Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.618554.7337.5785.exe

"C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.618554.7337.5785.exe"

Details

Is windows:	false
Is dropped:	false
PID:	5824
Target ID:	0
Parent PID:	1028
Name:	SecuriteInfo.com.Variant.Lazy.618554.7337.5785.exe
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.618554.7337.5785.exe
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.618554.7337.5785.exe"
Size:	12867416
MD5:	4213B2AA13A965E52E3E2F4B2CA37211
Time:	16:21:06
Date:	24/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x300000
Modulesize:	12873728
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
URLs found in memory or binary data	Networking
PE file contains a valid data directory to section mapping	System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a mix of data directories often seen in goodware	System Summary
PE file has a big raw section	System Summary
PE / OLE file has a valid certificate	Compliance, System Summary
PE file has a big code size	System Summary
Submission file is bigger than most known malware samples	System Summary

URLs

Name

Malicious

https://curl.se/docs/hsts.html

unknown

https://gamesfileapp.com/455474F642F2D352/93243153651/53446B44EFA2F130/72980820451?33FCE66818B56E8D1729808204

172.67.68.136

Details

Name:	https://gamesfileapp.com/455474F642F2D352/93243153651/53446B44EFA2F130/72980820451?33FCE66818B56E8D1729808204
IP:	172.67.68.136
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.618554.7337.5785.exe
Source:	network

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

https://curl.se/docs/alt-svc.html

unknown

https://curl.se/docs/http-cookies.html

unknown

https://gamesfileapp.com/455474F642F2D352/93243153651/53446B44EFA2F130/72980820451?33FCE66818B56E8D1

unknown

Details

Name:	https://gamesfileapp.com/455474F642F2D352/93243153651/53446B44EFA2F130/72980820451?33FCE66818B56E8D1
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.618554.7337.5785.exe
Source:	SecuriteInfo.com.Variant.Lazy.618554.7337.5785.exe, 00000000.00000002.2101416372.000000000148E000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Domains

Name

Malicious

gamesfileapp.com

172.67.68.136

Details

Name:	gamesfileapp.com
IP:	172.67.68.136
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

IPs

Domain

Country

Malicious

172.67.68.136

gamesfileapp.com

United States

Details

IP:	172.67.68.136
TargetID:	0
Current Path:	C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.618554.7337.5785.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	gamesfileapp.com

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

127.0.0.1

unknown

Memdumps

Base Address

Regiontype

Protect

Malicious

F1F000

unkown

page readonly

12F7000

stack

page read and write

77C1000

heap

page read and write

77C7000

heap

page read and write

16BE000

stack

page read and write

14F0000

heap

page read and write

1940000

heap

page read and write

52DE000

stack

page read and write

D01000

unkown

page execute read

79D0000

trusted library allocation

page read and write

17BF000

stack

page read and write

EB9000

unkown

page readonly

79E0000

trusted library allocation

page read and write

6AB2000

trusted library allocation

page read and write

5550000

heap

page read and write

3148000

heap

page read and write

14D8000

heap

page read and write

7690000

trusted library allocation

page read and write

14D1000

heap

page read and write

313E000

heap

page read and write

14D4000

heap

page read and write

3147000

heap

page read and write

14E4000

heap

page read and write

3138000

heap

page read and write

17D0000

heap

page read and write

1350000

heap

page read and write

312B000

heap

page read and write

3230000

heap

page read and write

14B0000

heap

page read and write

14E2000

heap

page read and write

3147000

heap

page read and write

7790000

heap

page read and write

1515000

heap

page read and write

3147000

heap

page read and write

3100000

heap

page read and write

F10000

unkown

page readonly

14DC000

heap

page read and write

3145000

heap

page read and write

D01000

unkown

page execute read

167E000

stack

page read and write

14D8000

heap

page read and write

78CC000

stack

page read and write

76B0000

trusted library allocation

page read and write

1900000

heap

page read and write

14BF000

heap

page read and write

3144000

heap

page read and write

3122000

heap

page read and write

3145000

heap

page read and write

314B000

heap

page read and write

3146000

heap

page read and write

310B000

heap

page read and write

3133000

heap

page read and write

7FB62000

trusted library allocation

page execute read

312B000

heap

page read and write

1578000

heap

page read and write

313E000

heap

page read and write

313E000

heap

page read and write

3142000

heap

page read and write

14B0000

heap

page read and write

1910000

remote allocation

page read and write

1910000

remote allocation

page read and write

312C000

heap

page read and write

14C0000

heap

page read and write

148E000

heap

page read and write

EB9000

unkown

page readonly

7690000

trusted library allocation

page read and write

1430000

heap

page read and write

FD8000

stack

page read and write

310D000

heap

page read and write

3144000

heap

page read and write

F0C000

unkown

page write copy

F1F000

unkown

page readonly

3155000

heap

page read and write

14AB000

heap

page read and write

3144000

heap

page read and write

F10000

unkown

page readonly

1480000

heap

page read and write

14CD000

heap

page read and write

311F000

heap

page read and write

1512000

heap

page read and write

3149000

heap

page read and write

3155000

heap

page read and write

3150000

heap

page read and write

3100000

heap

page read and write

14DA000

heap

page read and write

315A000

heap

page read and write

14BF000

heap

page read and write

30F0000

heap

page read and write

3146000

heap

page read and write

3122000

heap

page read and write

3154000

heap

page read and write

14DC000

heap

page read and write

1563000

heap

page read and write

7FB60000

trusted library allocation

page execute read

301000

unkown

page execute read

3147000

heap

page read and write

3147000

heap

page read and write

3234000

heap

page read and write

301000

unkown

page execute read

148A000

heap

page read and write

3133000

heap

page read and write

1567000

heap

page read and write

1910000

remote allocation

page read and write

313E000

heap

page read and write

14AC000

heap

page read and write

7FB64000

trusted library allocation

page execute read

76A0000

trusted library allocation

page read and write

14BE000

heap

page read and write

301000

unkown

page execute read

79F0000

trusted library allocation

page read and write

147D000

stack

page read and write

314B000

heap

page read and write

14C8000

heap

page read and write

1320000

heap

page read and write

79CE000

stack

page read and write

155E000

heap

page read and write

300000

unkown

page readonly

300000

unkown

page readonly

157C000

heap

page read and write

53DD000

stack

page read and write

155C000

heap

page read and write

3133000

heap

page read and write

3134000

heap

page read and write

14A6000

heap

page read and write

14EB000

heap

page read and write

F0C000

unkown

page read and write

194A000

heap

page read and write

150C000

heap

page read and write

312B000

heap

page read and write

310D000

heap

page read and write

14FC000

heap

page read and write

310B000

heap

page read and write

311F000

heap

page read and write

14DC000

heap

page read and write

There are 124 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
SecuriteInfo.com.Variant.Lazy.618554.7337.5785.exe

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportSecuriteInfo.com.Variant.Lazy.618554.7337.5785.exe

Processes

URLs

Domains

IPs

Memdumps

IOC Report
SecuriteInfo.com.Variant.Lazy.618554.7337.5785.exe