Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

1lAxaLKP7E.exe

PE32 executable (GUI) Intel 80386, for MS Windows

initial sample

Details

Filetype:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	7.5507491163708
Filename:	1lAxaLKP7E.exe
Filesize:	1904640
MD5:	98c1a12ce79248bbdb4c8a65fc227e58
SHA1:	259ae7a3d239a352db772433075f649d5fbda8e7
SHA256:	91b60b1ae0b37343c671b632eb3e358d9a5029c9c6405556ba835528c67fd6d8
SHA512:	a08eb3182c8cc7b3cc7880ff644de60951a3476dd0325b63d306f1c7f48cde40d21bfa76d85a23c6a6f545f16b30d99372f8bfb876d1c1ae928ad75e713a8c7e
SSDEEP:	49152:tTvC/MTQYxsWR7a05iPEgLwJqejB/aWN7vaYz:BjTQYxsWR3gMJqWaAJ
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection	Disable or Modify Tools
Binary is likely a compiled AutoIt script file	System Summary	Virtualization/Sandbox Evasion
Found API chain indicative of sandbox detection	Malware Analysis System Evasion	Disable or Modify Tools
Machine Learning detection for sample	AV Detection
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Disable or Modify Tools
Switches to a custom stack to bypass stack traces	Malware Analysis System Evasion
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Disable or Modify Tools
Contains functionality for read data from the clipboard	Key, Mouse, Clipboard, Microphone and Screen Capturing
Contains functionality to block mouse and keyboard input (often used to hinder debugging)	Anti Debugging	Disable or Modify Tools
Contains functionality to check if a debugger is running (IsDebuggerPresent)	Anti Debugging
Contains functionality to check if a window is minimized (may be used to check if an application is visible)	Hooking and other Techniques for Hiding and Protection	Masquerading
Contains functionality to communicate with device drivers	System Summary
Contains functionality to dynamically determine API calls	Data Obfuscation, Anti Debugging	Native API
Contains functionality to execute programs as a different user	HIPS / PFW / Operating System Protection Evasion	Disable or Modify Tools
Contains functionality to launch a process as a different user	System Summary	Valid Accounts Native API Access Token Manipulation
Contains functionality to launch a program with higher privileges	HIPS / PFW / Operating System Protection Evasion	Exploitation for Privilege Escalation
Contains functionality to modify clipboard data	Key, Mouse, Clipboard, Microphone and Screen Capturing
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)	Remote Access Functionality
Contains functionality to query CPU information (cpuid)	Language, Device and Operating System Detection	Disable or Modify Tools
Contains functionality to read the PEB	Anti Debugging
Contains functionality to read the clipboard data	Key, Mouse, Clipboard, Microphone and Screen Capturing	Disable or Modify Tools Clipboard Data
Contains functionality to retrieve information about pressed keystrokes	Key, Mouse, Clipboard, Microphone and Screen Capturing
Contains functionality to shutdown / reboot the system	System Summary	System Shutdown/Reboot
Contains functionality to simulate keystroke presses	HIPS / PFW / Operating System Protection Evasion
Contains functionality to simulate mouse events	HIPS / PFW / Operating System Protection Evasion	Masquerading
Contains functionality which may be used to detect a debugger (GetProcessHeap)	Anti Debugging	Security Software Discovery
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Disable or Modify Tools
Detected potential crypto function	System Summary	Archive Collected Data Encrypted Channel
Found large amount of non-executed APIs	Malware Analysis System Evasion
May infect USB drives	Spreading	Replication Through Removable Media Screen Capture
OS version to string mapping found (often used in BOTs)	Stealing of Sensitive Information	Disable or Modify Tools System Shutdown/Reboot
Potential key logger detected (key state polling based)	Key, Mouse, Clipboard, Microphone and Screen Capturing	Disable or Modify Tools Input Capture
Sample file is different than original file name gathered from version info	System Summary	System Shutdown/Reboot
Uses 32bit PE files	Compliance, System Summary	Disable or Modify Tools Masquerading
Uses code obfuscation techniques (call, push, ret)	Data Obfuscation
Contains functionality for error logging	System Summary	Disable or Modify Tools
Contains functionality to add an ACL to a security descriptor	HIPS / PFW / Operating System Protection Evasion
Contains functionality to adjust token privileges (e.g. debug / backup)	System Summary
Contains functionality to check free disk space	System Summary
Contains functionality to create a new security descriptor	HIPS / PFW / Operating System Protection Evasion
Contains functionality to download additional files from the internet	Networking	Ingress Tool Transfer
Contains functionality to enum processes or threads	System Summary
Contains functionality to enumerate / list files inside a directory	Spreading, Malware Analysis System Evasion	File and Directory Discovery
Contains functionality to instantiate COM classes	System Summary
Contains functionality to load and extract PE file embedded resources	System Summary
Contains functionality to query local / system time	Language, Device and Operating System Detection	System Time Discovery
Contains functionality to query system information	Malware Analysis System Evasion
Contains functionality to query the account / user name	Language, Device and Operating System Detection	Account Discovery System Owner/User Discovery
Contains functionality to query time zone information	Language, Device and Operating System Detection
Contains functionality to query windows version	Language, Device and Operating System Detection
Contains functionality to register its own exception handler	Anti Debugging
Creates temporary files	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection	Disable or Modify Tools
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery
PE file has an executable .text section and no other executable section	System Summary
Reads software policies	System Summary
Sample is known by Antivirus	System Summary	Disable or Modify Tools
Tries to load missing DLLs	System Summary	DLL Side-Loading Disable or Modify Tools
PE file contains a valid data directory to section mapping	System Summary	Security Software Discovery
PE file contains a debug data directory	System Summary
PE file contains a mix of data directories often seen in goodware	System Summary
Submission file is bigger than most known malware samples	System Summary	Disable or Modify Tools

C:\Users\user\Desktop\._cache_svchost.exe

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

Details

File:	C:\Users\user\Desktop\._cache_svchost.exe
Category:	dropped
Dump:	._cache_svchost.exe.1.dr
ID:	dr_4
Target ID:	1
Process:	C:\Windows\SysWOW64\svchost.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	7.963765407781625
Encrypted:	false
Ssdeep:	6144:YDROfDbDjSYR8LqOzuyj6Ck6pXGfJhBtzTWQCOe2D:YDR2nSKFO5jM6GvBRWQ3e
Size:	286720
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for dropped file	AV Detection
Machine Learning detection for dropped file	AV Detection
Checks if the current process is being debugged	Anti Debugging	Security Software Discovery Virtualization/Sandbox Evasion
Contains functionality for execution timing, often used to detect debuggers	Malware Analysis System Evasion, Anti Debugging	Security Software Discovery
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)	Anti Debugging
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Drops PE files	Persistence and Installation Behavior
Found large amount of non-executed APIs	Malware Analysis System Evasion
May infect USB drives	Spreading	Replication Through Removable Media
Creates files inside the user directory	System Summary	Masquerading
Drops files with a known system name (to hide its detection)
Queries a list of all running processes	Malware Analysis System Evasion	Process Discovery
Spawns processes	System Summary	Process Injection
Tries to load missing DLLs	System Summary	DLL Side-Loading

C:\ProgramData\Synaptics\Synaptics.exe

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

Details

File:	C:\ProgramData\Synaptics\Synaptics.exe
Category:	dropped
Dump:	Synaptics.exe.1.dr
ID:	dr_5
Target ID:	1
Process:	C:\Windows\SysWOW64\svchost.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	6.436985067856982
Encrypted:	false
Ssdeep:	768:xqUfJFJ/RhxThdVzNIKwx4ZCv8HVtNMblQ1PVRmuU9z6:xdJ7/RhxVdVz7wx4ZtrNYeP/d8z6
Size:	46504
Whitelisted:	true
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification	System Summary
Spawns processes	System Summary	Process Injection

C:\Users\user\AppData\Local\Temp\Melber

data

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\Melber
Category:	dropped
Dump:	Melber.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Users\user\Desktop\1lAxaLKP7E.exe
Type:	data
Entropy:	7.712843783462931
Encrypted:	false
Ssdeep:	24576:1PbzVMhwYMlbNX9KEsT6ADW5PmXfP+xhvPZLALi0Xr:z7pXpoMXZW5
Size:	1058304
Whitelisted:	false
Reputation:	low

C:\Users\user\AppData\Local\Temp\aut6951.tmp

data

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\aut6951.tmp
Category:	dropped
Dump:	aut6951.tmp.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\1lAxaLKP7E.exe
Type:	data
Entropy:	7.984317222456412
Encrypted:	false
Ssdeep:	24576:aADST6RwL+bgNojHwiygr8IUYHiOXoWcHBamL/vlZKNwts:aA+TCm+bgNWHwiZr8IBH+l0mLlA+ts
Size:	922848
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Creates temporary files	System Summary

C:\Users\user\AppData\Local\Temp\aut6A3C.tmp

data

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\aut6A3C.tmp
Category:	dropped
Dump:	aut6A3C.tmp.0.dr
ID:	dr_2
Target ID:	0
Process:	C:\Users\user\Desktop\1lAxaLKP7E.exe
Type:	data
Entropy:	7.825792863700142
Encrypted:	false
Ssdeep:	768:CgVbskUzkT4tmRHe5uW46Y86vrCN2G2c/I1WF+9gm++3Zu/EHjbxOsV7ZqoiiWj7:DtskakT4wRH718CCcUCWoZhZu/63xO8W
Size:	43520
Whitelisted:	false
Reputation:	low

C:\Users\user\AppData\Local\Temp\selectee

ASCII text, with very long lines (65536), with no line terminators

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\selectee
Category:	dropped
Dump:	selectee.0.dr
ID:	dr_3
Target ID:	0
Process:	C:\Users\user\Desktop\1lAxaLKP7E.exe
Type:	ASCII text, with very long lines (65536), with no line terminators
Entropy:	4.178944547569951
Encrypted:	false
Ssdeep:	1536:1BFej+WYxpZHoVTmfvXydXrbTjQtj1ueEu:1BFzzx2mf/yBcj1NP
Size:	86022
Whitelisted:	false
Reputation:	low

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\1lAxaLKP7E.exe

"C:\Users\user\Desktop\1lAxaLKP7E.exe"

Details

Is windows:	false
Is dropped:	false
PID:	6700
Target ID:	0
Parent PID:	2580
Name:	1lAxaLKP7E.exe
Path:	C:\Users\user\Desktop\1lAxaLKP7E.exe
Commandline:	"C:\Users\user\Desktop\1lAxaLKP7E.exe"
Size:	1904640
MD5:	98C1A12CE79248BBDB4C8A65FC227E58
Time:	08:31:06
Date:	05/09/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x670000
Modulesize:	1929216
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Yara detected XRed	Stealing of Sensitive Information, Remote Access Functionality
Binary is likely a compiled AutoIt script file	System Summary
Machine Learning detection for sample	AV Detection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
OS version to string mapping found (often used in BOTs)	Stealing of Sensitive Information
Sample file is different than original file name gathered from version info	System Summary
Sigma detected: Uncommon Svchost Parent Process	System Summary
Uses 32bit PE files	Compliance, System Summary
Yara detected Keylogger Generic	Key, Mouse, Clipboard, Microphone and Screen Capturing
Detected Delphi use of System.ParamCount	System Summary
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sigma detected: Windows Processes Suspicious Parent Directory	System Summary
Spawns processes	System Summary	Process Injection
PE file contains a valid data directory to section mapping	System Summary
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
PE file contains a mix of data directories often seen in goodware	System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Windows\SysWOW64\svchost.exe

"C:\Users\user\Desktop\1lAxaLKP7E.exe"

Details

Is windows:	true
Is dropped:	false
PID:	6888
Target ID:	1
Parent PID:	6700
Name:	svchost.exe
Path:	C:\Windows\SysWOW64\svchost.exe
Commandline:	"C:\Users\user\Desktop\1lAxaLKP7E.exe"
Size:	46504
MD5:	1ED18311E3DA35942DB37D15FA40CC5B
Time:	08:31:15
Date:	05/09/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x520000
Modulesize:	53248
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Yara detected FormBook	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Yara detected XRed	Stealing of Sensitive Information, Remote Access Functionality
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Drops PE files	Persistence and Installation Behavior
May infect USB drives	Spreading	Replication Through Removable Media
Sigma detected: Uncommon Svchost Parent Process	System Summary
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification	System Summary
Creates files inside the user directory	System Summary	Masquerading
Detected Delphi use of System.ParamCount	System Summary
Drops files with a known system name (to hide its detection)
Sigma detected: Windows Processes Suspicious Parent Directory	System Summary
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Users\user\Desktop\._cache_svchost.exe

"C:\Users\user\Desktop\._cache_svchost.exe"

Details

Is windows:	false
Is dropped:	true
PID:	7028
Target ID:	2
Parent PID:	6888
Name:	._cache_svchost.exe
Path:	C:\Users\user\Desktop\._cache_svchost.exe
Commandline:	"C:\Users\user\Desktop\._cache_svchost.exe"
Size:	286720
MD5:	8A4835835C59FDB159CF2F3EF7CF2907
Time:	08:31:16
Date:	05/09/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x630000
Modulesize:	286720
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Yara detected FormBook	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Drops PE files	Persistence and Installation Behavior
May infect USB drives	Spreading	Replication Through Removable Media
Creates files inside the user directory	System Summary	Masquerading
Drops files with a known system name (to hide its detection)
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\ProgramData\Synaptics\Synaptics.exe

"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate

Details

Is windows:	false
Is dropped:	true
PID:	7112
Target ID:	3
Parent PID:	6888
Name:	Synaptics.exe
Path:	C:\ProgramData\Synaptics\Synaptics.exe
Commandline:	"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
Size:	46504
MD5:	1ED18311E3DA35942DB37D15FA40CC5B
Time:	08:31:16
Date:	05/09/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x70000
Modulesize:	53248
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification	System Summary
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\ProgramData\Synaptics\Synaptics.exe

"C:\ProgramData\Synaptics\Synaptics.exe"

Details

Is windows:	false
Is dropped:	true
PID:	6456
Target ID:	7
Parent PID:	2580
Name:	Synaptics.exe
Path:	C:\ProgramData\Synaptics\Synaptics.exe
Commandline:	"C:\ProgramData\Synaptics\Synaptics.exe"
Size:	46504
MD5:	1ED18311E3DA35942DB37D15FA40CC5B
Time:	08:31:28
Date:	05/09/2024
Reason:	newprocess
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x70000
Modulesize:	53248
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Drops PE files	Persistence and Installation Behavior
Drops PE files to the application program directory (C:\ProgramData)	Persistence and Installation Behavior
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification	System Summary
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

URLs

Name

Malicious

http://xred.site50.net/syn/SSLLibrary.dll

unknown

http://xred.site50.net/syn/SSLLibrary.dl

unknown

http://xred.site50.net/syn/Synaptics.rar

unknown

https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1

unknown

https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1

unknown

https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1

unknown

https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=T

unknown

http://xred.site50.net/syn/SUpdate.iniH)

unknown

http://xred.site50.net/syn/SUpdate.ini

unknown

https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl

unknown

http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

unknown

There are 1 hidden URLs, click here to show them.

Registry

Path

Value

Malicious

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run

Synaptics Pointing Device Driver

Details

TargetID:	1
Path:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
Value name:	Synaptics Pointing Device Driver
Value data:	C:\ProgramData\Synaptics\Synaptics.exe

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification	System Summary
Creates an autostart registry key	Boot Survival	Registry Run Keys / Startup Folder

Memdumps

Base Address

Regiontype

Protect

Malicious

3640000

direct allocation

page read and write

631000

unkown

page execute and read and write

400000

system

page execute and read and write

E20000

direct allocation

page read and write

DE2000

heap

page read and write

E0B000

heap

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

30A3000

heap

page read and write

E0B000

heap

page read and write

E0B000

heap

page read and write

EFA000

heap

page read and write

E0B000

heap

page read and write

7B000

unkown

page readonly

71000

unkown

page execute read

DE2000

heap

page read and write

660000

heap

page read and write

7B000

unkown

page readonly

DF7000

heap

page read and write

2E2C000

heap

page read and write

E0B000

heap

page read and write

E0B000

heap

page read and write

DE2000

heap

page read and write

E0B000

heap

page read and write

DF8000

heap

page read and write

E37000

heap

page read and write

2C70000

heap

page read and write

DE2000

heap

page read and write

E37000

heap

page read and write

DE2000

heap

page read and write

E37000

heap

page read and write

E0B000

heap

page read and write

DE2000

heap

page read and write

3873000

direct allocation

page read and write

E0B000

heap

page read and write

E0B000

heap

page read and write

E37000

heap

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

2E2C000

heap

page read and write

DE2000

heap

page read and write

E37000

heap

page read and write

2E2C000

heap

page read and write

70000

unkown

page readonly

E37000

heap

page read and write

DF7000

heap

page read and write

671000

unkown

page execute read

DE2000

heap

page read and write

71000

unkown

page execute read

DE2000

heap

page read and write

72BE000

stack

page read and write

EE0000

heap

page read and write

DF7000

heap

page read and write

F36000

heap

page read and write

C1F000

stack

page read and write

DE2000

heap

page read and write

E0B000

heap

page read and write

DF7000

heap

page read and write

DE2000

heap

page read and write

300F000

heap

page read and write

DE2000

heap

page read and write

D14000

heap

page read and write

3860000

direct allocation

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

110F000

heap

page read and write

DFD000

heap

page read and write

714C000

stack

page read and write

E0B000

heap

page read and write

E0B000

heap

page read and write

DE2000

heap

page read and write

3B9E000

direct allocation

page read and write

E37000

heap

page read and write

EEE000

heap

page read and write

3A8E000

direct allocation

page read and write

700E000

stack

page read and write

DF7000

heap

page read and write

E0B000

heap

page read and write

DE2000

heap

page read and write

E0B000

heap

page read and write

3B2D000

direct allocation

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

E37000

heap

page read and write

1B70000

heap

page read and write

3A1D000

direct allocation

page read and write

E37000

heap

page read and write

4F10000

direct allocation

page execute and read and write

73BE000

stack

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

E70000

direct allocation

page read and write

308A000

heap

page read and write

3A19000

direct allocation

page read and write

3B2D000

direct allocation

page read and write

DF7000

heap

page read and write

333E000

stack

page read and write

E37000

heap

page read and write

DE2000

heap

page read and write

DF7000

heap

page read and write

630000

unkown

page readonly

DE2000

heap

page read and write

25F0000

heap

page read and write

19BF000

stack

page read and write

DF7000

heap

page read and write

C0F000

stack

page read and write

E37000

heap

page read and write

DE2000

heap

page read and write

DF7000

heap

page read and write

DE2000

heap

page read and write

E0B000

heap

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

D2B000

heap

page read and write

302C000

heap

page read and write

DE2000

heap

page read and write

DF7000

heap

page read and write

DE2000

heap

page read and write

73C000

unkown

page read and write

DE2000

heap

page read and write

E0B000

heap

page read and write

3B9E000

direct allocation

page read and write

DE2000

heap

page read and write

2DF0000

heap

page read and write

DE2000

heap

page read and write

E0B000

heap

page read and write

E0B000

heap

page read and write

DE2000

heap

page read and write

DF7000

heap

page read and write

C2B000

stack

page read and write

DE2000

heap

page read and write

2E02000

heap

page read and write

E0B000

heap

page read and write

DF7000

heap

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

DF7000

heap

page read and write

29DA000

stack

page read and write

3100000

heap

page read and write

E37000

heap

page read and write

E37000

heap

page read and write

2E2C000

heap

page read and write

DE2000

heap

page read and write

E37000

heap

page read and write

E0B000

heap

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

E37000

heap

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

70C000

unkown

page readonly

DF7000

heap

page read and write

3B9E000

direct allocation

page read and write

DE2000

heap

page read and write

E0B000

heap

page read and write

E0B000

heap

page read and write

DF7000

heap

page read and write

FE2000

heap

page read and write

D2B000

heap

page read and write

E70000

direct allocation

page read and write

DE2000

heap

page read and write

E0B000

heap

page read and write

3A1D000

direct allocation

page read and write

DF7000

heap

page read and write

E0B000

heap

page read and write

EFF000

heap

page read and write

E70000

direct allocation

page read and write

DE2000

heap

page read and write

2CFD000

stack

page read and write

DE2000

heap

page read and write

4C01000

heap

page read and write

3061000

heap

page read and write

29F7000

heap

page read and write

6E8F000

stack

page read and write

12BD000

direct allocation

page execute and read and write

DE2000

heap

page read and write

E0B000

heap

page read and write

E07000

heap

page read and write

CD0000

heap

page read and write

2DE0000

heap

page read and write

DF7000

heap

page read and write

2E00000

heap

page read and write

EFF000

heap

page read and write

2E2C000

heap

page read and write

E0B000

heap

page read and write

DE2000

heap

page read and write

2E2C000

heap

page read and write

EF6000

heap

page read and write

E0B000

heap

page read and write

E70000

direct allocation

page read and write

3983000

direct allocation

page read and write

C70000

direct allocation

page read and write

F4B000

heap

page read and write

DE2000

heap

page read and write

302C000

heap

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

3750000

direct allocation

page read and write

724C000

stack

page read and write

DF7000

heap

page read and write

DE8000

heap

page read and write

DE2000

heap

page read and write

E0B000

heap

page read and write

DB8000

heap

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

38F0000

direct allocation

page read and write

2E2C000

heap

page read and write

252D000

stack

page read and write

DE2000

heap

page read and write

E5B000

heap

page read and write

EFF000

heap

page read and write

DE2000

heap

page read and write

2E24000

heap

page read and write

DE2000

heap

page read and write

2DCE000

stack

page read and write

73C000

unkown

page write copy

3641000

heap

page read and write

E37000

heap

page read and write

DE2000

heap

page read and write

2DA0000

heap

page read and write

E37000

heap

page read and write

390000

heap

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

E0B000

heap

page read and write

DF7000

heap

page read and write

E37000

heap

page read and write

10DF000

stack

page read and write

3120000

heap

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

F5F000

heap

page read and write

E0B000

heap

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

343E000

stack

page read and write

E0B000

heap

page read and write

EFF000

heap

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

2E2C000

heap

page read and write

D14000

heap

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

2E2C000

heap

page read and write

E3D000

heap

page read and write

2D3D000

stack

page read and write

E0B000

heap

page read and write

E0B000

heap

page read and write

3860000

direct allocation

page read and write

DF7000

heap

page read and write

DE2000

heap

page read and write

E0B000

heap

page read and write

B80000

heap

page read and write

DE2000

heap

page read and write

4D01000

heap

page read and write

DF7000

heap

page read and write

DE2000

heap

page read and write

E48000

heap

page read and write

DE2000

heap

page read and write

3025000

heap

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

DF7000

heap

page read and write

DF7000

heap

page read and write

D10000

heap

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

DF7000

heap

page read and write

DF7000

heap

page read and write

DE2000

heap

page read and write

E08000

heap

page read and write

DE2000

heap

page read and write

DF8000

heap

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

E0B000

heap

page read and write

E37000

heap

page read and write

DE2000

heap

page read and write

2E2C000

heap

page read and write

DF7000

heap

page read and write

3B29000

direct allocation

page read and write

DF7000

heap

page read and write

630000

unkown

page readonly

DF7000

heap

page read and write

DC9000

heap

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

EFB000

heap

page read and write

DE2000

heap

page read and write

E0B000

heap

page read and write

DE2000

heap

page read and write

3A0000

heap

page read and write

E37000

heap

page read and write

110B000

heap

page read and write

3A00000

direct allocation

page read and write

DE2000

heap

page read and write

B3C000

stack

page read and write

3052000

heap

page read and write

DE2000

heap

page read and write

D21000

heap

page read and write

2E2C000

heap

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

3644000

heap

page read and write

C60000

heap

page read and write

DF7000

heap

page read and write

DE2000

heap

page read and write

E65000

heap

page read and write

E70000

direct allocation

page read and write

E0B000

heap

page read and write

2E2C000

heap

page read and write

E0B000

heap

page read and write

3D0000

heap

page read and write

E0B000

heap

page read and write

E0B000

heap

page read and write

E0B000

heap

page read and write

2C3C000

stack

page read and write

4BF0000

heap

page read and write

E0B000

heap

page read and write

DE2000

heap

page read and write

3000000

heap

page read and write

3750000

direct allocation

page read and write

D20000

heap

page read and write

EFF000

heap

page read and write

DE2000

heap

page read and write

70000

unkown

page readonly

3983000

direct allocation

page read and write

EEA000

heap

page read and write

E0B000

heap

page read and write

E3D000

heap

page read and write

E37000

heap

page read and write

E0B000

heap

page read and write

3873000

direct allocation

page read and write

DE2000

heap

page read and write

3B29000

direct allocation

page read and write

E37000

heap

page read and write

25B0000

heap

page read and write

CF0000

heap

page read and write

E37000

heap

page read and write

E0B000

heap

page read and write

DE2000

heap

page read and write

E0B000

heap

page read and write

2D80000

heap

page readonly

E0B000

heap

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

E0B000

heap

page read and write

2DF0000

heap

page read and write

DF7000

heap

page read and write

E0B000

heap

page read and write

E0B000

heap

page read and write

D21000

heap

page read and write

DE2000

heap

page read and write

F05000

heap

page read and write

E37000

heap

page read and write

E37000

heap

page read and write

6ECE000

stack

page read and write

E0B000

heap

page read and write

E37000

heap

page read and write

E0B000

heap

page read and write

3B29000

direct allocation

page read and write

E58000

heap

page read and write

DE2000

heap

page read and write

670000

unkown

page readonly

3216000

heap

page read and write

C8E000

stack

page read and write

DF7000

heap

page read and write

7B000

unkown

page readonly

D21000

heap

page read and write

78000

unkown

page readonly

E37000

heap

page read and write

DE2000

heap

page read and write

F05000

heap

page read and write

DF8000

heap

page read and write

E0B000

heap

page read and write

1190000

direct allocation

page execute and read and write

E37000

heap

page read and write

DE2000

heap

page read and write

D21000

heap

page read and write

E0B000

heap

page read and write

E37000

heap

page read and write

C4F000

stack

page read and write

3A8E000

direct allocation

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

D2B000

heap

page read and write

744000

unkown

page readonly

3860000

direct allocation

page read and write

DF7000

heap

page read and write

E0B000

heap

page read and write

DF7000

heap

page read and write

DF8000

heap

page read and write

DE2000

heap

page read and write

29F0000

heap

page read and write

3211000

heap

page read and write

E0B000

heap

page read and write

3A1D000

direct allocation

page read and write

1710000

heap

page read and write

E37000

heap

page read and write

3A19000

direct allocation

page read and write

CD4000

heap

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

DF7000

heap

page read and write

2E2C000

heap

page read and write

CF8000

heap

page read and write

E0B000

heap

page read and write

DE2000

heap

page read and write

E0B000

heap

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

E0B000

heap

page read and write

DF7000

heap

page read and write

E0B000

heap

page read and write

E0B000

heap

page read and write

E0B000

heap

page read and write

E37000

heap

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

145D000

direct allocation

page execute and read and write

E0B000

heap

page read and write

E0B000

heap

page read and write

E37000

heap

page read and write

D31000

heap

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

F21000

heap

page read and write

DE2000

heap

page read and write

E0B000

heap

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

E0B000

heap

page read and write

DE2000

heap

page read and write

3750000

direct allocation

page read and write

DE2000

heap

page read and write

3099000

heap

page read and write

DF7000

heap

page read and write

2E2C000

heap

page read and write

DE2000

heap

page read and write

DB8000

heap

page read and write

71000

unkown

page execute read

E37000

heap

page read and write

3A00000

direct allocation

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

E0B000

heap

page read and write

E0B000

heap

page read and write

DE2000

heap

page read and write

6FCE000

stack

page read and write

CAE000

stack

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

3031000

heap

page read and write

DE2000

heap

page read and write

E0B000

heap

page read and write

E0B000

heap

page read and write

DF7000

heap

page read and write

744000

unkown

page readonly

E37000

heap

page read and write

E0B000

heap

page read and write

CA0000

direct allocation

page execute and read and write

303C000

heap

page read and write

3127000

heap

page read and write

E0B000

heap

page read and write

E37000

heap

page read and write

DE2000

heap

page read and write

631000

unkown

page execute read

DE2000

heap

page read and write

DE2000

heap

page read and write

63E000

stack

page read and write

DE2000

heap

page read and write

E37000

heap

page read and write

DE2000

heap

page read and write

70C000

unkown

page readonly

E0B000

heap

page read and write

E0B000

heap

page read and write

3A8E000

direct allocation

page read and write

E37000

heap

page read and write

E37000

heap

page read and write

15DF000

stack

page read and write

E37000

heap

page read and write

E0B000

heap

page read and write

E0B000

heap

page read and write

DE2000

heap

page read and write

E0B000

heap

page read and write

E0B000

heap

page read and write

DE2000

heap

page read and write

3090000

heap

page read and write

DE2000

heap

page read and write

132E000

direct allocation

page execute and read and write

732000

unkown

page readonly

E0B000

heap

page read and write

E0B000

heap

page read and write

7B000

unkown

page readonly

32FE000

stack

page read and write

E0B000

heap

page read and write

E0B000

heap

page read and write

2CA0000

heap

page read and write

DE2000

heap

page read and write

4A5000

system

page execute and read and write

1461000

direct allocation

page execute and read and write

329000

stack

page read and write

71000

unkown

page execute read

DE2000

heap

page read and write

12B9000

direct allocation

page execute and read and write

3A19000

direct allocation

page read and write

DE2000

heap

page read and write

D2C000

heap

page read and write

E0B000

heap

page read and write

DF7000

heap

page read and write

F70000

heap

page read and write

DE2000

heap

page read and write

E0B000

heap

page read and write

3012000

heap

page read and write

3873000

direct allocation

page read and write

DE2000

heap

page read and write

E37000

heap

page read and write

E0B000

heap

page read and write

15BD000

stack

page read and write

1180000

heap

page read and write

DE2000

heap

page read and write

EBF000

heap

page read and write

3983000

direct allocation

page read and write

DE2000

heap

page read and write

732000

unkown

page readonly

DE2000

heap

page read and write

A3D000

stack

page read and write

DE2000

heap

page read and write

E37000

heap

page read and write

E37000

heap

page read and write

2E2C000

heap

page read and write

D2B000

heap

page read and write

2E2C000

heap

page read and write

670000

unkown

page readonly

DF7000

heap

page read and write

3047000

heap

page read and write

F4A000

heap

page read and write

3112000

heap

page read and write

DF7000

heap

page read and write

DF7000

heap

page read and write

DE2000

heap

page read and write

E37000

heap

page read and write

E0B000

heap

page read and write

EFA000

heap

page read and write

DE2000

heap

page read and write

DC8000

heap

page read and write

DE2000

heap

page read and write

E0B000

heap

page read and write

E0B000

heap

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

E37000

heap

page read and write

DE2000

heap

page read and write

DF7000

heap

page read and write

309E000

heap

page read and write

DF7000

heap

page read and write

DE2000

heap

page read and write

2E2C000

heap

page read and write

78000

unkown

page readonly

E37000

heap

page read and write

25E0000

heap

page read and write

CEE000

stack

page read and write

DE2000

heap

page read and write

EF4000

heap

page read and write

671000

unkown

page execute read

DE2000

heap

page read and write

DF7000

heap

page read and write

F2B000

heap

page read and write

DE2000

heap

page read and write

78000

unkown

page readonly

DE2000

heap

page read and write

4E00000

direct allocation

page read and write

3B2D000

direct allocation

page read and write

38F0000

direct allocation

page read and write

DE2000

heap

page read and write

E37000

heap

page read and write

DE2000

heap

page read and write

3A00000

direct allocation

page read and write

E0B000

heap

page read and write

DF7000

heap

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

E0B000

heap

page read and write

DF7000

heap

page read and write

EF4000

heap

page read and write

DF7000

heap

page read and write

E0B000

heap

page read and write

E0B000

heap

page read and write

DE2000

heap

page read and write

E0B000

heap

page read and write

2C50000

heap

page read and write

DE2000

heap

page read and write

710E000

stack

page read and write

DE2000

heap

page read and write

E0B000

heap

page read and write

DE2000

heap

page read and write

E0B000

heap

page read and write

DE2000

heap

page read and write

E37000

heap

page read and write

DE2000

heap

page read and write

E37000

heap

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

E0B000

heap

page read and write

14D2000

direct allocation

page execute and read and write

E0B000

heap

page read and write

DE2000

heap

page read and write

6D8E000

stack

page read and write

DE2000

heap

page read and write

E37000

heap

page read and write

E0B000

heap

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

256D000

stack

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

E0B000

heap

page read and write

E37000

heap

page read and write

DE2000

heap

page read and write

E37000

heap

page read and write

DF7000

heap

page read and write

E70000

direct allocation

page read and write

DF7000

heap

page read and write

DE2000

heap

page read and write

70000

unkown

page readonly

D25000

heap

page read and write

38F0000

direct allocation

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

70000

unkown

page readonly

DE2000

heap

page read and write

DE2000

heap

page read and write

DE2000

heap

page read and write

2E2F000

heap

page read and write

DE2000

heap

page read and write

307E000

heap

page read and write

E0B000

heap

page read and write

DE8000

heap

page read and write

DF7000

heap

page read and write

DE2000

heap

page read and write

DE8000

heap

page read and write

DF7000

heap

page read and write

DF7000

heap

page read and write

740000

unkown

page write copy

78000

unkown

page readonly

C3F000

stack

page read and write

DE2000

heap

page read and write

E0B000

heap

page read and write

E0B000

heap

page read and write

DE2000

heap

page read and write

E37000

heap

page read and write

EFF000

heap

page read and write

2E2C000

heap

page read and write

DE2000

heap

page read and write

F40000

heap

page read and write

There are 665 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
1lAxaLKP7E.exe

Files

Processes

URLs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report1lAxaLKP7E.exe

Files

Processes

URLs

Registry

Memdumps

IOC Report
1lAxaLKP7E.exe