Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\Purchase Order For Linear Actuator.exe

"C:\Users\user\Desktop\Purchase Order For Linear Actuator.exe"

Details

Is windows:	false
Is dropped:	false
PID:	2276
Target ID:	0
Parent PID:	4004
Name:	Purchase Order For Linear Actuator.exe
Path:	C:\Users\user\Desktop\Purchase Order For Linear Actuator.exe
Commandline:	"C:\Users\user\Desktop\Purchase Order For Linear Actuator.exe"
Size:	3677748
MD5:	D976A78B2D4808B87477685A86D5A876
Time:	17:54:57
Date:	22/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x250ca730000
Modulesize:	245760
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Yara detected AgentTesla	Stealing of Sensitive Information, Remote Access Functionality
Yara detected AntiVM3	Malware Analysis System Evasion
Yara detected UAC Bypass using CMSTP	Exploits
Adds a directory exclusion to Windows Defender	HIPS / PFW / Operating System Protection Evasion	Disable or Modify Tools
Initial sample is a PE file and has a suspicious name	System Summary
Machine Learning detection for sample	AV Detection
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet	System Summary
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
PE file does not import any functions	System Summary
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Sigma detected: Powershell Defender Exclusion	System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
Sigma detected: Non Interactive PowerShell Process Spawned	System Summary
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Purchase Order For Linear Actuator.exe" -Force

Details

Is windows:	true
Is dropped:	false
PID:	6008
Target ID:	2
Parent PID:	2276
Name:	powershell.exe
Class:	powershell
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Purchase Order For Linear Actuator.exe" -Force
Size:	452608
MD5:	04029E121A0CFA5991749937DD22A1D9
Time:	17:54:59
Date:	22/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff6e3d50000
Modulesize:	462848
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Adds a directory exclusion to Windows Defender	HIPS / PFW / Operating System Protection Evasion	Disable or Modify Tools
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet	System Summary
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Sigma detected: Powershell Defender Exclusion	System Summary
Sigma detected: Non Interactive PowerShell Process Spawned	System Summary
Spawns processes	System Summary	Process Injection

C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\installutil.exe"

Details

Is windows:	true
Is dropped:	false
PID:	1132
Target ID:	4
Parent PID:	2276
Name:	InstallUtil.exe
Class:	system-tools
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\installutil.exe"
Size:	42064
MD5:	5D4073B2EB6D217C19F2B22F21BF8D57
Time:	17:54:59
Date:	22/10/2024
Reason:	newprocess
Reputation:	moderate
Is admin:	true
Is elevated:	true
Modulebase:	0xd40000
Modulesize:	49152
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Yara detected AgentTesla	Stealing of Sensitive Information, Remote Access Functionality
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sigma detected: Suspicious Outbound SMTP Connections	System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
Spawns processes	System Summary	Process Injection

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	3648
Target ID:	3
Parent PID:	6008
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	17:54:59
Date:	22/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff66e660000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\System32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2276 -s 1256

Details

Is windows:	true
Is dropped:	false
PID:	5676
Target ID:	7
Parent PID:	2276
Name:	WerFault.exe
Path:	C:\Windows\System32\WerFault.exe
Commandline:	C:\Windows\system32\WerFault.exe -u -p 2276 -s 1256
Size:	570736
MD5:	FD27D9F6D02763BDE32511B5DF7FF7A0
Time:	17:55:00
Date:	22/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7b6b30000
Modulesize:	581632
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
One or more processes crash	System Summary
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://api.ipify.org/

104.26.13.205

Details

Name:	https://api.ipify.org/
IP:	104.26.13.205
TargetID:	4
From Memory:	false
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
Source:	network

Signature Hits	Behavior Group	Mitre Attack
IP address seen in connection with other malware	Networking
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

https://api.ipify.org

unknown

Details

Name:	https://api.ipify.org
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\Purchase Order For Linear Actuator.exe
Source:	Purchase Order For Linear Actuator.exe, 00000000.00000002.2192633166.00000250DDC00000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4594266186.0000000003141000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4592709113.0000000000402000.00000040.00000400.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

http://upx.sf.net

unknown

https://account.dyn.com/

unknown

Details

Name:	https://account.dyn.com/
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\Purchase Order For Linear Actuator.exe
Source:	Purchase Order For Linear Actuator.exe, 00000000.00000002.2192633166.00000250DDC00000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.4592709113.0000000000402000.00000040.00000400.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

https://api.ipify.org/t

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

unknown

http://mail.iaa-airferight.com

unknown

Domains

Name

Malicious

mail.iaa-airferight.com

46.175.148.58

Details

Name:	mail.iaa-airferight.com
IP:	46.175.148.58
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Sigma detected: Suspicious Outbound SMTP Connections	System Summary
Uses SMTP (mail sending)	Networking	Application Layer Protocol
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

api.ipify.org

104.26.13.205

Details

Name:	api.ipify.org
IP:	104.26.13.205
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
May check the online IP address of the machine	Networking	System Network Configuration Discovery
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

IPs

Domain

Country

Malicious

46.175.148.58

mail.iaa-airferight.com

Ukraine

Details

IP:	46.175.148.58
TargetID:	4
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
Country:	Ukraine
Countrycode:	UKR
ASN number:	56394
ASN name:	ASLAGIDKOM-NETUA
Private:	false
Domain:	mail.iaa-airferight.com

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Suspicious Outbound SMTP Connections	System Summary
Uses SMTP (mail sending)	Networking	Application Layer Protocol

104.26.13.205

api.ipify.org

United States

Details

IP:	104.26.13.205
TargetID:	4
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	api.ipify.org

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

Registry

Path

Value

Malicious

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

EnableLUA

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance

Enabled

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\installutil_RASAPI32

EnableFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\installutil_RASAPI32

EnableAutoFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\installutil_RASAPI32

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\installutil_RASAPI32

FileTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\installutil_RASAPI32

ConsoleTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\installutil_RASAPI32

MaxFileSize

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\installutil_RASAPI32

FileDirectory

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\installutil_RASMANCS

EnableFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\installutil_RASMANCS

EnableAutoFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\installutil_RASMANCS

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\installutil_RASMANCS

FileTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\installutil_RASMANCS

ConsoleTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\installutil_RASMANCS

MaxFileSize

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\installutil_RASMANCS

FileDirectory

\REGISTRY\A\{001c9bcd-5e1d-ad90-0f12-7cb3f8a22a52}\Root\InventoryApplicationFile\purchase order f|69b7f2312ec92352

ProgramId

\REGISTRY\A\{001c9bcd-5e1d-ad90-0f12-7cb3f8a22a52}\Root\InventoryApplicationFile\purchase order f|69b7f2312ec92352

FileId

\REGISTRY\A\{001c9bcd-5e1d-ad90-0f12-7cb3f8a22a52}\Root\InventoryApplicationFile\purchase order f|69b7f2312ec92352

LowerCaseLongPath

\REGISTRY\A\{001c9bcd-5e1d-ad90-0f12-7cb3f8a22a52}\Root\InventoryApplicationFile\purchase order f|69b7f2312ec92352

LongPathHash

\REGISTRY\A\{001c9bcd-5e1d-ad90-0f12-7cb3f8a22a52}\Root\InventoryApplicationFile\purchase order f|69b7f2312ec92352

Name

\REGISTRY\A\{001c9bcd-5e1d-ad90-0f12-7cb3f8a22a52}\Root\InventoryApplicationFile\purchase order f|69b7f2312ec92352

OriginalFileName

\REGISTRY\A\{001c9bcd-5e1d-ad90-0f12-7cb3f8a22a52}\Root\InventoryApplicationFile\purchase order f|69b7f2312ec92352

Publisher

\REGISTRY\A\{001c9bcd-5e1d-ad90-0f12-7cb3f8a22a52}\Root\InventoryApplicationFile\purchase order f|69b7f2312ec92352

Version

\REGISTRY\A\{001c9bcd-5e1d-ad90-0f12-7cb3f8a22a52}\Root\InventoryApplicationFile\purchase order f|69b7f2312ec92352

BinFileVersion

\REGISTRY\A\{001c9bcd-5e1d-ad90-0f12-7cb3f8a22a52}\Root\InventoryApplicationFile\purchase order f|69b7f2312ec92352

BinaryType

\REGISTRY\A\{001c9bcd-5e1d-ad90-0f12-7cb3f8a22a52}\Root\InventoryApplicationFile\purchase order f|69b7f2312ec92352

ProductName

\REGISTRY\A\{001c9bcd-5e1d-ad90-0f12-7cb3f8a22a52}\Root\InventoryApplicationFile\purchase order f|69b7f2312ec92352

ProductVersion

\REGISTRY\A\{001c9bcd-5e1d-ad90-0f12-7cb3f8a22a52}\Root\InventoryApplicationFile\purchase order f|69b7f2312ec92352

LinkDate

\REGISTRY\A\{001c9bcd-5e1d-ad90-0f12-7cb3f8a22a52}\Root\InventoryApplicationFile\purchase order f|69b7f2312ec92352

BinProductVersion

\REGISTRY\A\{001c9bcd-5e1d-ad90-0f12-7cb3f8a22a52}\Root\InventoryApplicationFile\purchase order f|69b7f2312ec92352

AppxPackageFullName

\REGISTRY\A\{001c9bcd-5e1d-ad90-0f12-7cb3f8a22a52}\Root\InventoryApplicationFile\purchase order f|69b7f2312ec92352

AppxPackageRelativeId

\REGISTRY\A\{001c9bcd-5e1d-ad90-0f12-7cb3f8a22a52}\Root\InventoryApplicationFile\purchase order f|69b7f2312ec92352

Size

\REGISTRY\A\{001c9bcd-5e1d-ad90-0f12-7cb3f8a22a52}\Root\InventoryApplicationFile\purchase order f|69b7f2312ec92352

Language

\REGISTRY\A\{001c9bcd-5e1d-ad90-0f12-7cb3f8a22a52}\Root\InventoryApplicationFile\purchase order f|69b7f2312ec92352

Usn

HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}

DeviceTicket

HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}

DeviceId

HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}

ApplicationFlags

HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property

0018000DDABBE6B3

There are 30 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

250DDC00000

trusted library allocation

page read and write

31BC000

trusted library allocation

page read and write

250CC379000

trusted library allocation

page read and write

402000

remote allocation

page execute and read and write

3191000

trusted library allocation

page read and write

2F98000

trusted library allocation

page read and write

31C4000

trusted library allocation

page read and write

1357000

heap

page read and write

2DE2000

trusted library allocation

page read and write

67BF000

stack

page read and write

317F000

trusted library allocation

page read and write

7FFD344B0000

trusted library allocation

page read and write

2F60000

trusted library allocation

page execute and read and write

161F000

stack

page read and write

BA60EF3000

stack

page read and write

6EFB000

trusted library allocation

page read and write

30C6000

trusted library allocation

page read and write

250CA732000

unkown

page readonly

250CA9B0000

trusted library allocation

page read and write

7FFD343D0000

trusted library allocation

page execute and read and write

250CAA04000

heap

page read and write

250CAA37000

heap

page read and write

1265000

heap

page read and write

BA613FD000

stack

page read and write

2DE0000

trusted library allocation

page read and write

6B77000

trusted library allocation

page read and write

2F5F000

stack

page read and write

7FFD3432D000

trusted library allocation

page execute and read and write

6D2E000

stack

page read and write

31B8000

trusted library allocation

page read and write

250E4E30000

heap

page read and write

7FFD34312000

trusted library allocation

page read and write

7FFD34510000

trusted library allocation

page read and write

2DCD000

trusted library allocation

page execute and read and write

2DF5000

trusted library allocation

page execute and read and write

BA610FE000

stack

page read and write

6EF0000

trusted library allocation

page read and write

250CA9A0000

heap

page read and write

2F80000

heap

page read and write

13B9000

heap

page read and write

6F00000

trusted library allocation

page execute and read and write

7FFD344D0000

trusted library allocation

page read and write

30AB000

trusted library allocation

page read and write

13F7000

heap

page read and write

250CAB20000

trusted library section

page read and write

41A9000

trusted library allocation

page read and write

1320000

heap

page read and write

7FFD3433B000

trusted library allocation

page execute and read and write

6F40000

trusted library allocation

page execute and read and write

3141000

trusted library allocation

page read and write

6A9E000

stack

page read and write

31CA000

trusted library allocation

page read and write

250CABB0000

heap

page read and write

250CC361000

trusted library allocation

page read and write

250CA970000

trusted library allocation

page read and write

68FE000

stack

page read and write

6B80000

trusted library allocation

page read and write

30AE000

trusted library allocation

page read and write

250CA8F0000

heap

page read and write

7FFD34313000

trusted library allocation

page execute and read and write

6A40000

trusted library allocation

page read and write

3130000

heap

page execute and read and write

250CC3A8000

trusted library allocation

page read and write

7FFD344C4000

trusted library allocation

page read and write

250CA9B3000

trusted library allocation

page read and write

7FFD344C9000

trusted library allocation

page read and write

250DC367000

trusted library allocation

page read and write

7FBB0000

trusted library allocation

page execute and read and write

7FFD34330000

trusted library allocation

page read and write

1277000

heap

page read and write

7FFD3436C000

trusted library allocation

page execute and read and write

7FFD344F0000

trusted library allocation

page read and write

250CAA07000

heap

page read and write

523E000

stack

page read and write

2DFB000

trusted library allocation

page execute and read and write

6DAE000

stack

page read and write

250E4C70000

heap

page read and write

30C1000

trusted library allocation

page read and write

5690000

heap

page read and write

6EEE000

stack

page read and write

250CA965000

heap

page read and write

250CA730000

unkown

page readonly

7FFD34500000

trusted library allocation

page execute and read and write

7FFD34314000

trusted library allocation

page read and write

250CA9EE000

heap

page read and write

2F70000

trusted library allocation

page read and write

1355000

heap

page read and write

2DC3000

trusted library allocation

page execute and read and write

250CC443000

trusted library allocation

page read and write

7FF479D70000

trusted library allocation

page execute and read and write

250CA7F0000

heap

page read and write

BA614FD000

stack

page read and write

7FFD343F6000

trusted library allocation

page execute and read and write

250CA9CC000

heap

page read and write

31BA000

trusted library allocation

page read and write

250CAA3C000

heap

page read and write

7FFD344E0000

trusted library allocation

page read and write

12CE000

stack

page read and write

6A4D000

trusted library allocation

page read and write

250CC427000

trusted library allocation

page read and write

BA60FFE000

stack

page read and write

6A3E000

stack

page read and write

250CA9C0000

heap

page read and write

30F0000

trusted library allocation

page read and write

7FFD343CC000

trusted library allocation

page execute and read and write

151D000

stack

page read and write

7FFD3433D000

trusted library allocation

page execute and read and write

2DDD000

trusted library allocation

page execute and read and write

7FFD343C0000

trusted library allocation

page read and write

318D000

trusted library allocation

page read and write

5680000

heap

page read and write

7FFD34310000

trusted library allocation

page read and write

13DF000

heap

page read and write

4141000

trusted library allocation

page read and write

250E4C60000

heap

page execute and read and write

1328000

heap

page read and write

2DF0000

trusted library allocation

page read and write

7FFD34320000

trusted library allocation

page read and write

31D0000

trusted library allocation

page read and write

5C30000

trusted library allocation

page read and write

306C000

stack

page read and write

56A0000

heap

page read and write

7FFD34521000

trusted library allocation

page read and write

12F0000

heap

page read and write

BA611FE000

stack

page read and write

1310000

trusted library allocation

page read and write

2DD0000

trusted library allocation

page read and write

5694000

heap

page read and write

250CAA32000

heap

page read and write

250E4CE2000

heap

page read and write

64D3000

heap

page read and write

BA616FF000

stack

page read and write

BA61AFD000

stack

page read and write

6A50000

trusted library allocation

page read and write

6F50000

heap

page read and write

30CD000

trusted library allocation

page read and write

6A57000

trusted library allocation

page read and write

BA61CFB000

stack

page read and write

10F9000

stack

page read and write

7FFD34430000

trusted library allocation

page execute and read and write

250CA9A8000

heap

page read and write

125E000

stack

page read and write

250CA910000

heap

page read and write

2DE6000

trusted library allocation

page execute and read and write

5C40000

trusted library allocation

page execute and read and write

250CAB10000

heap

page execute and read and write

6440000

heap

page read and write

250E4D03000

heap

page read and write

30BE000

trusted library allocation

page read and write

250CA960000

heap

page read and write

3176000

trusted library allocation

page read and write

7FFD34334000

trusted library allocation

page read and write

2DEA000

trusted library allocation

page execute and read and write

66BD000

stack

page read and write

134A000

heap

page read and write

250CAAA4000

heap

page read and write

250CC4EA000

trusted library allocation

page read and write

250CAA90000

heap

page read and write

6B70000

trusted library allocation

page read and write

5630000

heap

page execute and read and write

BA617FE000

stack

page read and write

30B2000

trusted library allocation

page read and write

64DE000

heap

page read and write

BA612FE000

stack

page read and write

250CAA30000

heap

page read and write

7FFD34322000

trusted library allocation

page read and write

6DEE000

stack

page read and write

3090000

trusted library allocation

page read and write

55BC000

stack

page read and write

693E000

stack

page read and write

2DF2000

trusted library allocation

page read and write

6F30000

trusted library allocation

page read and write

30E0000

trusted library allocation

page read and write

6B2E000

stack

page read and write

31B6000

trusted library allocation

page read and write

589C000

stack

page read and write

67FE000

stack

page read and write

1260000

heap

page read and write

31D4000

trusted library allocation

page read and write

7FFD3431D000

trusted library allocation

page execute and read and write

250CC431000

trusted library allocation

page read and write

6D6E000

stack

page read and write

BA615FE000

stack

page read and write

1280000

heap

page read and write

4169000

trusted library allocation

page read and write

250CABB5000

heap

page read and write

400000

remote allocation

page execute and read and write

7FFD34516000

trusted library allocation

page read and write

250CA990000

trusted library allocation

page read and write

72D0000

heap

page read and write

7FFD344FC000

trusted library allocation

page read and write

30A0000

trusted library allocation

page read and write

250E4390000

trusted library allocation

page read and write

5C38000

trusted library allocation

page read and write

2DC4000

trusted library allocation

page read and write

DD9000

stack

page read and write

6B6E000

stack

page read and write

1270000

heap

page read and write

1414000

heap

page read and write

2DC0000

trusted library allocation

page read and write

250DC361000

trusted library allocation

page read and write

250CA8D0000

heap

page read and write

7FFD344C0000

trusted library allocation

page read and write

2E5E000

stack

page read and write

2DF7000

trusted library allocation

page execute and read and write

3070000

heap

page read and write

2E10000

trusted library allocation

page read and write

BA61BFE000

stack

page read and write

7FFD343C6000

trusted library allocation

page read and write

250E4BF0000

heap

page read and write

1140000

heap

page read and write

There are 201 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
Purchase Order For Linear Actuator.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportPurchase Order For Linear Actuator.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
Purchase Order For Linear Actuator.exe