Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\file.exe

"C:\Users\user\Desktop\file.exe"

Details

Is windows:	false
Is dropped:	false
PID:	2228
Target ID:	0
Parent PID:	1028
Name:	file.exe
Path:	C:\Users\user\Desktop\file.exe
Commandline:	"C:\Users\user\Desktop\file.exe"
Size:	1833472
MD5:	5E8286D88EEFF93B753E7454A6B431FD
Time:	12:56:01
Date:	04/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xd30000
Modulesize:	6905856
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Detected unpacking (changes PE section rights)	Data Obfuscation	Software Packing
Yara detected Powershell download and execute	HIPS / PFW / Operating System Protection Evasion
Yara detected Stealc	Stealing of Sensitive Information, Remote Access Functionality
Machine Learning detection for sample	AV Detection
PE file contains section with special chars	System Summary
PE file contains an invalid checksum	Data Obfuscation
PE file contains sections with non-standard names	Data Obfuscation
Uses 32bit PE files	Compliance, System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011)	System Summary	Software Packing
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
PE file has a big raw section	System Summary
Submission file is bigger than most known malware samples	System Summary

URLs

Name

Malicious

http://185.215.113.37/e2b1563c6670f193.php~

unknown

Details

Name:	http://185.215.113.37/e2b1563c6670f193.php~
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\file.exe
Source:	file.exe, 00000000.00000002.2120585250.0000000000918000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
URLs found in memory or binary data	Networking

http://185.215.113.37/

185.215.113.37

Details

Name:	http://185.215.113.37/
IP:	185.215.113.37
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\file.exe
Source:	network

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
HTTP GET or POST without a user agent	Networking
IP address seen in connection with other malware	Networking
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

http://185.215.113.37/e2b1563c6670f193.phpB

unknown

Details

Name:	http://185.215.113.37/e2b1563c6670f193.phpB
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\file.exe
Source:	file.exe, 00000000.00000002.2120585250.0000000000918000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
URLs found in memory or binary data	Networking

http://185.215.113.37/e2b1563c6670f193.phpr

unknown

Details

Name:	http://185.215.113.37/e2b1563c6670f193.phpr
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\file.exe
Source:	file.exe, 00000000.00000002.2120585250.0000000000918000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
URLs found in memory or binary data	Networking

http://185.215.113.37

unknown

Details

Name:	http://185.215.113.37
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\file.exe
Source:	file.exe, 00000000.00000002.2120585250.00000000008BE000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
URLs found in memory or binary data	Networking

http://185.215.113.37/C

unknown

Details

Name:	http://185.215.113.37/C
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\file.exe
Source:	file.exe, 00000000.00000002.2120585250.0000000000902000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
URLs found in memory or binary data	Networking

http://185.215.113.37/e2b1563c6670f193.phpo

unknown

Details

Name:	http://185.215.113.37/e2b1563c6670f193.phpo
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\file.exe
Source:	file.exe, 00000000.00000002.2120585250.0000000000918000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
URLs found in memory or binary data	Networking

http://185.215.113.37/e2b1563c6670f193.phpF

unknown

Details

Name:	http://185.215.113.37/e2b1563c6670f193.phpF
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\file.exe
Source:	file.exe, 00000000.00000002.2120585250.0000000000934000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
URLs found in memory or binary data	Networking

http://185.215.113.37/e2b1563c6670f193.php

185.215.113.37

Details

Name:	http://185.215.113.37/e2b1563c6670f193.php
IP:	185.215.113.37
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\file.exe
Source:	network

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
HTTP GET or POST without a user agent	Networking
IP address seen in connection with other malware	Networking
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

185.215.113.37

unknown

Portugal

Details

IP:	185.215.113.37
TargetID:	0
Current Path:	C:\Users\user\Desktop\file.exe
Country:	Portugal
Countrycode:	PRT
ASN number:	206894
ASN name:	WHOLESALECONNECTIONSNL
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
HTTP GET or POST without a user agent	Networking
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

D31000

unkown

page execute and read and write

4C10000

direct allocation

page read and write

8BE000

heap

page read and write

93F000

heap

page read and write

4C4E000

stack

page read and write

1228000

unkown

page execute and read and write

4781000

heap

page read and write

4781000

heap

page read and write

1D1CE000

stack

page read and write

4781000

heap

page read and write

412F000

stack

page read and write

4D70000

direct allocation

page execute and read and write

BAE000

stack

page read and write

4781000

heap

page read and write

4781000

heap

page read and write

4781000

heap

page read and write

3DAE000

stack

page read and write

4781000

heap

page read and write

4781000

heap

page read and write

902000

heap

page read and write

4781000

heap

page read and write

4781000

heap

page read and write

312E000

stack

page read and write

4781000

heap

page read and write

4781000

heap

page read and write

1CC9F000

stack

page read and write

4781000

heap

page read and write

4781000

heap

page read and write

4781000

heap

page read and write

1D36F000

stack

page read and write

13C2000

unkown

page execute and read and write

4781000

heap

page read and write

DE1000

unkown

page execute and read and write

4D4F000

stack

page read and write

4781000

heap

page read and write

4780000

heap

page read and write

2DC000

stack

page read and write

4D80000

direct allocation

page execute and read and write

4770000

direct allocation

page read and write

4781000

heap

page read and write

426F000

stack

page read and write

4781000

heap

page read and write

2E6F000

stack

page read and write

3DE000

stack

page read and write

8B0000

heap

page read and write

4781000

heap

page read and write

4781000

heap

page read and write

84B000

heap

page read and write

2FEE000

stack

page read and write

4781000

heap

page read and write

4880000

trusted library allocation

page read and write

DED000

unkown

page execute and read and write

4781000

heap

page read and write

38AE000

stack

page read and write

4770000

direct allocation

page read and write

2FAF000

stack

page read and write

4D90000

direct allocation

page execute and read and write

4C10000

direct allocation

page read and write

D30000

unkown

page readonly

4781000

heap

page read and write

2EAE000

stack

page read and write

890000

heap

page read and write

4781000

heap

page read and write

34EE000

stack

page read and write

416E000

stack

page read and write

3EEE000

stack

page read and write

4781000

heap

page read and write

4781000

heap

page read and write

CEE000

stack

page read and write

4770000

direct allocation

page read and write

4DC0000

direct allocation

page execute and read and write

F7A000

unkown

page execute and read and write

3B2E000

stack

page read and write

4781000

heap

page read and write

462F000

stack

page read and write

372F000

stack

page read and write

4781000

heap

page read and write

847000

heap

page read and write

4781000

heap

page read and write

4781000

heap

page read and write

D2E000

stack

page read and write

402E000

stack

page read and write

1228000

unkown

page execute and write copy

47A0000

heap

page read and write

4770000

direct allocation

page read and write

4781000

heap

page read and write

4781000

heap

page read and write

4781000

heap

page read and write

4781000

heap

page read and write

4781000

heap

page read and write

4770000

direct allocation

page read and write

1CCDE000

stack

page read and write

4781000

heap

page read and write

4781000

heap

page read and write

3D6F000

stack

page read and write

77E000

stack

page read and write

7C5000

heap

page read and write

88C000

stack

page read and write

4781000

heap

page read and write

466E000

stack

page read and write

1CB5F000

stack

page read and write

AAE000

stack

page read and write

4DA0000

direct allocation

page execute and read and write

4770000

direct allocation

page read and write

11F0000

unkown

page execute and read and write

4790000

heap

page read and write

44EF000

stack

page read and write

82E000

stack

page read and write

4781000

heap

page read and write

1CB9E000

stack

page read and write

4770000

direct allocation

page read and write

2D6F000

stack

page read and write

4781000

heap

page read and write

3D5000

stack

page read and write

4781000

heap

page read and write

3C6E000

stack

page read and write

42AE000

stack

page read and write

4781000

heap

page read and write

4781000

heap

page read and write

7BE000

stack

page read and write

39EE000

stack

page read and write

D31000

unkown

page execute and write copy

336F000

stack

page read and write

476F000

stack

page read and write

F8E000

unkown

page execute and read and write

4781000

heap

page read and write

4781000

heap

page read and write

4781000

heap

page read and write

4781000

heap

page read and write

1CF3F000

stack

page read and write

4770000

direct allocation

page read and write

4781000

heap

page read and write

30EF000

stack

page read and write

1D08C000

stack

page read and write

39AF000

stack

page read and write

4D60000

direct allocation

page execute and read and write

4781000

heap

page read and write

4D9E000

stack

page read and write

376E000

stack

page read and write

4781000

heap

page read and write

386F000

stack

page read and write

4DB0000

direct allocation

page execute and read and write

4770000

direct allocation

page read and write

4781000

heap

page read and write

4770000

direct allocation

page read and write

4781000

heap

page read and write

4781000

heap

page read and write

830000

heap

page read and write

4781000

heap

page read and write

1CDDE000

stack

page read and write

4770000

direct allocation

page read and write

630000

heap

page read and write

1D372000

heap

page read and write

43AF000

stack

page read and write

4781000

heap

page read and write

4781000

heap

page read and write

4781000

heap

page read and write

4D90000

direct allocation

page execute and read and write

1D0CD000

stack

page read and write

4770000

direct allocation

page read and write

13C3000

unkown

page execute and write copy

4781000

heap

page read and write

4781000

heap

page read and write

1D26E000

stack

page read and write

4781000

heap

page read and write

934000

heap

page read and write

452E000

stack

page read and write

1D370000

heap

page read and write

4781000

heap

page read and write

35EF000

stack

page read and write

3EAF000

stack

page read and write

918000

heap

page read and write

4781000

heap

page read and write

CAF000

stack

page read and write

E12000

unkown

page execute and read and write

710000

heap

page read and write

1218000

unkown

page execute and read and write

4781000

heap

page read and write

1229000

unkown

page execute and write copy

34AF000

stack

page read and write

3AEF000

stack

page read and write

4781000

heap

page read and write

4781000

heap

page read and write

4770000

direct allocation

page read and write

7C0000

heap

page read and write

4781000

heap

page read and write

3C2F000

stack

page read and write

840000

heap

page read and write

326E000

stack

page read and write

43EE000

stack

page read and write

3FEF000

stack

page read and write

322F000

stack

page read and write

362E000

stack

page read and write

4C10000

direct allocation

page read and write

1211000

unkown

page execute and read and write

1116000

unkown

page execute and read and write

33AE000

stack

page read and write

D30000

unkown

page read and write

4781000

heap

page read and write

2C6F000

stack

page read and write

4770000

direct allocation

page read and write

1CE3E000

stack

page read and write

8BA000

heap

page read and write

4781000

heap

page read and write

4781000

heap

page read and write

1CF8D000

stack

page read and write

There are 196 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
file.exe

Processes

URLs

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportfile.exe

Processes

URLs

IPs

Memdumps

IOC Report
file.exe