Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

bd0wJGTae5.exe

PE32 executable (GUI) Intel 80386, for MS Windows

initial sample

Details

Filetype:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	6.931981333700789
Filename:	bd0wJGTae5.exe
Filesize:	82768
MD5:	cc4504807e32f91497d2c5a8dd1061f6
SHA1:	497678a9f8adc08d092b720d45797ad245e3d9d7
SHA256:	fb7cfd956db9c5dfdf55ddc48bfe2608f40dbbc91965d7791cf19f02fb931289
SHA512:	86e871e5a7b964c322862a642f34b0d5028ff038729500ba24a414ef0ec31b916bc51cef87d5827db2d08c2be524ec0353b1c0f9ada179eb55a32c2dcafde454
SSDEEP:	1536:Hd9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZcl/52izbR9Xwzz:vdseIOMEZEyFjEOFqTiQmOl/5xPvw3
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........>...m...m...m.m.m...m.m.m...m^..m...m^..m...m...m...m.m.m...m.m.m...mRich...m................PE..L...Z..P...................

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Found malware configuration	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
Contains functionality to check if a debugger is running (IsDebuggerPresent)	Anti Debugging
Contains functionality to dynamically determine API calls	Data Obfuscation, Anti Debugging	Native API
Contains functionality to query CPU information (cpuid)	Language, Device and Operating System Detection
Contains functionality which may be used to detect a debugger (GetProcessHeap)	Anti Debugging	Security Software Discovery
Detected potential crypto function	System Summary	Archive Collected Data Encrypted Channel
Found evasive API chain (may stop execution after accessing registry keys)	Malware Analysis System Evasion
Found evasive API chain (may stop execution after checking a module file name)	Malware Analysis System Evasion
Found large amount of non-executed APIs	Malware Analysis System Evasion
Found potential string decryption / allocating functions	System Summary	Deobfuscate/Decode Files or Information Obfuscated Files or Information
PE / OLE file has an invalid certificate	System Summary	File and Directory Discovery
Uses 32bit PE files	Compliance, System Summary
Uses code obfuscation techniques (call, push, ret)	Data Obfuscation
Contains functionality to download additional files from the internet	Networking	Ingress Tool Transfer
Contains functionality to enumerate / list files inside a directory	Spreading, Malware Analysis System Evasion	File and Directory Discovery
Contains functionality to instantiate COM classes	System Summary
Contains functionality to query local / system time	Language, Device and Operating System Detection	System Time Discovery
Contains functionality to query time zone information	Language, Device and Operating System Detection
Contains functionality to query windows version	Language, Device and Operating System Detection	System Information Discovery
Contains functionality to read ini properties file for application configuration	Persistence and Installation Behavior
Contains functionality to register its own exception handler	Anti Debugging
Creates files inside the user directory	System Summary
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery
PE file has an executable .text section and no other executable section	System Summary
Program exit points	Malware Analysis System Evasion
Reads software policies	System Summary
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
Tries to load missing DLLs	System Summary	DLL Side-Loading

C:\Users\user\AppData\Roaming\omsecor.exe

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Roaming\omsecor.exe
Category:	dropped
Dump:	omsecor.exe.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\bd0wJGTae5.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	6.931980900926571
Encrypted:	false
Ssdeep:	1536:fd9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZcl/52izbR9Xwzz:XdseIOMEZEyFjEOFqTiQmOl/5xPvw3
Size:	82768
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for dropped file	AV Detection
Machine Learning detection for dropped file	AV Detection
Creates files inside the system directory	System Summary	Masquerading
Drops PE files	Persistence and Installation Behavior
Drops PE files to the windows directory (C:\Windows)	Persistence and Installation Behavior	Masquerading
Creates files inside the user directory	System Summary	Masquerading
Spawns processes	System Summary	Process Injection
Tries to load missing DLLs	System Summary	DLL Side-Loading
Uses an in-process (OLE) Automation server	System Summary

C:\Windows\SysWOW64\omsecor.exe

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

Details

File:	C:\Windows\SysWOW64\omsecor.exe
Category:	dropped
Dump:	omsecor.exe.1.dr
ID:	dr_1
Target ID:	1
Process:	C:\Users\user\AppData\Roaming\omsecor.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	6.931979532169011
Encrypted:	false
Ssdeep:	1536:Yd9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZcl/52izbR9Xwzz:odseIOMEZEyFjEOFqTiQmOl/5xPvw3
Size:	82768
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for dropped file	AV Detection
Drops executables to the windows directory (C:\Windows) and starts them	Persistence and Installation Behavior	Masquerading
Machine Learning detection for dropped file	AV Detection
Creates files inside the system directory	System Summary	Masquerading
Drops PE files	Persistence and Installation Behavior
Drops PE files to the windows directory (C:\Windows)	Persistence and Installation Behavior	Masquerading
Found evasive API chain (may stop execution after accessing registry keys)	Malware Analysis System Evasion
Found evasive API chain (may stop execution after checking a module file name)	Malware Analysis System Evasion	Native API
Sample execution stops while process was sleeping (likely an evasion)	Malware Analysis System Evasion
Contains medium sleeps (>= 30s)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Program exit points	Malware Analysis System Evasion
Sample requires command line parameters (based on API chain)	System Summary	Command and Scripting Interpreter Native API
Spawns processes	System Summary	Process Injection
Tries to load missing DLLs	System Summary	DLL Side-Loading

C:\Windows\SysWOW64\merocz.xc6

data

dropped

Details

File:	C:\Windows\SysWOW64\merocz.xc6
Category:	dropped
Dump:	merocz.xc6.6.dr
ID:	dr_2
Target ID:	6
Process:	C:\Windows\SysWOW64\omsecor.exe
Type:	data
Entropy:	1.9101865117490426
Encrypted:	false
Ssdeep:	3:gtqyu/GRJ8JSxNdl:gwDeR+J2
Size:	100
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Creates files inside the system directory	System Summary	Masquerading

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\bd0wJGTae5.exe

"C:\Users\user\Desktop\bd0wJGTae5.exe"

Details

Is windows:	false
Is dropped:	false
PID:	6712
Target ID:	0
Parent PID:	2580
Name:	bd0wJGTae5.exe
Path:	C:\Users\user\Desktop\bd0wJGTae5.exe
Commandline:	"C:\Users\user\Desktop\bd0wJGTae5.exe"
Size:	82768
MD5:	CC4504807E32F91497D2C5A8DD1061F6
Time:	11:03:53
Date:	01/11/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	167936
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Found malware configuration	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Yara detected Neconyd	E-Banking Fraud
Machine Learning detection for sample	AV Detection
PE / OLE file has an invalid certificate	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
Spawns processes	System Summary	Process Injection

C:\Users\user\AppData\Roaming\omsecor.exe

Details

Is windows:	false
Is dropped:	true
PID:	6792
Target ID:	1
Parent PID:	6712
Name:	omsecor.exe
Path:	C:\Users\user\AppData\Roaming\omsecor.exe
Commandline:	C:\Users\user\AppData\Roaming\omsecor.exe
Size:	82768
MD5:	DC5D106C7C04B52DF85467D6D647221A
Time:	11:03:53
Date:	01/11/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	167936
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Yara detected Neconyd	E-Banking Fraud
Drops executables to the windows directory (C:\Windows) and starts them	Persistence and Installation Behavior	Masquerading
Creates files inside the system directory	System Summary	Masquerading
Drops PE files	Persistence and Installation Behavior
Drops PE files to the windows directory (C:\Windows)	Persistence and Installation Behavior	Masquerading
Creates files inside the user directory	System Summary	Masquerading
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\omsecor.exe

C:\Windows\System32\omsecor.exe

Details

Is windows:	false
Is dropped:	true
PID:	6524
Target ID:	2
Parent PID:	6792
Name:	omsecor.exe
Path:	C:\Windows\SysWOW64\omsecor.exe
Commandline:	C:\Windows\System32\omsecor.exe
Size:	82768
MD5:	1F90E0A8D463721EBCD937EF25C65D05
Time:	11:04:06
Date:	01/11/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	167936
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Yara detected Neconyd	E-Banking Fraud
Drops executables to the windows directory (C:\Windows) and starts them	Persistence and Installation Behavior	Masquerading
Creates files inside the system directory	System Summary	Masquerading
Drops PE files	Persistence and Installation Behavior
Drops PE files to the windows directory (C:\Windows)	Persistence and Installation Behavior	Masquerading
Creates files inside the user directory	System Summary	Masquerading
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\omsecor.exe

C:\Windows\SysWOW64\omsecor.exe /nomove

Details

Is windows:	false
Is dropped:	true
PID:	764
Target ID:	6
Parent PID:	6524
Name:	omsecor.exe
Path:	C:\Windows\SysWOW64\omsecor.exe
Commandline:	C:\Windows\SysWOW64\omsecor.exe /nomove
Size:	82768
MD5:	1F90E0A8D463721EBCD937EF25C65D05
Time:	11:04:43
Date:	01/11/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	167936
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Yara detected Neconyd	E-Banking Fraud
Drops executables to the windows directory (C:\Windows) and starts them	Persistence and Installation Behavior	Masquerading
Creates files inside the system directory	System Summary	Masquerading
Drops PE files	Persistence and Installation Behavior
Drops PE files to the windows directory (C:\Windows)	Persistence and Installation Behavior	Masquerading
Creates files inside the user directory	System Summary	Masquerading
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

http://mkkuei4kdsz.com/

http://lousta.net/956/959.html

193.166.255.171

http://lousta.net/508/485.html

193.166.255.171

http://lousta.net/562/252.html

193.166.255.171

http://mkkuei4kdsz.com/516/243.html

15.197.204.56

http://ow5dirasuek.com/776/947.html

52.34.198.229

ht:/r.irsf.o/

http://ow5dirasuek.com/537/167.html

52.34.198.229

http://mkkuei4kdsz.com/353/421.html

15.197.204.56

http://mkkuei4kdsz.com/978/939.html

15.197.204.56

http://ow5dirasuek.com/292/164.html

52.34.198.229

http://lousta.net/740/238.html

193.166.255.171

http://lousta.net/333/645.html

193.166.255.171

http://mkkuei4kdsz.com/781/119.html

15.197.204.56

http://lousta.net/734/112.html

193.166.255.171

http://mkkuei4kdsz.com/488/933.html

15.197.204.56

ht:/w.irsf.o/

http://lousta.net/875/87.html

193.166.255.171

http://ow5dirasuek.com/546/102.html

52.34.198.229

http://lousta.net/547/467.html

193.166.255.171

http://lousta.net/78/665.html

193.166.255.171

http://lousta.net/263/482.html

193.166.255.171

http://ow5dirasuek.com/434/722.html

52.34.198.229

http://lousta.net/908/776.html

193.166.255.171

http://lousta.net/

http://lousta.net/528/262.html

193.166.255.171

http://mkkuei4kdsz.com/785/70.html

15.197.204.56

http://ow5dirasuek.com/945/466.html

52.34.198.229

http://lousta.net/497/157.html

193.166.255.171

http://mkkuei4kdsz.com/457/998.html

15.197.204.56

http://ow5dirasuek.com/

http://ow5dirasuek.com/763/794.html

52.34.198.229

http://lousta.ne

unknown

http://lousta.net/527/338.html

193.166.255.171

http://ow5dirasuek.com/763/794.htmlZZ

unknown

http://mkkuei4kdsz.com/781/119.htmlf

unknown

http://lousta.net/562/252.htmlY

unknown

http://ow5dirasuek.com/546/102.html$

unknown

http://mkkuei4kdsz.com/516/243.html0

unknown

http://ow5dirasuek.com/776/947.htmlnZ

unknown

http://mkkuei4kdsz.com/516/243.html&

unknown

http://ow5dirasuek.com/776/947.htmlrZC-

unknown

http://ow5dirasuek.com/537/167.htmlwm

unknown

http://lousta.net/562/252.htmlf

unknown

http://ow5dirasuek.com/546/102.html;L

unknown

http://lousta.net/78/665.htmlH

unknown

http://ow5dirasuek.com/292/164.html.E

unknown

http://mkkuei4kdsz.com/488/933.htmldZI-&

unknown

http://ow5dirasuek.com/546/102.htmlD

unknown

http://lousta.net/956/959.html0473447

unknown

http://lousta.net/908/776.htmla0

unknown

http://ow5dirasuek.com/537/167.html;Q

unknown

http://lousta.net/956/959.htmlw

unknown

http://lousta.net/263/482.html3

unknown

http://mkkuei4kdsz.com/781/119.html)

unknown

http://lousta.net/740/238.htmlx

unknown

http://ow5dirasuek.com/945/466.htmlA

unknown

http://mkkuei4kdsz.com/781/119.html4

unknown

http://ow5dirasuek.com/945/466.htmlN

unknown

http://lousta.net/528/262.html9Tk-.

unknown

http://mkkuei4kdsz.com/457/998.html-559bf06f72796be679

unknown

http://ow5dirasuek.com/546/102.htmlf

unknown

http://mkkuei4kdsz.com/353/421.html$E

unknown

http://lousta.net/497/157.htmlB

unknown

http://ow5dirasuek.com/546/102.html#L

unknown

http://ow5dirasuek.com/546/102.htmlULV

unknown

http://mkkuei4kdsz.com/488/933.htmlasuek.com

unknown

http://ow5dirasuek.com/945/466.htmlasuek.com

unknown

http://lousta.net/562/252.html.

unknown

http://ow5dirasuek.com/http://mkkuei4kdsz.com/http://lousta.net/http://lousta.net/begun.ruIueiOodcon

unknown

http://lousta.net/562/252.htmlaba

unknown

http://ow5dirasuek.com/en-GB

unknown

http://ow5dirasuek.com/763/794.html6Z

unknown

http://ow5dirasuek.com/546/102.html5L

unknown

http://mkkuei4kdsz.com/488/933.htmlom

unknown

http://mkkuei4kdsz.com/516/243.htmlwLt

unknown

http://ow5dirasuek.com/945/466.html3

unknown

http://mkkuei4kdsz.com/457/998.html~

unknown

http://mkkuei4kdsz.com/8.htmlshqos.dll.mui

unknown

http://lousta.net/547/467.html4Wx

unknown

http://ow5dirasuek.com/945/466.html/

unknown

http://lousta.net/908/776.htmlFTv-1

unknown

http://ow5dirasuek.com/p

unknown

http://ow5dirasuek.com/776/947.htmlPZ

unknown

http://lousta.net/562/252.htmlB

unknown

http://ow5dirasuek.com/292/164.htmlam

unknown

http://ow5dirasuek.com/945/466.html7

unknown

http://lousta.net/734/112.htmlk

unknown

There are 78 hidden URLs, click here to show them.

Domains

Name

Malicious

lousta.net

193.166.255.171

Details

Name:	lousta.net
IP:	193.166.255.171
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
HTTP GET or POST without a user agent	Networking
Suricata IDS alerts with low severity for network traffic	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

mkkuei4kdsz.com

15.197.204.56

Details

Name:	mkkuei4kdsz.com
IP:	15.197.204.56
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
HTTP GET or POST without a user agent	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

ow5dirasuek.com

52.34.198.229

Details

Name:	ow5dirasuek.com
IP:	52.34.198.229
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
HTTP GET or POST without a user agent	Networking
Suricata IDS alerts with low severity for network traffic	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

193.166.255.171

lousta.net

Finland

Details

IP:	193.166.255.171
TargetID:	1
Current Path:	C:\Users\user\AppData\Roaming\omsecor.exe
Country:	Finland
Countrycode:	FIN
ASN number:	1741
ASN name:	FUNETASFI
Private:	false
Domain:	lousta.net

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Suricata IDS alerts with low severity for network traffic	Networking

52.34.198.229

ow5dirasuek.com

United States

Details

IP:	52.34.198.229
TargetID:	1
Current Path:	C:\Users\user\AppData\Roaming\omsecor.exe
Country:	United States
Countrycode:	USA
ASN number:	16509
ASN name:	AMAZON-02US
Private:	false
Domain:	ow5dirasuek.com

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Suricata IDS alerts with low severity for network traffic	Networking

15.197.204.56

mkkuei4kdsz.com

United States

Details

IP:	15.197.204.56
TargetID:	1
Current Path:	C:\Users\user\AppData\Roaming\omsecor.exe
Country:	United States
Countrycode:	USA
ASN number:	7430
ASN name:	TANDEMUS
Private:	false
Domain:	mkkuei4kdsz.com

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

401000

unkown

page execute read

40E000

unkown

page readonly

5E0000

heap

page read and write

21B0000

heap

page read and write

6E1000

heap

page read and write

401000

unkown

page execute read

2A9E000

stack

page read and write

59E000

stack

page read and write

2A6D000

stack

page read and write

9C000

stack

page read and write

5B0000

heap

page read and write

2B9E000

stack

page read and write

70D000

heap

page read and write

27FE000

stack

page read and write

2D5E000

stack

page read and write

505000

heap

page read and write

58E000

stack

page read and write

40E000

unkown

page readonly

194000

stack

page read and write

411000

unkown

page write copy

195000

stack

page read and write

430000

heap

page read and write

6FC000

heap

page read and write

400000

unkown

page readonly

660000

heap

page read and write

28FF000

stack

page read and write

401000

unkown

page execute read

2CDD000

stack

page read and write

2A5D000

stack

page read and write

500000

heap

page read and write

401000

unkown

page execute read

80D000

stack

page read and write

411000

unkown

page read and write

88F000

stack

page read and write

401000

unkown

page execute read

400000

unkown

page readonly

296F000

stack

page read and write

610000

heap

page read and write

6BD000

heap

page read and write

291F000

stack

page read and write

1C0000

heap

page read and write

411000

unkown

page write copy

2A3F000

stack

page read and write

69E000

heap

page read and write

27DF000

stack

page read and write

1F0000

heap

page read and write

55E000

stack

page read and write

411000

unkown

page write copy

26DE000

stack

page read and write

40E000

unkown

page readonly

690000

heap

page read and write

68E000

heap

page read and write

87E000

stack

page read and write

9C000

stack

page read and write

286F000

stack

page read and write

6C0000

heap

page read and write

98E000

stack

page read and write

61A000

heap

page read and write

510000

heap

page read and write

276F000

stack

page read and write

97F000

stack

page read and write

259F000

stack

page read and write

281E000

stack

page read and write

699000

heap

page read and write

411000

unkown

page read and write

2BDE000

stack

page read and write

1F0000

heap

page read and write

400000

unkown

page readonly

2C4E000

stack

page read and write

2660000

heap

page read and write

269F000

stack

page read and write

9B0000

heap

page read and write

400000

unkown

page readonly

401000

unkown

page execute read

6DC000

heap

page read and write

680000

heap

page read and write

263D000

stack

page read and write

400000

unkown

page readonly

2B9F000

stack

page read and write

54E000

stack

page read and write

5C5000

heap

page read and write

194000

stack

page read and write

253D000

stack

page read and write

67A000

heap

page read and write

69A000

heap

page read and write

400000

unkown

page readonly

21AD000

stack

page read and write

58E000

stack

page read and write

68C000

heap

page read and write

5C0000

heap

page read and write

5E0000

heap

page read and write

266F000

stack

page read and write

500000

heap

page read and write

40E000

unkown

page readonly

40E000

unkown

page readonly

411000

unkown

page read and write

A1E000

stack

page read and write

400000

unkown

page readonly

26BE000

stack

page read and write

2D4E000

stack

page read and write

670000

heap

page read and write

2A9E000

stack

page read and write

9C000

stack

page read and write

1F0000

heap

page read and write

67E000

heap

page read and write

295D000

stack

page read and write

40E000

unkown

page readonly

411000

unkown

page read and write

67C000

heap

page read and write

20AC000

stack

page read and write

98F000

stack

page read and write

19C000

stack

page read and write

510000

heap

page read and write

40E000

unkown

page readonly

1C5000

heap

page read and write

94E000

stack

page read and write

500000

heap

page read and write

682000

heap

page read and write

90F000

stack

page read and write

63E000

stack

page read and write

293E000

stack

page read and write

40E000

unkown

page readonly

400000

unkown

page readonly

2BAD000

stack

page read and write

9B000

stack

page read and write

A80000

heap

page read and write

660000

heap

page read and write

6FB000

heap

page read and write

401000

unkown

page execute read

2AAE000

stack

page read and write

54E000

stack

page read and write

411000

unkown

page write copy

9CE000

stack

page read and write

A50000

heap

page read and write

67E000

stack

page read and write

713000

heap

page read and write

6EE000

heap

page read and write

401000

unkown

page execute read

27BF000

stack

page read and write

68A000

heap

page read and write

61E000

heap

page read and write

A6D000

stack

page read and write

2C5E000

stack

page read and write

There are 133 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
bd0wJGTae5.exe

Files

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportbd0wJGTae5.exe

Files

Processes

URLs

Domains

IPs

Memdumps

IOC Report
bd0wJGTae5.exe