Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe

"C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe"

Details

Is windows:	false
Is dropped:	false
PID:	6100
Target ID:	0
Parent PID:	2580
Name:	SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe"
Size:	274432
MD5:	F4D6D6EA62CB666B6FEE9D00BDB77350
Time:	09:28:56
Date:	28/08/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x680000
Modulesize:	323584
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Found malware configuration	AV Detection
Sample uses string decryption to hide its real strings	AV Detection
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample reads its own file content	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary

URLs

Name

Malicious

miracledzmnqwui.shop

Details

Name:	miracledzmnqwui.shop
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
LummaC encrypted strings found	HIPS / PFW / Operating System Protection Evasion	PowerShell Deobfuscate/Decode Files or Information
Sample uses string decryption to hide its real strings	AV Detection

locatedblsoqp.shop

Details

Name:	locatedblsoqp.shop
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
LummaC encrypted strings found	HIPS / PFW / Operating System Protection Evasion	PowerShell Deobfuscate/Decode Files or Information
Sample uses string decryption to hide its real strings	AV Detection

caffegclasiqwp.shop

Details

Name:	caffegclasiqwp.shop
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
LummaC encrypted strings found	HIPS / PFW / Operating System Protection Evasion	PowerShell Deobfuscate/Decode Files or Information
Sample uses string decryption to hide its real strings	AV Detection

millyscroqwp.shop

Details

Name:	millyscroqwp.shop
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
LummaC encrypted strings found	HIPS / PFW / Operating System Protection Evasion	PowerShell Deobfuscate/Decode Files or Information
Sample uses string decryption to hide its real strings	AV Detection

stamppreewntnq.shop

Details

Name:	stamppreewntnq.shop
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
LummaC encrypted strings found	HIPS / PFW / Operating System Protection Evasion	PowerShell Deobfuscate/Decode Files or Information
Sample uses string decryption to hide its real strings	AV Detection

condedqpwqm.shop

Details

Name:	condedqpwqm.shop
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
LummaC encrypted strings found	HIPS / PFW / Operating System Protection Evasion	PowerShell Deobfuscate/Decode Files or Information
Sample uses string decryption to hide its real strings	AV Detection

evoliutwoqm.shop

Details

Name:	evoliutwoqm.shop
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
LummaC encrypted strings found	HIPS / PFW / Operating System Protection Evasion	PowerShell Deobfuscate/Decode Files or Information
Sample uses string decryption to hide its real strings	AV Detection

stagedchheiqwo.shop

Details

Name:	stagedchheiqwo.shop
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
LummaC encrypted strings found	HIPS / PFW / Operating System Protection Evasion	PowerShell Deobfuscate/Decode Files or Information
Sample uses string decryption to hide its real strings	AV Detection

traineiwnqo.shop

Details

Name:	traineiwnqo.shop
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
LummaC encrypted strings found	HIPS / PFW / Operating System Protection Evasion	PowerShell Deobfuscate/Decode Files or Information
Sample uses string decryption to hide its real strings	AV Detection

Memdumps

Base Address

Regiontype

Protect

Malicious

7D0000

heap

page read and write

6BB000

unkown

page write copy

6BB000

unkown

page write copy

680000

unkown

page readonly

6CA000

unkown

page readonly

77C000

stack

page read and write

AFC000

stack

page read and write

6C0000

unkown

page read and write

BE0000

heap

page read and write

D48000

heap

page read and write

681000

unkown

page execute read

D2A000

heap

page read and write

6B8000

unkown

page readonly

681000

unkown

page execute read

680000

unkown

page readonly

7E0000

heap

page read and write

6CA000

unkown

page readonly

D2E000

heap

page read and write

D42000

heap

page read and write

D20000

heap

page read and write

6B8000

unkown

page readonly

There are 11 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe

Processes

URLs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportSecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe

Processes

URLs

Memdumps

IOC Report
SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe