Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

SecuriteInfo.com.Variant.Lazy.606094.29765.28609.exe

PE32+ executable (GUI) x86-64, for MS Windows

initial sample

Details

Filetype:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy:	6.562038049411947
Filename:	SecuriteInfo.com.Variant.Lazy.606094.29765.28609.exe
Filesize:	3981312
MD5:	b352a969814c63eb03f8771d0b61c763
SHA1:	fcd849e29f057f46766738c8cd4ce91a4c7e537e
SHA256:	1c4f4363a89bb180c36067da145fbc4086217bb5c55312dfa8605b127b3ac35a
SHA512:	9088be263ccc1523392fb862f4261a399a7e02a428ac1df0ee538b1aa9739dd59f442148f9a2939f0cf1f94cf8d67e56e86d402455ca20537c37497f3686800b
SSDEEP:	49152:MGtlqZnIU6i1VwASOXajGuSm3RT1NYz9wp2m0y7xLkWKO10CB1pDAsLmYMqI51qD:n+FGJhww/gWnjh3wzk
Preview:	MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$..........!...r...r...r..*r...r..Dr...r...s...r...s...r...s...r...s...r...s...r...s...r...s...r...r+..r...s...ro..sZ..r...r...r...s...

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Potentially malicious time measurement code found	Anti Debugging
Contains functionality for execution timing, often used to detect debuggers	Malware Analysis System Evasion, Anti Debugging	Security Software Discovery
Detected potential crypto function	System Summary	Archive Collected Data Encrypted Channel
PE file contains sections with non-standard names	Data Obfuscation
Contains functionality to query local / system time	Language, Device and Operating System Detection	System Time Discovery System Information Discovery
Creates files inside the user directory	System Summary	Masquerading
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion
PE file has an executable .text section and no other executable section	System Summary
Public key (encryption) found	Cryptography
Reads software policies	System Summary
Sample is known by Antivirus	System Summary
Sample might require command line arguments	System Summary
Tries to load missing DLLs	System Summary	DLL Side-Loading
URLs found in memory or binary data	Networking
PE file contains a valid data directory to section mapping	System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a mix of data directories often seen in goodware	System Summary	Security Software Discovery
PE file has a big raw section	System Summary
PE file has a big code size	System Summary
PE file has a high image base, often used for DLLs	System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Users\user\Desktop\log.bin

ASCII text, with CRLF line terminators

dropped

Details

File:	C:\Users\user\Desktop\log.bin
Category:	dropped
Dump:	log.bin.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.606094.29765.28609.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	4.9460400385293575
Encrypted:	false
Ssdeep:	3:Hcb2ME80LRgeXdTVcL4AQWgUjXUvmC4DrS90bXqyEAQe4fcvMLIq:HcczLRgIzcLNQkEvmROiJE1NcvMLIq
Size:	173
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Creates files inside the user directory	System Summary	Masquerading

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.606094.29765.28609.exe

"C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.606094.29765.28609.exe"

Details

Is windows:	false
Is dropped:	false
PID:	3136
Target ID:	0
Parent PID:	1028
Name:	SecuriteInfo.com.Variant.Lazy.606094.29765.28609.exe
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.606094.29765.28609.exe
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.606094.29765.28609.exe"
Size:	3981312
MD5:	B352A969814C63EB03F8771D0B61C763
Time:	01:23:02
Date:	23/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff6c2cb0000
Modulesize:	15605760
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
PE file contains sections with non-standard names	Data Obfuscation
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
URLs found in memory or binary data	Networking
PE file contains a valid data directory to section mapping	System Summary
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a mix of data directories often seen in goodware	System Summary
PE file has a big raw section	System Summary
PE file has a big code size	System Summary
PE file has a high image base, often used for DLLs	System Summary
Submission file is bigger than most known malware samples	System Summary

URLs

Name

Malicious

https://curl.se/docs/hsts.html

unknown

http://154.53.160.19/ActiveState/

unknown

https://curl.se/docs/alt-svc.html

unknown

https://curl.se/docs/http-cookies.html

unknown

Memdumps

Base Address

Regiontype

Protect

Malicious

7FF6C2CB1000

unkown

page execute read

7FF6C3B64000

unkown

page readonly

19EDF9D5000

heap

page read and write

19EDF9C7000

heap

page read and write

19EDF9D5000

heap

page read and write

7FF6C304A000

unkown

page read and write

7FF6C2CB1000

unkown

page execute read

7FF6C2F69000

unkown

page readonly

19EDFBE0000

heap

page read and write

19EDF9C4000

heap

page read and write

19EDF9AC000

heap

page read and write

19EDF9DC000

heap

page read and write

19EDF9D0000

heap

page read and write

7FF6C304A000

unkown

page write copy

7FF6C2CB0000

unkown

page readonly

7FF6C3050000

unkown

page write copy

19EDF9CA000

heap

page read and write

19EDF9CF000

heap

page read and write

19EDF920000

heap

page read and write

19EDF9D6000

heap

page read and write

19EDF940000

heap

page read and write

19EDF9D2000

heap

page read and write

7FF6C3051000

unkown

page read and write

7FF6C3B61000

unkown

page read and write

19EDF9C5000

heap

page read and write

7FF6C3B64000

unkown

page readonly

19EDF9D5000

heap

page read and write

7FF6C2F69000

unkown

page readonly

19EDF9CA000

heap

page read and write

19EDF9CB000

heap

page read and write

7FF6C3B87000

unkown

page readonly

19EDF9DE000

heap

page read and write

17651FE000

stack

page read and write

17650FC000

stack

page read and write

19EDF9A0000

heap

page read and write

19EDF9A6000

heap

page read and write

19EDF910000

heap

page read and write

17652FE000

stack

page read and write

7FF6C2CB0000

unkown

page readonly

19EDF9C8000

heap

page read and write

7FF6C3B87000

unkown

page readonly

There are 31 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
SecuriteInfo.com.Variant.Lazy.606094.29765.28609.exe

Files

Processes

URLs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportSecuriteInfo.com.Variant.Lazy.606094.29765.28609.exe

Files

Processes

URLs

Memdumps

IOC Report
SecuriteInfo.com.Variant.Lazy.606094.29765.28609.exe