Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\J8Z4q7BJPW.exe

"C:\Users\user\Desktop\J8Z4q7BJPW.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7520
Target ID:	0
Parent PID:	2580
Name:	J8Z4q7BJPW.exe
Path:	C:\Users\user\Desktop\J8Z4q7BJPW.exe
Commandline:	"C:\Users\user\Desktop\J8Z4q7BJPW.exe"
Size:	228688
MD5:	42D541219CAA2DCA97522A3F7EF41509
Time:	09:12:12
Date:	09/12/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xc0000
Modulesize:	196608
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Yara detected RedLine Stealer	Stealing of Sensitive Information, Remote Access Functionality
Machine Learning detection for sample	AV Detection
Binary contains a suspicious time stamp	Data Obfuscation	Timestomp
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Sigma detected: Communication To Uncommon Destination Ports	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
Binary contains paths to debug symbols	Compliance, System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

URLs

Name

Malicious

213.21.220.222:8080

https://api.ip.sb/ip

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement

unknown

http://tempuri.org/RestAPI/TreeObject1LR

unknown

http://tempuri.org/RestAPI/TreeObject2LR

unknown

http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous

unknown

http://tempuri.org/RestAPI/TreeObject2ResponseXx

unknown

http://schemas.xmlsoap.org/soap/envelope/

unknown

https://api.ip.s

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/right/possesspropertyl

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested

unknown

http://tempuri.org/RestAPI/TreeObject3ResponseXx

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse

unknown

http://schemas.xmlsoap.org/ws/2004/08/addressing

unknown

http://schemas.xmlsoap.org/ws/2004/08/addressing/fault

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence

unknown

http://tempuri.org/RestAPI/TreeObject1ResponseXx

unknown

http://tempuri.org/RestAPI/TreeObject2

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage

unknown

http://tempuri.org/8)

unknown

http://tempuri.org/RestAPI/TreeObject3LR

unknown

http://tempuri.org/RestAPI/

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence

unknown

http://schemas.xmlsoap.org/soap/actor/next

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns

unknown

There are 16 hidden URLs, click here to show them.

IPs

Domain

Country

Malicious

213.21.220.222

unknown

Latvia

Details

IP:	213.21.220.222
TargetID:	0
Current Path:	C:\Users\user\Desktop\J8Z4q7BJPW.exe
Country:	Latvia
Countrycode:	LVA
ASN number:	8285
ASN name:	VERSIALV
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Sigma detected: Communication To Uncommon Destination Ports	System Summary
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

C2000

unkown

page readonly

4930000

trusted library allocation

page read and write

4DDE000

stack

page read and write

A0B000

trusted library allocation

page execute and read and write

23C1000

trusted library allocation

page read and write

6D3000

trusted library allocation

page execute and read and write

25FF000

trusted library allocation

page read and write

6DD000

trusted library allocation

page execute and read and write

274C000

trusted library allocation

page read and write

49A0000

trusted library allocation

page execute and read and write

4AB0000

trusted library allocation

page read and write

9F6000

trusted library allocation

page execute and read and write

6F0000

heap

page read and write

233E000

stack

page read and write

257C000

trusted library allocation

page read and write

493E000

trusted library allocation

page read and write

4950000

trusted library allocation

page read and write

4A40000

trusted library allocation

page read and write

6ED000

trusted library allocation

page execute and read and write

2361000

trusted library allocation

page read and write

4A50000

trusted library allocation

page read and write

9F0000

trusted library allocation

page read and write

23E0000

heap

page execute and read and write

6E0000

trusted library allocation

page read and write

270A000

trusted library allocation

page read and write

2597000

trusted library allocation

page read and write

258B000

trusted library allocation

page read and write

4F7000

stack

page read and write

B30000

trusted library allocation

page read and write

680000

heap

page read and write

B50000

heap

page read and write

4940000

trusted library allocation

page read and write

4BFB000

heap

page read and write

49B0000

trusted library allocation

page read and write

267B000

trusted library allocation

page read and write

23D1000

trusted library allocation

page read and write

26C7000

trusted library allocation

page read and write

4E1E000

stack

page read and write

9F2000

trusted library allocation

page read and write

45ED000

stack

page read and write

2398000

trusted library allocation

page read and write

2350000

trusted library allocation

page read and write

735000

heap

page read and write

6F8000

heap

page read and write

2381000

trusted library allocation

page read and write

A6E000

stack

page read and write

6C0000

trusted library allocation

page read and write

A07000

trusted library allocation

page execute and read and write

258F000

trusted library allocation

page read and write

7E5000

heap

page read and write

4A10000

trusted library allocation

page execute and read and write

7E0000

heap

page read and write

4AAE000

stack

page read and write

6FE000

heap

page read and write

A05000

trusted library allocation

page execute and read and write

1C5000

heap

page read and write

4A00000

trusted library allocation

page read and write

9FA000

trusted library allocation

page execute and read and write

4BF9000

heap

page read and write

1C0000

heap

page read and write

4C06000

heap

page read and write

235B000

trusted library allocation

page read and write

5E0000

heap

page read and write

B40000

trusted library allocation

page read and write

A02000

trusted library allocation

page read and write

23A0000

trusted library allocation

page read and write

62E000

stack

page read and write

6D4000

trusted library allocation

page read and write

278E000

trusted library allocation

page read and write

5D0000

heap

page read and write

4F5E000

stack

page read and write

6D0000

trusted library allocation

page read and write

24F1000

trusted library allocation

page read and write

239A000

trusted library allocation

page read and write

B20000

trusted library allocation

page execute and read and write

17C000

stack

page read and write

2544000

trusted library allocation

page read and write

4A60000

trusted library allocation

page read and write

2366000

trusted library allocation

page read and write

4A30000

trusted library allocation

page execute and read and write

B10000

heap

page read and write

C0000

unkown

page readonly

25E8000

trusted library allocation

page read and write

25E4000

trusted library allocation

page read and write

4990000

trusted library allocation

page read and write

34F9000

trusted library allocation

page read and write

1F0000

heap

page read and write

4A20000

trusted library allocation

page read and write

237E000

trusted library allocation

page read and write

4AC0000

heap

page execute and read and write

23B0000

trusted library allocation

page read and write

8EE000

stack

page read and write

2390000

trusted library allocation

page read and write

24EE000

stack

page read and write

505E000

stack

page read and write

7F5F0000

trusted library allocation

page execute and read and write

34F1000

trusted library allocation

page read and write

4938000

trusted library allocation

page read and write

4BE0000

heap

page read and write

4F1F000

stack

page read and write

4980000

trusted library allocation

page execute and read and write

2372000

trusted library allocation

page read and write

717000

heap

page read and write

2395000

trusted library allocation

page read and write

There are 94 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
J8Z4q7BJPW.exe

Processes

URLs

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportJ8Z4q7BJPW.exe

Processes

URLs

IPs

Memdumps

IOC Report
J8Z4q7BJPW.exe