Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\file.exe

"C:\Users\user\Desktop\file.exe"

Details

Is windows:	false
Is dropped:	false
PID:	6828
Target ID:	0
Parent PID:	2580
Name:	file.exe
Path:	C:\Users\user\Desktop\file.exe
Commandline:	"C:\Users\user\Desktop\file.exe"
Size:	2129920
MD5:	F522FE27067DAEA4F7987BF85EC1E287
Time:	04:24:16
Date:	28/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xd30000
Modulesize:	7524352
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Detected unpacking (changes PE section rights)	Data Obfuscation	Software Packing
Yara detected Powershell download and execute	HIPS / PFW / Operating System Protection Evasion
Yara detected Stealc	Stealing of Sensitive Information, Remote Access Functionality
Machine Learning detection for sample	AV Detection
PE file contains section with special chars	System Summary
PE file contains an invalid checksum	Data Obfuscation
PE file contains sections with non-standard names	Data Obfuscation
Uses 32bit PE files	Compliance, System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011)	System Summary	Software Packing
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
Binary contains paths to debug symbols	Compliance, System Summary
PE file has a big raw section	System Summary
Submission file is bigger than most known malware samples	System Summary

URLs

Name

Malicious

http://185.215.113.206/6c4adf523b719729.php

185.215.113.206

http://185.215.113.206/

185.215.113.206

http://185.215.113.206

unknown

http://185.215.113.206/6c4adf523b719729.phpS

unknown

http://185.215.113.206/6c4adf523b719729.php/

unknown

http://185.215.113.206/6c4adf523b719729.php/(

unknown

http://185.215.113.206/:

unknown

http://185.215.113.206/ws

unknown

http://185.215.113.206/i

unknown

http://185.215.113.206/6c4adf523b719729.php5e

unknown

https://docs.rs/getrandom#nodejs-es-module-support

unknown

There are 1 hidden URLs, click here to show them.

IPs

Domain

Country

Malicious

185.215.113.206

unknown

Portugal

Details

IP:	185.215.113.206
TargetID:	0
Current Path:	C:\Users\user\Desktop\file.exe
Country:	Portugal
Countrycode:	PRT
ASN number:	206894
ASN name:	WHOLESALECONNECTIONSNL
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
HTTP GET or POST without a user agent	Networking
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

D31000

unkown

page execute and read and write

165E000

heap

page read and write

5370000

direct allocation

page read and write

452E000

stack

page read and write

1D7CE000

stack

page read and write

3B2E000

stack

page read and write

D30000

unkown

page readonly

1570000

direct allocation

page read and write

4EF1000

heap

page read and write

1D68E000

stack

page read and write

E6D000

unkown

page execute and read and write

43EE000

stack

page read and write

16C8000

heap

page read and write

1D29E000

stack

page read and write

4EF1000

heap

page read and write

1D63F000

stack

page read and write

1570000

direct allocation

page read and write

4EF1000

heap

page read and write

4EF1000

heap

page read and write

15EE000

stack

page read and write

4EF1000

heap

page read and write

1640000

direct allocation

page execute and read and write

4EF1000

heap

page read and write

D30000

unkown

page read and write

4DEE000

stack

page read and write

4EF1000

heap

page read and write

4EF1000

heap

page read and write

4EF1000

heap

page read and write

4EF1000

heap

page read and write

4EF1000

heap

page read and write

4EF1000

heap

page read and write

3D6F000

stack

page read and write

156E000

stack

page read and write

54AF000

stack

page read and write

1D3DE000

stack

page read and write

4EF1000

heap

page read and write

326C000

stack

page read and write

4CAE000

stack

page read and write

42AE000

stack

page read and write

4EF1000

heap

page read and write

1590000

direct allocation

page read and write

1570000

direct allocation

page read and write

4EF1000

heap

page read and write

1570000

direct allocation

page read and write

4EF1000

heap

page read and write

4EF1000

heap

page read and write

54B0000

direct allocation

page execute and read and write

4EF1000

heap

page read and write

4EF1000

heap

page read and write

476F000

stack

page read and write

16CA000

heap

page read and write

1D8CC000

stack

page read and write

1570000

direct allocation

page read and write

372F000

stack

page read and write

4EF1000

heap

page read and write

4EF1000

heap

page read and write

1630000

direct allocation

page execute and read and write

1570000

direct allocation

page read and write

1570000

direct allocation

page read and write

1570000

direct allocation

page read and write

1630000

direct allocation

page execute and read and write

16A4000

heap

page read and write

39AF000

stack

page read and write

CF4000

stack

page read and write

12BC000

unkown

page execute and read and write

1459000

unkown

page execute and read and write

4A2E000

stack

page read and write

E9E000

unkown

page execute and read and write

184F000

stack

page read and write

4EF1000

heap

page read and write

9B0000

heap

page read and write

54C0000

direct allocation

page execute and read and write

4EF1000

heap

page read and write

4EF1000

heap

page read and write

39EE000

stack

page read and write

322F000

stack

page read and write

4EF1000

heap

page read and write

386F000

stack

page read and write

312E000

stack

page read and write

4EF1000

heap

page read and write

16B7000

heap

page read and write

4EF0000

heap

page read and write

3DAE000

stack

page read and write

4EF1000

heap

page read and write

1D78E000

stack

page read and write

4EF1000

heap

page read and write

4EF1000

heap

page read and write

1627000

heap

page read and write

47AE000

stack

page read and write

4EF1000

heap

page read and write

3AEF000

stack

page read and write

466E000

stack

page read and write

3EAF000

stack

page read and write

1650000

heap

page read and write

4EF1000

heap

page read and write

44EF000

stack

page read and write

4EF1000

heap

page read and write

4EF1000

heap

page read and write

12BC000

unkown

page execute and write copy

462F000

stack

page read and write

4EF1000

heap

page read and write

1570000

direct allocation

page read and write

412F000

stack

page read and write

1610000

direct allocation

page execute and read and write

9A0000

heap

page read and write

1590000

direct allocation

page read and write

D31000

unkown

page execute and write copy

3FEF000

stack

page read and write

4EF1000

heap

page read and write

1D39F000

stack

page read and write

43AF000

stack

page read and write

48EE000

stack

page read and write

1D53E000

stack

page read and write

12AE000

unkown

page execute and read and write

15A5000

heap

page read and write

145A000

unkown

page execute and write copy

4EF1000

heap

page read and write

1570000

direct allocation

page read and write

4B2F000

stack

page read and write

34EE000

stack

page read and write

4DAF000

stack

page read and write

4EF1000

heap

page read and write

4EF1000

heap

page read and write

4B6E000

stack

page read and write

4EF1000

heap

page read and write

1006000

unkown

page execute and read and write

101A000

unkown

page execute and read and write

4EF1000

heap

page read and write

34AF000

stack

page read and write

12BD000

unkown

page execute and write copy

4EF1000

heap

page read and write

4EF1000

heap

page read and write

4EF1000

heap

page read and write

16D5000

heap

page read and write

1D25F000

stack

page read and write

4EF1000

heap

page read and write

4EF1000

heap

page read and write

4EF1000

heap

page read and write

4EF1000

heap

page read and write

426F000

stack

page read and write

4EF1000

heap

page read and write

D00000

heap

page read and write

48AF000

stack

page read and write

1620000

heap

page read and write

539B000

direct allocation

page read and write

1570000

direct allocation

page read and write

1D4DF000

stack

page read and write

D10000

heap

page read and write

4EF1000

heap

page read and write

194E000

stack

page read and write

4EF1000

heap

page read and write

4EF1000

heap

page read and write

3EEE000

stack

page read and write

536E000

stack

page read and write

4EF1000

heap

page read and write

402E000

stack

page read and write

4EEF000

stack

page read and write

15A0000

heap

page read and write

11A6000

unkown

page execute and read and write

4EF1000

heap

page read and write

376E000

stack

page read and write

4EF1000

heap

page read and write

D5C000

unkown

page execute and read and write

1658000

heap

page read and write

4EF1000

heap

page read and write

E79000

unkown

page execute and read and write

1630000

direct allocation

page execute and read and write

3C6E000

stack

page read and write

94C000

stack

page read and write

16DD000

heap

page read and write

4EF1000

heap

page read and write

4EF1000

heap

page read and write

362E000

stack

page read and write

162B000

heap

page read and write

CFE000

stack

page read and write

4EF1000

heap

page read and write

4EF1000

heap

page read and write

416E000

stack

page read and write

4C6F000

stack

page read and write

1600000

direct allocation

page execute and read and write

336F000

stack

page read and write

4EF1000

heap

page read and write

4EF1000

heap

page read and write

1281000

unkown

page execute and read and write

4EF1000

heap

page read and write

4EF1000

heap

page read and write

4FF0000

trusted library allocation

page read and write

4EF1000

heap

page read and write

38AE000

stack

page read and write

15F0000

direct allocation

page execute and read and write

4EF1000

heap

page read and write

33AE000

stack

page read and write

4F00000

heap

page read and write

53AE000

stack

page read and write

4EF1000

heap

page read and write

3C2F000

stack

page read and write

12A3000

unkown

page execute and read and write

35EF000

stack

page read and write

1570000

direct allocation

page read and write

1570000

direct allocation

page read and write

4EF1000

heap

page read and write

1570000

direct allocation

page read and write

4EF1000

heap

page read and write

4EF1000

heap

page read and write

4EF1000

heap

page read and write

49EF000

stack

page read and write

There are 196 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
file.exe

Processes

URLs

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportfile.exe

Processes

URLs

IPs

Memdumps

IOC Report
file.exe