Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\file.exe

"C:\Users\user\Desktop\file.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7044
Target ID:	0
Parent PID:	2580
Name:	file.exe
Path:	C:\Users\user\Desktop\file.exe
Commandline:	"C:\Users\user\Desktop\file.exe"
Size:	1897984
MD5:	8D5F9DF92D2FB9C40125D06C7E3C66BE
Time:	16:38:54
Date:	22/11/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x140000
Modulesize:	4943872
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Detected unpacking (changes PE section rights)	Data Obfuscation	Software Packing
Machine Learning detection for sample	AV Detection
PE file contains section with special chars	System Summary
PE file contains an invalid checksum	Data Obfuscation
PE file contains sections with non-standard names	Data Obfuscation
Uses 32bit PE files	Compliance, System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011)	System Summary	Software Packing
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
Sample reads its own file content	System Summary
PE file has a big raw section	System Summary
Submission file is bigger than most known malware samples	System Summary

URLs

Name

Malicious

https://tail-cease.cyou/api

104.21.93.105

Details

Name:	https://tail-cease.cyou/api
IP:	104.21.93.105
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\file.exe
Source:	network

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Suricata IDS alerts with low severity for network traffic	Networking
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

https://tail-cease.cyou/

unknown

https://tail-cease.cyou:443/apia/

unknown

https://tail-cease.cyou/d

unknown

https://tail-cease.cyou/b

unknown

Domains

Name

Malicious

tail-cease.cyou

104.21.93.105

Details

Name:	tail-cease.cyou
IP:	104.21.93.105
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Suricata IDS alerts with low severity for network traffic	Networking
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

IPs

Domain

Country

Malicious

104.21.93.105

tail-cease.cyou

United States

Details

IP:	104.21.93.105
TargetID:	0
Current Path:	C:\Users\user\Desktop\file.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	tail-cease.cyou

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Suricata IDS alerts with low severity for network traffic	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

B20000

direct allocation

page read and write

B98000

heap

page read and write

436000

unkown

page execute and read and write

43B1000

heap

page read and write

8FB000

stack

page read and write

4A04000

trusted library allocation

page read and write

B20000

direct allocation

page read and write

43B1000

heap

page read and write

32F000

unkown

page execute and read and write

52E0000

heap

page read and write

2FAF000

stack

page read and write

B20000

direct allocation

page read and write

B20000

direct allocation

page read and write

43B1000

heap

page read and write

B20000

direct allocation

page read and write

4F0E000

stack

page read and write

49F0000

direct allocation

page execute and read and write

BFA000

heap

page read and write

43B1000

heap

page read and write

27A7000

heap

page read and write

386F000

stack

page read and write

326E000

stack

page read and write

960000

heap

page read and write

BB7000

heap

page read and write

43B1000

heap

page read and write

43B0000

heap

page read and write

B20000

direct allocation

page read and write

43B1000

heap

page read and write

43B1000

heap

page read and write

BFD000

heap

page read and write

BF4000

heap

page read and write

4830000

direct allocation

page read and write

4EA0000

remote allocation

page read and write

49D0000

direct allocation

page execute and read and write

BB7000

heap

page read and write

B20000

direct allocation

page read and write

27AD000

heap

page read and write

38AE000

stack

page read and write

312E000

stack

page read and write

42AE000

stack

page read and write

43B1000

heap

page read and write

4C3E000

stack

page read and write

43B1000

heap

page read and write

140000

unkown

page readonly

44D000

unkown

page execute and write copy

3B2E000

stack

page read and write

49C0000

direct allocation

page execute and read and write

BF4000

heap

page read and write

ABE000

stack

page read and write

B83000

heap

page read and write

43D000

unkown

page execute and read and write

2FEE000

stack

page read and write

C02000

heap

page read and write

26CF000

stack

page read and write

900000

heap

page read and write

3FEF000

stack

page read and write

49C0000

direct allocation

page execute and read and write

500F000

stack

page read and write

BFD000

heap

page read and write

BFA000

heap

page read and write

49C0000

direct allocation

page execute and read and write

BED000

heap

page read and write

43B1000

heap

page read and write

487B000

stack

page read and write

2AEE000

stack

page read and write

43B1000

heap

page read and write

BF4000

heap

page read and write

B20000

direct allocation

page read and write

3EAF000

stack

page read and write

4840000

direct allocation

page read and write

52BF000

stack

page read and write

47F0000

trusted library allocation

page read and write

4D3F000

stack

page read and write

BEF000

heap

page read and write

274E000

stack

page read and write

CB000

stack

page read and write

482E000

stack

page read and write

426F000

stack

page read and write

2E6F000

stack

page read and write

B64000

heap

page read and write

278E000

stack

page read and write

3EEE000

stack

page read and write

BEF000

heap

page read and write

43B1000

heap

page read and write

30EF000

stack

page read and write

27A0000

heap

page read and write

3D6F000

stack

page read and write

336F000

stack

page read and write

BF2000

heap

page read and write

416E000

stack

page read and write

BEF000

heap

page read and write

43B1000

heap

page read and write

4E7F000

stack

page read and write

B98000

heap

page read and write

44E000

unkown

page execute and write copy

44D000

unkown

page execute and read and write

40D000

unkown

page execute and read and write

B79000

heap

page read and write

49C0000

direct allocation

page execute and read and write

B00000

heap

page read and write

B20000

direct allocation

page read and write

35EF000

stack

page read and write

33AE000

stack

page read and write

5F4000

unkown

page execute and write copy

185000

unkown

page execute and read and write

49B0000

direct allocation

page execute and read and write

2BEF000

stack

page read and write

3C2F000

stack

page read and write

4EA0000

remote allocation

page read and write

5F3000

unkown

page execute and read and write

B74000

heap

page read and write

362E000

stack

page read and write

3C6E000

stack

page read and write

43B1000

heap

page read and write

140000

unkown

page read and write

141000

unkown

page execute and write copy

51BE000

stack

page read and write

43B1000

heap

page read and write

B8C000

heap

page read and write

BF4000

heap

page read and write

A7E000

stack

page read and write

2AAF000

stack

page read and write

C08000

heap

page read and write

BF2000

heap

page read and write

E2E000

stack

page read and write

34AF000

stack

page read and write

B3A000

heap

page read and write

950000

heap

page read and write

B74000

heap

page read and write

270C000

stack

page read and write

2D2F000

stack

page read and write

43B1000

heap

page read and write

4990000

direct allocation

page execute and read and write

965000

heap

page read and write

B69000

heap

page read and write

BEA000

heap

page read and write

49A0000

direct allocation

page execute and read and write

D2F000

stack

page read and write

43AF000

stack

page read and write

322F000

stack

page read and write

29AF000

stack

page read and write

B3E000

heap

page read and write

43B1000

heap

page read and write

43B1000

heap

page read and write

197000

unkown

page write copy

504E000

stack

page read and write

B8C000

heap

page read and write

497F000

stack

page read and write

BF2000

heap

page read and write

130000

heap

page read and write

AFE000

stack

page read and write

2C2E000

stack

page read and write

B20000

direct allocation

page read and write

C08000

heap

page read and write

43B1000

heap

page read and write

2EAE000

stack

page read and write

43B1000

heap

page read and write

43B1000

heap

page read and write

BFF000

heap

page read and write

43B1000

heap

page read and write

4D7E000

stack

page read and write

B30000

heap

page read and write

B20000

direct allocation

page read and write

49E0000

direct allocation

page execute and read and write

4BFD000

stack

page read and write

3AEF000

stack

page read and write

BFD000

heap

page read and write

402E000

stack

page read and write

4830000

direct allocation

page read and write

197000

unkown

page read and write

28AF000

stack

page read and write

49C0000

direct allocation

page execute and read and write

2D6E000

stack

page read and write

199000

unkown

page execute and read and write

514E000

stack

page read and write

43B1000

heap

page read and write

34EE000

stack

page read and write

43B1000

heap

page read and write

376E000

stack

page read and write

B79000

heap

page read and write

B20000

direct allocation

page read and write

BFD000

heap

page read and write

C08000

heap

page read and write

49CD000

stack

page read and write

412F000

stack

page read and write

4884000

direct allocation

page read and write

BFA000

heap

page read and write

B69000

heap

page read and write

372F000

stack

page read and write

141000

unkown

page execute and read and write

B20000

direct allocation

page read and write

39EE000

stack

page read and write

43B1000

heap

page read and write

39AF000

stack

page read and write

3DAE000

stack

page read and write

4AFD000

stack

page read and write

BFA000

heap

page read and write

49C0000

direct allocation

page execute and read and write

B20000

direct allocation

page read and write

4830000

direct allocation

page read and write

B83000

heap

page read and write

4EA0000

remote allocation

page read and write

There are 192 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
file.exe

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportfile.exe

Processes

URLs

Domains

IPs

Memdumps

IOC Report
file.exe