000

trusted library allocation

page execute and read and write

7A30000

heap

page read and write

54F4000

trusted library allocation

page read and write

1560000

trusted library allocation

page execute and read and write

3261000

trusted library allocation

page read and write

6694000

trusted library allocation

page read and write

55D8000

trusted library allocation

page read and write

1580000

trusted library allocation

page read and write

7D3E000

stack

page read and write

2E70000

heap

page execute and read and write

1120000

heap

page read and write

33E9000

trusted library allocation

page read and write

62B2000

trusted library allocation

page read and write

40B3000

trusted library allocation

page read and write

70F0000

trusted library allocation

page read and write

6600000

heap

page read and write

3285000

trusted library allocation

page read and write

2E40000

trusted library allocation

page read and write

7108000

trusted library allocation

page read and write

3221000

trusted library allocation

page read and write

32E9000

trusted library allocation

page read and write

66EC000

stack

page read and write

551D000

trusted library allocation

page read and write

5770000

heap

page execute and read and write

550E000

trusted library allocation

page read and write

2E50000

trusted library allocation

page read and write

7348000

heap

page read and write

5511000

trusted library allocation

page read and write

35FC000

trusted library allocation

page read and write

CC0000

unkown

page readonly

1503000

trusted library allocation

page execute and read and write

34B5000

trusted library allocation

page read and write

7560000

trusted library allocation

page read and write

67EC000

stack

page read and write

62A1000

trusted library allocation

page read and write

790E000

stack

page read and write

7290000

heap

page read and write

63B0000

trusted library allocation

page execute and read and write

32D0000

trusted library allocation

page read and write

35A4000

trusted library allocation

page read and write

7170000

heap

page read and write

5B95000

trusted library allocation

page read and write

596E000

stack

page read and write

7910000

trusted library allocation

page execute and read and write

35E2000

trusted library allocation

page read and write

2E65000

trusted library allocation

page read and write

7540000

trusted library allocation

page read and write

54FB000

trusted library allocation

page read and write

72E9000

heap

page read and write

2E5E000

trusted library allocation

page read and write

6890000

trusted library allocation

page execute and read and write

151D000

trusted library allocation

page execute and read and write

351A000

trusted library allocation

page read and write

CF7000

unkown

page readonly

6330000

trusted library allocation

page read and write

12EA000

heap

page read and write

664D000

heap

page read and write

5590000

heap

page read and write

5530000

trusted library allocation

page read and write

40AC000

trusted library allocation

page read and write

40AF000

trusted library allocation

page read and write

5B70000

trusted library allocation

page read and write

40A0000

trusted library allocation

page read and write

3208000

trusted library allocation

page read and write

75BE000

stack

page read and write

55A0000

heap

page read and write

2F60000

heap

page read and write

31D9000

trusted library allocation

page read and write

364E000

trusted library allocation

page read and write

35E5000

trusted library allocation

page read and write

65B1000

heap

page read and write

70F9000

trusted library allocation

page read and write

7480000

trusted library allocation

page read and write

D06000

unkown

page readonly

153B000

trusted library allocation

page execute and read and write

70E0000

trusted library allocation

page read and write

12E0000

heap

page read and write

326C000

trusted library allocation

page read and write

1110000

heap

page read and write

575E000

stack

page read and write

7270000

heap

page read and write

5A6F000

stack

page read and write

31DC000

trusted library allocation

page read and write

667D000

heap

page read and write

353E000

trusted library allocation

page read and write

63C0000

trusted library allocation

page execute and read and write

62F0000

trusted library allocation

page read and write

10F7000

stack

page read and write

3367000

trusted library allocation

page read and write

6FCC000

stack

page read and write

116E000

stack

page read and write

6350000

trusted library allocation

page read and write

7920000

trusted library allocation

page read and write

4099000

trusted library allocation

page read and write

3659000

trusted library allocation

page read and write

663D000

heap

page read and write

1251000

heap

page read and write

1510000

trusted library allocation

page read and write

753F000

stack

page read and write

40A5000

trusted library allocation

page read and write

14F0000

trusted library allocation

page read and write

3254000

trusted library allocation

page read and write

6340000

trusted library allocation

page read and write

70F2000

trusted library allocation

page read and write

7570000

trusted library allocation

page read and write

4452000

trusted library allocation

page read and write

56DE000

stack

page read and write

DAA000

stack

page read and write

7485000

trusted library allocation

page read and write

32C8000

trusted library allocation

page read and write

3580000

trusted library allocation

page read and write

1532000

trusted library allocation

page read and write

1500000

trusted library allocation

page read and write

3330000

trusted library allocation

page read and write

72D0000

heap

page read and write

6634000

heap

page read and write

31F9000

trusted library allocation

page read and write

7115000

trusted library allocation

page read and write

1526000

trusted library allocation

page execute and read and write

128B000

heap

page read and write

3353000

trusted library allocation

page read and write

72DE000

heap

page read and write

72AA000

heap

page read and write

4071000

trusted library allocation

page read and write

1504000

trusted library allocation

page read and write

65E2000

heap

page read and write

65AB000

heap

page read and write

11CF000

heap

page read and write

350B000

trusted library allocation

page read and write

11BE000

heap

page read and write

3613000

trusted library allocation

page read and write

33F3000

trusted library allocation

page read and write

51AC000

stack

page read and write

66A0000

trusted library allocation

page execute and read and write

6580000

heap

page read and write

7B40000

heap

page read and write

6500000

trusted library allocation

page execute and read and write

31D1000

trusted library allocation

page read and write

7980000

trusted library allocation

page read and write

55D0000

trusted library allocation

page read and write

658D000

heap

page read and write

55E3000

heap

page read and write

33F5000

trusted library allocation

page read and write

11AE000

stack

page read and write

306E000

stack

page read and write

55C0000

trusted library allocation

page execute and read and write

2EBE000

stack

page read and write

65F5000

heap

page read and write

7470000

trusted library allocation

page read and write

666E000

heap

page read and write

5B6F000

stack

page read and write

7180000

heap

page read and write

735F000

heap

page read and write

1535000

trusted library allocation

page execute and read and write

735D000

heap

page read and write

34C0000

trusted library allocation

page read and write

763E000

stack

page read and write

3546000

trusted library allocation

page read and write

5760000

trusted library allocation

page read and write

711A000

trusted library allocation

page read and write

32C5000

trusted library allocation

page read and write

2EC8000

trusted library allocation

page read and write

3071000

trusted library allocation

page read and write

5B9E000

trusted library allocation

page read and write

62CA000

trusted library allocation

page read and write

152A000

trusted library allocation

page execute and read and write

65E6000

heap

page read and write

5B90000

trusted library allocation

page read and write

6570000

trusted library allocation

page read and write

662A000

heap

page read and write

3213000

trusted library allocation

page read and write

1530000

trusted library allocation

page read and write

6540000

trusted library allocation

page execute and read and write

3252000

trusted library allocation

page read and write

358B000

trusted library allocation

page read and write

54F0000

trusted library allocation

page read and write

628E000

stack

page read and write

407F000

trusted library allocation

page read and write

70E3000

trusted library allocation

page read and write

682E000

stack

page read and write

62A6000

trusted library allocation

page read and write

35E8000

trusted library allocation

page read and write

62C1000

trusted library allocation

page read and write

3264000

trusted library allocation

page read and write

55DA000

trusted library allocation

page read and write

72BA000

heap

page read and write

1254000

heap

page read and write

72F3000

heap

page read and write

7283000

heap

page read and write

325E000

trusted library allocation

page read and write

70CD000

stack

page read and write

362B000

trusted library allocation

page read and write

1522000

trusted library allocation

page read and write

737D000

heap

page read and write

7490000

trusted library allocation

page read and write

62BE000

trusted library allocation

page read and write

31EE000

trusted library allocation

page read and write

6674000

heap

page read and write

328D000

trusted library allocation

page read and write

11B8000

heap

page read and write

65DD000

heap

page read and write

74FD000

stack

page read and write

31E8000

trusted library allocation

page read and write

35AB000

trusted library allocation

page read and write

63D0000

trusted library allocation

page read and write

1550000

trusted library allocation

page read and write

629B000

trusted library allocation

page read and write

11D7000

heap

page read and write

64F0000

trusted library allocation

page read and write

12EE000

heap

page read and write

6615000

heap

page read and write

35F0000

trusted library allocation

page read and write

31FD000

trusted library allocation

page read and write

3596000

trusted library allocation

page read and write

1537000

trusted library allocation

page execute and read and write

50AC000

stack

page read and write

32B7000

trusted library allocation

page read and write

711F000

trusted library allocation

page read and write

31EA000

trusted library allocation

page read and write

727A000

heap

page read and write

55B2000

trusted library allocation

page read and write

65ED000

heap

page read and write

686E000

stack

page read and write

6604000

heap

page read and write

62D0000

trusted library allocation

page read and write

3277000

trusted library allocation

page read and write

35D7000

trusted library allocation

page read and write

65C6000

heap

page read and write

7345000

heap

page read and write

4312000

trusted library allocation

page read and write

6637000

heap

page read and write

7482000

trusted library allocation

page read and write

33FB000

trusted library allocation

page read and write

3583000

trusted library allocation

page read and write

1590000

heap

page read and write

429B000

trusted library allocation

page read and write

710A000

trusted library allocation

page read and write

79EE000

stack

page read and write

3530000

trusted library allocation

page read and write

5B81000

trusted library allocation

page read and write

6530000

trusted library allocation

page execute and read and write

55D5000

trusted library allocation

page read and write

65F0000

heap

page read and write

733D000

heap

page read and write

7B3E000

stack

page read and write

7990000

heap

page read and write

660E000

heap

page read and write

33ED000

trusted library allocation

page read and write

1570000

trusted library allocation

page read and write

32F1000

trusted library allocation

page read and write

169E000

stack

page read and write

5522000

trusted library allocation

page read and write

55E0000

heap

page read and write

7350000

heap

page read and write

3228000

trusted library allocation

page read and write

75FE000

stack

page read and write

6300000

trusted library allocation

page execute and read and write

3320000

trusted library allocation

page read and write

12E7000

heap

page read and write

1520000

trusted library allocation

page read and write

3525000

trusted library allocation

page read and write

62E0000

trusted library allocation

page read and write

6690000

trusted library allocation

page read and write

2E60000

trusted library allocation

page read and write

3635000

trusted library allocation

page read and write

6290000

trusted library allocation

page read and write

11B0000

heap

page read and write

3571000

trusted library allocation

page read and write

6510000

trusted library allocation

page read and write

357D000

trusted library allocation

page read and write

710F000

trusted library allocation

page read and write

70E6000

trusted library allocation

page read and write

7474000

trusted library allocation

page read and write

33EF000

trusted library allocation

page read and write

33F7000

trusted library allocation

page read and write

729D000

heap

page read and write

150D000

trusted library allocation

page execute and read and write

6360000

trusted library allocation

page read and write

3200000

trusted library allocation

page read and write

14CF000

stack

page read and write

40F6000

trusted library allocation

page read and write

7B56000

heap

page read and write

3517000

trusted library allocation

page read and write

There are 306 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
TvfkTdK16A.exe

Files

Processes

URLs

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportTvfkTdK16A.exe

Files

Processes

URLs

IPs

Registry

Memdumps

IOC Report
TvfkTdK16A.exe