Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\file.exe

"C:\Users\user\Desktop\file.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7072
Target ID:	0
Parent PID:	2580
Name:	file.exe
Path:	C:\Users\user\Desktop\file.exe
Commandline:	"C:\Users\user\Desktop\file.exe"
Size:	307712
MD5:	3EDC68FB9A58F24CBD529D7C0A536757
Time:	11:26:54
Date:	09/12/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xef0000
Modulesize:	335872
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Yara detected RedLine Stealer	Stealing of Sensitive Information, Remote Access Functionality
Machine Learning detection for sample	AV Detection
Binary contains a suspicious time stamp	Data Obfuscation	Timestomp
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
URLs found in memory or binary data	Networking
Binary contains paths to debug symbols	Compliance, System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

URLs

Name

Malicious

212.162.149.48:2049

http://tempuri.org/Entity/Id10Response

unknown

http://tempuri.org/Entity/Id8Response

unknown

http://tempuri.org/Entity/Id9LRdq(

unknown

http://tempuri.org/Entity/Id5LRdq

unknown

http://tempuri.org/Entity/Id19LRdq0W3

unknown

http://tempuri.org/Entity/Id11LRdq

unknown

http://tempuri.org/Entity/Id12Response

unknown

http://tempuri.org/Entity/Id13LRdql

unknown

http://schemas.xmlsoap.org/soap/envelope/

unknown

http://tempuri.org/Entity/Id20LRdq

unknown

http://tempuri.org/

unknown

http://tempuri.org/Entity/Id12LRdq

unknown

http://tempuri.org/Entity/Id2Response

unknown

http://tempuri.org/Entity/Id21Response

unknown

http://tempuri.org/Entity/Id4LRdq

unknown

http://tempuri.org/Entity/Id12LRdqP

unknown

http://tempuri.org/Entity/Id23Response

unknown

http://tempuri.org/Entity/Id16LRdqD

unknown

http://tempuri.org/Entity/Id19Response

unknown

http://tempuri.org/Entity/Id1LRdqX

unknown

http://tempuri.org/Entity/Id21LRdq

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse

unknown

http://schemas.xmlsoap.org/ws/2004/08/addressing/fault

unknown

http://tempuri.org/Entity/Id17Response

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence

unknown

http://tempuri.org/Entity/Id8LRdq

unknown

http://tempuri.org/Entity/Id17LRdq

unknown

http://tempuri.org/Entity/Id20Response

unknown

http://tempuri.org/Entity/Id10LRdqL

unknown

http://tempuri.org/Entity/Id16LRdqLL.

unknown

http://tempuri.org/Entity/Id19LRdq

unknown

http://tempuri.org/Entity/Id12LRdq(

unknown

http://tempuri.org/Entity/Id15Response

unknown

http://tempuri.org/Entity/Id8LRdq$

unknown

http://tempuri.org/Entity/Id13Response

unknown

http://tempuri.org/Entity/Id4Response

unknown

http://tempuri.org/Entity/Id6LRdq

unknown

http://tempuri.org/Entity/Id23LRdq

unknown

http://tempuri.org/Entity/Id22LRdq

unknown

http://tempuri.org/Entity/Id7LRdq

unknown

http://tempuri.org/Entity/Id10LRdq

unknown

http://tempuri.org/Entity/Id1LRdqL8#

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty

unknown

http://tempuri.org/Entity/Id18LRdq

unknown

http://tempuri.org/Entity/Id6Response

unknown

http://tempuri.org/Entity/Id9LRdqD

unknown

https://api.ip.sb/ip

unknown

http://tempuri.org/Entity/Id10LRdqp

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement

unknown

http://tempuri.org/Entity/Id24LRdq

unknown

http://tempuri.org/Entity/Id22LRdqda8

unknown

http://tempuri.org/Entity/Id7Response

unknown

http://tempuri.org/Entity/Id9LRdql

unknown

http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous

unknown

http://tempuri.org/Entity/Id15LRdqd

unknown

http://tempuri.org/Entity/Id23LRdqTj8

unknown

http://tempuri.org/Entity/Id1LRdq

unknown

http://tempuri.org/Entity/Id6LRdq4

unknown

http://tempuri.org/Entity/Id11Response

unknown

http://tempuri.org/Entity/Id1LRdq0

unknown

http://tempuri.org/Entity/Id9Response

unknown

http://tempuri.org/Entity/Id15LRdq

unknown

http://tempuri.org/Entity/Id22Response

unknown

http://tempuri.org/Entity/Id9LRdq

unknown

http://tempuri.org/Entity/Id7LRdqT

unknown

http://tempuri.org/Entity/Id24Response

unknown

http://tempuri.org/Entity/Id1Response

unknown

http://tempuri.org/Entity/Id20LRdqh7=

unknown

http://tempuri.org/Entity/Id14LRdqH7.

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested

unknown

http://tempuri.org/Entity/Id19LRdqXl.

unknown

http://tempuri.org/Entity/Id16LRdq

unknown

http://tempuri.org/Entity/Id13LRdq

unknown

http://tempuri.org/Entity/Id18Response

unknown

http://tempuri.org/Entity/Id3LRdq

unknown

http://tempuri.org/Entity/Id5LRdq8

unknown

http://tempuri.org/Entity/

unknown

http://tempuri.org/Entity/Id16LRdq$73

unknown

http://tempuri.org/Entity/Id21LRdq4l3

unknown

http://schemas.xmlsoap.org/ws/2004/08/addressing

unknown

http://schemas.xmlsoap.org/ws/2005/02/rmX

unknown

http://tempuri.org/Entity/Id3Response

unknown

http://tempuri.org/Entity/Id18LRdqp

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage

unknown

http://tempuri.org/Entity/Id16Response

unknown

http://tempuri.org/Entity/Id10LRdq$

unknown

http://tempuri.org/Entity/Id2LRdq

unknown

http://tempuri.org/Entity/Id5Response

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence

unknown

http://schemas.xmlsoap.org/soap/actor/next

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns

unknown

http://tempuri.org/Entity/Id14LRdq

unknown

http://tempuri.org/Entity/Id14Response

unknown

There are 84 hidden URLs, click here to show them.

IPs

Domain

Country

Malicious

212.162.149.48

unknown

Netherlands

Details

IP:	212.162.149.48
TargetID:	0
Current Path:	C:\Users\user\Desktop\file.exe
Country:	Netherlands
Countrycode:	NLD
ASN number:	64236
ASN name:	UNREAL-SERVERSUS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

EF2000

unkown

page readonly

64B0000

trusted library allocation

page execute and read and write

5A30000

heap

page read and write

1A10000

trusted library allocation

page read and write

5E05000

trusted library allocation

page read and write

1490000

trusted library allocation

page read and write

1464000

trusted library allocation

page read and write

F36000

unkown

page readonly

177E000

stack

page read and write

64F0000

trusted library allocation

page read and write

5895000

trusted library allocation

page read and write

56F4000

trusted library allocation

page read and write

57E0000

trusted library allocation

page execute and read and write

FDA000

stack

page read and write

3050000

heap

page execute and read and write

570E000

trusted library allocation

page read and write

12F7000

stack

page read and write

64A0000

trusted library allocation

page execute and read and write

33C0000

trusted library allocation

page read and write

1400000

heap

page read and write

3372000

trusted library allocation

page read and write

1497000

trusted library allocation

page execute and read and write

1480000

trusted library allocation

page read and write

1460000

trusted library allocation

page read and write

6430000

trusted library allocation

page read and write

1340000

heap

page read and write

1350000

heap

page read and write

5DDA000

trusted library allocation

page read and write

5716000

trusted library allocation

page read and write

5DAB000

trusted library allocation

page read and write

1551000

heap

page read and write

5DCE000

trusted library allocation

page read and write

1486000

trusted library allocation

page execute and read and write

1482000

trusted library allocation

page read and write

149B000

trusted library allocation

page execute and read and write

56F0000

trusted library allocation

page read and write

5722000

trusted library allocation

page read and write

6420000

trusted library allocation

page read and write

14BE000

heap

page read and write

6664000

heap

page read and write

5DF1000

trusted library allocation

page read and write

5898000

trusted library allocation

page read and write

31B0000

heap

page read and write

32CE000

trusted library allocation

page read and write

1495000

trusted library allocation

page execute and read and write

6500000

trusted library allocation

page read and write

1A20000

heap

page read and write

5730000

trusted library allocation

page read and write

41C1000

trusted library allocation

page read and write

159D000

heap

page read and write

F27000

unkown

page readonly

6640000

heap

page read and write

1450000

trusted library allocation

page read and write

14F6000

heap

page read and write

5702000

trusted library allocation

page read and write

5E00000

trusted library allocation

page read and write

6650000

heap

page read and write

5760000

trusted library allocation

page read and write

57D0000

trusted library allocation

page read and write

64D0000

trusted library allocation

page read and write

5755000

trusted library allocation

page read and write

146D000

trusted library allocation

page execute and read and write

57C0000

heap

page read and write

14E4000

heap

page read and write

5E0E000

trusted library allocation

page read and write

5E0B000

trusted library allocation

page read and write

5DB1000

trusted library allocation

page read and write

5A2E000

stack

page read and write

64E0000

trusted library allocation

page execute and read and write

5780000

trusted library allocation

page read and write

5E10000

trusted library allocation

page read and write

31C1000

trusted library allocation

page read and write

56FE000

trusted library allocation

page read and write

539E000

stack

page read and write

5A50000

heap

page execute and read and write

154C000

heap

page read and write

309E000

stack

page read and write

56FB000

trusted library allocation

page read and write

58B0000

heap

page read and write

41E1000

trusted library allocation

page read and write

64C0000

trusted library allocation

page read and write

14B8000

heap

page read and write

5E40000

trusted library allocation

page execute and read and write

56F6000

trusted library allocation

page read and write

EF0000

unkown

page readonly

5DD1000

trusted library allocation

page read and write

589A000

trusted library allocation

page read and write

14B0000

heap

page read and write

5C9E000

stack

page read and write

571D000

trusted library allocation

page read and write

1470000

trusted library allocation

page read and write

5C5F000

stack

page read and write

5750000

trusted library allocation

page read and write

1463000

trusted library allocation

page execute and read and write

13DE000

stack

page read and write

5DB6000

trusted library allocation

page read and write

6440000

trusted library allocation

page read and write

319E000

stack

page read and write

5E30000

trusted library allocation

page read and write

1473000

trusted library allocation

page read and write

1390000

heap

page read and write

147D000

trusted library allocation

page execute and read and write

529E000

stack

page read and write

5740000

trusted library allocation

page read and write

5A40000

trusted library allocation

page read and write

F22000

unkown

page readonly

57D2000

trusted library allocation

page read and write

56E0000

trusted library allocation

page read and write

6450000

trusted library allocation

page read and write

58B3000

heap

page read and write

6659000

heap

page read and write

31A0000

trusted library allocation

page read and write

5748000

trusted library allocation

page read and write

5711000

trusted library allocation

page read and write

5DE0000

trusted library allocation

page read and write

14D7000

heap

page read and write

5E20000

trusted library allocation

page read and write

41CF000

trusted library allocation

page read and write

5DA0000

trusted library allocation

page read and write

5D9E000

stack

page read and write

7FA90000

trusted library allocation

page execute and read and write

148A000

trusted library allocation

page execute and read and write

1370000

heap

page read and write

5DC2000

trusted library allocation

page read and write

1492000

trusted library allocation

page read and write

5890000

trusted library allocation

page read and write

3323000

trusted library allocation

page read and write

1405000

heap

page read and write

3040000

trusted library allocation

page execute and read and write

There are 119 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
file.exe

Processes

URLs

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportfile.exe

Processes

URLs

IPs

Memdumps

IOC Report
file.exe