Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\odo7jrvnU3.exe

"C:\Users\user\Desktop\odo7jrvnU3.exe"

Details

Is windows:	false
Is dropped:	false
PID:	8012
Target ID:	5
Parent PID:	3968
Name:	odo7jrvnU3.exe
Path:	C:\Users\user\Desktop\odo7jrvnU3.exe
Commandline:	"C:\Users\user\Desktop\odo7jrvnU3.exe"
Size:	228688
MD5:	B6C329165699196ACB38053AE6308E61
Time:	09:09:44
Date:	09/12/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xd0000
Modulesize:	196608
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Yara detected RedLine Stealer	Stealing of Sensitive Information, Remote Access Functionality
Machine Learning detection for sample	AV Detection
Binary contains a suspicious time stamp	Data Obfuscation	Timestomp
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Sigma detected: Communication To Uncommon Destination Ports	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
Binary contains paths to debug symbols	Compliance, System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

URLs

Name

Malicious

213.21.220.222:8080

https://api.ip.sb/ip

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement

unknown

http://tempuri.org/RestAPI/TreeObject1LR

unknown

http://tempuri.org/RestAPI/TreeObject2LR

unknown

http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous

unknown

http://tempuri.org/RestAPI/TreeObject2ResponseXx

unknown

http://schemas.xmlsoap.org/soap/envelope/

unknown

https://api.ip.s

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/right/possesspropertyl

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested

unknown

http://tempuri.org/RestAPI/TreeObject3ResponseXx

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse

unknown

http://schemas.xmlsoap.org/ws/2004/08/addressing

unknown

http://schemas.xmlsoap.org/ws/2004/08/addressing/fault

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence

unknown

http://tempuri.org/RestAPI/TreeObject1ResponseXx

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage

unknown

http://tempuri.org/8)

unknown

http://tempuri.org/RestAPI/TreeObject3LR

unknown

http://tempuri.org/RestAPI/

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence

unknown

http://schemas.xmlsoap.org/soap/actor/next

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns

unknown

There are 15 hidden URLs, click here to show them.

IPs

Domain

Country

Malicious

213.21.220.222

unknown

Latvia

Details

IP:	213.21.220.222
TargetID:	5
Current Path:	C:\Users\user\Desktop\odo7jrvnU3.exe
Country:	Latvia
Countrycode:	LVA
ASN number:	8285
ASN name:	VERSIALV
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Sigma detected: Communication To Uncommon Destination Ports	System Summary
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

D2000

unkown

page readonly

8B8000

heap

page read and write

4F3E000

stack

page read and write

7F0000

trusted library allocation

page read and write

840000

heap

page read and write

4910000

trusted library allocation

page read and write

234E000

stack

page read and write

8B0000

heap

page read and write

80A000

trusted library allocation

page execute and read and write

2584000

trusted library allocation

page read and write

7FD000

trusted library allocation

page execute and read and write

4A90000

trusted library allocation

page read and write

4A70000

trusted library allocation

page read and write

D0000

unkown

page readonly

22F0000

trusted library allocation

page read and write

8D7000

heap

page read and write

48F2000

trusted library allocation

page read and write

800000

trusted library allocation

page read and write

2360000

trusted library allocation

page read and write

24E4000

trusted library allocation

page read and write

48E1000

trusted library allocation

page read and write

99F000

heap

page read and write

7E0000

trusted library allocation

page read and write

26AA000

trusted library allocation

page read and write

48FE000

trusted library allocation

page read and write

4921000

trusted library allocation

page read and write

490A000

trusted library allocation

page read and write

4941000

trusted library allocation

page read and write

48E6000

trusted library allocation

page read and write

261B000

trusted library allocation

page read and write

890000

trusted library allocation

page execute and read and write

4A60000

trusted library allocation

page read and write

817000

trusted library allocation

page execute and read and write

48D0000

trusted library allocation

page read and write

4BE0000

heap

page read and write

812000

trusted library allocation

page read and write

4CFE000

stack

page read and write

802000

trusted library allocation

page read and write

272E000

trusted library allocation

page read and write

4A20000

trusted library allocation

page read and write

4970000

trusted library allocation

page read and write

7ED000

trusted library allocation

page execute and read and write

9AA000

heap

page read and write

7E4000

trusted library allocation

page read and write

6B5000

heap

page read and write

2380000

heap

page read and write

3491000

trusted library allocation

page read and write

4960000

trusted library allocation

page read and write

49D0000

trusted library allocation

page read and write

4BDE000

heap

page read and write

2365000

trusted library allocation

page read and write

49B0000

trusted library allocation

page read and write

806000

trusted library allocation

page execute and read and write

18C000

stack

page read and write

49A0000

trusted library allocation

page execute and read and write

690000

heap

page read and write

2537000

trusted library allocation

page read and write

4A80000

trusted library allocation

page read and write

56BE000

stack

page read and write

815000

trusted library allocation

page execute and read and write

5D0000

heap

page read and write

248F000

stack

page read and write

259F000

trusted library allocation

page read and write

252B000

trusted library allocation

page read and write

1F0000

heap

page read and write

8BE000

heap

page read and write

4A50000

trusted library allocation

page execute and read and write

8A0000

trusted library allocation

page read and write

26EC000

trusted library allocation

page read and write

81B000

trusted library allocation

page execute and read and write

2491000

trusted library allocation

page read and write

4930000

heap

page execute and read and write

8F0000

heap

page read and write

4F7000

stack

page read and write

8E4000

heap

page read and write

4958000

trusted library allocation

page read and write

4A40000

trusted library allocation

page read and write

458E000

stack

page read and write

640000

heap

page read and write

4BC0000

heap

page read and write

7F000000

trusted library allocation

page execute and read and write

96B000

heap

page read and write

2588000

trusted library allocation

page read and write

4DFE000

stack

page read and write

3499000

trusted library allocation

page read and write

236B000

trusted library allocation

page read and write

99D000

heap

page read and write

4901000

trusted library allocation

page read and write

4E3E000

stack

page read and write

88E000

stack

page read and write

2370000

trusted library allocation

page read and write

7D0000

trusted library allocation

page read and write

4A30000

trusted library allocation

page execute and read and write

4950000

trusted library allocation

page read and write

495E000

trusted library allocation

page read and write

55BE000

stack

page read and write

49C0000

trusted library allocation

page execute and read and write

2368000

trusted library allocation

page read and write

6B0000

heap

page read and write

7E3000

trusted library allocation

page execute and read and write

2667000

trusted library allocation

page read and write

2300000

heap

page execute and read and write

48DB000

trusted library allocation

page read and write

There are 93 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
odo7jrvnU3.exe

Processes

URLs

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportodo7jrvnU3.exe

Processes

URLs

IPs

Memdumps

IOC Report
odo7jrvnU3.exe