Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.1057.9543.exe

"C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.1057.9543.exe"

Details

Is windows:	false
Is dropped:	false
PID:	5000
Target ID:	0
Parent PID:	1028
Name:	SecuriteInfo.com.Win64.Malware-gen.1057.9543.exe
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.1057.9543.exe
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.1057.9543.exe"
Size:	20831232
MD5:	F0ECB0B7A365F88B26F3CB7D5101881A
Time:	08:06:54
Date:	18/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7216e0000
Modulesize:	21204992
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Yara detected Go Injector	Stealing of Sensitive Information, Remote Access Functionality
Yara detected RedLine Stealer	Stealing of Sensitive Information, Remote Access Functionality
PE file contains more sections than normal	System Summary
PE file contains sections with non-standard names	Data Obfuscation
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
Sample reads its own file content	System Summary
URLs found in memory or binary data	Networking
Binary contains paths to debug symbols	Compliance, System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file has a big raw section	System Summary
PE file has a big code size	System Summary
PE file has a high image base, often used for DLLs	System Summary
Submission file is bigger than most known malware samples	System Summary

URLs

Name

Malicious

185.215.113.9:12617

http://notifyninja.com/monitoring

unknown

http://www.xn--jobbrse-d1a.com)

unknown

https://api.ip.sb/ip

unknown

https://locationInfinityencodingprotobuftype_urlhttp/1.1mac-os-xcomputerNO_PROXYdisabledrequiredopti

unknown

http://go.mail.ru/help/robots)

unknown

https://golang.org/doc/faq#nil_errorcollected

unknown

http://www.similartech.com/smtbot)

unknown

https://onsi.github.io/gomega/#adjusting-output

unknown

https://www.jobboerse.com/bot.htm)

unknown

http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtdcannot

unknown

http://www.brandwatch.net)

unknown

http://www.google.com/mobile/adsbot.html)

unknown

http://yandex.com/bots)

unknown

http://www.google.com/mobile/adsbot.html)Mozilla/5.0

unknown

https://github.com/golang/protobuf/issues/1609):

unknown

https://raw.githubusercontent.com/EDDYCJY/fake-useragent/v0.2.0/static/fake_useragent_0.2.0.json

185.199.110.133

http://www.google.com/mobile/adsbot.html)C:

unknown

http://www.jobboerse.com/bot.htm)

unknown

https://management.azure.com%q

unknown

http://www.icjobs.de)

unknown

http://www.similartech.com/smtbot)Mozilla/5.0

unknown

https://onsi.github.io/gomega/#eventually

unknown

There are 13 hidden URLs, click here to show them.

Domains

Name

Malicious

raw.githubusercontent.com

185.199.110.133

Details

Name:	raw.githubusercontent.com
IP:	185.199.110.133
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

185.199.110.133

raw.githubusercontent.com

Netherlands

Registry

Path

Value

Malicious

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8

Blob

Details

TargetID:	0
Path:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Value name:	Blob
Value data:	04 00 00 00 01 00 00 00 10 00 00 00 0A 0A 18 29 36 E6 C3 DF 7F A3 4D 0F FD 41 5E 22 14 00 00 00 01 00 00 00 14 00 00 00 BB 3B 3F AA 10 70 C8 55 F7 24 E9 3B FD 32 19 F4 F6 11 6B 3A 03 00 00 00 01 00 00 00 14 00 00 00 3F 72 8A 35 DE 52 B2 C8 99 4A 4F B1 01 A0 3B 95 E8 7B 06 C8 0F 00 00 00 01 00 00 00 14 00 00 00 71 75 75 34 54 C2 98 2E 84 ED 48 F5 B4 EE 52 48 7F 4A 37 CD 19 00 00 00 01 00 00 00 10 00 00 00 49 50 8B 6C BE 29 D8 39 31 16 93 FA 24 E5 8D 98 20 00 00 00 01 00 00 00 FD 05 00 00 30 82 05 F9 30 82 03 E1 A0 03 02 01 02 02 09 00 D2 1E F1 F6 E3 4F 6B B8 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30 81 92 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 0C 0A 43 61 6C 69 66 6F 72 6E 69 61 31 16 30 14 06 03 55 04 07 0C 0D 53 61 6E 20 46 72 61 6E 63 69 73 63 6F 31 2A 30 28 06 03 55 04 0A 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 31 2A 30 28 06 03 55 04 03 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 30 1E 17 0D 31 35 30 33 31 37 31 34 31 36 33 38 5A 17 0D 34 35 30 33 30 39 31 34 31 36 33 38 5A 30 81 92 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 0C 0A 43 61 6C 69 66 6F 72 6E 69 61 31 16 30 14 06 03 55 04 07 0C 0D 53 61 6E 20 46 72 61 6E 63 69 73 63 6F 31 2A 30 28 06 03 55 04 0A 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 31 2A 30 28 06 03 55 04 03 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 30 82 02 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 02 0F 00 30 82 02 0A 02 82 02 01 00 AE 85 81 A8 AB 4F 18 6F B8 FF D9 66 4D B0 3F E7 A3 06 9B 8D 6E 32 30 46 84 32 00 D0 A2 58 15 E3 83 1A 98 23 89 66 FA DC CF E9 B3 3F 7A 15 85 38 42 6D A3 6A 64 14 CB 41 56 ED FE 59 95 38 F1 FA AB E9 4B 06 52 B7 83 58 97 69 5A 3D 75 98 98 9F CE ED 1D 79 20 30 90 20 F1 57 23 2F 00 62 F2 FE BD 48 D8 62 D9 25 72 A2 12 C8 7A 04 2F A5 E3 74 75 DD 7A 1C 60 40 6B 37 C3 D8 4F 7D C1 E7 68 97 5E 36 08 A8 1C 35 78 81 AF A7 4E B4 88 D0 AB 10 74 03 CB 8C 9B AC 63 27 B9 DC 75 E6 6B 5D 32 18 95 0B FD 03 C5 66 DF C6 57 65 56 E9 77 31 59 42 23 46 2D 2A 03 7B 32 C5 3B AB C6 6A 2F B5 48 7F 9E 7A 61 60 40 DA AA 16 B4 38 26 8D B3 71 4A 6D 28 4A 21 0E 26 DA D0 30 B3 FA 74 3E CF EF 28 24 47 39 B8 EE 10 06 5A 65 67 F2 37 66 D9 57 26 A4 2A 9B DF A0 37 5D C0 ED 65 59 F9 E9 E6 F8 8E A7 AE 3A F4 72 E5 F8 62 BB B5 97 A7 A0 1C 32 5B 35 14 43 53 6B C4 C9 E8 3E 21 61 8C 3C 3F CE 4A 14 8B DA 41 39 D1 C5 E3 34 A3 C4 44 0C 5D BB 0D 78 E8 31 BE 4A A9 CF B3 D5 12 21 AE 6D 28 4C 86 98 E4 0A 99 81 BF 98 11 99 86 28 AB EB 15 EF A9 50 B9 43 AE B1 03 69 06 63 6D 11 93 D9 C0 FB 97 FE 0A F5 CD 4F 10 90 9E 19 FB 6F 66 44 0C 50 20 B1 A3 A7 27 45 15 FA C9 45 20 EA B9 DF CE C6 E4 61 4F 08 09 FA 5D 13 8F 03 FB DA 95 85 E0 5C BC 2D A9 CC 8E BA 76 B9 6A 80 2E 69 74 62 19 28 02 EC 60 11 A6 0F 64 C2 FF 9B 5E 7D 0F F1 D4 6B 4D FD 99 BB C1 3D 05 DE 6E F2 B2 CE 1F 51 A5 E3 43 D1 E7 24 76 36 2F 9A 02 0D DA 34 A6 2D E0 1D 22 14 C5 7E FD B7 0F 31 B1 4A D0 AA A7 73 57 C5 C2 63 D8 C3 2F 37 39 12 BF C0 91 F7 AC A6 AB 48 ED 82 4B C7 4D 30 06 EA 6C A7 C2 B1 A1 09 02 96 6A 3D 02 03 01 00 01 A3 50 30 4E 30 1D 06 03 55 1D 0E 04 16 04 14 BB 3B 3F AA 10 70 C8 55 F7 24 E9 3B FD 32 19 F4 F6 11 6B 3A 30 1F 06 03 55 1D 23 04 18 30 16 80 14 BB 3B 3F AA 10 70 C8 55 F7 24 E9 3B FD 32 19 F4 F6 11 6B 3A 30 0C 06 03 55 1D 13 04 05 30 03 01 01 FF 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 82 02 01 00 48 3C 18 2B 72 E4 57 52 A8 95 35 C6 A1 73 71 20 85 20 94 FF 55 E7 1B 02 9C 05 C8 31 F8 85 B2 79 BE B2 47 55 74 E0 55 70 6B 17 24 9F 0B 6A 92 FE 41 04 22 4F 25 F4 5C DA 25 EF A9 32 CD CC 57 AD 88 5B 56 14 5F 7A 38 02 D3 18 23 8D A5 D8 FB 9F 43 A3 1A 68 2E 42 06 72 26 01 A2 EB DB AF 70 2E 57 12 35 7C B2 A1 EF AB 12 E0 81 55 84 37 C8 FD 95 AE DE 58 60 40 52 A1 C7 75 18 A1 2F 92 5A C0 AB C9 1B A7 17 19 4E 4D D8 53 FB C6 C3 7C 33 53 51 5B 3A 64 31 60 A4 B3 07 72 D7 39 1A F9 8A A2 70 E4 B4 D6 BF 6A AD 24 76 74 CE C7 EA 87 3E 28 6C EF 08 09 4F 79 FB CF 77 FF FA F8 77 04 4A 30 90 5B 27 11 5C 79 60 60 64 1A CB 6E 2C 5E 1C B0 53 AC 28 4A 8B 8B DF AE 01 41 D2 12 3F 7B 22 54 D2 8E 3C C4 A1 FF 4A 6C D3 1B EB 1D 35 94 14 F5 79 44 BE C2 E6 93 9B BA 4D D0 81 94 E9 25 BE 43 FC 2C 92 E5 CA DC 5D 9D CF CA 8B CF 0C E0 3D 29 21 44 4A C0 19 F4 F3 D5 7E F5 74 35 2B FC DF A3 F7 3C C5 D6 7A 7A 0B B6 2B C7 BF F9 8F 6E B5 56 44 0F A9 45 80 9F 88 21 82 99 2C DC 85 DA 25 65 55 ED D3 1C 36 4E D6 63 46 68 AF 6C 87 5C C5 F6 89 C2 E1 70 F4 87 0F F1 DE F0 8E 72 E4 CA CB 83 2B CD B1 7A 54 41 AF 97 38 DF F7 EA 8C 7A B2 D1 1B E9 E9 D3 BF 41 0F 21 F0 AA 8D 95 B6 CD 91 90 DF 71 E7 72 96 9D 3F 18 B9 98 8C CE 15 45 99 83 FB BD 61 4E AD 63 36 71 86 5D BD A3 17 61 6F 31 57 A4 25 3D ED 24 6A 9E 94 E0 D8 67 F0 17 12 86 B7 4E 65 93 A6 BD 8A 2A 06 6B EC 0F DE E0 B5 9C A0 AF D5 A4 32 A2 70 75 A1 02 A9 7F 85 D9 39 38 80 BB 41 A6 0F A3 8D 1F F1 66 E0 04 B3 A2 88 03 8B A7 AF E1 A1 60 95 F6 CB 76 12 C8 51 83 1E 14 E2 0B B5 6C F1 4B 96 21 F9 DE AA B2 CD 71 B8 63

Signature Hits	Behavior Group	Mitre Attack
Installs new ROOT certificates	Persistence and Installation Behavior	Install Root Certificate
Stores large binary data to the registry	Hooking and other Techniques for Hiding and Protection	Modify Registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8

Blob

Details

TargetID:	0
Path:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Value name:	Blob
Value data:	5C 00 00 00 01 00 00 00 04 00 00 00 00 10 00 00 19 00 00 00 01 00 00 00 10 00 00 00 49 50 8B 6C BE 29 D8 39 31 16 93 FA 24 E5 8D 98 0F 00 00 00 01 00 00 00 14 00 00 00 71 75 75 34 54 C2 98 2E 84 ED 48 F5 B4 EE 52 48 7F 4A 37 CD 03 00 00 00 01 00 00 00 14 00 00 00 3F 72 8A 35 DE 52 B2 C8 99 4A 4F B1 01 A0 3B 95 E8 7B 06 C8 14 00 00 00 01 00 00 00 14 00 00 00 BB 3B 3F AA 10 70 C8 55 F7 24 E9 3B FD 32 19 F4 F6 11 6B 3A 04 00 00 00 01 00 00 00 10 00 00 00 0A 0A 18 29 36 E6 C3 DF 7F A3 4D 0F FD 41 5E 22 20 00 00 00 01 00 00 00 FD 05 00 00 30 82 05 F9 30 82 03 E1 A0 03 02 01 02 02 09 00 D2 1E F1 F6 E3 4F 6B B8 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30 81 92 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 0C 0A 43 61 6C 69 66 6F 72 6E 69 61 31 16 30 14 06 03 55 04 07 0C 0D 53 61 6E 20 46 72 61 6E 63 69 73 63 6F 31 2A 30 28 06 03 55 04 0A 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 31 2A 30 28 06 03 55 04 03 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 30 1E 17 0D 31 35 30 33 31 37 31 34 31 36 33 38 5A 17 0D 34 35 30 33 30 39 31 34 31 36 33 38 5A 30 81 92 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 0C 0A 43 61 6C 69 66 6F 72 6E 69 61 31 16 30 14 06 03 55 04 07 0C 0D 53 61 6E 20 46 72 61 6E 63 69 73 63 6F 31 2A 30 28 06 03 55 04 0A 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 31 2A 30 28 06 03 55 04 03 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 30 82 02 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 02 0F 00 30 82 02 0A 02 82 02 01 00 AE 85 81 A8 AB 4F 18 6F B8 FF D9 66 4D B0 3F E7 A3 06 9B 8D 6E 32 30 46 84 32 00 D0 A2 58 15 E3 83 1A 98 23 89 66 FA DC CF E9 B3 3F 7A 15 85 38 42 6D A3 6A 64 14 CB 41 56 ED FE 59 95 38 F1 FA AB E9 4B 06 52 B7 83 58 97 69 5A 3D 75 98 98 9F CE ED 1D 79 20 30 90 20 F1 57 23 2F 00 62 F2 FE BD 48 D8 62 D9 25 72 A2 12 C8 7A 04 2F A5 E3 74 75 DD 7A 1C 60 40 6B 37 C3 D8 4F 7D C1 E7 68 97 5E 36 08 A8 1C 35 78 81 AF A7 4E B4 88 D0 AB 10 74 03 CB 8C 9B AC 63 27 B9 DC 75 E6 6B 5D 32 18 95 0B FD 03 C5 66 DF C6 57 65 56 E9 77 31 59 42 23 46 2D 2A 03 7B 32 C5 3B AB C6 6A 2F B5 48 7F 9E 7A 61 60 40 DA AA 16 B4 38 26 8D B3 71 4A 6D 28 4A 21 0E 26 DA D0 30 B3 FA 74 3E CF EF 28 24 47 39 B8 EE 10 06 5A 65 67 F2 37 66 D9 57 26 A4 2A 9B DF A0 37 5D C0 ED 65 59 F9 E9 E6 F8 8E A7 AE 3A F4 72 E5 F8 62 BB B5 97 A7 A0 1C 32 5B 35 14 43 53 6B C4 C9 E8 3E 21 61 8C 3C 3F CE 4A 14 8B DA 41 39 D1 C5 E3 34 A3 C4 44 0C 5D BB 0D 78 E8 31 BE 4A A9 CF B3 D5 12 21 AE 6D 28 4C 86 98 E4 0A 99 81 BF 98 11 99 86 28 AB EB 15 EF A9 50 B9 43 AE B1 03 69 06 63 6D 11 93 D9 C0 FB 97 FE 0A F5 CD 4F 10 90 9E 19 FB 6F 66 44 0C 50 20 B1 A3 A7 27 45 15 FA C9 45 20 EA B9 DF CE C6 E4 61 4F 08 09 FA 5D 13 8F 03 FB DA 95 85 E0 5C BC 2D A9 CC 8E BA 76 B9 6A 80 2E 69 74 62 19 28 02 EC 60 11 A6 0F 64 C2 FF 9B 5E 7D 0F F1 D4 6B 4D FD 99 BB C1 3D 05 DE 6E F2 B2 CE 1F 51 A5 E3 43 D1 E7 24 76 36 2F 9A 02 0D DA 34 A6 2D E0 1D 22 14 C5 7E FD B7 0F 31 B1 4A D0 AA A7 73 57 C5 C2 63 D8 C3 2F 37 39 12 BF C0 91 F7 AC A6 AB 48 ED 82 4B C7 4D 30 06 EA 6C A7 C2 B1 A1 09 02 96 6A 3D 02 03 01 00 01 A3 50 30 4E 30 1D 06 03 55 1D 0E 04 16 04 14 BB 3B 3F AA 10 70 C8 55 F7 24 E9 3B FD 32 19 F4 F6 11 6B 3A 30 1F 06 03 55 1D 23 04 18 30 16 80 14 BB 3B 3F AA 10 70 C8 55 F7 24 E9 3B FD 32 19 F4 F6 11 6B 3A 30 0C 06 03 55 1D 13 04 05 30 03 01 01 FF 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 82 02 01 00 48 3C 18 2B 72 E4 57 52 A8 95 35 C6 A1 73 71 20 85 20 94 FF 55 E7 1B 02 9C 05 C8 31 F8 85 B2 79 BE B2 47 55 74 E0 55 70 6B 17 24 9F 0B 6A 92 FE 41 04 22 4F 25 F4 5C DA 25 EF A9 32 CD CC 57 AD 88 5B 56 14 5F 7A 38 02 D3 18 23 8D A5 D8 FB 9F 43 A3 1A 68 2E 42 06 72 26 01 A2 EB DB AF 70 2E 57 12 35 7C B2 A1 EF AB 12 E0 81 55 84 37 C8 FD 95 AE DE 58 60 40 52 A1 C7 75 18 A1 2F 92 5A C0 AB C9 1B A7 17 19 4E 4D D8 53 FB C6 C3 7C 33 53 51 5B 3A 64 31 60 A4 B3 07 72 D7 39 1A F9 8A A2 70 E4 B4 D6 BF 6A AD 24 76 74 CE C7 EA 87 3E 28 6C EF 08 09 4F 79 FB CF 77 FF FA F8 77 04 4A 30 90 5B 27 11 5C 79 60 60 64 1A CB 6E 2C 5E 1C B0 53 AC 28 4A 8B 8B DF AE 01 41 D2 12 3F 7B 22 54 D2 8E 3C C4 A1 FF 4A 6C D3 1B EB 1D 35 94 14 F5 79 44 BE C2 E6 93 9B BA 4D D0 81 94 E9 25 BE 43 FC 2C 92 E5 CA DC 5D 9D CF CA 8B CF 0C E0 3D 29 21 44 4A C0 19 F4 F3 D5 7E F5 74 35 2B FC DF A3 F7 3C C5 D6 7A 7A 0B B6 2B C7 BF F9 8F 6E B5 56 44 0F A9 45 80 9F 88 21 82 99 2C DC 85 DA 25 65 55 ED D3 1C 36 4E D6 63 46 68 AF 6C 87 5C C5 F6 89 C2 E1 70 F4 87 0F F1 DE F0 8E 72 E4 CA CB 83 2B CD B1 7A 54 41 AF 97 38 DF F7 EA 8C 7A B2 D1 1B E9 E9 D3 BF 41 0F 21 F0 AA 8D 95 B6 CD 91 90 DF 71 E7 72 96 9D 3F 18 B9 98 8C CE 15 45 99 83 FB BD 61 4E AD 63 36 71 86 5D BD A3 17 61 6F 31 57 A4 25 3D ED 24 6A 9E 94 E0 D8 67 F0 17 12 86 B7 4E 65 93 A6 BD 8A 2A 06 6B EC 0F DE E0 B5 9C A0 AF D5 A4 32 A2 70 75 A1 02 A9 7F 85 D9 39 38 80 BB 41 A6 0F A3 8D 1F F1 66 E0 04 B3 A2 88 03 8B A7 AF E1 A1 60 95 F6 CB 76 12 C8 51 83 1E 14 E2 0B B5 6C F1 4B 96 21 F9 DE AA B2 CD 71 B8 63

Signature Hits	Behavior Group	Mitre Attack
Installs new ROOT certificates	Persistence and Installation Behavior	Install Root Certificate
Stores large binary data to the registry	Hooking and other Techniques for Hiding and Protection	Modify Registry

Memdumps

Base Address

Regiontype

Protect

Malicious

C0008A6000

direct allocation

page read and write

C000588000

direct allocation

page read and write

C0005AC000

direct allocation

page read and write

C000858000

direct allocation

page read and write

C00049D000

direct allocation

page read and write

7FF722506000

unkown

page readonly

C000640000

direct allocation

page read and write

C000931000

direct allocation

page read and write

C0000B2000

direct allocation

page read and write

C0005BC000

direct allocation

page read and write

C000AE7000

direct allocation

page read and write

C0006A8000

direct allocation

page read and write

C00080A000

direct allocation

page read and write

C0010F0000

direct allocation

page read and write

C00037F000

direct allocation

page read and write

C000AC0000

direct allocation

page read and write

C000053000

direct allocation

page read and write

C0002A9000

direct allocation

page read and write

7FF7224EE000

unkown

page readonly

C0004E1000

direct allocation

page read and write

7FF7216E0000

unkown

page readonly

C000198000

direct allocation

page read and write

C000B50000

direct allocation

page read and write

C000520000

direct allocation

page read and write

C000462000

direct allocation

page read and write

C0001E6000

direct allocation

page read and write

C0010B0000

direct allocation

page read and write

C000164000

direct allocation

page read and write

7FF7216E1000

unkown

page execute read

C000247000

direct allocation

page read and write

C000098000

direct allocation

page read and write

C000008000

direct allocation

page read and write

C000156000

direct allocation

page read and write

C000404000

direct allocation

page read and write

C003216000

direct allocation

page read and write

C0007B0000

direct allocation

page read and write

C000620000

direct allocation

page read and write

C000267000

direct allocation

page read and write

C00073E000

direct allocation

page read and write

C00057C000

direct allocation

page read and write

C000311000

direct allocation

page read and write

7FF7224C9000

unkown

page readonly

C000066000

direct allocation

page read and write

C00006D000

direct allocation

page read and write

C000B62000

direct allocation

page read and write

C00052A000

direct allocation

page read and write

C0007B8000

direct allocation

page read and write

C000124000

direct allocation

page read and write

7FF7224D5000

unkown

page readonly

C00000A000

direct allocation

page read and write

C000B80000

direct allocation

page read and write

C003296000

direct allocation

page read and write

C0007A0000

direct allocation

page read and write

C001D00000

direct allocation

page read and write

C000245000

direct allocation

page read and write

C00035D000

direct allocation

page read and write

7FF72246C000

unkown

page readonly

C000170000

direct allocation

page read and write

C000892000

direct allocation

page read and write

C000770000

direct allocation

page read and write

C001050000

direct allocation

page read and write

C000395000

direct allocation

page read and write

C000235000

direct allocation

page read and write

C0000C2000

direct allocation

page read and write

C000B20000

direct allocation

page read and write

14927FF000

stack

page read and write

C0032C6000

direct allocation

page read and write

C001084000

direct allocation

page read and write

C000B62000

direct allocation

page read and write

C00092A000

direct allocation

page read and write

C0001A2000

direct allocation

page read and write

C0000B4000

direct allocation

page read and write

C000528000

direct allocation

page read and write

C000602000

direct allocation

page read and write

C000329000

direct allocation

page read and write

C000604000

direct allocation

page read and write

C000BA0000

direct allocation

page read and write

7FF7224AA000

unkown

page readonly

C000536000

direct allocation

page read and write

C000618000

direct allocation

page read and write

C000419000

direct allocation

page read and write

C0010BA000

direct allocation

page read and write

1491DFE000

stack

page read and write

C000A59000

direct allocation

page read and write

7FF721EF3000

unkown

page write copy

C0005C0000

direct allocation

page read and write

C000094000

direct allocation

page read and write

7FF7224EC000

unkown

page readonly

C00041B000

direct allocation

page read and write

7FF72249F000

unkown

page readonly

C0001C6000

direct allocation

page read and write

C000313000

direct allocation

page read and write

C00060A000

direct allocation

page read and write

C001030000

direct allocation

page read and write

7FF7224F3000

unkown

page readonly

C0002DF000

direct allocation

page read and write

C00009E000

direct allocation

page read and write

C000858000

direct allocation

page read and write

C0005CF000

direct allocation

page read and write

C0000FE000

direct allocation

page read and write

C00089B000

direct allocation

page read and write

7FF722488000

unkown

page readonly

C0003AF000

direct allocation

page read and write

C00034B000

direct allocation

page read and write

C00049B000

direct allocation

page read and write

C000900000

direct allocation

page read and write

C000010000

direct allocation

page read and write

C000610000

direct allocation

page read and write

7FF722AEC000

unkown

page readonly

C0007B8000

direct allocation

page read and write

C000168000

direct allocation

page read and write

C000710000

direct allocation

page read and write

7FF722479000

unkown

page readonly

C000122000

direct allocation

page read and write

14923FE000

stack

page read and write

C0001B6000

direct allocation

page read and write

C00057A000

direct allocation

page read and write

C000562000

direct allocation

page read and write

C0002F7000

direct allocation

page read and write

7FF722494000

unkown

page readonly

C0001E4000

direct allocation

page read and write

7FF7224CD000

unkown

page readonly

C00006F000

direct allocation

page read and write

7FF7224B8000

unkown

page readonly

C0006AC000

direct allocation

page read and write

C000B60000

direct allocation

page read and write

C00088C000

direct allocation

page read and write

C000144000

direct allocation

page read and write

C002700000

direct allocation

page read and write

C000673000

direct allocation

page read and write

7FF7224C6000

unkown

page readonly

C0007D6000

direct allocation

page read and write

C000AE0000

direct allocation

page read and write

C000497000

direct allocation

page read and write

C0002C3000

direct allocation

page read and write

C000720000

direct allocation

page read and write

C000B80000

direct allocation

page read and write

C00055A000

direct allocation

page read and write

C000650000

direct allocation

page read and write

C0003AD000

direct allocation

page read and write

7FF7224C2000

unkown

page readonly

7FF7224B5000

unkown

page readonly

C000289000

direct allocation

page read and write

C0007C0000

direct allocation

page read and write

C000AD0000

direct allocation

page read and write

C0032B6000

direct allocation

page read and write

C00069C000

direct allocation

page read and write

C00059C000

direct allocation

page read and write

C00010E000

direct allocation

page read and write

C003286000

direct allocation

page read and write

C001400000

direct allocation

page read and write

C0000C4000

direct allocation

page read and write

C000412000

direct allocation

page read and write

C000468000

direct allocation

page read and write

7FF72247B000

unkown

page readonly

C0006D0000

direct allocation

page read and write

C00033D000

direct allocation

page read and write

C000A34000

direct allocation

page read and write

C000720000

direct allocation

page read and write

C0001BA000

direct allocation

page read and write

C00026F000

direct allocation

page read and write

C0010E1000

direct allocation

page read and write

C003280000

direct allocation

page read and write

7FF7224AF000

unkown

page readonly

1491FFF000

stack

page read and write

1492DFF000

stack

page read and write

C000663000

direct allocation

page read and write

C0002B9000

direct allocation

page read and write

7FF722022000

unkown

page readonly

C000630000

direct allocation

page read and write

C000BE0000

direct allocation

page read and write

7FF72249A000

unkown

page readonly

C000114000

direct allocation

page read and write

C001000000

direct allocation

page read and write

C000341000

direct allocation

page read and write

C000740000

direct allocation

page read and write

C000730000

direct allocation

page read and write

C0010BC000

direct allocation

page read and write

C003246000

direct allocation

page read and write

C000B80000

direct allocation

page read and write

C0008F0000

direct allocation

page read and write

C00069E000

direct allocation

page read and write

C0000BE000

direct allocation

page read and write

C000315000

direct allocation

page read and write

C0001FF000

direct allocation

page read and write

C000ACA000

direct allocation

page read and write

7FF722424000

unkown

page readonly

C000004000

direct allocation

page read and write

C0001F9000

direct allocation

page read and write

C000B00000

direct allocation

page read and write

14921FF000

stack

page read and write

C00016C000

direct allocation

page read and write

C000AB1000

direct allocation

page read and write

180F32F4000

heap

page read and write

C00002C000

direct allocation

page read and write

C0007D6000

direct allocation

page read and write

C0006B8000

direct allocation

page read and write

7FF72247E000

unkown

page readonly

C0006F0000

direct allocation

page read and write

C001090000

direct allocation

page read and write

C000061000

direct allocation

page read and write

C00056D000

direct allocation

page read and write

C001080000

direct allocation

page read and write

C00060E000

direct allocation

page read and write

C00090C000

direct allocation

page read and write

C00007A000

direct allocation

page read and write

1492FFE000

stack

page read and write

C001C00000

direct allocation

page read and write

C0000EE000

direct allocation

page read and write

C0001AA000

direct allocation

page read and write

C000780000

direct allocation

page read and write

C00073E000

direct allocation

page read and write

C005A00000

direct allocation

page read and write

C000654000

direct allocation

page read and write

C0000D8000

direct allocation

page read and write

C000750000

direct allocation

page read and write

C000237000

direct allocation

page read and write

7FF722AD4000

unkown

page write copy

C0000D0000

direct allocation

page read and write

C0007F0000

direct allocation

page read and write

C000261000

direct allocation

page read and write

C003600000

direct allocation

page read and write

C000470000

direct allocation

page read and write

C000B90000

direct allocation

page read and write

C00024F000

direct allocation

page read and write

C000B10000

direct allocation

page read and write

C0001EE000

direct allocation

page read and write

7FF722462000

unkown

page readonly

C000580000

direct allocation

page read and write

C0010A2000

direct allocation

page read and write

C0005C0000

direct allocation

page read and write

C0004D2000

direct allocation

page read and write

C000AA1000

direct allocation

page read and write

C00013C000

direct allocation

page read and write

C000221000

direct allocation

page read and write

1491BFD000

stack

page read and write

C000251000

direct allocation

page read and write

C00069E000

direct allocation

page read and write

C000086000

direct allocation

page read and write

C003266000

direct allocation

page read and write

C000387000

direct allocation

page read and write

C000309000

direct allocation

page read and write

1492BFF000

stack

page read and write

C0006C0000

direct allocation

page read and write

C000482000

direct allocation

page read and write

C000073000

direct allocation

page read and write

C0010B7000

direct allocation

page read and write

C0005A4000

direct allocation

page read and write

C000499000

direct allocation

page read and write

C000415000

direct allocation

page read and write

C0010D0000

direct allocation

page read and write

C00023D000

direct allocation

page read and write

C000069000

direct allocation

page read and write

7FF7224D1000

unkown

page readonly

C000BF0000

direct allocation

page read and write

C0001D8000

direct allocation

page read and write

C000014000

direct allocation

page read and write

C0001E0000

direct allocation

page read and write

C00004A000

direct allocation

page read and write

C00052E000

direct allocation

page read and write

C0002FD000

direct allocation

page read and write

C00030F000

direct allocation

page read and write

C001020000

direct allocation

page read and write

C001040000

direct allocation

page read and write

C00038F000

direct allocation

page read and write

C000558000

direct allocation

page read and write

C00055B000

direct allocation

page read and write

C0005CF000

direct allocation

page read and write

C000002000

direct allocation

page read and write

C000800000

direct allocation

page read and write

C000064000

direct allocation

page read and write

C0032D6000

direct allocation

page read and write

C000071000

direct allocation

page read and write

7FF7224DC000

unkown

page readonly

C00060C000

direct allocation

page read and write

C004600000

direct allocation

page read and write

C00043C000

direct allocation

page read and write

C00100A000

direct allocation

page read and write

C001070000

direct allocation

page read and write

C000042000

direct allocation

page read and write

C0001CA000

direct allocation

page read and write

C0009A4000

direct allocation

page read and write

C003226000

direct allocation

page read and write

C000588000

direct allocation

page read and write

7FF721F9C000

unkown

page write copy

C000333000

direct allocation

page read and write

C000271000

direct allocation

page read and write

7FF72248F000

unkown

page readonly

C001010000

direct allocation

page read and write

C0002C5000

direct allocation

page read and write

7FF7224A4000

unkown

page readonly

C0009C2000

direct allocation

page read and write

C001060000

direct allocation

page read and write

C000000000

direct allocation

page read and write

C003270000

direct allocation

page read and write

7FF722467000

unkown

page readonly

C0000BC000

direct allocation

page read and write

C00005F000

direct allocation

page read and write

C000BB0000

direct allocation

page read and write

7FF7224A2000

unkown

page readonly

C000760000

direct allocation

page read and write

C0008E9000

direct allocation

page read and write

C00057E000

direct allocation

page read and write

C00014C000

direct allocation

page read and write

C000680000

direct allocation

page read and write

C000560000

direct allocation

page read and write

C000A4A000

direct allocation

page read and write

C0000CE000

direct allocation

page read and write

C000692000

direct allocation

page read and write

C0006E0000

direct allocation

page read and write

C003C00000

direct allocation

page read and write

C001000000

direct allocation

page read and write

C000690000

direct allocation

page read and write

C0002B3000

direct allocation

page read and write

C00053C000

direct allocation

page read and write

C000C00000

direct allocation

page read and write

C003256000

direct allocation

page read and write

14925FE000

stack

page read and write

C00028B000

direct allocation

page read and write

C000AF0000

direct allocation

page read and write

C000AA1000

direct allocation

page read and write

C0007D0000

direct allocation

page read and write

C00030B000

direct allocation

page read and write

C000400000

direct allocation

page read and write

C000B70000

direct allocation

page read and write

14929FC000

stack

page read and write

C00022F000

direct allocation

page read and write

C000486000

direct allocation

page read and write

C000229000

direct allocation

page read and write

C000417000

direct allocation

page read and write

C00034F000

direct allocation

page read and write

C000670000

direct allocation

page read and write

7FF7224EA000

unkown

page readonly

C000660000

direct allocation

page read and write

C000110000

direct allocation

page read and write

C0008DA000

direct allocation

page read and write

C000361000

direct allocation

page read and write

C000BC0000

direct allocation

page read and write

C003236000

direct allocation

page read and write

C000AB1000

direct allocation

page read and write

C0002E3000

direct allocation

page read and write

C000566000

direct allocation

page read and write

C0001C8000

direct allocation

page read and write

C0032A6000

direct allocation

page read and write

C000700000

direct allocation

page read and write

C0010C0000

direct allocation

page read and write

7FF722AD0000

unkown

page write copy

C0003B7000

direct allocation

page read and write

C003206000

direct allocation

page read and write

C000488000

direct allocation

page read and write

7FF7224D8000

unkown

page readonly

C000343000

direct allocation

page read and write

C002C00000

direct allocation

page read and write

C00035F000

direct allocation

page read and write

C000B30000

direct allocation

page read and write

C000B40000

direct allocation

page read and write

C000580000

direct allocation

page read and write

C000BD0000

direct allocation

page read and write

C0003A5000

direct allocation

page read and write

C000363000

direct allocation

page read and write

C005000000

direct allocation

page read and write

C000319000

direct allocation

page read and write

C0001A6000

direct allocation

page read and write

C00051C000

direct allocation

page read and write

C000494000

direct allocation

page read and write

C00061A000

direct allocation

page read and write

C000570000

direct allocation

page read and write

C00058C000

direct allocation

page read and write

C000616000

direct allocation

page read and write

C0007E0000

direct allocation

page read and write

C000790000

direct allocation

page read and write

There are 361 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
SecuriteInfo.com.Win64.Malware-gen.1057.9543.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportSecuriteInfo.com.Win64.Malware-gen.1057.9543.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
SecuriteInfo.com.Win64.Malware-gen.1057.9543.exe