Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\file.exe

"C:\Users\user\Desktop\file.exe"

Details

Is windows:	false
Is dropped:	false
PID:	6408
Target ID:	0
Parent PID:	2580
Name:	file.exe
Path:	C:\Users\user\Desktop\file.exe
Commandline:	"C:\Users\user\Desktop\file.exe"
Size:	1858048
MD5:	6380B8CA2F9BFC1D86617A3A7FD924F1
Time:	13:56:57
Date:	21/11/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x950000
Modulesize:	4857856
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Detected unpacking (changes PE section rights)	Data Obfuscation	Software Packing
LummaC encrypted strings found	HIPS / PFW / Operating System Protection Evasion	PowerShell Deobfuscate/Decode Files or Information
Machine Learning detection for sample	AV Detection
PE file contains section with special chars	System Summary
PE file contains an invalid checksum	Data Obfuscation
PE file contains sections with non-standard names	Data Obfuscation
Uses 32bit PE files	Compliance, System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011)	System Summary	Software Packing
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
Sample reads its own file content	System Summary
PE file has a big raw section	System Summary
Submission file is bigger than most known malware samples	System Summary

URLs

Name

Malicious

https://cook-rain.sbs/

unknown

https://cook-rain.sbs/api%

unknown

https://cook-rain.sbs/apiOn

unknown

p10tgrace.sbs

p3ar11fter.sbs

http://crl.micro

unknown

https://cook-rain.sbs/api

104.21.66.38

peepburry828.sbs

https://cook-rain.sbs/Q

unknown

https://cook-rain.sbs:443/api-

unknown

processhol.sbs

There are 1 hidden URLs, click here to show them.

Domains

Name

Malicious

cook-rain.sbs

104.21.66.38

Details

Name:	cook-rain.sbs
IP:	104.21.66.38
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Suricata IDS alerts with low severity for network traffic	Networking
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

IPs

Domain

Country

Malicious

104.21.66.38

cook-rain.sbs

United States

Details

IP:	104.21.66.38
TargetID:	0
Current Path:	C:\Users\user\Desktop\file.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	cook-rain.sbs

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Suricata IDS alerts with low severity for network traffic	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

5110000

direct allocation

page read and write

3D7F000

stack

page read and write

2EA0000

direct allocation

page read and write

34FE000

stack

page read and write

4C81000

heap

page read and write

4C81000

heap

page read and write

9A9000

unkown

page execute and read and write

4C81000

heap

page read and write

42BE000

stack

page read and write

30FF000

stack

page read and write

12E9000

heap

page read and write

127A000

heap

page read and write

39BF000

stack

page read and write

B33000

unkown

page execute and read and write

11C4000

heap

page read and write

5154000

direct allocation

page read and write

12D4000

heap

page read and write

12D4000

heap

page read and write

44FF000

stack

page read and write

950000

unkown

page read and write

2EA0000

direct allocation

page read and write

2EB0000

heap

page read and write

C52000

unkown

page execute and read and write

569E000

stack

page read and write

5280000

direct allocation

page execute and read and write

47BE000

stack

page read and write

4C81000

heap

page read and write

323F000

stack

page read and write

12D4000

heap

page read and write

2EA0000

direct allocation

page read and write

2E8E000

stack

page read and write

2EA0000

direct allocation

page read and write

950000

unkown

page readonly

12E4000

heap

page read and write

52A0000

direct allocation

page execute and read and write

4C81000

heap

page read and write

12E7000

heap

page read and write

11C4000

heap

page read and write

4C81000

heap

page read and write

4C81000

heap

page read and write

11C4000

heap

page read and write

3EBF000

stack

page read and write

1259000

heap

page read and write

12E0000

heap

page read and write

1259000

heap

page read and write

C11000

unkown

page execute and read and write

12E7000

heap

page read and write

129B000

heap

page read and write

4C90000

heap

page read and write

49FF000

stack

page read and write

38BE000

stack

page read and write

413F000

stack

page read and write

5C2F000

stack

page read and write

951000

unkown

page execute and write copy

33BE000

stack

page read and write

11C4000

heap

page read and write

57A0000

remote allocation

page read and write

52C0000

direct allocation

page execute and read and write

373F000

stack

page read and write

5B2E000

stack

page read and write

4C81000

heap

page read and write

337F000

stack

page read and write

4C7F000

stack

page read and write

12EA000

heap

page read and write

12D1000

heap

page read and write

52B0000

direct allocation

page execute and read and write

3AFF000

stack

page read and write

555E000

stack

page read and write

1262000

heap

page read and write

52A0000

direct allocation

page execute and read and write

2EA0000

direct allocation

page read and write

12CE000

heap

page read and write

4C81000

heap

page read and write

121A000

heap

page read and write

2EA0000

direct allocation

page read and write

2E90000

heap

page read and write

2EB7000

heap

page read and write

2EA0000

direct allocation

page read and write

2EA0000

direct allocation

page read and write

4D80000

trusted library allocation

page read and write

118B000

stack

page read and write

DEE000

unkown

page execute and read and write

52A0000

direct allocation

page execute and read and write

53DD000

stack

page read and write

12E7000

heap

page read and write

57A0000

remote allocation

page read and write

50D0000

heap

page read and write

5AE0000

heap

page read and write

11C4000

heap

page read and write

327E000

stack

page read and write

168F000

stack

page read and write

1256000

heap

page read and write

2EA0000

direct allocation

page read and write

5270000

direct allocation

page execute and read and write

4C81000

heap

page read and write

9A7000

unkown

page write copy

541D000

stack

page read and write

2EA0000

direct allocation

page read and write

1262000

heap

page read and write

144E000

stack

page read and write

39FE000

stack

page read and write

463F000

stack

page read and write

12E7000

heap

page read and write

11C4000

heap

page read and write

403E000

stack

page read and write

43FE000

stack

page read and write

C53000

unkown

page execute and write copy

1253000

heap

page read and write

3C3F000

stack

page read and write

5110000

direct allocation

page read and write

3B3E000

stack

page read and write

1256000

heap

page read and write

995000

unkown

page execute and read and write

108B000

stack

page read and write

597E000

stack

page read and write

11C4000

heap

page read and write

2EA0000

direct allocation

page read and write

515C000

stack

page read and write

2FFC000

stack

page read and write

4C81000

heap

page read and write

127A000

heap

page read and write

11C4000

heap

page read and write

427F000

stack

page read and write

3DBE000

stack

page read and write

3C7E000

stack

page read and write

2EA0000

direct allocation

page read and write

551D000

stack

page read and write

3FFF000

stack

page read and write

12E2000

heap

page read and write

11C4000

heap

page read and write

1251000

heap

page read and write

363E000

stack

page read and write

43BF000

stack

page read and write

2EA0000

direct allocation

page read and write

4C81000

heap

page read and write

11C4000

heap

page read and write

4C81000

heap

page read and write

52A0000

direct allocation

page execute and read and write

C3A000

unkown

page execute and read and write

4C81000

heap

page read and write

2EA0000

direct allocation

page read and write

313E000

stack

page read and write

2FBF000

stack

page read and write

52D0000

direct allocation

page execute and read and write

11C4000

heap

page read and write

12E0000

heap

page read and write

5110000

direct allocation

page read and write

13E0000

heap

page read and write

154F000

stack

page read and write

11C4000

heap

page read and write

1251000

heap

page read and write

377E000

stack

page read and write

525F000

stack

page read and write

52A0000

direct allocation

page execute and read and write

4B3F000

stack

page read and write

12E0000

heap

page read and write

1249000

heap

page read and write

48BF000

stack

page read and write

951000

unkown

page execute and read and write

34BF000

stack

page read and write

4C81000

heap

page read and write

579F000

stack

page read and write

5290000

direct allocation

page execute and read and write

9A7000

unkown

page read and write

11C0000

heap

page read and write

417E000

stack

page read and write

467E000

stack

page read and write

4C81000

heap

page read and write

57A0000

remote allocation

page read and write

4A3E000

stack

page read and write

158E000

stack

page read and write

52A0000

direct allocation

page execute and read and write

453E000

stack

page read and write

4B7E000

stack

page read and write

52EE000

trusted library allocation

page read and write

11C4000

heap

page read and write

35FF000

stack

page read and write

48FE000

stack

page read and write

12DC000

heap

page read and write

1210000

heap

page read and write

4C80000

heap

page read and write

11C4000

heap

page read and write

52AD000

stack

page read and write

C43000

unkown

page execute and read and write

477F000

stack

page read and write

11C4000

heap

page read and write

1200000

heap

page read and write

387F000

stack

page read and write

4C81000

heap

page read and write

5110000

direct allocation

page read and write

12E0000

heap

page read and write

12D4000

heap

page read and write

1253000

heap

page read and write

C52000

unkown

page execute and write copy

3EFE000

stack

page read and write

580E000

stack

page read and write

4C81000

heap

page read and write

565F000

stack

page read and write

121E000

heap

page read and write

4C81000

heap

page read and write

11C4000

heap

page read and write

590F000

stack

page read and write

DEF000

unkown

page execute and write copy

5A7F000

stack

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

1249000

heap

page read and write

11C4000

heap

page read and write

11C4000

heap

page read and write

4C81000

heap

page read and write

There are 200 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
file.exe

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportfile.exe

Processes

URLs

Domains

IPs

Memdumps

IOC Report
file.exe