Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\5pjP6CEFUO.exe

"C:\Users\user\Desktop\5pjP6CEFUO.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7380
Target ID:	3
Parent PID:	4056
Name:	5pjP6CEFUO.exe
Path:	C:\Users\user\Desktop\5pjP6CEFUO.exe
Commandline:	"C:\Users\user\Desktop\5pjP6CEFUO.exe"
Size:	228688
MD5:	33F6411BE0A3CB0F496157FBAB9B8574
Time:	09:03:33
Date:	09/12/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x6a0000
Modulesize:	196608
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Yara detected RedLine Stealer	Stealing of Sensitive Information, Remote Access Functionality
Machine Learning detection for sample	AV Detection
Binary contains a suspicious time stamp	Data Obfuscation	Timestomp
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Sigma detected: Communication To Uncommon Destination Ports	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
Binary contains paths to debug symbols	Compliance, System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

URLs

Name

Malicious

213.21.220.222:8080

https://api.ip.sb/ip

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement

unknown

http://tempuri.org/RestAPI/TreeObject1LR

unknown

http://tempuri.org/RestAPI/TreeObject2LR

unknown

http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous

unknown

http://tempuri.org/RestAPI/TreeObject2ResponseXx

unknown

http://schemas.xmlsoap.org/soap/envelope/

unknown

https://api.ip.s

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/right/possesspropertyl

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested

unknown

http://tempuri.org/RestAPI/TreeObject3ResponseXx

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse

unknown

http://schemas.xmlsoap.org/ws/2004/08/addressing

unknown

http://schemas.xmlsoap.org/ws/2004/08/addressing/fault

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence

unknown

http://tempuri.org/RestAPI/TreeObject1ResponseXx

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnsxK

unknown

http://tempuri.org/RestAPI/TreeObject2xK

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage

unknown

http://tempuri.org/8)

unknown

http://tempuri.org/RestAPI/TreeObject3LR

unknown

http://tempuri.org/RestAPI/

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence

unknown

http://schemas.xmlsoap.org/soap/actor/next

unknown

There are 16 hidden URLs, click here to show them.

IPs

Domain

Country

Malicious

213.21.220.222

unknown

Latvia

Details

IP:	213.21.220.222
TargetID:	3
Current Path:	C:\Users\user\Desktop\5pjP6CEFUO.exe
Country:	Latvia
Countrycode:	LVA
ASN number:	8285
ASN name:	VERSIALV
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Sigma detected: Communication To Uncommon Destination Ports	System Summary
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

6A2000

unkown

page readonly

4F20000

trusted library allocation

page read and write

4E8B000

trusted library allocation

page read and write

29E8000

trusted library allocation

page read and write

4F01000

trusted library allocation

page read and write

4EC0000

trusted library allocation

page read and write

BFF000

heap

page read and write

7F0000

heap

page read and write

115D000

trusted library allocation

page execute and read and write

4F30000

trusted library allocation

page read and write

1160000

trusted library allocation

page read and write

B66000

heap

page read and write

4F1E000

trusted library allocation

page read and write

4ECA000

trusted library allocation

page read and write

2A66000

trusted library allocation

page read and write

CD0000

heap

page read and write

4F90000

trusted library allocation

page read and write

1166000

trusted library allocation

page execute and read and write

2AAF000

trusted library allocation

page read and write

4EF1000

trusted library allocation

page read and write

54EE000

stack

page read and write

53AE000

stack

page read and write

B3E000

stack

page read and write

2B78000

trusted library allocation

page read and write

1175000

trusted library allocation

page execute and read and write

4EAE000

trusted library allocation

page read and write

2C3E000

trusted library allocation

page read and write

EAE000

stack

page read and write

4FF0000

heap

page execute and read and write

2990000

heap

page execute and read and write

1150000

trusted library allocation

page read and write

27C0000

heap

page read and write

4EB1000

trusted library allocation

page read and write

7C0000

heap

page read and write

501E000

heap

page read and write

4EA2000

trusted library allocation

page read and write

BFB000

heap

page read and write

290F000

stack

page read and write

280E000

stack

page read and write

7F880000

trusted library allocation

page execute and read and write

4F80000

trusted library allocation

page execute and read and write

2BBA000

trusted library allocation

page read and write

4F70000

trusted library allocation

page read and write

4EC5000

trusted library allocation

page read and write

53EE000

stack

page read and write

500A000

heap

page read and write

1172000

trusted library allocation

page read and write

5018000

heap

page read and write

4F18000

trusted library allocation

page read and write

B40000

heap

page read and write

4E96000

trusted library allocation

page read and write

1162000

trusted library allocation

page read and write

5D3F000

stack

page read and write

4ED0000

trusted library allocation

page read and write

5220000

trusted library allocation

page read and write

4E80000

trusted library allocation

page read and write

1140000

trusted library allocation

page read and write

4EE0000

trusted library allocation

page read and write

2BFC000

trusted library allocation

page read and write

4B3E000

stack

page read and write

29E4000

trusted library allocation

page read and write

117B000

trusted library allocation

page execute and read and write

1177000

trusted library allocation

page execute and read and write

AF7000

stack

page read and write

2960000

trusted library allocation

page read and write

5250000

trusted library allocation

page read and write

5240000

trusted library allocation

page read and write

B4E000

heap

page read and write

2950000

trusted library allocation

page execute and read and write

5260000

trusted library allocation

page read and write

75C000

stack

page read and write

CD5000

heap

page read and write

29A1000

trusted library allocation

page read and write

5230000

trusted library allocation

page execute and read and write

B4A000

heap

page read and write

2B2B000

trusted library allocation

page read and write

7D0000

heap

page read and write

5000000

heap

page read and write

1190000

heap

page read and write

114D000

trusted library allocation

page execute and read and write

4EBA000

trusted library allocation

page read and write

4E91000

trusted library allocation

page read and write

1144000

trusted library allocation

page read and write

4FE0000

trusted library allocation

page read and write

2970000

trusted library allocation

page read and write

1143000

trusted library allocation

page execute and read and write

39A1000

trusted library allocation

page read and write

52AE000

stack

page read and write

39A9000

trusted library allocation

page read and write

CC0000

trusted library allocation

page read and write

B81000

heap

page read and write

4EC8000

trusted library allocation

page read and write

294E000

stack

page read and write

1170000

trusted library allocation

page read and write

4F60000

trusted library allocation

page execute and read and write

2AB4000

trusted library allocation

page read and write

5020000

heap

page read and write

552E000

stack

page read and write

27B0000

trusted library allocation

page read and write

4F10000

trusted library allocation

page read and write

5100000

trusted library allocation

page execute and read and write

5015000

heap

page read and write

116A000

trusted library allocation

page execute and read and write

C80000

heap

page read and write

6A0000

unkown

page readonly

5530000

trusted library allocation

page read and write

There are 96 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
5pjP6CEFUO.exe

Processes

URLs

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report5pjP6CEFUO.exe

Processes

URLs

IPs

Memdumps

IOC Report
5pjP6CEFUO.exe