Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

Download

ORDER NO_PO-001839811401_MARCH_28_2025.exe

PE32 executable (GUI) Intel 80386, for MS Windows

initial sample

Details

Filetype:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	7.191465189057719
Filename:	ORDER NO_PO-001839811401_MARCH_28_2025.exe
Filesize:	1268224
MD5:	68a9c61cc478ffc495dae5b13fe49663
SHA1:	fcbc115164524b23496fe3a9a0a694cc7696272e
SHA256:	207ae4e29a4da7005e261b3da6c743e5e878ad53187d1b50068496a39d0aa137
SHA512:	7fcfc6f89d8e1c925320c02a6ca925249ba7aa1a707526d0dcb21ad6d87e49c6df20f222c878e21af5000c17b32b02a5ba5cb5e5ade2d70843e184ef181d1c81
SSDEEP:	24576:6u6J33O0c+JY5UZ+XC0kGso6Fao0lb1xCycVdT8dCDYi7W7E1lWY:Mu0c++OCvkGs9Fajlb/CycvULMYESY
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r}..r}..r}..4,".p}......s}.../..A}.../#..}.../".G}..{.@.{}..{.P.W}..r}..R.....)."}......s}.../..s}..r}T.s}......s}..Richr}.

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection	Disable or Modify Tools
Binary is likely a compiled AutoIt script file	System Summary
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Disable or Modify Tools
Switches to a custom stack to bypass stack traces	Malware Analysis System Evasion	Access Token Manipulation
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)	Malware Analysis System Evasion	Security Software Discovery
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Disable or Modify Tools
Contains functionality for read data from the clipboard	Key, Mouse, Clipboard, Microphone and Screen Capturing
Contains functionality to block mouse and keyboard input (often used to hinder debugging)	Anti Debugging	Disable or Modify Tools
Contains functionality to check if a debugger is running (IsDebuggerPresent)	Anti Debugging
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)	Anti Debugging
Contains functionality to check if a window is minimized (may be used to check if an application is visible)	Hooking and other Techniques for Hiding and Protection
Contains functionality to communicate with device drivers	System Summary
Contains functionality to dynamically determine API calls	Data Obfuscation, Anti Debugging	Native API
Contains functionality to execute programs as a different user	HIPS / PFW / Operating System Protection Evasion	Disable or Modify Tools
Contains functionality to launch a process as a different user	System Summary	Valid Accounts Native API
Contains functionality to launch a program with higher privileges	HIPS / PFW / Operating System Protection Evasion	Exploitation for Privilege Escalation Access Token Manipulation
Contains functionality to modify clipboard data	Key, Mouse, Clipboard, Microphone and Screen Capturing	Access Token Manipulation Process Discovery
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)	Remote Access Functionality
Contains functionality to query CPU information (cpuid)	Language, Device and Operating System Detection	Disable or Modify Tools
Contains functionality to read the PEB	Anti Debugging	Access Token Manipulation
Contains functionality to read the clipboard data	Key, Mouse, Clipboard, Microphone and Screen Capturing	Disable or Modify Tools Clipboard Data
Contains functionality to retrieve information about pressed keystrokes	Key, Mouse, Clipboard, Microphone and Screen Capturing	Input Capture
Contains functionality to shutdown / reboot the system	System Summary	Access Token Manipulation System Shutdown/Reboot
Contains functionality to simulate keystroke presses	HIPS / PFW / Operating System Protection Evasion
Contains functionality to simulate mouse events	HIPS / PFW / Operating System Protection Evasion
Contains functionality which may be used to detect a debugger (GetProcessHeap)	Anti Debugging
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Disable or Modify Tools
Detected potential crypto function	System Summary	Access Token Manipulation Process Discovery Archive Collected Data Encrypted Channel
Extensive use of GetProcAddress (often used to hide API calls)	Hooking and other Techniques for Hiding and Protection
Found evasive API chain (date check)	Malware Analysis System Evasion	Access Token Manipulation
Found large amount of non-executed APIs	Malware Analysis System Evasion	Access Token Manipulation
Found potential string decryption / allocating functions	System Summary	Deobfuscate/Decode Files or Information
OS version to string mapping found (often used in BOTs)	Stealing of Sensitive Information	Access Token Manipulation Disable or Modify Tools System Shutdown/Reboot
Potential key logger detected (key state polling based)	Key, Mouse, Clipboard, Microphone and Screen Capturing	Disable or Modify Tools
Sample file is different than original file name gathered from version info	System Summary	Access Token Manipulation System Shutdown/Reboot
Uses 32bit PE files	Compliance, System Summary	Disable or Modify Tools
Uses code obfuscation techniques (call, push, ret)	Data Obfuscation	Obfuscated Files or Information
Contains functionality for error logging	System Summary	Access Token Manipulation Disable or Modify Tools
Contains functionality to add an ACL to a security descriptor	HIPS / PFW / Operating System Protection Evasion
Contains functionality to adjust token privileges (e.g. debug / backup)	System Summary	Access Token Manipulation
Contains functionality to check free disk space	System Summary
Contains functionality to create a new security descriptor	HIPS / PFW / Operating System Protection Evasion	Access Token Manipulation
Contains functionality to download additional files from the internet	Networking
Contains functionality to enum processes or threads	System Summary	Access Token Manipulation Process Discovery
Contains functionality to enumerate / list files inside a directory	Spreading, Malware Analysis System Evasion	File and Directory Discovery
Contains functionality to instantiate COM classes	System Summary	Access Token Manipulation
Contains functionality to load and extract PE file embedded resources	System Summary
Contains functionality to query local / system time	Language, Device and Operating System Detection	Access Token Manipulation System Time Discovery
Contains functionality to query system information	Malware Analysis System Evasion	System Information Discovery
Contains functionality to query the account / user name	Language, Device and Operating System Detection	Account Discovery System Owner/User Discovery
Contains functionality to query time zone information	Language, Device and Operating System Detection	Access Token Manipulation
Contains functionality to query windows version	Language, Device and Operating System Detection
Contains functionality to register its own exception handler	Anti Debugging
Creates temporary files	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection	Disable or Modify Tools
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion
PE file has an executable .text section and no other executable section	System Summary	Access Token Manipulation
Program exit points	Malware Analysis System Evasion	Disable or Modify Tools
Reads software policies	System Summary	Access Token Manipulation
Sample is known by Antivirus	System Summary	Access Token Manipulation Disable or Modify Tools
Tries to load missing DLLs	System Summary	DLL Side-Loading Disable or Modify Tools
PE file contains a valid data directory to section mapping	System Summary
PE file contains a debug data directory	System Summary
PE file contains a mix of data directories often seen in goodware	System Summary
Submission file is bigger than most known malware samples	System Summary	Disable or Modify Tools

C:\Users\user\AppData\Local\Temp\1n61p-

SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\1n61p-
Category:	dropped
Dump:	1n61p-.10.dr
ID:	dr_2
Target ID:	10
Process:	C:\Windows\SysWOW64\net1.exe
Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Entropy:	0.951889861146889
Encrypted:	false
Ssdeep:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaWtPqfPk:CfJ6a9xpnQLqtzKWJntPqfM
Size:	139264
Whitelisted:	false
Reputation:	moderate

C:\Users\user\AppData\Local\Temp\Lymnaeidae

data

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\Lymnaeidae
Category:	dropped
Dump:	Lymnaeidae.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Users\user\Desktop\ORDER NO_PO-001839811401_MARCH_28_2025.exe
Type:	data
Entropy:	7.994653305522815
Encrypted:	true
Ssdeep:	6144:audqpFd+3EMXoVS9ppUd+Lnwc4FupZsZh7bvwlGZP9sH3Wn2eJFHb:auYRWEMXoVS9j5LUwZwvwlGZmG2u7
Size:	288256
Whitelisted:	false
Reputation:	low

C:\Users\user\AppData\Local\Temp\aut87D4.tmp

data

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\aut87D4.tmp
Category:	dropped
Dump:	aut87D4.tmp.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\ORDER NO_PO-001839811401_MARCH_28_2025.exe
Type:	data
Entropy:	7.994653305522815
Encrypted:	true
Ssdeep:	6144:audqpFd+3EMXoVS9ppUd+Lnwc4FupZsZh7bvwlGZP9sH3Wn2eJFHb:auYRWEMXoVS9j5LUwZwvwlGZmG2u7
Size:	288256
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Creates temporary files	System Summary

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\ORDER NO_PO-001839811401_MARCH_28_2025.exe

"C:\Users\user\Desktop\ORDER NO_PO-001839811401_MARCH_28_2025.exe"

Details

Is windows:	false
Is dropped:	false
PID:	5812
Target ID:	0
Parent PID:	3964
Name:	ORDER NO_PO-001839811401_MARCH_28_2025.exe
Path:	C:\Users\user\Desktop\ORDER NO_PO-001839811401_MARCH_28_2025.exe
Commandline:	"C:\Users\user\Desktop\ORDER NO_PO-001839811401_MARCH_28_2025.exe"
Size:	1268224
MD5:	68A9C61CC478FFC495DAE5B13FE49663
Time:	17:20:12
Date:	28/03/2025
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x120000
Modulesize:	1298432
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Binary is likely a compiled AutoIt script file	System Summary
Initial sample is a PE file and has a suspicious name	System Summary
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
OS version to string mapping found (often used in BOTs)	Stealing of Sensitive Information
Sample file is different than original file name gathered from version info	System Summary
Sigma detected: Uncommon Svchost Parent Process	System Summary
Uses 32bit PE files	Compliance, System Summary
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sigma detected: Windows Processes Suspicious Parent Directory	System Summary
Spawns processes	System Summary	Process Injection
PE file contains a valid data directory to section mapping	System Summary
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
PE file contains a mix of data directories often seen in goodware	System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Windows\SysWOW64\svchost.exe

"C:\Users\user\Desktop\ORDER NO_PO-001839811401_MARCH_28_2025.exe"

Details

Is windows:	true
Is dropped:	false
PID:	3488
Target ID:	1
Parent PID:	5812
Name:	svchost.exe
Path:	C:\Windows\SysWOW64\svchost.exe
Commandline:	"C:\Users\user\Desktop\ORDER NO_PO-001839811401_MARCH_28_2025.exe"
Size:	46504
MD5:	1ED18311E3DA35942DB37D15FA40CC5B
Time:	17:20:13
Date:	28/03/2025
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x20000
Modulesize:	53248
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Yara detected FormBook	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Sigma detected: Uncommon Svchost Parent Process	System Summary
Sigma detected: Windows Processes Suspicious Parent Directory	System Summary
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Program Files (x86)\pdWTWuDlRNhYqrksVaTEoXHqccgaMmaNBTRHACjYnTkRKURNlqoEmZMGgghdACRz\xKLNZPfxFpbag7MdXc.exe

"C:\Program Files (x86)\pdWTWuDlRNhYqrksVaTEoXHqccgaMmaNBTRHACjYnTkRKURNlqoEmZMGgghdACRz\prHn2iB7d.exe"

Details

Is windows:	true
Is dropped:	false
PID:	1596
Target ID:	9
Parent PID:	3488
Name:	xKLNZPfxFpbag7MdXc.exe
Path:	C:\Program Files (x86)\pdWTWuDlRNhYqrksVaTEoXHqccgaMmaNBTRHACjYnTkRKURNlqoEmZMGgghdACRz\xKLNZPfxFpbag7MdXc.exe
Commandline:	"C:\Program Files (x86)\pdWTWuDlRNhYqrksVaTEoXHqccgaMmaNBTRHACjYnTkRKURNlqoEmZMGgghdACRz\prHn2iB7d.exe"
Size:	143872
MD5:	9C98D1A23EFAF1B156A130CEA7D2EE3A
Time:	17:20:34
Date:	28/03/2025
Reason:	existingprocessinject
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x920000
Modulesize:	163840
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queues an APC in another process (thread injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Windows\SysWOW64\net1.exe

"C:\Windows\SysWOW64\net1.exe"

Details

Is windows:	true
Is dropped:	false
PID:	7500
Target ID:	10
Parent PID:	1596
Name:	net1.exe
Path:	C:\Windows\SysWOW64\net1.exe
Commandline:	"C:\Windows\SysWOW64\net1.exe"
Size:	139776
MD5:	2EFE6ED4C294AB8A39EB59C80813FEC1
Time:	17:20:36
Date:	28/03/2025
Reason:	newprocess
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0xff0000
Modulesize:	200704
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Program Files (x86)\pdWTWuDlRNhYqrksVaTEoXHqccgaMmaNBTRHACjYnTkRKURNlqoEmZMGgghdACRz\xKLNZPfxFpbag7MdXc.exe

"C:\Program Files (x86)\pdWTWuDlRNhYqrksVaTEoXHqccgaMmaNBTRHACjYnTkRKURNlqoEmZMGgghdACRz\RzpL1luV.exe"

Details

Is windows:	true
Is dropped:	false
PID:	6236
Target ID:	11
Parent PID:	7500
Name:	xKLNZPfxFpbag7MdXc.exe
Path:	C:\Program Files (x86)\pdWTWuDlRNhYqrksVaTEoXHqccgaMmaNBTRHACjYnTkRKURNlqoEmZMGgghdACRz\xKLNZPfxFpbag7MdXc.exe
Commandline:	"C:\Program Files (x86)\pdWTWuDlRNhYqrksVaTEoXHqccgaMmaNBTRHACjYnTkRKURNlqoEmZMGgghdACRz\RzpL1luV.exe"
Size:	143872
MD5:	9C98D1A23EFAF1B156A130CEA7D2EE3A
Time:	17:20:48
Date:	28/03/2025
Reason:	existingprocessinject
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x920000
Modulesize:	163840
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queues an APC in another process (thread injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\Firefox.exe"

Details

Is windows:	true
Is dropped:	false
PID:	7668
Target ID:	12
Parent PID:	7500
Name:	firefox.exe
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Commandline:	"C:\Program Files\Mozilla Firefox\Firefox.exe"
Size:	676768
MD5:	C86B1BE9ED6496FE0E0CBE73F81D8045
Time:	17:21:00
Date:	28/03/2025
Reason:	newprocess
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x7ff76aab0000
Modulesize:	708608
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

URLs

Name

Malicious

http://www.bebigclothing.xyz/e78d/

74.208.236.120

http://www.viatotor.cfd/awht/

172.64.80.1

http://www.storii.shop/k0v9/

15.197.148.33

http://www.boldcatchpoint.shop/zuoh/

207.244.126.106

http://www.hypehike.buzz/j7vq/

199.59.243.228

http://www.streartex.live/qmo0/

162.254.38.217

http://www.031232899.xyz/do0s/

144.76.229.203

http://www.megasofteware.net/ehbg/

78.157.221.109

http://www.morpakampus.com/3lf9/

104.26.1.177

http://www.kissjav.pics/ce0t/

199.59.243.228

http://www.propriis.xyz/qis8/

13.248.169.48

http://www.ayase-bluesky.xyz/n2f3/

13.248.169.48

http://www.ambitiouswomen.net/tskx/

76.223.54.146

https://duckduckgo.com/ac/?q=

unknown

https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=

unknown

https://ac.ecosia.org?q=

unknown

https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=

unknown

http://megasofteware.net/ehbg/?cdFXYxu=w9lhc4w2OShLW1zv7ZkiXW51EyHadlDKxKfATUtdp

unknown

http://www.ceskatelevize.cz/d8i0/

85.239.69.9

https://www.google.com

unknown

https://www.google.com/images/branding/product/ico/googleg_alldp.ico

unknown

https://www.ecosia.org/newtab/v20

unknown

https://www.morpakampus.com/3lf9/?cdFXYxu=5GxzxjzYtuQVaXKi94oZCxv5p01QDj3gsqLy8xSnFJL9Njv/LCMjz40kK2

unknown

https://duckduckgo.com/chrome_newtabv20

unknown

https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search

unknown

https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=

unknown

http://www.propriis.xyz

unknown

https://gemini.google.com/app?q=

unknown

There are 18 hidden URLs, click here to show them.

Domains

Name

Malicious

www.viatotor.cfd

172.64.80.1

031232899.xyz

144.76.229.203

www.streartex.live

162.254.38.217

www.777assistant.xyz

76.223.54.146

storii.shop

15.197.148.33

www.ayase-bluesky.xyz

13.248.169.48

www.megasofteware.net

78.157.221.109

www.bebigclothing.xyz

74.208.236.120

www.propriis.xyz

13.248.169.48

www.ambitiouswomen.net

76.223.54.146

www.boldcatchpoint.shop

207.244.126.106

www.morpakampus.com

104.26.1.177

www.031232899.xyz

unknown

ceskatelevize.cz

85.239.69.9

94950.bodis.com

199.59.243.228

www.hypehike.buzz

unknown

www.kissjav.pics

unknown

www.storii.shop

unknown

www.ceskatelevize.cz

unknown

There are 9 hidden domains, click here to show them.

IPs

Domain

Country

Malicious

144.76.229.203

031232899.xyz

Germany

15.197.148.33

storii.shop

United States

13.248.169.48

www.ayase-bluesky.xyz

United States

76.223.54.146

www.777assistant.xyz

United States

78.157.221.109

www.megasofteware.net

United Kingdom

104.26.1.177

www.morpakampus.com

United States

172.64.80.1

www.viatotor.cfd

United States

74.208.236.120

www.bebigclothing.xyz

United States

207.244.126.106

www.boldcatchpoint.shop

United States

162.254.38.217

www.streartex.live

United States

85.239.69.9

ceskatelevize.cz

Czech Republic

199.59.243.228

94950.bodis.com

United States

There are 2 hidden IPs, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

Download

2E90000

unclassified section

page execute and read and write

B00000

system

page execute and read and write

F30000

trusted library allocation

page read and write

4A00000

unclassified section

page execute and read and write

5850000

system

page execute and read and write

2600000

system

page execute and read and write

FA0000

trusted library allocation

page read and write

4110000

unkown

page execute and read and write

3031000

heap

page read and write

34B9000

direct allocation

page execute and read and write

3031000

heap

page read and write

3031000

heap

page read and write

121000

unkown

page execute read

3031000

heap

page read and write

3661000

direct allocation

page execute and read and write

3031000

heap

page read and write

D13000

heap

page read and write

2C00000

heap

page read and write

352E000

direct allocation

page execute and read and write

2C20000

unkown

page readonly

1AF000

unkown

page readonly

D54000

heap

page read and write

3031000

heap

page read and write

21422DBE000

trusted library allocation

page read and write

37FC000

unclassified section

page read and write

3B28000

unkown

page read and write

3032000

heap

page read and write

CA1000

heap

page read and write

21421302000

heap

page read and write

3031000

heap

page read and write

3031000

heap

page read and write

1DE000

unkown

page read and write

4BC6000

unclassified section

page read and write

214212DA000

heap

page read and write

38F9000

direct allocation

page read and write

3031000

heap

page read and write

1AF000

unkown

page readonly

3031000

heap

page read and write

FF0000

unkown

page read and write

920000

unkown

page readonly

21421050000

system

page execute and read and write

3031000

heap

page read and write

1420000

unkown

page read and write

3031000

heap

page read and write

3804000

unkown

page read and write

D89000

heap

page read and write

936000

unkown

page read and write

CF3000

heap

page read and write

58B7000

system

page execute and read and write

120000

unkown

page readonly

3031000

heap

page read and write

216A4000

system

page read and write

3031000

heap

page read and write

311F000

stack

page read and write

A3E000

stack

page read and write

E46000

heap

page read and write

3031000

heap

page read and write

3753000

direct allocation

page read and write

3031000

heap

page read and write

3031000

heap

page read and write

3142000

unkown

page read and write

FE0000

heap

page read and write

159B000

heap

page read and write

21421290000

heap

page read and write

3031000

heap

page read and write

3031000

heap

page read and write

FC0000

unkown

page readonly

1AF1000

unkown

page readonly

EF0000

unkown

page readonly

3031000

heap

page read and write

21422DA6000

trusted library allocation

page read and write

4170000

unkown

page read and write

1DE000

unkown

page write copy

3630000

direct allocation

page read and write

21422AB0000

trusted library allocation

page read and write

2F00000

unkown

page readonly

EAD000

heap

page read and write

2A67000

heap

page read and write

37D0000

direct allocation

page read and write

341C000

unkown

page read and write

3031000

heap

page read and write

C96000

heap

page read and write

3031000

heap

page read and write

3031000

heap

page read and write

2E90000

direct allocation

page read and write

1030000

heap

page read and write

2C10000

heap

page read and write

3630000

direct allocation

page read and write

7D6B000

heap

page read and write

4ADC000

unkown

page read and write

2813000

heap

page read and write

3031000

heap

page read and write

1220000

heap

page read and write

38F9000

direct allocation

page read and write

3031000

heap

page read and write

2C20000

unkown

page readonly

4660000

unkown

page execute and read and write

3031000

heap

page read and write

3031000

heap

page read and write

21422DC4000

trusted library allocation

page read and write

4EE8000

unclassified section

page execute and read and write

D02000

heap

page read and write

3142000

unkown

page read and write

F00000

unkown

page readonly

3031000

heap

page read and write

37D0000

direct allocation

page read and write

7D9A000

heap

page read and write

3031000

heap

page read and write

3031000

heap

page read and write

B80000

heap

page read and write

3031000

heap

page read and write

2802000

heap

page read and write

D22000

heap

page read and write

3031000

heap

page read and write

3342000

direct allocation

page execute and read and write

3600000

unclassified section

page execute and read and write

1A50000

heap

page read and write

3031000

heap

page read and write

2780000

heap

page read and write

3031000

heap

page read and write

1485000

heap

page read and write

2A19000

heap

page read and write

156A000

heap

page read and write

11BA000

heap

page read and write

3031000

heap

page read and write

3031000

heap

page read and write

3031000

heap

page read and write

D41000

heap

page read and write

2813000

heap

page read and write

3753000

direct allocation

page read and write

DCB000

heap

page read and write

3031000

heap

page read and write

3031000

heap

page read and write

C92000

heap

page read and write

18EE000

stack

page read and write

1994000

heap

page read and write

3390000

direct allocation

page execute and read and write

3031000

heap

page read and write

C9B000

heap

page read and write

939000

unkown

page readonly

AB0000

unkown

page readonly

921000

unkown

page execute read

3031000

heap

page read and write

921000

unkown

page execute read

3753000

direct allocation

page read and write

2813000

heap

page read and write

3031000

heap

page read and write

2E90000

direct allocation

page read and write

2813000

heap

page read and write

B80000

heap

page read and write

3134000

heap

page read and write

D6A000

heap

page read and write

457E000

unclassified section

page read and write

3031000

heap

page read and write

3031000

heap

page read and write

3031000

heap

page read and write

1760000

unkown

page readonly

2F00000

unkown

page readonly

3031000

heap

page read and write

FB0000

unkown

page readonly

3031000

heap

page read and write

37D0000

direct allocation

page read and write

B90000

unkown

page read and write

3031000

heap

page read and write

120000

unkown

page readonly

38FD000

direct allocation

page read and write

175C000

unkown

page read and write

3031000

heap

page read and write

CAD000

heap

page read and write

3031000

heap

page read and write

5950000

unclassified section

page execute and read and write

FD0000

unkown

page readonly

AA0000

unkown

page readonly

3290000

trusted library allocation

page read and write

D1D000

heap

page read and write

3031000

heap

page read and write

58DD000

system

page execute and read and write

BE1000

unkown

page readonly

679000

stack

page read and write

520E000

unclassified section

page read and write

1025000

unkown

page read and write

5934000

system

page execute and read and write

D14000

heap

page read and write

3031000

heap

page read and write

3031000

heap

page read and write

D65000

heap

page read and write

7E60000

trusted library allocation

page read and write

2A6A000

heap

page read and write

1030000

heap

page read and write

3031000

heap

page read and write

38FD000

direct allocation

page read and write

2813000

heap

page read and write

3031000

heap

page read and write

1034000

heap

page read and write

3031000

heap

page read and write

20FE2000

system

page read and write

2800000

heap

page read and write

D8B000

heap

page read and write

7D8A000

heap

page read and write

3031000

heap

page read and write

2813000

heap

page read and write

2813000

heap

page read and write

1E7000

unkown

page readonly

CFE000

heap

page read and write

58C1000

system

page execute and read and write

156E000

heap

page read and write

D2E000

heap

page execute and read and write

14EF000

stack

page read and write

214212EC000

heap

page read and write

5060000

unkown

page execute and read and write

CEF000

heap

page read and write

238C000

stack

page read and write

3290000

trusted library allocation

page read and write

150C000

unkown

page read and write

3E4C000

unkown

page read and write

920000

unkown

page readonly

2B4F000

stack

page read and write

3031000

heap

page read and write

C60000

heap

page read and write

3031000

heap

page read and write

8000000

heap

page read and write

3031000

heap

page read and write

21421302000

heap

page read and write

E5A000

heap

page read and write

21422D01000

trusted library allocation

page read and write

B70000

unkown

page readonly

AB0000

unkown

page readonly

3031000

heap

page read and write

7DB6000

heap

page read and write

3031000

heap

page read and write

26A0000

heap

page read and write

2F2D000

heap

page read and write

507C000

unclassified section

page read and write

3031000

heap

page read and write

3031000

heap

page read and write

21421170000

heap

page read and write

38FD000

direct allocation

page read and write

3031000

heap

page read and write

3031000

heap

page read and write

396E000

direct allocation

page read and write

3031000

heap

page read and write

3130000

heap

page read and write

D66000

heap

page read and write

3031000

heap

page read and write

3031000

heap

page read and write

3031000

heap

page read and write

92F000

unkown

page readonly

21422C12000

trusted library allocation

page read and write

3031000

heap

page read and write

939000

unkown

page readonly

7E50000

trusted library allocation

page read and write

7DAC000

heap

page read and write

2CFF000

stack

page read and write

3031000

heap

page read and write

C93000

heap

page read and write

D07000

heap

page read and write

1480000

heap

page read and write

BE1000

unkown

page readonly

B80000

heap

page read and write

EFD000

stack

page read and write

4D58000

unclassified section

page read and write

1440000

unkown

page readonly

C97000

heap

page read and write

21421260000

heap

page read and write

3031000

heap

page read and write

3031000

heap

page read and write

14CE000

stack

page read and write

3000000

direct allocation

page execute and read and write

3031000

heap

page read and write

12FC000

stack

page read and write

3031000

heap

page read and write

1411000

unkown

page readonly

38FD000

direct allocation

page read and write

36D2000

direct allocation

page execute and read and write

494A000

unkown

page read and write

3031000

heap

page read and write

3031000

heap

page read and write

D4B000

heap

page read and write

21422B00000

trusted library allocation

page read and write

A5B000

stack

page read and write

47B8000

unkown

page read and write

F7A000

stack

page read and write

D2F000

heap

page read and write

D14000

heap

page read and write

3031000

heap

page read and write

11B0000

heap

page read and write

2670000

heap

page read and write

156A000

heap

page read and write

4A34000

unclassified section

page read and write

39BC000

unclassified section

page read and write

D2D000

heap

page read and write

B50000

unkown

page readonly

3202000

unkown

page read and write

3031000

heap

page read and write

3031000

heap

page read and write

3031000

heap

page read and write

396E000

direct allocation

page read and write

1589000

heap

page read and write

D89000

heap

page read and write

3031000

heap

page read and write

3031000

heap

page read and write

92F000

unkown

page readonly

212BC000

system

page read and write

3031000

heap

page read and write

425A000

unclassified section

page read and write

3031000

heap

page read and write

311F000

stack

page read and write

21422C00000

trusted library allocation

page read and write

338E000

stack

page read and write

4EEA000

unclassified section

page read and write

21422C03000

trusted library allocation

page read and write

3630000

direct allocation

page read and write

3031000

heap

page read and write

3031000

heap

page read and write

A5B000

stack

page read and write

3031000

heap

page read and write

3031000

heap

page read and write

3031000

heap

page read and write

F10000

heap

page read and write

2813000

heap

page read and write

3031000

heap

page read and write

C9B000

heap

page read and write

3031000

heap

page read and write

38FD000

direct allocation

page read and write

3031000

heap

page read and write

40C8000

unclassified section

page read and write

FC0000

unkown

page readonly

214210DC000

system

page execute and read and write

B2E000

stack

page read and write

3031000

heap

page read and write

F00000

unkown

page readonly

936000

unkown

page read and write

3031000

heap

page read and write

330D000

stack

page read and write

BD4000

heap

page read and write

2E00000

heap

page read and write

3031000

heap

page read and write

3F36000

unclassified section

page read and write

2650000

heap

page read and write

210FC000

system

page read and write

1070000

heap

page read and write

1411000

unkown

page readonly

1050000

unkown

page read and write

854E000

stack

page read and write

920000

unkown

page readonly

FF0000

unkown

page read and write

D18000

heap

page read and write

11BE000

heap

page read and write

3401000

heap

page read and write

3031000

heap

page read and write

AE0000

heap

page read and write

3031000

heap

page read and write

3031000

heap

page read and write

3031000

heap

page read and write

92F000

unkown

page readonly

3031000

heap

page read and write

319E000

direct allocation

page execute and read and write

3031000

heap

page read and write

3031000

heap

page read and write

365D000

direct allocation

page execute and read and write

3031000

heap

page read and write

11BE000

heap

page read and write

7D93000

heap

page read and write

B1A000

stack

page read and write

3031000

heap

page read and write

7D98000

heap

page read and write

23CA000

stack

page read and write

3031000

heap

page read and write

2813000

heap

page read and write

2B01000

heap

page read and write

38FD000

direct allocation

page read and write

1760000

unkown

page readonly

3031000

heap

page read and write

3031000

heap

page read and write

3031000

heap

page read and write

4494000

unkown

page read and write

38F9000

direct allocation

page read and write

936000

unkown

page read and write

2D10000

unkown

page execute and read and write

3031000

heap

page read and write

3031000

heap

page read and write

7D78000

heap

page read and write

34BD000

direct allocation

page execute and read and write

214210D9000

system

page execute and read and write

3031000

heap

page read and write

43EC000

unclassified section

page read and write

D36000

heap

page read and write

1070000

heap

page read and write

D8C000

heap

page read and write

3031000

heap

page read and write

3031000

heap

page read and write

CF3000

heap

page read and write

C90000

heap

page read and write

1560000

heap

page read and write

3031000

heap

page read and write

1560000

heap

page read and write

D76000

heap

page read and write

2A12000

heap

page read and write

3031000

heap

page read and write

325C000

unkown

page read and write

38F9000

direct allocation

page read and write

1420000

unkown

page read and write

A4E000

stack

page read and write

3031000

heap

page read and write

58D1000

system

page execute and read and write

3031000

heap

page read and write

37D0000

direct allocation

page read and write

936000

unkown

page read and write

F10000

unkown

page readonly

27CE000

stack

page read and write

3031000

heap

page read and write

2813000

heap

page read and write

3031000

heap

page read and write

1050000

unkown

page read and write

3723BFC000

stack

page read and write

3031000

heap

page read and write

210A2000

system

page read and write

3031000

heap

page read and write

D89000

heap

page read and write

7D7F000

heap

page read and write

2A6A000

heap

page read and write

D8C000

heap

page read and write

3130000

trusted library allocation

page read and write

AA0000

unkown

page readonly

3309000

heap

page read and write

3031000

heap

page read and write

1D4000

unkown

page readonly

3031000

heap

page read and write

3031000

heap

page read and write

1640000

unkown

page readonly

D66000

heap

page read and write

1990000

heap

page read and write

396E000

direct allocation

page read and write

4626000

unkown

page read and write

C9B000

heap

page read and write

2A17000

heap

page read and write

B6E000

stack

page read and write

2E3F000

stack

page read and write

CFE000

heap

page read and write

396E000

direct allocation

page read and write

3031000

heap

page read and write

3031000

heap

page read and write

2813000

heap

page read and write

1E7000

unkown

page readonly

2E90000

direct allocation

page read and write

21422AB0000

trusted library allocation

page read and write

4F50000

unclassified section

page execute and read and write

3031000

heap

page read and write

DAC000

heap

page read and write

3031000

heap

page read and write

AD8000

stack

page read and write

3031000

heap

page read and write

C96000

heap

page read and write

3031000

heap

page read and write

3031000

heap

page read and write

7DA7000

heap

page read and write

EFD000

stack

page read and write

3031000

heap

page read and write

11B0000

heap

page read and write

3031000

heap

page read and write

3753000

direct allocation

page read and write

341C000

unkown

page read and write

3031000

heap

page read and write

312D000

direct allocation

page execute and read and write

CC0000

heap

page read and write

3031000

heap

page read and write

2813000

heap

page read and write

3031000

heap

page read and write

3031000

heap

page read and write

3031000

heap

page read and write

3031000

heap

page read and write

7DAC000

heap

page read and write

A90000

unkown

page readonly

3031000

heap

page read and write

D07000

heap

page read and write

2A05000

heap

page read and write

3031000

heap

page read and write

3031000

heap

page read and write

2A1A000

heap

page read and write

3DA4000

unclassified section

page read and write

3031000

heap

page read and write

396E000

direct allocation

page read and write

EF0000

unkown

page readonly

3031000

heap

page read and write

2790000

direct allocation

page read and write

CF8000

heap

page read and write

3630000

direct allocation

page read and write

F90000

heap

page read and write

7D7D000

heap

page read and write

3031000

heap

page read and write

48A2000

unclassified section

page read and write

3031000

heap

page read and write

21422D00000

trusted library allocation

page read and write

3031000

heap

page read and write

2A17000

heap

page read and write

3031000

heap

page read and write

3710000

unkown

page execute and read and write

214212D0000

heap

page read and write

D2F000

heap

page read and write

3031000

heap

page read and write

14CE000

stack

page read and write

3031000

heap

page read and write

D2F000

heap

page read and write

3031000

heap

page read and write

12B0000

unkown

page readonly

396E000

direct allocation

page read and write

3031000

heap

page read and write

4710000

unclassified section

page read and write

D36000

heap

page read and write

D22000

heap

page read and write

3031000

heap

page read and write

7D7B000

heap

page read and write

4000000

unclassified section

page execute and read and write

92F000

unkown

page readonly

2A3D000

heap

page read and write

21422C15000

trusted library allocation

page read and write

BD4000

heap

page read and write

D35000

heap

page execute and read and write

32D1000

direct allocation

page execute and read and write

3FDE000

unkown

page read and write

31E0000

heap

page read and write

2C10000

heap

page read and write

12B0000

unkown

page readonly

37253FF000

stack

page read and write

31E0000

trusted library allocation

page execute and read and write

11BA000

heap

page read and write

C5F000

stack

page read and write

1E2000

unkown

page write copy

D23000

heap

page read and write

1440000

unkown

page readonly

3134000

heap

page read and write

7D71000

heap

page read and write

121000

unkown

page execute read

3031000

heap

page read and write

3031000

heap

page read and write

A7C000

stack

page read and write

45F8000

unkown

page execute and read and write

7D76000

heap

page read and write

1AF0000

unkown

page readonly

3031000

heap

page read and write

2E40000

direct allocation

page read and write

3630000

direct allocation

page read and write

156E000

heap

page read and write

939000

unkown

page readonly

D2A000

heap

page read and write

921000

unkown

page execute read

2F9E000

heap

page read and write

D34000

heap

page read and write

3031000

heap

page read and write

2D3E000

stack

page read and write

3753000

direct allocation

page read and write

3031000

heap

page read and write

3031000

heap

page read and write

3031000

heap

page read and write

3031000

heap

page read and write

B50000

unkown

page readonly

37D0000

direct allocation

page read and write

19A0000

direct allocation

page read and write

7DA2000

heap

page read and write

CEF000

heap

page read and write

3031000

heap

page read and write

2A67000

heap

page read and write

3031000

heap

page read and write

D2B000

heap

page read and write

C88000

heap

page read and write

3031000

heap

page read and write

B90000

unkown

page read and write

214212FB000

heap

page read and write

FD0000

unkown

page readonly

3031000

heap

page read and write

2813000

heap

page read and write

C90000

heap

page read and write

37A2000

unclassified section

page read and write

D5F000

heap

page read and write

1480000

heap

page read and write

7D9F000

heap

page read and write

3031000

heap

page read and write

3031000

heap

page read and write

3031000

heap

page read and write

37D0000

direct allocation

page read and write

4C6E000

unkown

page read and write

3031000

heap

page read and write

D4C000

heap

page read and write

1020000

unkown

page readonly

3290000

trusted library allocation

page read and write

85CF000

stack

page read and write

3031000

heap

page read and write

3031000

heap

page read and write

3996000

unkown

page read and write

C9B000

heap

page read and write

2813000

heap

page read and write

3753000

direct allocation

page read and write

B1A000

stack

page read and write

3010000

heap

page read and write

BD4000

heap

page read and write

330D000

heap

page read and write

36E2000

unclassified section

page read and write

3031000

heap

page read and write

3010000

heap

page read and write

3031000

heap

page read and write

214212FF000

heap

page read and write

21422C21000

trusted library allocation

page read and write

2813000

heap

page read and write

A90000

unkown

page readonly

3031000

heap

page read and write

3031000

heap

page read and write

38FD000

direct allocation

page read and write

B60000

unkown

page readonly

7D66000

heap

page read and write

3031000

heap

page read and write

117F000

stack

page read and write

21422DCE000

trusted library allocation

page read and write

3155000

heap

page read and write

1D4000

unkown

page readonly

3031000

heap

page read and write

BCE000

stack

page read and write

3130000

heap

page read and write

1034000

heap

page read and write

BF0000

unkown

page read and write

3031000

heap

page read and write

337E000

heap

page read and write

38F9000

direct allocation

page read and write

2F29000

heap

page read and write

3031000

heap

page read and write

21422C0F000

trusted library allocation

page read and write

BDE000

stack

page read and write

B70000

heap

page read and write

7D83000

heap

page read and write

3031000

heap

page read and write

B70000

unkown

page readonly

2A00000

heap

page read and write

D5A000

heap

page read and write

32CD000

direct allocation

page execute and read and write

3031000

heap

page read and write

C9B000

heap

page read and write

38F9000

direct allocation

page read and write

DAB000

heap

page read and write

3031000

heap

page read and write

2A05000

heap

page read and write

F7A000

stack

page read and write

921000

unkown

page execute read

2D23000

heap

page read and write

2813000

heap

page read and write

939000

unkown

page readonly

3031000

heap

page read and write

1460000

unkown

page read and write

396E000

direct allocation

page read and write

BD0000

heap

page read and write

3031000

heap

page read and write

BF0000

unkown

page read and write

3031000

heap

page read and write

3630000

direct allocation

page read and write

13E0000

unkown

page read and write

3753000

direct allocation

page read and write

1460000

unkown

page read and write

13D0000

unkown

page read and write

FE0000

heap

page read and write

B60000

unkown

page readonly

1640000

unkown

page readonly

7D60000

heap

page read and write

3030000

heap

page read and write

1020000

unkown

page readonly

12FC000

stack

page read and write

3630000

direct allocation

page read and write

C9B000

heap

page read and write

3031000

heap

page read and write

3031000

heap

page read and write

38F9000

direct allocation

page read and write

3031000

heap

page read and write

4302000

unkown

page read and write

3CBA000

unkown

page read and write

3031000

heap

page read and write

37D0000

direct allocation

page read and write

FB0000

unkown

page readonly

CA1000

heap

page read and write

3031000

heap

page read and write

F10000

trusted library allocation

page read and write

3031000

heap

page read and write

920000

unkown

page readonly

7DA5000

heap

page read and write

3031000

heap

page read and write

C80000

heap

page read and write

BB0000

heap

page read and write

3129000

direct allocation

page execute and read and write

3031000

heap

page read and write

3031000

heap

page read and write

214212A0000

heap

page read and write

3724BFE000

stack

page read and write

CF0000

heap

page read and write

101E000

stack

page read and write

F10000

unkown

page readonly

6300000

trusted library allocation

page read and write

7D55000

heap

page read and write

DAB000

heap

page read and write

D02000

heap

page read and write

37243FD000

stack

page read and write

There are 686 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
ORDER NO_PO-001839811401_MARCH_28_2025.exe

Files

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportORDER NO_PO-001839811401_MARCH_28_2025.exe

Files

Processes

URLs

Domains

IPs

Memdumps

IOC Report
ORDER NO_PO-001839811401_MARCH_28_2025.exe