Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\file.exe

"C:\Users\user\Desktop\file.exe"

Details

Is windows:	false
Is dropped:	false
PID:	2080
Target ID:	0
Parent PID:	2580
Name:	file.exe
Path:	C:\Users\user\Desktop\file.exe
Commandline:	"C:\Users\user\Desktop\file.exe"
Size:	1832448
MD5:	0F2FE11AD182A5DACCCB11F8AEC704D0
Time:	19:32:56
Date:	09/12/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xb30000
Modulesize:	4755456
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Detected unpacking (changes PE section rights)	Data Obfuscation	Software Packing
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
PE file contains section with special chars	System Summary
PE file contains an invalid checksum	Data Obfuscation
PE file contains sections with non-standard names	Data Obfuscation
Uses 32bit PE files	Compliance, System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011)	System Summary	Software Packing
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery
Sample is known by Antivirus	System Summary
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
Sample reads its own file content	System Summary
PE file has a big raw section	System Summary
Submission file is bigger than most known malware samples	System Summary

URLs

Name

Malicious

dare-curbys.biz

impend-differ.biz

zinc-sneark.biz

covery-mover.biz

https://atten-supporse.biz/7E

unknown

https://atten-supporse.biz/WE

unknown

formy-spill.biz

atten-supporse.biz

https://atten-supporse.biz/api

104.21.80.1

https://atten-supporse.biz:443/api

unknown

https://atten-supporse.biz/apit

unknown

se-blurry.biz

https://atten-supporse.biz/GE1

unknown

print-vexer.biz

dwell-exclaim.biz

https://atten-supporse.biz/gE

unknown

https://atten-supporse.biz/apii

unknown

https://atten-supporse.biz/apiw3

unknown

There are 8 hidden URLs, click here to show them.

Domains

Name

Malicious

atten-supporse.biz

104.21.80.1

Details

Name:	atten-supporse.biz
IP:	104.21.80.1
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Sample uses string decryption to hide its real strings	AV Detection
Suricata IDS alerts with low severity for network traffic	Networking
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

IPs

Domain

Country

Malicious

104.21.80.1

atten-supporse.biz

United States

Details

IP:	104.21.80.1
TargetID:	0
Current Path:	C:\Users\user\Desktop\file.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	atten-supporse.biz

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Suricata IDS alerts with low severity for network traffic	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

52D0000

direct allocation

page read and write

52D0000

direct allocation

page read and write

177E000

stack

page read and write

31E0000

direct allocation

page read and write

B83000

unkown

page write copy

457E000

stack

page read and write

13C0000

heap

page read and write

32FF000

stack

page read and write

52C0000

remote allocation

page read and write

1459000

heap

page read and write

1564000

heap

page read and write

1420000

heap

page read and write

4E41000

heap

page read and write

52C0000

remote allocation

page read and write

4E50000

heap

page read and write

3A3F000

stack

page read and write

1564000

heap

page read and write

31F7000

heap

page read and write

4E41000

heap

page read and write

4E41000

heap

page read and write

549D000

trusted library allocation

page read and write

5450000

direct allocation

page execute and read and write

1462000

heap

page read and write

1410000

heap

page read and write

14D7000

heap

page read and write

E07000

unkown

page execute and read and write

5311000

direct allocation

page read and write

5280000

trusted library allocation

page read and write

31E0000

direct allocation

page read and write

1564000

heap

page read and write

14D9000

heap

page read and write

315F000

stack

page read and write

1459000

heap

page read and write

31E0000

direct allocation

page read and write

31E0000

direct allocation

page read and write

4E41000

heap

page read and write

4E3F000

stack

page read and write

31E0000

direct allocation

page read and write

353F000

stack

page read and write

1564000

heap

page read and write

B30000

unkown

page readonly

5450000

direct allocation

page execute and read and write

4E41000

heap

page read and write

1483000

heap

page read and write

5AEE000

stack

page read and write

5450000

direct allocation

page execute and read and write

367F000

stack

page read and write

1454000

heap

page read and write

343E000

stack

page read and write

1564000

heap

page read and write

1564000

heap

page read and write

41FE000

stack

page read and write

14DE000

heap

page read and write

3F3F000

stack

page read and write

B85000

unkown

page execute and read and write

393E000

stack

page read and write

1564000

heap

page read and write

443F000

stack

page read and write

1564000

heap

page read and write

38FF000

stack

page read and write

B83000

unkown

page write copy

FB5000

unkown

page execute and read and write

B31000

unkown

page execute and read and write

1466000

heap

page read and write

E1D000

unkown

page execute and read and write

31E0000

direct allocation

page read and write

1560000

heap

page read and write

31E0000

direct allocation

page read and write

4E41000

heap

page read and write

319C000

stack

page read and write

47FF000

stack

page read and write

31F0000

heap

page read and write

1564000

heap

page read and write

14EE000

heap

page read and write

570E000

stack

page read and write

5BEE000

stack

page read and write

1462000

heap

page read and write

187E000

stack

page read and write

1564000

heap

page read and write

407F000

stack

page read and write

31E0000

direct allocation

page read and write

4D3E000

stack

page read and write

33FF000

stack

page read and write

52D0000

direct allocation

page read and write

4E40000

heap

page read and write

37FE000

stack

page read and write

4E41000

heap

page read and write

D06000

unkown

page execute and read and write

3CFE000

stack

page read and write

FB6000

unkown

page execute and write copy

B72000

unkown

page execute and read and write

3F7E000

stack

page read and write

497E000

stack

page read and write

5E1F000

stack

page read and write

4E41000

heap

page read and write

31E0000

direct allocation

page read and write

4A7F000

stack

page read and write

3B7F000

stack

page read and write

E1D000

unkown

page execute and write copy

594F000

stack

page read and write

31E0000

direct allocation

page read and write

4E41000

heap

page read and write

B31000

unkown

page execute and write copy

5450000

direct allocation

page execute and read and write

42FF000

stack

page read and write

56CD000

stack

page read and write

4E41000

heap

page read and write

31E0000

direct allocation

page read and write

31FD000

heap

page read and write

52C0000

remote allocation

page read and write

37BF000

stack

page read and write

433E000

stack

page read and write

5430000

direct allocation

page execute and read and write

4E41000

heap

page read and write

13B0000

heap

page read and write

55CD000

stack

page read and write

3A7E000

stack

page read and write

5C5E000

stack

page read and write

5D10000

heap

page read and write

5440000

direct allocation

page execute and read and write

4E41000

heap

page read and write

146F000

heap

page read and write

142E000

heap

page read and write

E1E000

unkown

page execute and write copy

31E0000

direct allocation

page read and write

173E000

stack

page read and write

46BF000

stack

page read and write

4BFE000

stack

page read and write

DE0000

unkown

page execute and read and write

540F000

stack

page read and write

31E0000

direct allocation

page read and write

14EE000

heap

page read and write

4BBF000

stack

page read and write

45BE000

stack

page read and write

3CBF000

stack

page read and write

1564000

heap

page read and write

357E000

stack

page read and write

5470000

direct allocation

page execute and read and write

305E000

stack

page read and write

31DE000

stack

page read and write

59AE000

stack

page read and write

558D000

stack

page read and write

530C000

stack

page read and write

493F000

stack

page read and write

4E41000

heap

page read and write

46FE000

stack

page read and write

580F000

stack

page read and write

1466000

heap

page read and write

31E0000

direct allocation

page read and write

4E41000

heap

page read and write

1486000

heap

page read and write

4CFF000

stack

page read and write

5420000

direct allocation

page execute and read and write

41BF000

stack

page read and write

447E000

stack

page read and write

483E000

stack

page read and write

155E000

stack

page read and write

584E000

stack

page read and write

4E41000

heap

page read and write

5AAF000

stack

page read and write

B30000

unkown

page read and write

14EC000

heap

page read and write

1564000

heap

page read and write

1485000

heap

page read and write

14E9000

heap

page read and write

3BBE000

stack

page read and write

4ABE000

stack

page read and write

142A000

heap

page read and write

1564000

heap

page read and write

5450000

direct allocation

page execute and read and write

5460000

direct allocation

page execute and read and write

135B000

stack

page read and write

146F000

heap

page read and write

4E41000

heap

page read and write

5480000

direct allocation

page execute and read and write

1564000

heap

page read and write

5450000

direct allocation

page execute and read and write

545D000

stack

page read and write

1483000

heap

page read and write

40BE000

stack

page read and write

4E41000

heap

page read and write

4E41000

heap

page read and write

5280000

heap

page read and write

3DFF000

stack

page read and write

36BE000

stack

page read and write

4E41000

heap

page read and write

E0E000

unkown

page execute and read and write

125B000

stack

page read and write

1564000

heap

page read and write

3E3E000

stack

page read and write

There are 180 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
file.exe

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportfile.exe

Processes

URLs

Domains

IPs

Memdumps

IOC Report
file.exe