Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\6zZSlt35Hr.exe

"C:\Users\user\Desktop\6zZSlt35Hr.exe"

Details

Is windows:	false
Is dropped:	false
PID:	3960
Target ID:	0
Parent PID:	3968
Name:	6zZSlt35Hr.exe
Path:	C:\Users\user\Desktop\6zZSlt35Hr.exe
Commandline:	"C:\Users\user\Desktop\6zZSlt35Hr.exe"
Size:	11264
MD5:	32EE8C01DC56E509B041E6451A4B18D6
Time:	06:43:35
Date:	30/08/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff60a860000
Modulesize:	49152
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Sigma detected: Communication To Uncommon Destination Ports	System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
PE file contains a valid data directory to section mapping	System Summary
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a mix of data directories often seen in goodware	System Summary
PE file has a high image base, often used for DLLs	System Summary

URLs

Name

Malicious

http://120.46.149.112:8888/safekey

120.46.149.112

Details

Name:	http://120.46.149.112:8888/safekey
IP:	120.46.149.112
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\6zZSlt35Hr.exe
Source:	network

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Sigma detected: Communication To Uncommon Destination Ports	System Summary
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
URLs found in memory or binary data	Networking

http://120.46.149.112:8888/safekey5

unknown

http://120.46.149.112:8888/safekey#

unknown

http://120.46.149.112:8888/safekeyb

unknown

http://120.46.149.112:8888/safekey=

unknown

http://120.46.149.112:8888/safekeyy

unknown

http://120.46.149.112:8888/safekey2a

unknown

http://120.46.149.112:8888/safekey7

unknown

http://120.46.149.112:8888/safekey6

unknown

IPs

Domain

Country

Malicious

120.46.149.112

unknown

China

Details

IP:	120.46.149.112
TargetID:	0
Current Path:	C:\Users\user\Desktop\6zZSlt35Hr.exe
Country:	China
Countrycode:	CHN
ASN number:	4847
ASN name:	CNIX-APChinaNetworksInter-ExchangeCN
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Sigma detected: Communication To Uncommon Destination Ports	System Summary
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
URLs found in memory or binary data	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

613DBFE000

stack

page read and write

613DAFE000

stack

page read and write

7FF60A861000

unkown

page execute read

613DCFE000

stack

page read and write

7FF60A862000

unkown

page readonly

24E1EB10000

heap

page read and write

24E1EB95000

heap

page read and write

7FF60A862000

unkown

page readonly

24E1EA80000

heap

page read and write

24E1EAA0000

heap

page read and write

7FF60A860000

unkown

page readonly

24E1EA70000

heap

page read and write

24E1EB8C000

heap

page read and write

24E1ED85000

heap

page read and write

613D78A000

stack

page read and write

613DEFE000

stack

page read and write

613E0FF000

stack

page read and write

24E1EB68000

heap

page read and write

24E1EB6C000

heap

page read and write

613E1F8000

stack

page read and write

613E2FD000

stack

page read and write

613DFFE000

stack

page read and write

24E1EB51000

heap

page read and write

7FF60A860000

unkown

page readonly

24E1EB1C000

heap

page read and write

613DDFE000

stack

page read and write

24E1ED80000

heap

page read and write

24E1EB9D000

heap

page read and write

7FF60A863000

unkown

page execute read

7FF60A869000

unkown

page readonly

24E1EB4F000

heap

page read and write

7FF60A869000

unkown

page readonly

7FF60A861000

unkown

page execute read

There are 23 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
6zZSlt35Hr.exe

Processes

URLs

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report6zZSlt35Hr.exe

Processes

URLs

IPs

Memdumps

IOC Report
6zZSlt35Hr.exe