Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

FS001_ DT103024.bat

DOS batch file, ASCII text, with CRLF line terminators

initial sample

Details

Filetype:	DOS batch file, ASCII text, with CRLF line terminators
Entropy:	6.032087479482034
Filename:	FS001_ DT103024.bat
Filesize:	1405358
MD5:	3f526171c5f8abe5b38acc03f002c6e9
SHA1:	f89f1f5961f3dd53cd76471d7603ae9bfc1fa0c1
SHA256:	ba8888302e61b64da91ce078b99ee2c4afa90f53621f9005be2ffbe7bdde1767
SHA512:	8e8e77b6c611c383925f1395c8263bbf7a29a82efb9883ae47dfaa5c1494a1075b9817d896f5f15e23cb602155cd2f3cebeeb1f29d39e0398d05c536f90def17
SSDEEP:	24576:Tw8yUK6Y/DijNvlPINc+qyJgoOzFIPbIvrNDmy59nX5COv:TAUeujVi/KOct
Preview:	@Echo off..echo TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA>%tmp%\x..echo AAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4g>>%tmp%\x..echo aW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDAD6QI2cAAAAAAAAAAOAAAgELATAA

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Found large BAT file	System Summary	Masquerading
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion
Sample is known by Antivirus	System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Users\user\AppData\Local\Temp\x

ASCII text, with CRLF line terminators

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\x
Category:	dropped
Dump:	x.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Windows\System32\cmd.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	4.330257178266755
Encrypted:	false
Ssdeep:	768:jVsJ7OHCni/G+k8y8u8iwwj8CC6jR5XgzAltQT2ZQeXcAiytXhdGx64GIKn+ruxu:GJpi9k7TBwwjpjR5X6ytQT2CesxshAxv
Size:	36864
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Command shell drops VBS files	Persistence and Installation Behavior	Scripting
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Sigma detected: Script Interpreter Execution From Suspicious Folder	System Summary
Sigma detected: Suspicious Script Execution From Temp Folder	System Summary
Sigma detected: WScript or CScript Dropper	System Summary
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Drops PE files	Persistence and Installation Behavior
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript	System Summary
Creates temporary files	System Summary
Executes visual basic scripts	System Summary	Scripting
Spawns processes	System Summary	Process Injection

C:\Users\user\AppData\Local\Temp\x.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\x.exe
Category:	dropped
Dump:	x.exe.4.dr
ID:	dr_2
Target ID:	4
Process:	C:\Windows\System32\cscript.exe
Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	7.733489611061991
Encrypted:	false
Ssdeep:	12288:4n9InteEjOG8rrq9RJLW5lhvZjbQ4i6x8ICU7Pry2uqRqHaUr3eE/32/Q4AyrrRY:4gRpvJWhxjbQFu8zM9Ps32o4JPd
Size:	857600
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Machine Learning detection for dropped file	AV Detection
Allocates memory with a write watch (potentially for evading sandboxes)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Checks if the current process is being debugged	Anti Debugging	Security Software Discovery Virtualization/Sandbox Evasion
Contains functionality for execution timing, often used to detect debuggers	Malware Analysis System Evasion, Anti Debugging	Security Software Discovery
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)	Anti Debugging
Contains functionality to call native functions	System Summary
Contains functionality to read the PEB	Anti Debugging
Contains long sleeps (>= 3 min)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Detected potential crypto function	System Summary	Encrypted Channel Archive Collected Data
Drops PE files	Persistence and Installation Behavior
Found large amount of non-executed APIs	Malware Analysis System Evasion
Found potential string decryption / allocating functions	System Summary	Obfuscated Files or Information Deobfuscate/Decode Files or Information
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Uses code obfuscation techniques (call, push, ret)	Data Obfuscation	Obfuscated Files or Information
Contains medium sleeps (>= 30s)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Creates files inside the user directory	System Summary	Masquerading
Creates guard pages, often used to prevent reverse engineering and debugging	Anti Debugging	Disable or Modify Tools
Creates mutexes	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Queries a list of all running processes	Malware Analysis System Evasion	Process Discovery
Spawns processes	System Summary	Process Injection
Tries to load missing DLLs	System Summary	DLL Side-Loading
Uses Microsoft Silverlight	System Summary

C:\Users\user\AppData\Local\Temp\x.vbs

ASCII text, with CRLF line terminators

modified

Details

File:	C:\Users\user\AppData\Local\Temp\x.vbs
Category:	modified
Dump:	x.vbs.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Windows\System32\cmd.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	5.126074554208653
Encrypted:	false
Ssdeep:	6:jpz7yVHPxORKm6JgCPmu7jjs9lVHEr6Jxlw6mvHFAF1GjyH4BZIkv:NZOmG7jU2r6JAiTrYZnv
Size:	380
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Command shell drops VBS files	Persistence and Installation Behavior	Scripting
Sigma detected: Script Interpreter Execution From Suspicious Folder	System Summary
Sigma detected: Suspicious Script Execution From Temp Folder	System Summary
Sigma detected: WScript or CScript Dropper	System Summary
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript	System Summary
Executes visual basic scripts	System Summary	Scripting
Spawns processes	System Summary	Process Injection

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\x.exe.log

ASCII text, with CRLF line terminators

dropped

Details

File:	C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\x.exe.log
Category:	dropped
Dump:	x.exe.log.5.dr
ID:	dr_3
Target ID:	5
Process:	C:\Users\user\AppData\Local\Temp\x.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	5.34331486778365
Encrypted:	false
Ssdeep:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
Size:	1216
Whitelisted:	false
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Creates files inside the user directory	System Summary	Masquerading

Processes

Path

Cmdline

Malicious

C:\Windows\System32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\FS001_ DT103024.bat" "

Details

Is windows:	true
Is dropped:	false
PID:	2972
Target ID:	0
Parent PID:	1028
Name:	cmd.exe
Class:	cmd
Path:	C:\Windows\System32\cmd.exe
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\FS001_ DT103024.bat" "
Size:	289792
MD5:	8A2122E8162DBEF04694B9C3E0B6CDEE
Time:	08:54:01
Date:	01/11/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7b9bd0000
Modulesize:	421888
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Script Interpreter Execution From Suspicious Folder	System Summary
Sigma detected: Suspicious Script Execution From Temp Folder	System Summary
Sigma detected: WScript or CScript Dropper	System Summary
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript	System Summary
Executes batch files	System Summary	Scripting
Spawns processes	System Summary	Process Injection

C:\Windows\System32\cscript.exe

cscript //nologo C:\Users\user\AppData\Local\Temp\x.vbs

Details

Is windows:	true
Is dropped:	false
PID:	6676
Target ID:	4
Parent PID:	2972
Name:	cscript.exe
Class:	system-tools
Path:	C:\Windows\System32\cscript.exe
Commandline:	cscript //nologo C:\Users\user\AppData\Local\Temp\x.vbs
Size:	161280
MD5:	24590BF74BBBBFD7D7AC070F4E3C44FD
Time:	08:54:12
Date:	01/11/2024
Reason:	newprocess
Reputation:	moderate
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff74ad30000
Modulesize:	180224
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Script Interpreter Execution From Suspicious Folder	System Summary
Sigma detected: Suspicious Script Execution From Temp Folder	System Summary
Sigma detected: WScript or CScript Dropper	System Summary
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript	System Summary
Executes visual basic scripts	System Summary	Scripting
Spawns processes	System Summary	Process Injection

C:\Users\user\AppData\Local\Temp\x.exe

Details

Is windows:	false
Is dropped:	true
PID:	6728
Target ID:	5
Parent PID:	2972
Name:	x.exe
Path:	C:\Users\user\AppData\Local\Temp\x.exe
Commandline:	C:\Users\user\AppData\Local\Temp\x.exe
Size:	857600
MD5:	431187D149215C1A9B535B0B25EE1FC1
Time:	08:54:13
Date:	01/11/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x700000
Modulesize:	884736
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Yara detected AntiVM3	Malware Analysis System Evasion
Yara detected FormBook	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Potential malicious VBS script found (has network functionality)	Networking	Scripting
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Drops PE files	Persistence and Installation Behavior
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Creates files inside the user directory	System Summary	Masquerading
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Users\user\AppData\Local\Temp\x.exe

"C:\Users\user\AppData\Local\Temp\x.exe"

Details

Is windows:	false
Is dropped:	true
PID:	1628
Target ID:	7
Parent PID:	6728
Name:	x.exe
Path:	C:\Users\user\AppData\Local\Temp\x.exe
Commandline:	"C:\Users\user\AppData\Local\Temp\x.exe"
Size:	857600
MD5:	431187D149215C1A9B535B0B25EE1FC1
Time:	08:54:15
Date:	01/11/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x8c0000
Modulesize:	884736
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Yara detected AntiVM3	Malware Analysis System Evasion
Yara detected FormBook	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Potential malicious VBS script found (has network functionality)	Networking	Scripting
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Drops PE files	Persistence and Installation Behavior
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Creates files inside the user directory	System Summary	Masquerading
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	1408
Target ID:	1
Parent PID:	2972
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	08:54:01
Date:	01/11/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff6d64d0000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\System32\findstr.exe

findstr /e "'v" "C:\Users\user\Desktop\FS001_ DT103024.bat"

Details

Is windows:	true
Is dropped:	false
PID:	2780
Target ID:	3
Parent PID:	2972
Name:	findstr.exe
Class:	system-tools
Path:	C:\Windows\System32\findstr.exe
Commandline:	findstr /e "'v" "C:\Users\user\Desktop\FS001_ DT103024.bat"
Size:	36352
MD5:	804A6AE28E88689E0CF1946A6CB3FEE5
Time:	08:54:12
Date:	01/11/2024
Reason:	newprocess
Reputation:	moderate
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff720bc0000
Modulesize:	94208
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection

Memdumps

Base Address

Regiontype

Protect

Malicious

1340000

direct allocation

page read and write

400000

remote allocation

page execute and read and write

E60000

heap

page read and write

5060000

heap

page read and write

7CE0000

trusted library section

page read and write

4FA0000

trusted library allocation

page read and write

4FF0000

trusted library allocation

page read and write

50E0000

heap

page read and write

118C000

stack

page read and write

875C6FF000

stack

page read and write

24361549000

heap

page read and write

2435E931000

heap

page read and write

2435E8BB000

heap

page read and write

D6D000

heap

page read and write

D80000

heap

page read and write

4FD0000

trusted library allocation

page read and write

7337000

trusted library allocation

page read and write

133F000

stack

page read and write

2435E921000

heap

page read and write

ED2000

trusted library allocation

page read and write

11ED000

trusted library allocation

page read and write

2435E90F000

heap

page read and write

EDB000

trusted library allocation

page execute and read and write

5C90000

heap

page read and write

24360400000

heap

page read and write

2AC1000

trusted library allocation

page read and write

4FC0000

trusted library allocation

page read and write

2435E880000

heap

page read and write

24361142000

trusted library allocation

page read and write

153E000

direct allocation

page execute and read and write

24360F13000

heap

page read and write

24360F17000

heap

page read and write

2435E926000

heap

page read and write

2435E94A000

heap

page read and write

3B05000

trusted library allocation

page read and write

100E000

stack

page read and write

7DBD000

stack

page read and write

B90000

heap

page read and write

2ABF000

stack

page read and write

702000

unkown

page readonly

2436179B000

heap

page read and write

EB0000

trusted library allocation

page read and write

24360F40000

heap

page read and write

50F3000

heap

page read and write

24360ACF000

heap

page read and write

EA0000

trusted library allocation

page read and write

2435E923000

heap

page read and write

431A000

trusted library allocation

page read and write

50A0000

trusted library allocation

page read and write

EC0000

trusted library allocation

page read and write

875C3FF000

stack

page read and write

24360F0D000

heap

page read and write

50D0000

heap

page read and write

9200000

heap

page read and write

EAD000

trusted library allocation

page execute and read and write

D90000

heap

page read and write

EC2000

trusted library allocation

page read and write

5C70000

heap

page read and write

1666000

direct allocation

page execute and read and write

24361144000

trusted library allocation

page read and write

3AC1000

trusted library allocation

page read and write

728E000

stack

page read and write

EF0000

heap

page read and write

2435E8CB000

heap

page read and write

24360550000

heap

page read and write

2435E94A000

heap

page read and write

6F90000

trusted library allocation

page execute and read and write

920B000

heap

page read and write

2435E932000

heap

page read and write

14C9000

direct allocation

page execute and read and write

24360570000

heap

page read and write

2435E8DD000

heap

page read and write

2435EC3B000

heap

page read and write

4FC5000

trusted library allocation

page read and write

52CB000

stack

page read and write

719E000

stack

page read and write

24361148000

trusted library allocation

page read and write

2435E8B0000

heap

page read and write

D20000

heap

page read and write

2435E934000

heap

page read and write

243608C2000

heap

page read and write

550D000

stack

page read and write

11C0000

trusted library allocation

page read and write

4FB0000

trusted library allocation

page read and write

2435E8BD000

heap

page read and write

7A9E000

stack

page read and write

24360F13000

heap

page read and write

4C5C000

stack

page read and write

56A1000

trusted library allocation

page read and write

24360F50000

heap

page read and write

2435E931000

heap

page read and write

24361861000

heap

page read and write

2435E924000

heap

page read and write

799E000

stack

page read and write

2435E930000

heap

page read and write

700E000

heap

page read and write

50F0000

heap

page read and write

6F30000

trusted library section

page read and write

5030000

heap

page read and write

2435E90E000

heap

page read and write

24360F05000

heap

page read and write

5C60000

heap

page read and write

5090000

trusted library allocation

page read and write

E90000

trusted library allocation

page read and write

7D70000

trusted library allocation

page execute and read and write

700A000

heap

page read and write

6D60000

heap

page read and write

C3D000

stack

page read and write

24360F20000

heap

page read and write

4AC8000

trusted library allocation

page read and write

D2E000

heap

page read and write

24360F06000

heap

page read and write

2435E934000

heap

page read and write

1190000

trusted library allocation

page execute and read and write

24361143000

trusted library allocation

page read and write

2435E92D000

heap

page read and write

875BFFE000

stack

page read and write

13A0000

direct allocation

page execute and read and write

E5E000

stack

page read and write

2435E8CD000

heap

page read and write

2435EA60000

heap

page read and write

2B85000

trusted library allocation

page read and write

24360AC9000

heap

page read and write

2435E934000

heap

page read and write

CFE000

stack

page read and write

EAE000

stack

page read and write

CB0000

heap

page read and write

11DE000

trusted library allocation

page read and write

11E6000

trusted library allocation

page read and write

B67000

stack

page read and write

1040000

heap

page read and write

7320000

trusted library allocation

page read and write

6F60000

trusted library allocation

page execute and read and write

6FE1000

heap

page read and write

EBD000

trusted library allocation

page execute and read and write

114E000

stack

page read and write

EEE000

stack

page read and write

2435E919000

heap

page read and write

875C2FF000

stack

page read and write

50C0000

trusted library section

page readonly

16E8000

direct allocation

page execute and read and write

24360BD8000

heap

page read and write

24360F01000

heap

page read and write

EC6000

trusted library allocation

page execute and read and write

2435E948000

heap

page read and write

24360DFC000

heap

page read and write

785E000

stack

page read and write

6F2E000

stack

page read and write

F00000

heap

page read and write

D64000

heap

page read and write

123F000

stack

page read and write

2435E8DD000

heap

page read and write

2435E8B6000

heap

page read and write

D3D000

stack

page read and write

700000

unkown

page readonly

24361542000

heap

page read and write

24360F1A000

heap

page read and write

2435E94A000

heap

page read and write

2435E8B0000

heap

page read and write

6F70000

trusted library allocation

page read and write

2435E919000

heap

page read and write

2435E905000

heap

page read and write

24360E30000

heap

page read and write

554E000

stack

page read and write

2435E89C000

heap

page read and write

1200000

heap

page read and write

55A0000

trusted library allocation

page read and write

24361146000

trusted library allocation

page read and write

2435E934000

heap

page read and write

56A6000

trusted library allocation

page read and write

24360FF0000

heap

page read and write

2435E8B6000

heap

page read and write

24360401000

heap

page read and write

243618A3000

heap

page read and write

F40000

heap

page read and write

D57000

heap

page read and write

2435E94A000

heap

page read and write

5360000

heap

page execute and read and write

7EBE000

stack

page read and write

DFF000

heap

page read and write

2435E980000

heap

page read and write

5050000

trusted library allocation

page read and write

2435E8DB000

heap

page read and write

243608C0000

heap

page read and write

ECA000

trusted library allocation

page execute and read and write

2435E8AB000

heap

page read and write

243618A4000

heap

page read and write

110F000

stack

page read and write

2435E8AA000

heap

page read and write

7007000

heap

page read and write

A6A000

stack

page read and write

24361147000

trusted library allocation

page read and write

2435EA80000

heap

page read and write

1217000

heap

page read and write

243618E5000

heap

page read and write

875C4FE000

stack

page read and write

2435E936000

heap

page read and write

24360E20000

heap

page read and write

6FA0000

heap

page read and write

55B0000

heap

page read and write

ED7000

trusted library allocation

page execute and read and write

1850000

heap

page read and write

7330000

trusted library allocation

page read and write

24361145000

trusted library allocation

page read and write

1210000

heap

page read and write

795F000

stack

page read and write

EB3000

trusted library allocation

page read and write

24360F16000

heap

page read and write

F48000

heap

page read and write

875C0FE000

stack

page read and write

24360500000

heap

page read and write

EA4000

trusted library allocation

page read and write

7D2000

unkown

page readonly

5350000

trusted library allocation

page execute and read and write

2435E905000

heap

page read and write

24360F08000

heap

page read and write

EF0000

trusted library allocation

page read and write

5040000

trusted library allocation

page execute and read and write

166D000

direct allocation

page execute and read and write

6F80000

trusted library allocation

page execute and read and write

5080000

trusted library allocation

page read and write

11E1000

trusted library allocation

page read and write

6FC3000

heap

page read and write

1651000

direct allocation

page execute and read and write

24360E31000

heap

page read and write

2435E907000

heap

page read and write

2435E8CA000

heap

page read and write

2435E8DB000

heap

page read and write

2435EC30000

heap

page read and write

24360DF0000

heap

page read and write

875BEFA000

stack

page read and write

11A0000

heap

page execute and read and write

6FD4000

heap

page read and write

2435EC35000

heap

page read and write

94FE000

stack

page read and write

243618E5000

heap

page read and write

7382000

trusted library allocation

page read and write

2D3E000

trusted library allocation

page read and write

24361140000

trusted library allocation

page read and write

2435E8CD000

heap

page read and write

24361790000

heap

page read and write

2D36000

trusted library allocation

page read and write

2435E905000

heap

page read and write

2435E91F000

heap

page read and write

2435E905000

heap

page read and write

2435E92F000

heap

page read and write

3AC9000

trusted library allocation

page read and write

24360F23000

heap

page read and write

B95000

heap

page read and write

558E000

stack

page read and write

7FC80000

trusted library allocation

page execute and read and write

5C94000

heap

page read and write

BD0000

heap

page read and write

EA3000

trusted library allocation

page execute and read and write

2435E909000

heap

page read and write

24361141000

trusted library allocation

page read and write

14CD000

direct allocation

page execute and read and write

2435E8C9000

heap

page read and write

2435E8A1000

heap

page read and write

875C5FE000

stack

page read and write

243618E5000

heap

page read and write

2435E8EB000

heap

page read and write

11B0000

trusted library allocation

page read and write

2435E922000

heap

page read and write

24361791000

heap

page read and write

6F50000

trusted library allocation

page read and write

2435E910000

heap

page read and write

55B5000

heap

page read and write

There are 258 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
FS001_ DT103024.bat

Files

Processes

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportFS001_ DT103024.bat

Files

Processes

Memdumps

IOC Report
FS001_ DT103024.bat