Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\SHIPPING ADVICE#2025.exe

"C:\Users\user\Desktop\SHIPPING ADVICE#2025.exe"

Details

Is windows:	false
Is dropped:	false
PID:	8052
Target ID:	1
Parent PID:	3964
Name:	SHIPPING ADVICE#2025.exe
Path:	C:\Users\user\Desktop\SHIPPING ADVICE#2025.exe
Commandline:	"C:\Users\user\Desktop\SHIPPING ADVICE#2025.exe"
Size:	808960
MD5:	114E2C7C234714BBA8CE80B667AC599A
Time:	03:50:21
Date:	28/03/2025
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x880000
Modulesize:	835584
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Yara detected AntiVM3	Malware Analysis System Evasion
Yara detected Telegram RAT	Stealing of Sensitive Information, Remote Access Functionality
Yara detected VIP Keylogger	Stealing of Sensitive Information, Remote Access Functionality
Binary contains a suspicious time stamp	Data Obfuscation	Timestomp
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3)	System Summary	Software Packing
Creates files inside the user directory	System Summary	Masquerading
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
Spawns processes	System Summary	Process Injection
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

Details

Is windows:	true
Is dropped:	false
PID:	8184
Target ID:	2
Parent PID:	8052
Name:	MSBuild.exe
Class:	system-tools
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Size:	262432
MD5:	8FDF47E0FF70C40ED3A17014AEEA4232
Time:	03:50:24
Date:	28/03/2025
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x530000
Modulesize:	262144
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Yara detected Telegram RAT	Stealing of Sensitive Information, Remote Access Functionality
Yara detected VIP Keylogger	Stealing of Sensitive Information, Remote Access Functionality
Allocates memory in foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Sigma detected: Silenttrinity Stager Msbuild Activity	System Summary
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Yara detected Credential Stealer	Stealing of Sensitive Information
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

http://www.fontbureau.com/designersG

unknown

https://duckduckgo.com/ac/?q=

unknown

http://www.fontbureau.com/designers/?

unknown

http://www.founder.com.cn/cn/bThe

unknown

https://api.telegram.org

unknown

https://api.telegram.org/bot

unknown

http://www.fontbureau.com/designers?

unknown

https://www.office.com/lB

unknown

http://www.tiro.com

unknown

http://c.pki.goog/r/r4.crl

142.251.35.163

https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=

unknown

http://www.fontbureau.com/designers

unknown

https://chrome.google.com/webstore?hl=en

unknown

http://varders.kozow.com:8081

unknown

http://www.sajatypeworks.com

unknown

http://www.typography.netD

unknown

https://www.google.com/images/branding/product/ico/googleg_alldp.ico

unknown

http://www.founder.com.cn/cn/cThe

unknown

http://www.galapagosdesign.com/staff/dennis.htm

unknown

http://checkip.dyndns.org/

193.122.6.168

https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search

unknown

http://checkip.dyndns.org/q

unknown

https://chrome.google.com/webstore?hl=enlB

unknown

http://reallyfreegeoip.org

unknown

http://www.galapagosdesign.com/DPlease

unknown

https://api.telegram

unknown

http://c.pki.goog/r/gsr1.crl

142.251.35.163

https://reallyfreegeoip.org/xml/45.92.229.138

104.21.32.1

http://www.fonts.com

unknown

http://checkip.dyndns.com

unknown

http://www.urwpp.deDPlease

unknown

http://www.zhongyicts.com.cn

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

unknown

http://www.sakkal.com

unknown

https://reallyfreegeoip.org/xml/

unknown

https://www.office.com/

unknown

http://www.apache.org/licenses/LICENSE-2.0

unknown

http://www.fontbureau.com

unknown

https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:701188%0D%0ADate%20a

unknown

https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=

unknown

https://ac.ecosia.org?q=

unknown

http://checkip.dyndns.org

unknown

https://chrome.google.com/webstore?hl=en4

unknown

https://reallyfreegeoip.org/xml/45.92.229.138$

unknown

https://api.telegram.org/bot/sendMessage?chat_id=&text=

unknown

https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:701188%0D%0ADate%20and%20Time:%2028/03/2025%20/%2011:08:23%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20701188%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D

149.154.167.220

http://www.carterandcone.coml

unknown

http://aborters.duckdns.org:8081

unknown

http://www.fontbureau.com/designers/cabarga.htmlN

unknown

http://www.founder.com.cn/cn

unknown

https://www.ecosia.org/newtab/v20

unknown

http://www.fontbureau.com/designers/frere-user.html

unknown

https://www.office.com/4

unknown

http://anotherarmy.dns.army:8081

unknown

https://duckduckgo.com/chrome_newtabv20

unknown

http://www.jiyu-kobo.co.jp/

unknown

https://reallyfreegeoip.org

unknown

http://www.fontbureau.com/designers8

unknown

http://api.telegram.org

unknown

https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=

unknown

https://gemini.google.com/app?q=

unknown

http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded

unknown

There are 52 hidden URLs, click here to show them.

Domains

Name

Malicious

bg.microsoft.map.fastly.net

199.232.90.172

reallyfreegeoip.org

104.21.32.1

Details

Name:	reallyfreegeoip.org
IP:	104.21.32.1
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Tries to detect the country of the analysis system (by using the IP)	Location Tracking
HTTP GET or POST without a user agent	Networking
May check the online IP address of the machine	Networking	System Network Configuration Discovery
Suricata IDS alerts with low severity for network traffic	Networking
Uses insecure TLS / SSL version for HTTPS connection	Compliance, Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

api.telegram.org

149.154.167.220

Details

Name:	api.telegram.org
IP:	149.154.167.220
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Uses the Telegram API (likely for C&C communication)	Networking	Web Service
HTTP GET or POST without a user agent	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

pki-goog.l.google.com

142.251.35.163

checkip.dyndns.com

193.122.6.168

Details

Name:	checkip.dyndns.com
IP:	193.122.6.168
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Silenttrinity Stager Msbuild Activity	System Summary
Suricata IDS alerts with low severity for network traffic	Networking
URLs found in memory or binary data	Networking

checkip.dyndns.org

unknown

Details

Name:	checkip.dyndns.org
TargetID:	-1
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
May check the online IP address of the machine	Networking	System Network Configuration Discovery
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

c.pki.goog

unknown

Details

Name:	c.pki.goog
TargetID:	-1
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

149.154.167.220

api.telegram.org

United Kingdom

Details

IP:	149.154.167.220
TargetID:	2
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Country:	United Kingdom
Countrycode:	GBR
ASN number:	62041
ASN name:	TELEGRAMRU
Private:	false
Domain:	api.telegram.org

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

104.21.32.1

reallyfreegeoip.org

United States

Details

IP:	104.21.32.1
TargetID:	2
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	reallyfreegeoip.org

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts with low severity for network traffic	Networking
Uses insecure TLS / SSL version for HTTPS connection	Compliance, Networking

193.122.6.168

checkip.dyndns.com

United States

Details

IP:	193.122.6.168
TargetID:	2
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Country:	United States
Countrycode:	USA
ASN number:	31898
ASN name:	ORACLE-BMC-31898US
Private:	false
Domain:	checkip.dyndns.com

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Silenttrinity Stager Msbuild Activity	System Summary
Suricata IDS alerts with low severity for network traffic	Networking

Registry

Path

Value

Malicious

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32

EnableFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32

EnableAutoFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32

FileTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32

ConsoleTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32

MaxFileSize

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32

FileDirectory

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS

EnableFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS

EnableAutoFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS

FileTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS

ConsoleTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS

MaxFileSize

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS

FileDirectory

There are 5 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

Download

402000

remote allocation

page execute and read and write

28E1000

trusted library allocation

page read and write

4449000

trusted library allocation

page read and write

B3DE000

stack

page read and write

A7E000

stack

page read and write

6430000

trusted library allocation

page execute and read and write

4D43000

heap

page read and write

28BE000

stack

page read and write

49DE000

stack

page read and write

8B60000

heap

page read and write

1440000

trusted library allocation

page read and write

882000

unkown

page readonly

2BFB000

stack

page read and write

2B76000

trusted library allocation

page read and write

2B7A000

trusted library allocation

page read and write

1003000

trusted library allocation

page execute and read and write

5CD0000

heap

page read and write

56B0000

trusted library allocation

page read and write

51E0000

trusted library allocation

page read and write

6500000

trusted library allocation

page read and write

5E76000

heap

page read and write

5FA000

stack

page read and write

3C41000

trusted library allocation

page read and write

1020000

trusted library allocation

page read and write

4D71000

trusted library allocation

page read and write

4D5B000

trusted library allocation

page read and write

295C000

trusted library allocation

page read and write

C55000

trusted library allocation

page execute and read and write

3B16000

trusted library allocation

page read and write

51C0000

trusted library allocation

page execute and read and write

3A2E000

trusted library allocation

page read and write

C5B000

trusted library allocation

page execute and read and write

1037000

trusted library allocation

page execute and read and write

626E000

stack

page read and write

3BA2000

trusted library allocation

page read and write

2985000

trusted library allocation

page read and write

10A8000

heap

page read and write

28C0000

trusted library allocation

page read and write

C80000

trusted library allocation

page execute and read and write

2A40000

trusted library allocation

page read and write

10E1000

heap

page read and write

2A79000

trusted library allocation

page read and write

5420000

heap

page execute and read and write

8C7E000

stack

page read and write

AD0000

heap

page read and write

2BBE000

stack

page read and write

2958000

trusted library allocation

page read and write

4D82000

trusted library allocation

page read and write

63DD000

trusted library allocation

page read and write

2A2D000

trusted library allocation

page read and write

2C41000

trusted library allocation

page read and write

10DF000

heap

page read and write

1060000

trusted library allocation

page execute and read and write

5390000

trusted library allocation

page execute and read and write

4D5E000

trusted library allocation

page read and write

63E0000

trusted library allocation

page execute and read and write

3C58000

trusted library allocation

page read and write

541B000

stack

page read and write

D49000

heap

page read and write

60AE000

stack

page read and write

102A000

trusted library allocation

page execute and read and write

63D0000

trusted library allocation

page read and write

101D000

trusted library allocation

page execute and read and write

2BB2000

trusted library allocation

page read and write

110E000

heap

page read and write

CF7000

stack

page read and write

6400000

trusted library allocation

page execute and read and write

5CEE000

stack

page read and write

3A76000

trusted library allocation

page read and write

394D000

trusted library allocation

page read and write

5E7C000

heap

page read and write

1450000

heap

page execute and read and write

566D000

stack

page read and write

D82000

heap

page read and write

2A71000

trusted library allocation

page read and write

2BF2000

trusted library allocation

page read and write

63AE000

stack

page read and write

8BAC000

heap

page read and write

103B000

trusted library allocation

page execute and read and write

3AA8000

trusted library allocation

page read and write

FDE000

stack

page read and write

298D000

trusted library allocation

page read and write

51B0000

heap

page read and write

3B39000

trusted library allocation

page read and write

2932000

trusted library allocation

page read and write

27A0000

trusted library allocation

page read and write

948000

unkown

page readonly

7410000

trusted library allocation

page execute and read and write

129E000

stack

page read and write

39F0000

trusted library allocation

page read and write

1026000

trusted library allocation

page execute and read and write

5141000

trusted library allocation

page read and write

5E5E000

heap

page read and write

C57000

trusted library allocation

page execute and read and write

397D000

trusted library allocation

page read and write

2B63000

trusted library allocation

page read and write

117E000

heap

page read and write

2C89000

trusted library allocation

page read and write

63B0000

trusted library allocation

page read and write

2995000

trusted library allocation

page read and write

B29E000

stack

page read and write

3B2E000

trusted library allocation

page read and write

64C0000

trusted library allocation

page read and write

2AC5000

trusted library allocation

page read and write

E20000

heap

page read and write

5190000

heap

page read and write

3BA7000

trusted library allocation

page read and write

512B000

trusted library allocation

page read and write

64B4000

trusted library allocation

page read and write

3B9C000

trusted library allocation

page read and write

1022000

trusted library allocation

page read and write

51D2000

trusted library allocation

page read and write

63C6000

trusted library allocation

page read and write

2BEC000

trusted library allocation

page read and write

C40000

trusted library allocation

page read and write

294B000

trusted library allocation

page read and write

4D40000

heap

page read and write

53B0000

trusted library section

page readonly

5DEE000

stack

page read and write

6410000

trusted library allocation

page read and write

3903000

trusted library allocation

page read and write

10A0000

heap

page read and write

C23000

trusted library allocation

page execute and read and write

5BAE000

stack

page read and write

64D0000

trusted library allocation

page execute and read and write

D76000

heap

page read and write

2AB6000

trusted library allocation

page read and write

54C0000

trusted library allocation

page read and write

9DA000

stack

page read and write

64E0000

trusted library allocation

page read and write

2ABE000

stack

page read and write

7300000

trusted library allocation

page read and write

4ED0000

heap

page read and write

394F000

trusted library allocation

page read and write

5AAF000

stack

page read and write

4D20000

trusted library allocation

page read and write

2BA7000

trusted library allocation

page read and write

4D50000

trusted library allocation

page read and write

52BE000

stack

page read and write

5CD5000

heap

page read and write

2C94000

trusted library allocation

page read and write

C30000

trusted library allocation

page read and write

6540000

heap

page read and write

8D7F000

stack

page read and write

1032000

trusted library allocation

page read and write

64F0000

trusted library allocation

page read and write

39C0000

trusted library allocation

page read and write

4D7D000

trusted library allocation

page read and write

26F8000

trusted library allocation

page read and write

5670000

trusted library allocation

page read and write

3BAE000

trusted library allocation

page read and write

4E2D000

stack

page read and write

53C0000

heap

page read and write

C2D000

trusted library allocation

page execute and read and write

C90000

heap

page read and write

5FAE000

stack

page read and write

10C7000

heap

page read and write

62AE000

stack

page read and write

3A4C000

trusted library allocation

page read and write

2981000

trusted library allocation

page read and write

2C30000

heap

page read and write

1070000

trusted library allocation

page read and write

D3D000

heap

page read and write

1000000

trusted library allocation

page read and write

4D6E000

trusted library allocation

page read and write

2B7F000

trusted library allocation

page read and write

C98000

heap

page read and write

5124000

trusted library allocation

page read and write

2BA0000

trusted library allocation

page read and write

6E00000

trusted library allocation

page read and write

400000

remote allocation

page execute and read and write

A80000

heap

page read and write

C42000

trusted library allocation

page read and write

39C2000

trusted library allocation

page read and write

7200000

heap

page read and write

2BFC000

trusted library allocation

page read and write

3C70000

trusted library allocation

page read and write

513E000

trusted library allocation

page read and write

63CA000

trusted library allocation

page read and write

2A4D000

trusted library allocation

page read and write

C4A000

trusted library allocation

page execute and read and write

7310000

trusted library allocation

page execute and read and write

4C48000

trusted library allocation

page read and write

1090000

trusted library allocation

page read and write

C3D000

trusted library allocation

page execute and read and write

1111000

heap

page read and write

E90000

heap

page read and write

2B6C000

trusted library allocation

page read and write

3A4A000

trusted library allocation

page read and write

C46000

trusted library allocation

page execute and read and write

3909000

trusted library allocation

page read and write

1004000

trusted library allocation

page read and write

5C90000

heap

page read and write

5F2D000

stack

page read and write

1460000

heap

page read and write

5160000

trusted library allocation

page read and write

D21000

heap

page read and write

FF0000

trusted library allocation

page read and write

6450000

trusted library allocation

page execute and read and write

EAE000

stack

page read and write

8D80000

trusted library section

page read and write

4DDD000

stack

page read and write

29A1000

trusted library allocation

page read and write

5DF5000

heap

page read and write

B39E000

stack

page read and write

C20000

trusted library allocation

page read and write

2AE6000

trusted library allocation

page read and write

1467000

heap

page read and write

27A4000

trusted library allocation

page read and write

51DD000

trusted library allocation

page read and write

3B37000

trusted library allocation

page read and write

2A96000

trusted library allocation

page read and write

7360000

trusted library section

page read and write

4D6A000

trusted library allocation

page read and write

51D0000

trusted library allocation

page read and write

D7C000

heap

page read and write

EB0000

heap

page read and write

6930000

heap

page read and write

960000

heap

page read and write

8F7000

stack

page read and write

2A42000

trusted library allocation

page read and write

AD5000

heap

page read and write

2790000

trusted library allocation

page read and write

38E1000

trusted library allocation

page read and write

2A6F000

trusted library allocation

page read and write

28D0000

heap

page read and write

2BE7000

trusted library allocation

page read and write

3C49000

trusted library allocation

page read and write

514D000

trusted library allocation

page read and write

77DE000

stack

page read and write

52FE000

stack

page read and write

3965000

trusted library allocation

page read and write

616E000

stack

page read and write

2991000

trusted library allocation

page read and write

1158000

heap

page read and write

1080000

heap

page read and write

6440000

trusted library allocation

page execute and read and write

10D4000

heap

page read and write

F40000

heap

page read and write

755F000

stack

page read and write

D40000

heap

page read and write

6420000

trusted library allocation

page execute and read and write

53D0000

trusted library allocation

page read and write

2AA8000

trusted library allocation

page read and write

B51E000

stack

page read and write

1430000

trusted library allocation

page read and write

5680000

trusted library allocation

page read and write

5E7A000

heap

page read and write

3ABE000

trusted library allocation

page read and write

2B58000

trusted library allocation

page read and write

5146000

trusted library allocation

page read and write

299D000

trusted library allocation

page read and write

B61F000

stack

page read and write

6530000

trusted library allocation

page execute and read and write

1010000

trusted library allocation

page read and write

5120000

trusted library allocation

page read and write

3B8B000

trusted library allocation

page read and write

3CB6000

trusted library allocation

page read and write

2C23000

heap

page read and write

4D56000

trusted library allocation

page read and write

1148000

heap

page read and write

5C80000

heap

page read and write

5CAE000

stack

page read and write

5690000

trusted library allocation

page execute and read and write

C10000

trusted library allocation

page read and write

CC6000

heap

page read and write

27B0000

heap

page execute and read and write

5F6F000

stack

page read and write

2A7E000

trusted library allocation

page read and write

F3C000

stack

page read and write

2C20000

heap

page read and write

3A18000

trusted library allocation

page read and write

54B0000

heap

page read and write

5030000

heap

page execute and read and write

CC4000

heap

page read and write

10AE000

heap

page read and write

3BB9000

trusted library allocation

page read and write

63C4000

trusted library allocation

page read and write

2954000

trusted library allocation

page read and write

1150000

heap

page read and write

29C8000

trusted library allocation

page read and write

C52000

trusted library allocation

page read and write

527E000

stack

page read and write

2C0A000

trusted library allocation

page read and write

C70000

trusted library allocation

page read and write

2A48000

trusted library allocation

page read and write

C24000

trusted library allocation

page read and write

EFE000

stack

page read and write

446000

remote allocation

page execute and read and write

3B73000

trusted library allocation

page read and write

3C8A000

trusted library allocation

page read and write

2A6B000

trusted library allocation

page read and write

5E78000

heap

page read and write

56A0000

trusted library allocation

page read and write

3B93000

trusted library allocation

page read and write

38EB000

trusted library allocation

page read and write

ACF000

stack

page read and write

880000

unkown

page readonly

1141000

heap

page read and write

4DED000

stack

page read and write

779E000

stack

page read and write

64B0000

trusted library allocation

page read and write

6E22000

trusted library allocation

page read and write

2A73000

trusted library allocation

page read and write

63F0000

trusted library allocation

page read and write

CBA000

heap

page read and write

5DF0000

heap

page read and write

3C8C000

trusted library allocation

page read and write

7320000

trusted library allocation

page read and write

ED0000

heap

page read and write

2BAC000

trusted library allocation

page read and write

5DF0000

heap

page read and write

1030000

trusted library allocation

page read and write

1050000

trusted library allocation

page read and write

4D76000

trusted library allocation

page read and write

2C05000

trusted library allocation

page read and write

2C0F000

trusted library allocation

page read and write

2B5C000

trusted library allocation

page read and write

2C00000

trusted library allocation

page read and write

500D000

stack

page read and write

29EA000

trusted library allocation

page read and write

3B67000

trusted library allocation

page read and write

E6E000

stack

page read and write

59AE000

stack

page read and write

2999000

trusted library allocation

page read and write

745E000

stack

page read and write

5E55000

heap

page read and write

2949000

trusted library allocation

page read and write

3BB4000

trusted library allocation

page read and write

1445000

trusted library allocation

page read and write

100D000

trusted library allocation

page execute and read and write

2989000

trusted library allocation

page read and write

293E000

trusted library allocation

page read and write

2BF5000

trusted library allocation

page read and write

64E7000

trusted library allocation

page read and write

B4DE000

stack

page read and write

There are 326 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
SHIPPING ADVICE#2025.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportSHIPPING ADVICE#2025.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
SHIPPING ADVICE#2025.exe