Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\file.exe

"C:\Users\user\Desktop\file.exe"

Details

Is windows:	false
Is dropped:	false
PID:	3508
Target ID:	0
Parent PID:	4004
Name:	file.exe
Path:	C:\Users\user\Desktop\file.exe
Commandline:	"C:\Users\user\Desktop\file.exe"
Size:	1838080
MD5:	1524DA94FEEEBB2A921C3065F4DA2383
Time:	14:27:01
Date:	09/12/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xf90000
Modulesize:	4780032
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Detected unpacking (changes PE section rights)	Data Obfuscation	Software Packing
Machine Learning detection for sample	AV Detection
PE file contains section with special chars	System Summary
PE file contains an invalid checksum	Data Obfuscation
PE file contains sections with non-standard names	Data Obfuscation
Uses 32bit PE files	Compliance, System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011)	System Summary	Software Packing
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
Sample reads its own file content	System Summary
PE file has a big raw section	System Summary
Submission file is bigger than most known malware samples	System Summary

URLs

Name

Malicious

dare-curbys.biz

impend-differ.biz

zinc-sneark.biz

covery-mover.biz

formy-spill.biz

atten-supporse.biz

https://atten-supporse.biz/api

104.21.64.1

https://atten-supporse.biz:443/api

unknown

https://atten-supporse.biz/apir

unknown

se-blurry.biz

https://atten-supporse.biz/

unknown

print-vexer.biz

dwell-exclaim.biz

There are 3 hidden URLs, click here to show them.

Domains

Name

Malicious

atten-supporse.biz

104.21.64.1

Details

Name:	atten-supporse.biz
IP:	104.21.64.1
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Sample uses string decryption to hide its real strings	AV Detection
Suricata IDS alerts with low severity for network traffic	Networking
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

IPs

Domain

Country

Malicious

104.21.64.1

atten-supporse.biz

United States

Details

IP:	104.21.64.1
TargetID:	0
Current Path:	C:\Users\user\Desktop\file.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	atten-supporse.biz

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Suricata IDS alerts with low severity for network traffic	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

F91000

unkown

page execute and read and write

4AA1000

heap

page read and write

C54000

heap

page read and write

4AB1000

heap

page read and write

5090000

direct allocation

page execute and read and write

DBE000

stack

page read and write

395E000

stack

page read and write

589E000

stack

page read and write

305F000

stack

page read and write

141B000

unkown

page execute and read and write

485E000

stack

page read and write

2DBF000

stack

page read and write

431F000

stack

page read and write

F70000

direct allocation

page read and write

AFB000

stack

page read and write

4F10000

remote allocation

page read and write

4AA1000

heap

page read and write

50C0000

direct allocation

page execute and read and write

C0B000

heap

page read and write

355F000

stack

page read and write

359E000

stack

page read and write

50DA000

trusted library allocation

page read and write

C1D000

heap

page read and write

1166000

unkown

page execute and read and write

40DE000

stack

page read and write

F70000

direct allocation

page read and write

2DFC000

stack

page read and write

F90000

unkown

page readonly

1245000

unkown

page execute and read and write

C0F000

heap

page read and write

558F000

stack

page read and write

F60000

heap

page read and write

F90000

unkown

page read and write

4AA1000

heap

page read and write

50B0000

direct allocation

page execute and read and write

572D000

stack

page read and write

BB3000

heap

page read and write

EFE000

stack

page read and write

37DF000

stack

page read and write

C1A000

heap

page read and write

BB6000

heap

page read and write

582E000

stack

page read and write

B92000

heap

page read and write

C1E000

heap

page read and write

5910000

heap

page read and write

5070000

direct allocation

page execute and read and write

509D000

stack

page read and write

B92000

heap

page read and write

4AA1000

heap

page read and write

409F000

stack

page read and write

BB3000

heap

page read and write

495F000

stack

page read and write

F70000

direct allocation

page read and write

5090000

direct allocation

page execute and read and write

F70000

direct allocation

page read and write

5A1F000

stack

page read and write

4F61000

direct allocation

page read and write

32DF000

stack

page read and write

5090000

direct allocation

page execute and read and write

FE5000

unkown

page execute and read and write

F70000

direct allocation

page read and write

B87000

heap

page read and write

3F9E000

stack

page read and write

4AA1000

heap

page read and write

421E000

stack

page read and write

B5A000

heap

page read and write

331E000

stack

page read and write

C0F000

heap

page read and write

5090000

direct allocation

page execute and read and write

C54000

heap

page read and write

B87000

heap

page read and write

BA5000

heap

page read and write

F70000

direct allocation

page read and write

544E000

stack

page read and write

C54000

heap

page read and write

530D000

stack

page read and write

B9E000

heap

page read and write

C54000

heap

page read and write

4AA1000

heap

page read and write

D50000

heap

page read and write

55EE000

stack

page read and write

4AA1000

heap

page read and write

B9E000

heap

page read and write

C54000

heap

page read and write

4A9F000

stack

page read and write

C54000

heap

page read and write

2E5D000

heap

page read and write

C1D000

heap

page read and write

4F10000

remote allocation

page read and write

BA5000

heap

page read and write

C54000

heap

page read and write

1283000

unkown

page execute and write copy

F91000

unkown

page execute and write copy

F70000

direct allocation

page read and write

345E000

stack

page read and write

36DE000

stack

page read and write

C54000

heap

page read and write

3E5E000

stack

page read and write

C21000

heap

page read and write

C1D000

heap

page read and write

C54000

heap

page read and write

C54000

heap

page read and write

56EF000

stack

page read and write

F70000

direct allocation

page read and write

C24000

heap

page read and write

449E000

stack

page read and write

B95000

heap

page read and write

534D000

stack

page read and write

C70000

heap

page read and write

C0F000

heap

page read and write

505F000

stack

page read and write

B95000

heap

page read and write

C08000

heap

page read and write

C1D000

heap

page read and write

4AA1000

heap

page read and write

3CDF000

stack

page read and write

5090000

direct allocation

page execute and read and write

4AA1000

heap

page read and write

5090000

direct allocation

page execute and read and write

520D000

stack

page read and write

C27000

heap

page read and write

548E000

stack

page read and write

381E000

stack

page read and write

B83000

heap

page read and write

4AA1000

heap

page read and write

391F000

stack

page read and write

3A5F000

stack

page read and write

2E3E000

stack

page read and write

309E000

stack

page read and write

1274000

unkown

page execute and read and write

FE3000

unkown

page write copy

C54000

heap

page read and write

4AA1000

heap

page read and write

51CD000

stack

page read and write

341F000

stack

page read and write

2E57000

heap

page read and write

C54000

heap

page read and write

2E40000

direct allocation

page read and write

F70000

direct allocation

page read and write

2E50000

heap

page read and write

F70000

direct allocation

page read and write

4F20000

direct allocation

page read and write

F5E000

stack

page read and write

BB7000

heap

page read and write

3A9E000

stack

page read and write

C23000

heap

page read and write

4AA1000

heap

page read and write

4AA1000

heap

page read and write

4EE0000

trusted library allocation

page read and write

7FB000

stack

page read and write

471E000

stack

page read and write

31DE000

stack

page read and write

4F5B000

stack

page read and write

1282000

unkown

page execute and read and write

4EE0000

heap

page read and write

F70000

direct allocation

page read and write

EBE000

stack

page read and write

C54000

heap

page read and write

5060000

direct allocation

page execute and read and write

459F000

stack

page read and write

41DF000

stack

page read and write

FD2000

unkown

page execute and read and write

3D1E000

stack

page read and write

499E000

stack

page read and write

50A0000

direct allocation

page execute and read and write

F70000

direct allocation

page read and write

2E40000

direct allocation

page read and write

F70000

direct allocation

page read and write

126B000

unkown

page execute and read and write

319F000

stack

page read and write

369F000

stack

page read and write

4AA1000

heap

page read and write

F70000

direct allocation

page read and write

5080000

direct allocation

page execute and read and write

481F000

stack

page read and write

3BDE000

stack

page read and write

3E1F000

stack

page read and write

C50000

heap

page read and write

B5E000

heap

page read and write

445F000

stack

page read and write

3F5F000

stack

page read and write

435E000

stack

page read and write

141C000

unkown

page execute and write copy

4AA0000

heap

page read and write

2F5F000

stack

page read and write

46DF000

stack

page read and write

4AA1000

heap

page read and write

4F10000

remote allocation

page read and write

3B9F000

stack

page read and write

1282000

unkown

page execute and write copy

4AA1000

heap

page read and write

C54000

heap

page read and write

C26000

heap

page read and write

B50000

heap

page read and write

FE3000

unkown

page write copy

C54000

heap

page read and write

4AA1000

heap

page read and write

151E000

stack

page read and write

4AA1000

heap

page read and write

45DE000

stack

page read and write

There are 190 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
file.exe

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportfile.exe

Processes

URLs

Domains

IPs

Memdumps

IOC Report
file.exe