Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\7RCmlvowtS.exe

"C:\Users\user\Desktop\7RCmlvowtS.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7536
Target ID:	0
Parent PID:	2580
Name:	7RCmlvowtS.exe
Path:	C:\Users\user\Desktop\7RCmlvowtS.exe
Commandline:	"C:\Users\user\Desktop\7RCmlvowtS.exe"
Size:	336896
MD5:	802DBB6B927E00C441681882BF12D9BA
Time:	07:04:08
Date:	13/02/2025
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x1e0000
Modulesize:	352256
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Found malware configuration	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Yara detected Amadeys stealer DLL	Stealing of Sensitive Information
PE file contains sections with non-standard names	Data Obfuscation
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
PE file contains a valid data directory to section mapping	System Summary
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a mix of data directories often seen in goodware	System Summary

URLs

Name

Malicious

kataraus.info/mbSDvj3/index.php

http://kataraus.info/mbSDvj3/index.phpav

unknown

http://kataraus.info/mbSDvj3/index.phpx-

unknown

http://kataraus.info/mbSDvj3q

unknown

http://kataraus.info/mbSDvj3/index.phpS

unknown

http://kataraus.info/mbSDvj3.G

unknown

http://kataraus.info/mbSDvj3/index.phpQ

unknown

http://kataraus.info/mbSDvj3/index.phpX

unknown

http://kataraus.info/mbSDvj3/index.phpW

unknown

http://kataraus.info/mbSDvj3/index.phpk

unknown

http://kataraus.info/mbSDvj3/index.php0u0u0u0u

unknown

http://kataraus.info/mbSDvj3/index.phpD58E8D259477ED049193

unknown

http://kataraus.info/mbSDvj3/index.phpi

unknown

http://kataraus.info/mbSDvj3/index.phpp

unknown

http://kataraus.info/mbSDvj3/index.phpo

unknown

http://kataraus.info/mbSDvj3/index.phpm

unknown

http://kataraus.info/mbSDvj3/index.phpa

unknown

http://kataraus.info/mbS

unknown

http://kataraus.info/mbSDvj3/index.phpe

unknown

http://kataraus.info/mbSDvj3/index.php9

unknown

http://kataraus.info/mbSDvj3/index.phpkataraus.info

unknown

http://kataraus.info/mbSDvj3/index.phpIy

unknown

http://kataraus.info/mbSDvj3/index.php?

unknown

http://kataraus.info/mbS6v

unknown

http://kataraus.info/mbSDvj3/index.php4

unknown

http://kataraus.info/mbSDvj3/index.php=.V

unknown

http://kataraus.info/mbSDvj3/index.php2

unknown

http://kataraus.infoAZ

unknown

http://kataraus.info/mbSDvj3/ind6H

unknown

http://kataraus.info/mbSDvj3/index.php7

unknown

http://kataraus.info/mbSDvj3/index.php5

unknown

http://kataraus.info/mbSDvj3/index.phpK

unknown

http://kataraus.info/mbSDvj3/index.ppG8

unknown

http://kataraus.info/mbSDvj3/index.phpkataraus.info5

unknown

http://kataraus.info/mbSDvj3/index.phpkar

unknown

http://kataraus.info/mbSDvj3/index.phpop

unknown

http://kataraus.info/mbSDvj3/index.phpataraus.info

unknown

http://kataraus.info/mbSDvj3/index.phpB

unknown

http://kataraus.info/mbSDvj3/index.php9DE2DCF335CE7804D58E8D259477ED049193p

unknown

http://kataraus.info/mbSDvj3/index.php7652C2

unknown

http://kataraus.info/mbSDvj3/index.phpF

unknown

http://kataraus.info/mbSDvj3/index.phpE

unknown

http://kataraus.info/mbSDvj3/index.phpY-

unknown

http://kataraus.info/mbSDvj3/index.phpppData

unknown

http://kataraus.info/mbSDvj3/index.phpfWl9

unknown

http://kataraus.info/mbSDvj3/index.phprasadhlp.dll

unknown

http://kataraus.info/mbSDvj3/index.phpr-

unknown

http://kataraus.info/

unknown

http://kataraus.info/mbSDvj3/index.phpAv9

unknown

http://kataraus.info/mbSDvj3/index.php(.

unknown

http://kataraus.info

unknown

http://kataraus.info/mbSDvj3/index.php/

unknown

http://kataraus.info/mbSDvj3/index.php.

unknown

http://kataraus.info/mbSDvj3/index.phpxy

unknown

http://kataraus.info/mbSDvj3/index.phpaus.info

unknown

http://kataraus.info/mbSDvj3/index.p

unknown

http://kataraus.info/mbSDvj3/index.php:-K

unknown

http://kataraus.info/mbSDvj3/index.php(

unknown

http://kataraus.info/mbSDvj3/index.php&

unknown

http://kataraus.info/mbSDvj3/index.phpj3

unknown

http://kataraus.info/mbSDvj3/indO

unknown

http://kataraus.info/mbSDvj3/index.php7m

unknown

http://kataraus.info/mbSDvj3/index.phpUK

unknown

http://kataraus.info/mbSDvj3/index.phpz

unknown

http://kataraus.info/mbSDvj3/index.phps

unknown

http://kataraus.info/mbSDvj3/ind

unknown

http://kataraus.info/mbSDvj3/index.php

unknown

http://kataraus.info/mbSDvj3/index.phpus

unknown

http://kataraus.info/mbSDvj3/index.php5-

unknown

http://kataraus.info/mbSDvj3/index.phps-

unknown

http://kataraus.info/mbSDvj3/index.phpv

unknown

http://kataraus.info/mbSDvj3/index.phpu

unknown

http://kataraus.info/mbSDvj3/index.paF

unknown

http://kataraus.info/mbSDvj3/index.php8su

unknown

http://kataraus.info/mbSDvj3

unknown

There are 65 hidden URLs, click here to show them.

Domains

Name

Malicious

kataraus.info

unknown

Details

Name:	kataraus.info
TargetID:	-1

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Sample uses string decryption to hide its real strings	AV Detection
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)	Networking
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

Download

216000

unkown

page readonly

1E1000

unkown

page execute read

1E1000

unkown

page execute read

B21000

heap

page read and write

B0C000

heap

page read and write

B2D000

heap

page read and write

B4D000

heap

page read and write

AE3000

heap

page read and write

B2D000

heap

page read and write

B17000

heap

page read and write

B0C000

heap

page read and write

B49000

heap

page read and write

B49000

heap

page read and write

AF7000

heap

page read and write

B13000

heap

page read and write

B1A000

heap

page read and write

AFA000

heap

page read and write

B18000

heap

page read and write

B2D000

heap

page read and write

B0A000

heap

page read and write

B21000

heap

page read and write

B0F000

heap

page read and write

B17000

heap

page read and write

B2D000

heap

page read and write

B17000

heap

page read and write

B13000

heap

page read and write

B0C000

heap

page read and write

B12000

heap

page read and write

AF7000

heap

page read and write

B0A000

heap

page read and write

AE8000

heap

page read and write

AF9000

heap

page read and write

1E0000

unkown

page readonly

B17000

heap

page read and write

AE9000

heap

page read and write

AFB000

heap

page read and write

B1B000

heap

page read and write

AEF000

heap

page read and write

B12000

heap

page read and write

B2D000

heap

page read and write

B0F000

heap

page read and write

AE5000

heap

page read and write

B0C000

heap

page read and write

B0C000

heap

page read and write

B49000

heap

page read and write

B0C000

heap

page read and write

ADE000

heap

page read and write

AE8000

heap

page read and write

ACB000

heap

page read and write

B10000

heap

page read and write

7FD000

stack

page read and write

AE9000

heap

page read and write

B1D000

heap

page read and write

AEF000

heap

page read and write

B18000

heap

page read and write

AFB000

heap

page read and write

B08000

heap

page read and write

B1D000

heap

page read and write

B0C000

heap

page read and write

B0B000

heap

page read and write

B12000

heap

page read and write

B21000

heap

page read and write

B0F000

heap

page read and write

B11000

heap

page read and write

AEF000

heap

page read and write

B0C000

heap

page read and write

ADE000

heap

page read and write

B0A000

heap

page read and write

B1D000

heap

page read and write

AF7000

heap

page read and write

AE5000

heap

page read and write

AF9000

heap

page read and write

AEF000

heap

page read and write

AED000

heap

page read and write

B18000

heap

page read and write

B21000

heap

page read and write

B1D000

heap

page read and write

B21000

heap

page read and write

AE5000

heap

page read and write

B08000

heap

page read and write

ACC000

heap

page read and write

B21000

heap

page read and write

B0C000

heap

page read and write

B21000

heap

page read and write

AF7000

heap

page read and write

AE8000

heap

page read and write

B41000

heap

page read and write

AFB000

heap

page read and write

B4C000

heap

page read and write

B17000

heap

page read and write

B13000

heap

page read and write

2B60000

heap

page read and write

AEF000

heap

page read and write

B08000

heap

page read and write

B21000

heap

page read and write

B4D000

heap

page read and write

B41000

heap

page read and write

B17000

heap

page read and write

AEF000

heap

page read and write

AF7000

heap

page read and write

ACB000

heap

page read and write

B15000

heap

page read and write

B10000

heap

page read and write

AF7000

heap

page read and write

B0C000

heap

page read and write

B03000

heap

page read and write

AE2000

heap

page read and write

B2D000

heap

page read and write

B10000

heap

page read and write

B0C000

heap

page read and write

B17000

heap

page read and write

AF7000

heap

page read and write

B03000

heap

page read and write

B0C000

heap

page read and write

AEC000

heap

page read and write

AEF000

heap

page read and write

B03000

heap

page read and write

ADE000

heap

page read and write

280B000

stack

page read and write

B19000

heap

page read and write

B0D000

heap

page read and write

B0F000

heap

page read and write

B08000

heap

page read and write

B0F000

heap

page read and write

AF7000

heap

page read and write

AFB000

heap

page read and write

B0B000

heap

page read and write

B14000

heap

page read and write

B13000

heap

page read and write

B11000

heap

page read and write

B13000

heap

page read and write

B49000

heap

page read and write

B14000

heap

page read and write

A60000

heap

page read and write

B1D000

heap

page read and write

AE6000

heap

page read and write

F20000

heap

page read and write

B11000

heap

page read and write

AEF000

heap

page read and write

AE3000

heap

page read and write

AF7000

heap

page read and write

B11000

heap

page read and write

AF7000

heap

page read and write

B20000

heap

page read and write

B03000

heap

page read and write

B12000

heap

page read and write

B1A000

heap

page read and write

B1D000

heap

page read and write

ADE000

heap

page read and write

B0C000

heap

page read and write

B17000

heap

page read and write

BC5000

heap

page read and write

B1B000

heap

page read and write

B2A000

heap

page read and write

2F9E000

stack

page read and write

B0C000

heap

page read and write

B2D000

heap

page read and write

B03000

heap

page read and write

B19000

heap

page read and write

B14000

heap

page read and write

B4C000

heap

page read and write

338D000

stack

page read and write

B17000

heap

page read and write

B49000

heap

page read and write

AFB000

heap

page read and write

B44000

heap

page read and write

AF0000

heap

page read and write

B0F000

heap

page read and write

B4D000

heap

page read and write

B14000

heap

page read and write

B13000

heap

page read and write

B49000

heap

page read and write

B2D000

heap

page read and write

B0F000

heap

page read and write

B0F000

heap

page read and write

B0C000

heap

page read and write

AE8000

heap

page read and write

B09000

heap

page read and write

B21000

heap

page read and write

B11000

heap

page read and write

B10000

heap

page read and write

B0C000

heap

page read and write

B43000

heap

page read and write

B43000

heap

page read and write

216000

unkown

page readonly

B0C000

heap

page read and write

B12000

heap

page read and write

B49000

heap

page read and write

AEF000

heap

page read and write

B0B000

heap

page read and write

B1A000

heap

page read and write

B08000

heap

page read and write

B0F000

heap

page read and write

B14000

heap

page read and write

AEF000

heap

page read and write

ADE000

heap

page read and write

B2D000

heap

page read and write

AF7000

heap

page read and write

AF7000

heap

page read and write

AE2000

heap

page read and write

B44000

heap

page read and write

A70000

heap

page read and write

B17000

heap

page read and write

332D000

stack

page read and write

B43000

heap

page read and write

B0C000

heap

page read and write

AEF000

heap

page read and write

B14000

heap

page read and write

B44000

heap

page read and write

B11000

heap

page read and write

B0C000

heap

page read and write

B17000

heap

page read and write

348D000

stack

page read and write

AF7000

heap

page read and write

AFB000

heap

page read and write

B0F000

heap

page read and write

B70000

heap

page read and write

ACB000

heap

page read and write

B0C000

heap

page read and write

AFB000

heap

page read and write

309F000

stack

page read and write

AEC000

heap

page read and write

B0C000

heap

page read and write

B19000

heap

page read and write

AE5000

heap

page read and write

B49000

heap

page read and write

6FC000

stack

page read and write

AE7000

heap

page read and write

ADE000

heap

page read and write

226000

unkown

page read and write

AEF000

heap

page read and write

B13000

heap

page read and write

B21000

heap

page read and write

B11000

heap

page read and write

B0C000

heap

page read and write

B17000

heap

page read and write

AFB000

heap

page read and write

B41000

heap

page read and write

AE3000

heap

page read and write

B0C000

heap

page read and write

B12000

heap

page read and write

B1D000

heap

page read and write

B21000

heap

page read and write

B10000

heap

page read and write

B14000

heap

page read and write

B4D000

heap

page read and write

AFB000

heap

page read and write

B19000

heap

page read and write

B22000

heap

page read and write

AE9000

heap

page read and write

B21000

heap

page read and write

B18000

heap

page read and write

B2D000

heap

page read and write

22D000

unkown

page write copy

AE8000

heap

page read and write

ADE000

heap

page read and write

AF7000

heap

page read and write

AFB000

heap

page read and write

AEF000

heap

page read and write

AE8000

heap

page read and write

B1D000

heap

page read and write

B11000

heap

page read and write

AF0000

heap

page read and write

B49000

heap

page read and write

AE9000

heap

page read and write

B0C000

heap

page read and write

AF7000

heap

page read and write

AF7000

heap

page read and write

B1A000

heap

page read and write

B21000

heap

page read and write

B03000

heap

page read and write

B14000

heap

page read and write

AF7000

heap

page read and write

B21000

heap

page read and write

AF7000

heap

page read and write

D9F000

stack

page read and write

AE8000

heap

page read and write

AF7000

heap

page read and write

B15000

heap

page read and write

B18000

heap

page read and write

B2D000

heap

page read and write

B2D000

heap

page read and write

B13000

heap

page read and write

B0F000

heap

page read and write

226000

unkown

page write copy

AE9000

heap

page read and write

B17000

heap

page read and write

B45000

heap

page read and write

B19000

heap

page read and write

AFB000

heap

page read and write

ACB000

heap

page read and write

B29000

heap

page read and write

B2D000

heap

page read and write

31ED000

stack

page read and write

AEF000

heap

page read and write

B45000

heap

page read and write

B41000

heap

page read and write

B20000

heap

page read and write

AEF000

heap

page read and write

B0C000

heap

page read and write

AE3000

heap

page read and write

AEF000

heap

page read and write

B2D000

heap

page read and write

B21000

heap

page read and write

B10000

heap

page read and write

229000

unkown

page readonly

B14000

heap

page read and write

AEF000

heap

page read and write

AFB000

heap

page read and write

B49000

heap

page read and write

AEF000

heap

page read and write

B2D000

heap

page read and write

B0C000

heap

page read and write

AEF000

heap

page read and write

B0F000

heap

page read and write

B0C000

heap

page read and write

B17000

heap

page read and write

B12000

heap

page read and write

B41000

heap

page read and write

B0C000

heap

page read and write

AFB000

heap

page read and write

B41000

heap

page read and write

B03000

heap

page read and write

B03000

heap

page read and write

B41000

heap

page read and write

AEF000

heap

page read and write

B21000

heap

page read and write

B1D000

heap

page read and write

B13000

heap

page read and write

AF7000

heap

page read and write

AF7000

heap

page read and write

AE6000

heap

page read and write

B2D000

heap

page read and write

B41000

heap

page read and write

ACA000

heap

page read and write

AF9000

heap

page read and write

B0A000

heap

page read and write

B0C000

heap

page read and write

AF5000

heap

page read and write

B21000

heap

page read and write

AEF000

heap

page read and write

B0C000

heap

page read and write

B0C000

heap

page read and write

ADE000

heap

page read and write

AE9000

heap

page read and write

B0D000

heap

page read and write

B0C000

heap

page read and write

B14000

heap

page read and write

ADE000

heap

page read and write

AF7000

heap

page read and write

AFA000

heap

page read and write

AF7000

heap

page read and write

B13000

heap

page read and write

B2D000

heap

page read and write

B0C000

heap

page read and write

AF7000

heap

page read and write

B19000

heap

page read and write

B0C000

heap

page read and write

B2D000

heap

page read and write

AF7000

heap

page read and write

BBE000

stack

page read and write

B03000

heap

page read and write

B19000

heap

page read and write

AEF000

heap

page read and write

B0C000

heap

page read and write

AF0000

heap

page read and write

ADE000

heap

page read and write

322D000

stack

page read and write

ACA000

heap

page read and write

B0A000

heap

page read and write

B17000

heap

page read and write

AF7000

heap

page read and write

B2D000

heap

page read and write

B4C000

heap

page read and write

AF8000

heap

page read and write

B19000

heap

page read and write

B13000

heap

page read and write

AF7000

heap

page read and write

AE8000

heap

page read and write

AE5000

heap

page read and write

B18000

heap

page read and write

B13000

heap

page read and write

B03000

heap

page read and write

B2D000

heap

page read and write

B1D000

heap

page read and write

B13000

heap

page read and write

B13000

heap

page read and write

B0C000

heap

page read and write

B19000

heap

page read and write

B14000

heap

page read and write

B2D000

heap

page read and write

B0C000

heap

page read and write

AEE000

heap

page read and write

B0C000

heap

page read and write

B2D000

heap

page read and write

AEC000

heap

page read and write

AEF000

heap

page read and write

30EE000

stack

page read and write

B0C000

heap

page read and write

AF7000

heap

page read and write

B2D000

heap

page read and write

B1D000

heap

page read and write

B0C000

heap

page read and write

ACB000

heap

page read and write

B0C000

heap

page read and write

AF7000

heap

page read and write

AFB000

heap

page read and write

B12000

heap

page read and write

AE5000

heap

page read and write

ACB000

heap

page read and write

B2D000

heap

page read and write

AF7000

heap

page read and write

B21000

heap

page read and write

AE9000

heap

page read and write

1E0000

unkown

page readonly

B2D000

heap

page read and write

B0D000

heap

page read and write

B0C000

heap

page read and write

B03000

heap

page read and write

B41000

heap

page read and write

B0F000

heap

page read and write

A7E000

heap

page read and write

B13000

heap

page read and write

ACC000

heap

page read and write

ACA000

heap

page read and write

B18000

heap

page read and write

AE8000

heap

page read and write

AF7000

heap

page read and write

B1E000

heap

page read and write

B0C000

heap

page read and write

B4D000

heap

page read and write

B21000

heap

page read and write

B21000

heap

page read and write

B14000

heap

page read and write

AE8000

heap

page read and write

B0C000

heap

page read and write

B0C000

heap

page read and write

BC0000

heap

page read and write

22D000

unkown

page write copy

B1A000

heap

page read and write

B17000

heap

page read and write

ADE000

heap

page read and write

B03000

heap

page read and write

B0F000

heap

page read and write

AF7000

heap

page read and write

B0C000

heap

page read and write

B17000

heap

page read and write

B2D000

heap

page read and write

B17000

heap

page read and write

B21000

heap

page read and write

B17000

heap

page read and write

ADE000

heap

page read and write

B41000

heap

page read and write

B0C000

heap

page read and write

AEF000

heap

page read and write

AEF000

heap

page read and write

B13000

heap

page read and write

B49000

heap

page read and write

B13000

heap

page read and write

B19000

heap

page read and write

B17000

heap

page read and write

B49000

heap

page read and write

B11000

heap

page read and write

AED000

heap

page read and write

B2D000

heap

page read and write

B0C000

heap

page read and write

B21000

heap

page read and write

B0C000

heap

page read and write

B0C000

heap

page read and write

B19000

heap

page read and write

AFC000

heap

page read and write

B19000

heap

page read and write

B14000

heap

page read and write

ACA000

heap

page read and write

B03000

heap

page read and write

B13000

heap

page read and write

B14000

heap

page read and write

AEF000

heap

page read and write

AE5000

heap

page read and write

B2D000

heap

page read and write

B17000

heap

page read and write

B1D000

heap

page read and write

B49000

heap

page read and write

B13000

heap

page read and write

2DFF000

stack

page read and write

AEE000

heap

page read and write

B14000

heap

page read and write

B19000

heap

page read and write

B1D000

heap

page read and write

B14000

heap

page read and write

A7A000

heap

page read and write

B17000

heap

page read and write

B0F000

heap

page read and write

B19000

heap

page read and write

B49000

heap

page read and write

AFC000

heap

page read and write

B0C000

heap

page read and write

B13000

heap

page read and write

270C000

stack

page read and write

B2D000

heap

page read and write

ADE000

heap

page read and write

AEF000

heap

page read and write

B28000

heap

page read and write

B17000

heap

page read and write

AF7000

heap

page read and write

B4D000

heap

page read and write

AEF000

heap

page read and write

AF7000

heap

page read and write

ACB000

heap

page read and write

AE9000

heap

page read and write

B0C000

heap

page read and write

AF7000

heap

page read and write

B19000

heap

page read and write

B11000

heap

page read and write

B08000

heap

page read and write

B23000

heap

page read and write

B41000

heap

page read and write

B13000

heap

page read and write

B2D000

heap

page read and write

AFC000

heap

page read and write

B10000

heap

page read and write

B11000

heap

page read and write

2CFE000

stack

page read and write

B13000

heap

page read and write

AE9000

heap

page read and write

B0F000

heap

page read and write

B03000

heap

page read and write

B2D000

heap

page read and write

AF7000

heap

page read and write

B0D000

heap

page read and write

B19000

heap

page read and write

B1D000

heap

page read and write

B11000

heap

page read and write

AF7000

heap

page read and write

AE9000

heap

page read and write

B18000

heap

page read and write

AF7000

heap

page read and write

AEF000

heap

page read and write

B1A000

heap

page read and write

AF9000

heap

page read and write

B2D000

heap

page read and write

B2D000

heap

page read and write

B08000

heap

page read and write

B0C000

heap

page read and write

B10000

heap

page read and write

B0A000

heap

page read and write

B29000

heap

page read and write

B1B000

heap

page read and write

B41000

heap

page read and write

AF7000

heap

page read and write

229000

unkown

page readonly

There are 541 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
7RCmlvowtS.exe

Processes

URLs

Domains

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report7RCmlvowtS.exe

Processes

URLs

Domains

Memdumps

IOC Report
7RCmlvowtS.exe