Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\file.exe

"C:\Users\user\Desktop\file.exe"

Details

Is windows:	false
Is dropped:	false
PID:	5064
Target ID:	0
Parent PID:	1028
Name:	file.exe
Path:	C:\Users\user\Desktop\file.exe
Commandline:	"C:\Users\user\Desktop\file.exe"
Size:	1871872
MD5:	725D70229EB4EF1CB992CAFA8A031527
Time:	17:13:59
Date:	27/09/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x8a0000
Modulesize:	7016448
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Detected unpacking (changes PE section rights)	Data Obfuscation	Software Packing
Yara detected Powershell download and execute	HIPS / PFW / Operating System Protection Evasion
Yara detected Stealc	Stealing of Sensitive Information, Remote Access Functionality
Machine Learning detection for sample	AV Detection
PE file contains section with special chars	System Summary
PE file contains an invalid checksum	Data Obfuscation
PE file contains sections with non-standard names	Data Obfuscation
Uses 32bit PE files	Compliance, System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011)	System Summary	Software Packing
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
PE file has a big raw section	System Summary
Submission file is bigger than most known malware samples	System Summary

URLs

Name

Malicious

http://185.215.113.37/

185.215.113.37

Details

Name:	http://185.215.113.37/
IP:	185.215.113.37
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\file.exe
Source:	network

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
HTTP GET or POST without a user agent	Networking
IP address seen in connection with other malware	Networking
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

http://185.215.113.37

unknown

Details

Name:	http://185.215.113.37
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\file.exe
Source:	file.exe, 00000000.00000002.2086459115.000000000140E000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
URLs found in memory or binary data	Networking

http://185.215.113.37/e2b1563c6670f193.php

185.215.113.37

Details

Name:	http://185.215.113.37/e2b1563c6670f193.php
IP:	185.215.113.37
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\file.exe
Source:	network

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
HTTP GET or POST without a user agent	Networking
IP address seen in connection with other malware	Networking
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

http://185.215.113.37/e2b1563c6670f193.php6Y3

unknown

http://185.215.113.37DW

unknown

http://185.215.113.37/e2b1563c6670f193.phpOF

unknown

IPs

Domain

Country

Malicious

185.215.113.37

unknown

Portugal

Details

IP:	185.215.113.37
TargetID:	0
Current Path:	C:\Users\user\Desktop\file.exe
Country:	Portugal
Countrycode:	PRT
ASN number:	206894
ASN name:	WHOLESALECONNECTIONSNL
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
HTTP GET or POST without a user agent	Networking
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

8A1000

unkown

page execute and read and write

5280000

direct allocation

page read and write

140E000

heap

page read and write

30D0000

direct allocation

page read and write

4DF1000

heap

page read and write

13B5000

heap

page read and write

4DF1000

heap

page read and write

4DF1000

heap

page read and write

4DF1000

heap

page read and write

5280000

direct allocation

page read and write

1D33E000

stack

page read and write

13A0000

heap

page read and write

4DF1000

heap

page read and write

4A6E000

stack

page read and write

4DF1000

heap

page read and write

4CAF000

stack

page read and write

3EEF000

stack

page read and write

D92000

unkown

page execute and read and write

4EF0000

trusted library allocation

page read and write

F4E000

unkown

page execute and write copy

4DF1000

heap

page read and write

47AF000

stack

page read and write

180E000

stack

page read and write

4DF1000

heap

page read and write

4DF1000

heap

page read and write

4DF1000

heap

page read and write

38EE000

stack

page read and write

4DF1000

heap

page read and write

95D000

unkown

page execute and read and write

1D82C000

stack

page read and write

4E00000

heap

page read and write

AEA000

unkown

page execute and read and write

16CE000

stack

page read and write

4DF1000

heap

page read and write

4DF1000

heap

page read and write

D9C000

unkown

page execute and read and write

12FE000

stack

page read and write

4DF1000

heap

page read and write

1D98E000

stack

page read and write

4DF1000

heap

page read and write

1340000

heap

page read and write

F4D000

unkown

page execute and read and write

37AE000

stack

page read and write

13B0000

heap

page read and write

30D0000

direct allocation

page read and write

4BAE000

stack

page read and write

4DF1000

heap

page read and write

DAA000

unkown

page execute and write copy

4DF1000

heap

page read and write

1451000

heap

page read and write

951000

unkown

page execute and read and write

4DF1000

heap

page read and write

1D990000

heap

page read and write

4DF1000

heap

page read and write

4DF1000

heap

page read and write

4DF1000

heap

page read and write

4DF1000

heap

page read and write

4DF1000

heap

page read and write

42AF000

stack

page read and write

32EF000

stack

page read and write

406E000

stack

page read and write

5420000

direct allocation

page execute and read and write

1D88E000

stack

page read and write

2FEE000

stack

page read and write

DAA000

unkown

page execute and read and write

FEC000

stack

page read and write

4DF1000

heap

page read and write

4DF1000

heap

page read and write

144F000

heap

page read and write

30B0000

heap

page read and write

4DF1000

heap

page read and write

362F000

stack

page read and write

41AE000

stack

page read and write

4DF1000

heap

page read and write

1D6ED000

stack

page read and write

3B6E000

stack

page read and write

30D0000

direct allocation

page read and write

46AE000

stack

page read and write

13FE000

stack

page read and write

4DF1000

heap

page read and write

1D59F000

stack

page read and write

4DF1000

heap

page read and write

52BE000

stack

page read and write

4DF1000

heap

page read and write

43EF000

stack

page read and write

4DF1000

heap

page read and write

5280000

direct allocation

page read and write

4DF1000

heap

page read and write

48EF000

stack

page read and write

30E0000

heap

page read and write

4DF1000

heap

page read and write

4E03000

heap

page read and write

34EF000

stack

page read and write

4DF1000

heap

page read and write

4B6F000

stack

page read and write

306E000

stack

page read and write

30D0000

direct allocation

page read and write

1D1FE000

stack

page read and write

53E0000

direct allocation

page execute and read and write

4DF1000

heap

page read and write

4DF1000

heap

page read and write

4DF1000

heap

page read and write

5400000

direct allocation

page execute and read and write

4DF1000

heap

page read and write

8A0000

unkown

page read and write

30D0000

direct allocation

page read and write

30D0000

direct allocation

page read and write

466E000

stack

page read and write

4DF1000

heap

page read and write

31EF000

stack

page read and write

4DF1000

heap

page read and write

540E000

stack

page read and write

4DF1000

heap

page read and write

3A2E000

stack

page read and write

3CAE000

stack

page read and write

D6D000

unkown

page execute and read and write

1D2FF000

stack

page read and write

4DF1000

heap

page read and write

442E000

stack

page read and write

3DEE000

stack

page read and write

140A000

heap

page read and write

1D49E000

stack

page read and write

1D43F000

stack

page read and write

4DF1000

heap

page read and write

30E7000

heap

page read and write

33EF000

stack

page read and write

38AF000

stack

page read and write

4DF1000

heap

page read and write

3C6F000

stack

page read and write

4DF0000

heap

page read and write

4DF1000

heap

page read and write

4DF1000

heap

page read and write

452F000

stack

page read and write

8A0000

unkown

page readonly

53F0000

direct allocation

page execute and read and write

30AE000

stack

page read and write

1D72D000

stack

page read and write

4DF1000

heap

page read and write

30D0000

direct allocation

page read and write

4E10000

heap

page read and write

4A2F000

stack

page read and write

47EE000

stack

page read and write

1D5EE000

stack

page read and write

366E000

stack

page read and write

1350000

heap

page read and write

1400000

heap

page read and write

C8A000

unkown

page execute and read and write

4DF1000

heap

page read and write

30D0000

direct allocation

page read and write

4DF1000

heap

page read and write

4DF1000

heap

page read and write

4DF1000

heap

page read and write

4DF1000

heap

page read and write

4DF1000

heap

page read and write

8A1000

unkown

page execute and write copy

30D0000

direct allocation

page read and write

4DF1000

heap

page read and write

4DF1000

heap

page read and write

982000

unkown

page execute and read and write

4DF1000

heap

page read and write

1483000

heap

page read and write

4CEE000

stack

page read and write

42EE000

stack

page read and write

39EF000

stack

page read and write

4DEF000

stack

page read and write

3B2F000

stack

page read and write

4DF1000

heap

page read and write

402F000

stack

page read and write

4DF1000

heap

page read and write

4DF1000

heap

page read and write

30D0000

direct allocation

page read and write

12F5000

stack

page read and write

5410000

direct allocation

page execute and read and write

302E000

stack

page read and write

1469000

heap

page read and write

4DF1000

heap

page read and write

376F000

stack

page read and write

53BF000

stack

page read and write

30D0000

direct allocation

page read and write

4DF1000

heap

page read and write

456E000

stack

page read and write

4DF1000

heap

page read and write

3F2E000

stack

page read and write

4DF1000

heap

page read and write

30D0000

direct allocation

page read and write

AFE000

unkown

page execute and read and write

4DF1000

heap

page read and write

1D994000

heap

page read and write

30D0000

direct allocation

page read and write

1D1BF000

stack

page read and write

53D0000

direct allocation

page execute and read and write

170E000

stack

page read and write

492E000

stack

page read and write

4DF1000

heap

page read and write

DAB000

unkown

page execute and write copy

4DF1000

heap

page read and write

416F000

stack

page read and write

30D0000

direct allocation

page read and write

5400000

direct allocation

page execute and read and write

4DF1000

heap

page read and write

3DAF000

stack

page read and write

4DF1000

heap

page read and write

352E000

stack

page read and write

4DF1000

heap

page read and write

4DF1000

heap

page read and write

There are 195 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
file.exe

Processes

URLs

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportfile.exe

Processes

URLs

IPs

Memdumps

IOC Report
file.exe