Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\9JQ3JboYdz.exe

"C:\Users\user\Desktop\9JQ3JboYdz.exe"

Details

Is windows:	false
Is dropped:	false
PID:	4364
Target ID:	0
Parent PID:	4004
Name:	9JQ3JboYdz.exe
Path:	C:\Users\user\Desktop\9JQ3JboYdz.exe
Commandline:	"C:\Users\user\Desktop\9JQ3JboYdz.exe"
Size:	49152
MD5:	FB714D59BCB67C0910C8F4EE0C5F0E62
Time:	05:11:27
Date:	27/09/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	49152
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Yara detected RunningRAT	Stealing of Sensitive Information, Remote Access Functionality
Self deletion via cmd or bat file	Hooking and other Techniques for Hiding and Protection	File Deletion
AV process strings found (often used to terminate AV products)	Lowering of HIPS / PFW / Operating System Security Settings	Security Software Discovery
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\svchost.exe

C:\Windows\SysWOW64\svchost.exe -k "SySe"

Details

Is windows:	true
Is dropped:	false
PID:	6208
Target ID:	1
Parent PID:	632
Name:	svchost.exe
Path:	C:\Windows\SysWOW64\svchost.exe
Commandline:	C:\Windows\SysWOW64\svchost.exe -k "SySe"
Size:	46504
MD5:	1ED18311E3DA35942DB37D15FA40CC5B
Time:	05:11:27
Date:	27/09/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x860000
Modulesize:	53248
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Windows Processes Suspicious Parent Directory	System Summary
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Windows\SysWOW64\svchost.exe

C:\Windows\SysWOW64\svchost.exe -k "SySe"

Details

Is windows:	true
Is dropped:	false
PID:	7084
Target ID:	3
Parent PID:	632
Name:	svchost.exe
Path:	C:\Windows\SysWOW64\svchost.exe
Commandline:	C:\Windows\SysWOW64\svchost.exe -k "SySe"
Size:	46504
MD5:	1ED18311E3DA35942DB37D15FA40CC5B
Time:	05:11:28
Date:	27/09/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x860000
Modulesize:	53248
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Windows Processes Suspicious Parent Directory	System Summary
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ping 127.0.0.1 -n 1 && del /f/q "C:\Users\user\Desktop\9JQ3JboYdz.exe"

Details

Is windows:	true
Is dropped:	false
PID:	4568
Target ID:	4
Parent PID:	4364
Name:	cmd.exe
Class:	cmd
Path:	C:\Windows\SysWOW64\cmd.exe
Commandline:	"C:\Windows\System32\cmd.exe" /c ping 127.0.0.1 -n 1 && del /f/q "C:\Users\user\Desktop\9JQ3JboYdz.exe"
Size:	236544
MD5:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Time:	05:11:30
Date:	27/09/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x1c0000
Modulesize:	368640
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Self deletion via cmd or bat file	Hooking and other Techniques for Hiding and Protection	File Deletion
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 1

Details

Is windows:	true
Is dropped:	false
PID:	2792
Target ID:	6
Parent PID:	4568
Name:	PING.EXE
Class:	system-tools
Path:	C:\Windows\SysWOW64\PING.EXE
Commandline:	ping 127.0.0.1 -n 1
Size:	18944
MD5:	B3624DD758CCECF93A1226CEF252CA12
Time:	05:11:30
Date:	27/09/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0xa30000
Modulesize:	36864
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Uses ping.exe to check the status of other devices and networks	Networking	System Network Configuration Discovery Remote System Discovery
Uses ping.exe to sleep	Malware Analysis System Evasion
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\SySe.exe

C:\Windows\system32\SySe.exe "c:\program files (x86)\4293750.dll",MainThread

Details

Is windows:	false
Is dropped:	true
PID:	1612
Target ID:	7
Parent PID:	7084
Name:	SySe.exe
Path:	C:\Windows\SysWOW64\SySe.exe
Commandline:	C:\Windows\system32\SySe.exe "c:\program files (x86)\4293750.dll",MainThread
Size:	61440
MD5:	889B99C52A60DD49227C5E485A016679
Time:	05:11:32
Date:	27/09/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0xb60000
Modulesize:	81920
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Drops executables to the windows directory (C:\Windows) and starts them	Persistence and Installation Behavior	Masquerading
Creates files inside the system directory	System Summary	Masquerading
Drops PE files	Persistence and Installation Behavior
Drops PE files to the windows directory (C:\Windows)	Persistence and Installation Behavior	Masquerading
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	6264
Target ID:	5
Parent PID:	4568
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	05:11:30
Date:	27/09/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff66e660000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

Domains

Name

Malicious

www.sf2110.com

124.221.255.145

Details

Name:	www.sf2110.com
IP:	124.221.255.145
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Creates mutexes	System Summary
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

124.221.255.145

www.sf2110.com

China

Details

IP:	124.221.255.145
TargetID:	7
Current Path:	C:\Windows\SysWOW64\SySe.exe
Country:	China
Countrycode:	CHN
ASN number:	45361
ASN name:	JCN-AS-KRUlsanJung-AngBroadcastingNetworkKR
Private:	false
Domain:	www.sf2110.com

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

127.0.0.1

unknown

Details

IP:	127.0.0.1
TargetID:	6
Current Path:	C:\Windows\SysWOW64\PING.EXE
Private:	true

Signature Hits	Behavior Group	Mitre Attack
Self deletion via cmd or bat file	Hooking and other Techniques for Hiding and Protection	File Deletion
Uses ping.exe to check the status of other devices and networks	Networking	System Network Configuration Discovery Remote System Discovery
Uses ping.exe to sleep	Malware Analysis System Evasion
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection

Registry

Path

Value

Malicious

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SySe

Description

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SySe\Parameters

ServiceDll

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Svchost

SySe

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SySe

Group

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SySe

InstallTime

HKEY_USERS.DEFAULT\Software\Microsoft\ActiveMovie\devenum

Version

Memdumps

Base Address

Regiontype

Protect

Malicious

403000

unkown

page write copy

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

680000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

584000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

584000

heap

page read and write

40B000

unkown

page readonly

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

2E2A000

heap

page read and write

22A1000

heap

page read and write

5D0000

heap

page read and write

584000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

584000

heap

page read and write

630000

trusted library allocation

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

10006000

unkown

page read and write

584000

heap

page read and write

620000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

770000

heap

page read and write

B60000

unkown

page readonly

297E000

stack

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

584000

heap

page read and write

22A1000

heap

page read and write

584000

heap

page read and write

22A1000

heap

page read and write

584000

heap

page read and write

10001000

unkown

page execute read

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

584000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

584000

heap

page read and write

22A1000

heap

page read and write

584000

heap

page read and write

50D000

stack

page read and write

22A1000

heap

page read and write

584000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

584000

heap

page read and write

22A1000

heap

page read and write

584000

heap

page read and write

584000

heap

page read and write

2E6F000

stack

page read and write

22A1000

heap

page read and write

68A000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

584000

heap

page read and write

22A1000

heap

page read and write

2E0D000

unkown

page read and write

22A1000

heap

page read and write

7A2000

heap

page read and write

22B0000

heap

page read and write

2E00000

unkown

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

2C00000

heap

page read and write

22A1000

heap

page read and write

317C000

stack

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

4E0000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

1F0000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

401000

unkown

page execute read

10005000

unkown

page readonly

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

10005000

unkown

page readonly

68E000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

10001000

unkown

page execute read

22A1000

heap

page read and write

584000

heap

page read and write

22A1000

heap

page read and write

2D2F000

stack

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

584000

heap

page read and write

B6C000

unkown

page readonly

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

584000

heap

page read and write

22A1000

heap

page read and write

580000

heap

page read and write

584000

heap

page read and write

22A1000

heap

page read and write

584000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

4250000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

400000

unkown

page readonly

590000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

584000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

584000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

2A0F000

stack

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

B69000

unkown

page readonly

22A1000

heap

page read and write

22A1000

heap

page read and write

584000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

B1C000

stack

page read and write

22A1000

heap

page read and write

40B000

unkown

page readonly

22A1000

heap

page read and write

22A1000

heap

page read and write

2E12000

unkown

page read and write

22A1000

heap

page read and write

584000

heap

page read and write

22A1000

heap

page read and write

2F13000

trusted library allocation

page read and write

22A1000

heap

page read and write

2C02000

heap

page read and write

22A1000

heap

page read and write

10000000

unkown

page readonly

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

5A0000

heap

page read and write

4150000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

400000

unkown

page readonly

5CE000

stack

page read and write

22A1000

heap

page read and write

584000

heap

page read and write

777000

heap

page read and write

22A0000

heap

page read and write

22A1000

heap

page read and write

B5D000

stack

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

7BD000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

7C2000

heap

page read and write

22A1000

heap

page read and write

2BEF000

stack

page read and write

780000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

584000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

69B000

heap

page read and write

87E000

stack

page read and write

22A1000

heap

page read and write

2AEE000

stack

page read and write

19A000

stack

page read and write

584000

heap

page read and write

22A1000

heap

page read and write

584000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

584000

heap

page read and write

56E000

stack

page read and write

10007000

unkown

page readonly

584000

heap

page read and write

22A1000

heap

page read and write

584000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

2D6E000

stack

page read and write

22A1000

heap

page read and write

275E000

stack

page read and write

787000

heap

page read and write

7BD000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

AC0000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

307C000

stack

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

18C000

stack

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

584000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

2E2C000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

B69000

unkown

page readonly

ABB000

stack

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

5B0000

heap

page read and write

584000

heap

page read and write

22A1000

heap

page read and write

584000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

2800000

heap

page read and write

9B000

stack

page read and write

584000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

29BE000

stack

page read and write

584000

heap

page read and write

76B000

stack

page read and write

584000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

584000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

584000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

371F000

stack

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

B61000

unkown

page execute read

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

B61000

unkown

page execute read

2F01000

trusted library allocation

page read and write

580000

heap

page read and write

22A1000

heap

page read and write

29FF000

stack

page read and write

22A1000

heap

page read and write

2C12000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

271E000

stack

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

2FAC000

stack

page read and write

22A1000

heap

page read and write

52E000

stack

page read and write

401000

unkown

page execute read

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

403000

unkown

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

2C2E000

stack

page read and write

79D000

stack

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

298E000

unkown

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

10000000

unkown

page readonly

22A1000

heap

page read and write

7B5000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

600000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

4140000

heap

page read and write

830000

trusted library allocation

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

75D000

stack

page read and write

2EAC000

stack

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

10007000

unkown

page readonly

83E000

stack

page read and write

22A1000

heap

page read and write

1F0000

heap

page read and write

22A1000

heap

page read and write

584000

heap

page read and write

22A1000

heap

page read and write

584000

heap

page read and write

584000

heap

page read and write

14B000

stack

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

6A9000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

584000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

2A02000

heap

page read and write

5B5000

heap

page read and write

22A1000

heap

page read and write

820000

heap

page read and write

7F0000

heap

page read and write

584000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

56F000

stack

page read and write

584000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

584000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

A7F000

stack

page read and write

7BD000

heap

page read and write

22A1000

heap

page read and write

42C0000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

584000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

B5F000

stack

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

584000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

290E000

stack

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

54D000

stack

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

B60000

unkown

page readonly

22A1000

heap

page read and write

22A1000

heap

page read and write

7D0000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

3801000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

52E000

stack

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

97F000

stack

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

584000

heap

page read and write

584000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

6BD000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

10006000

unkown

page read and write

22A1000

heap

page read and write

42C4000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

22A1000

heap

page read and write

584000

heap

page read and write

There are 533 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
9JQ3JboYdz.exe

Files

Processes

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report9JQ3JboYdz.exe

Files

Processes

Domains

IPs

Registry

Memdumps

IOC Report
9JQ3JboYdz.exe