Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\file.exe

"C:\Users\user\Desktop\file.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7328
Target ID:	0
Parent PID:	4056
Name:	file.exe
Path:	C:\Users\user\Desktop\file.exe
Commandline:	"C:\Users\user\Desktop\file.exe"
Size:	2185728
MD5:	6FB5F961B07CC3D84BE8823133C05C50
Time:	02:18:23
Date:	28/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xe10000
Modulesize:	7659520
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Detected unpacking (changes PE section rights)	Data Obfuscation	Software Packing
Multi AV Scanner detection for submitted file	AV Detection
Yara detected Powershell download and execute	HIPS / PFW / Operating System Protection Evasion
Yara detected Stealc	Stealing of Sensitive Information, Remote Access Functionality
Machine Learning detection for sample	AV Detection
PE file contains section with special chars	System Summary
PE file contains an invalid checksum	Data Obfuscation
PE file contains sections with non-standard names	Data Obfuscation
Uses 32bit PE files	Compliance, System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011)	System Summary	Software Packing
PE file has a high occurrence of arithmetic instructions at the PE entrypoint (possbibily packed)	System Summary	Obfuscated Files or Information
Sample is known by Antivirus	System Summary
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
Binary contains paths to debug symbols	Compliance, System Summary
PE file has a big raw section	System Summary
Submission file is bigger than most known malware samples	System Summary

URLs

Name

Malicious

http://185.215.113.206/6c4adf523b719729.php

185.215.113.206

http://185.215.113.206/

185.215.113.206

http://185.215.113.206

unknown

http://185.215.113.206/6c4adf523b719729.php=6u2

unknown

http://185.215.113.206/6c4adf523b719729.php~

unknown

http://185.215.113.206/6c4adf523b719729.phpl

unknown

http://185.215.113.206/6c4adf523b719729.php//

unknown

http://185.215.113.206/6c4adf523b719729.phpU5

unknown

https://docs.rs/getrandom#nodejs-es-module-support

unknown

http://185.215.113.206/6c4adf523b719729.phpq5

unknown

http://185.215.113.206/6c4adf523b719729.phpI5

unknown

http://185.215.113.206/&

unknown

http://185.215.113.206RG

unknown

There are 3 hidden URLs, click here to show them.

IPs

Domain

Country

Malicious

185.215.113.206

unknown

Portugal

Details

IP:	185.215.113.206
TargetID:	0
Current Path:	C:\Users\user\Desktop\file.exe
Country:	Portugal
Countrycode:	PRT
ASN number:	206894
ASN name:	WHOLESALECONNECTIONSNL
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
HTTP GET or POST without a user agent	Networking
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

1A6E000

heap

page read and write

5670000

direct allocation

page read and write

E11000

unkown

page execute and read and write

1730000

heap

page read and write

51E1000

heap

page read and write

155B000

unkown

page execute and write copy

F7E000

unkown

page execute and read and write

51E1000

heap

page read and write

1A50000

direct allocation

page read and write

1A50000

direct allocation

page read and write

51E1000

heap

page read and write

42BF000

stack

page read and write

507F000

stack

page read and write

51E1000

heap

page read and write

51E1000

heap

page read and write

1DAED000

stack

page read and write

1A50000

direct allocation

page read and write

51E1000

heap

page read and write

18C5000

heap

page read and write

51E1000

heap

page read and write

377F000

stack

page read and write

51E1000

heap

page read and write

51E1000

heap

page read and write

5820000

direct allocation

page execute and read and write

1ACA000

heap

page read and write

51E7000

heap

page read and write

51E1000

heap

page read and write

1DCCE000

stack

page read and write

51E1000

heap

page read and write

19CF000

stack

page read and write

16DE000

stack

page read and write

51E1000

heap

page read and write

367E000

stack

page read and write

51E1000

heap

page read and write

13AF000

unkown

page execute and read and write

467F000

stack

page read and write

57F0000

direct allocation

page execute and read and write

51E1000

heap

page read and write

51E1000

heap

page read and write

51E1000

heap

page read and write

4B7F000

stack

page read and write

1D5FD000

stack

page read and write

4A7E000

stack

page read and write

1A50000

direct allocation

page read and write

1A50000

direct allocation

page read and write

57F0000

direct allocation

page execute and read and write

1DDD0000

heap

page read and write

51E1000

heap

page read and write

18B7000

heap

page read and write

18BB000

heap

page read and write

51E1000

heap

page read and write

493E000

stack

page read and write

51E1000

heap

page read and write

1FEE000

stack

page read and write

10FA000

unkown

page execute and read and write

453F000

stack

page read and write

1D9AF000

stack

page read and write

5800000

direct allocation

page execute and read and write

13B0000

unkown

page execute and write copy

3A3E000

stack

page read and write

1A6A000

heap

page read and write

38BF000

stack

page read and write

51E1000

heap

page read and write

51E1000

heap

page read and write

51E1000

heap

page read and write

1A4E000

stack

page read and write

457E000

stack

page read and write

51E1000

heap

page read and write

39FF000

stack

page read and write

51BF000

stack

page read and write

51E1000

heap

page read and write

51E1000

heap

page read and write

13AF000

unkown

page execute and write copy

38FE000

stack

page read and write

5670000

direct allocation

page read and write

41BE000

stack

page read and write

51E1000

heap

page read and write

51E1000

heap

page read and write

1D6FE000

stack

page read and write

3EFF000

stack

page read and write

3DFE000

stack

page read and write

51E1000

heap

page read and write

1A50000

direct allocation

page read and write

51E1000

heap

page read and write

51E1000

heap

page read and write

51E1000

heap

page read and write

51E1000

heap

page read and write

5670000

direct allocation

page read and write

57C0000

direct allocation

page execute and read and write

51E1000

heap

page read and write

417F000

stack

page read and write

1AE0000

heap

page read and write

1D83F000

stack

page read and write

4A3F000

stack

page read and write

51E1000

heap

page read and write

51E1000

heap

page read and write

1A60000

heap

page read and write

4CFE000

stack

page read and write

1D9EE000

stack

page read and write

1A0E000

stack

page read and write

51E1000

heap

page read and write

3F3E000

stack

page read and write

56AE000

stack

page read and write

353B000

stack

page read and write

51E1000

heap

page read and write

51E1000

heap

page read and write

51E1000

heap

page read and write

1A50000

direct allocation

page read and write

51E1000

heap

page read and write

F4D000

unkown

page execute and read and write

47FE000

stack

page read and write

57E0000

direct allocation

page execute and read and write

4BBE000

stack

page read and write

407E000

stack

page read and write

51E1000

heap

page read and write

1A50000

direct allocation

page read and write

1D8AE000

stack

page read and write

4F7E000

stack

page read and write

1A50000

direct allocation

page read and write

51E1000

heap

page read and write

51E1000

heap

page read and write

4E3E000

stack

page read and write

51E1000

heap

page read and write

3DBF000

stack

page read and write

51E1000

heap

page read and write

1DDCF000

stack

page read and write

51E1000

heap

page read and write

51E1000

heap

page read and write

1AB4000

heap

page read and write

51E1000

heap

page read and write

18A0000

heap

page read and write

51E1000

heap

page read and write

16D4000

stack

page read and write

51F0000

heap

page read and write

1D5BF000

stack

page read and write

51E1000

heap

page read and write

51E1000

heap

page read and write

5200000

heap

page read and write

1810000

heap

page read and write

E10000

unkown

page readonly

51E1000

heap

page read and write

187E000

stack

page read and write

51E1000

heap

page read and write

1399000

unkown

page execute and read and write

51E1000

heap

page read and write

1289000

unkown

page execute and read and write

443E000

stack

page read and write

155A000

unkown

page execute and read and write

1A50000

direct allocation

page read and write

403F000

stack

page read and write

51C0000

heap

page read and write

51E1000

heap

page read and write

15DC000

stack

page read and write

E3C000

unkown

page execute and read and write

1DB2D000

stack

page read and write

E11000

unkown

page execute and write copy

1AE4000

heap

page read and write

51E0000

heap

page read and write

569B000

direct allocation

page read and write

57AF000

stack

page read and write

1A50000

direct allocation

page read and write

51E1000

heap

page read and write

13A0000

unkown

page execute and read and write

52E0000

trusted library allocation

page read and write

51E1000

heap

page read and write

4CBF000

stack

page read and write

51E1000

heap

page read and write

51E1000

heap

page read and write

3CBE000

stack

page read and write

18B0000

heap

page read and write

18C0000

heap

page read and write

51E1000

heap

page read and write

51E1000

heap

page read and write

37BE000

stack

page read and write

10E6000

unkown

page execute and read and write

4DFF000

stack

page read and write

57F0000

direct allocation

page execute and read and write

46BE000

stack

page read and write

3B7E000

stack

page read and write

E10000

unkown

page read and write

51E1000

heap

page read and write

4F3F000

stack

page read and write

363F000

stack

page read and write

51E1000

heap

page read and write

1D73E000

stack

page read and write

34FF000

stack

page read and write

3C7F000

stack

page read and write

1A50000

direct allocation

page read and write

51E1000

heap

page read and write

48FE000

stack

page read and write

1DC2C000

stack

page read and write

57FE000

stack

page read and write

51E1000

heap

page read and write

51E1000

heap

page read and write

47BF000

stack

page read and write

F59000

unkown

page execute and read and write

1375000

unkown

page execute and read and write

1A50000

direct allocation

page read and write

50BE000

stack

page read and write

51E1000

heap

page read and write

42FE000

stack

page read and write

51E1000

heap

page read and write

43FF000

stack

page read and write

3B3F000

stack

page read and write

51E1000

heap

page read and write

51E1000

heap

page read and write

57D0000

direct allocation

page execute and read and write

5810000

direct allocation

page execute and read and write

51E1000

heap

page read and write

1A50000

direct allocation

page read and write

51E1000

heap

page read and write

There are 201 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
file.exe

Processes

URLs

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportfile.exe

Processes

URLs

IPs

Memdumps

IOC Report
file.exe