Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\Gelato Italiano_74695.exe.exe

"C:\Users\user\Desktop\Gelato Italiano_74695.exe.exe"

Details

Is windows:	true
Is dropped:	false
PID:	3324
Target ID:	0
Parent PID:	1244
Name:	Gelato Italiano_74695.exe.exe
Path:	C:\Users\user\Desktop\Gelato Italiano_74695.exe.exe
Commandline:	"C:\Users\user\Desktop\Gelato Italiano_74695.exe.exe"
Size:	5694296
MD5:	BF063C97747FC43DBD0B74CC540913DE
Time:	04:02:27
Date:	30/09/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xea0000
Modulesize:	5722112
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
Sigma detected: Modification of IE Registry Settings	System Summary
URLs found in memory or binary data	Networking
PE file contains a valid data directory to section mapping	System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a mix of data directories often seen in goodware	System Summary
PE file has a big raw section	System Summary
PE / OLE file has a valid certificate	Compliance, System Summary
PE file has a big code size	System Summary
Submission file is bigger than most known malware samples	System Summary

URLs

Name

Malicious

https://dlsft.com/callback.php?channel=&id=74695&action=started

35.190.60.70

https://dlsft.com/service.php?id=74695V

unknown

http://crl.certum.pl/ctsca2021.crl0o

unknown

https://dlsft.com/service.php?id=0

unknown

https://dlsft.com/callback.php?channel=&id=74695

unknown

http://ocsp.entrust.net03

unknown

https://dlsft.com/service.php?id=

unknown

https://dlsft.com/callback.php?channel=&id=

unknown

http://post.securestudies.com/TapAction.

unknown

http://post.securestudies.com/TapAction.aspx?campaign_id=1538&tpi=InstallUnion&action_id=90

unknown

http://ccsca2021.crl.certum.pl/ccsca2021.crl0s

unknown

http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0

unknown

https://dpd.securestudies.com/dpdv2.aspx?campaignid=1538&co=

unknown

http://post.securestudies.com/packages/PI1032/ContentI3.exer

unknown

http://www.diginotar.nl/cps/pkioverheid0

unknown

https://dpd.securestudies.com/dpdv2.aspx?campaignid=1538&co=0

unknown

http://post.securestudies.com/TapAction.aspx?campaign_id=1538&tpi=InstallUnion&action_id=10

unknown

https://dlsft.com/service.php?id=74695P

unknown

http://dlsft.com/callback/geo/e

unknown

http://repository.certum.pl/ccsca2021.cer0

unknown

https://dlsft.com/callback.php?channel=0

unknown

http://post.securestudies.com/TapAction.aspx?campaign_id=1538&tpi=InstallUnion&action_id=17

unknown

http://www.premieropinion.com/privacy.aspx#tos

unknown

https://dlsft.com/callback.php?channel=&id=74695&action=started0

unknown

http://repository.certum.pl/ctsca2021.cer0

unknown

http://dlsft.com/callback/geo/y

unknown

http://www.premieropinion.com/privacy.aspx#pp

unknown

http://subca.ocsp-certum.com05

unknown

http://post.securestudies.com/TapAction.aspx?campaign_id=1538&tpi=InstallUnion&action_id=170

unknown

http://subca.ocsp-certum.com02

unknown

http://subca.ocsp-certum.com01

unknown

http://crl.certum.pl/ctnca2.crl0l

unknown

http://repository.certum.pl/ctnca2.cer09

unknown

http://post.securestudies.com/TapAction.aspx?campaign_id=1538&tpi=InstallUnion&action_id=80

unknown

http://post.securestudies.com/TapAction.aspx?campaign_id=1538&tpi=InstallUnion&action_id=9

unknown

http://ccsca2021.ocsp-certum.com05

unknown

http://post.securestudies.com/TapAction.aspx?campaign_id=1538&tpi=InstallUnion&action_id=40

unknown

http://dlsft.com/callback/geo/

35.190.60.70

http://ocsp.entrust.net0D

unknown

http://post.securestudies.com/TapAction.aspx?campaign_id=1538&tpi=InstallUnion&action_id=00

unknown

http://www.certum.pl/CPS0

unknown

https://dlsft.com/callback.php?channel=&id=74695&action=startedP

unknown

http://post.securestudies.com/TapAction.aspx?campaign_id=1538&tpi=InstallUnion&action_id=0

unknown

http://repository.certum.pl/ctnca.cer09

unknown

https://dlsft.com/callback.php?channel=&id=74695&action=

unknown

http://crl.entrust.net/server1.crl0

unknown

http://post.securestudies.com/TapAction.aspx?campaign_id=1538&tpi=InstallUnion&action_id=3

unknown

http://crl.certum.pl/ctnca.crl0k

unknown

http://post.securestudies.com/TapAction.aspx?campaign_id=1538&tpi=InstallUnion&action_id=4

unknown

http://post.securestudies.com/TapAction.aspx?campaign_id=1538&tpi=InstallUnion&action_id=1

unknown

http://post.securestudies.com/TapAction.aspx?campaign_id=1538&tpi=InstallUnion&action_id=2

unknown

http://post.securestudies.com/TapAction.aspx?campaign_id=1538&tpi=InstallUnion&action_id=8

unknown

http://post.securestudies.com/packages/PI1032/ContentI3.exe

unknown

http://dlsft.com/callback/geo/0

unknown

https://filedm.com/privacy.php

unknown

http://post.securestudies.com/TapAction.aspx?campaign_id=1538&tpi=InstallUnion&action_id=30

unknown

https://www.certum.pl/CPS0

unknown

https://dlsft.com/service.php?id=74695

35.190.60.70

https://dlsft.com/callback.php?channel=

unknown

http://crl.pkioverheid.nl/DomOvLatestCRL.crl0

unknown

https://dlsft.com/callback.php?channel=&id=74695&action=startedr

unknown

https://dlsft.com/

unknown

http://dlsft.com/callback/geo/5

unknown

http://www.winimage.com/zLibDll

unknown

http://post.securestudies.com/TapAction.aspx?campaign_id=1538&tpi=InstallUnion&action_id=20

unknown

https://dlsft.com/callback.php?channel=&id=74695&action=started----

unknown

https://dlsft.com/service.php?id=746950

unknown

https://secure.comodo.com/CPS0

unknown

http://crl.entrust.net/2048ca.crl0

unknown

https://dlsft.com/service.php?id=746952

unknown

There are 60 hidden URLs, click here to show them.

Domains

Name

Malicious

dlsft.com

35.190.60.70

Details

Name:	dlsft.com
IP:	35.190.60.70
TargetID:	0
Current Path:	C:\Users\user\Desktop\Gelato Italiano_74695.exe.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

IPs

Domain

Country

Malicious

35.190.60.70

dlsft.com

United States

Details

IP:	35.190.60.70
TargetID:	0
Current Path:	C:\Users\user\Desktop\Gelato Italiano_74695.exe.exe
Country:	United States
Countrycode:	USA
ASN number:	15169
ASN name:	GOOGLEUS
Private:	false
Domain:	dlsft.com

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

Registry

Path

Value

Malicious

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8

Blob

Details

TargetID:	0
Path:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Value name:	Blob
Value data:	04 00 00 00 01 00 00 00 10 00 00 00 0A 0A 18 29 36 E6 C3 DF 7F A3 4D 0F FD 41 5E 22 14 00 00 00 01 00 00 00 14 00 00 00 BB 3B 3F AA 10 70 C8 55 F7 24 E9 3B FD 32 19 F4 F6 11 6B 3A 03 00 00 00 01 00 00 00 14 00 00 00 3F 72 8A 35 DE 52 B2 C8 99 4A 4F B1 01 A0 3B 95 E8 7B 06 C8 0F 00 00 00 01 00 00 00 14 00 00 00 71 75 75 34 54 C2 98 2E 84 ED 48 F5 B4 EE 52 48 7F 4A 37 CD 19 00 00 00 01 00 00 00 10 00 00 00 49 50 8B 6C BE 29 D8 39 31 16 93 FA 24 E5 8D 98 20 00 00 00 01 00 00 00 FD 05 00 00 30 82 05 F9 30 82 03 E1 A0 03 02 01 02 02 09 00 D2 1E F1 F6 E3 4F 6B B8 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30 81 92 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 0C 0A 43 61 6C 69 66 6F 72 6E 69 61 31 16 30 14 06 03 55 04 07 0C 0D 53 61 6E 20 46 72 61 6E 63 69 73 63 6F 31 2A 30 28 06 03 55 04 0A 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 31 2A 30 28 06 03 55 04 03 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 30 1E 17 0D 31 35 30 33 31 37 31 34 31 36 33 38 5A 17 0D 34 35 30 33 30 39 31 34 31 36 33 38 5A 30 81 92 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 0C 0A 43 61 6C 69 66 6F 72 6E 69 61 31 16 30 14 06 03 55 04 07 0C 0D 53 61 6E 20 46 72 61 6E 63 69 73 63 6F 31 2A 30 28 06 03 55 04 0A 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 31 2A 30 28 06 03 55 04 03 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 30 82 02 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 02 0F 00 30 82 02 0A 02 82 02 01 00 AE 85 81 A8 AB 4F 18 6F B8 FF D9 66 4D B0 3F E7 A3 06 9B 8D 6E 32 30 46 84 32 00 D0 A2 58 15 E3 83 1A 98 23 89 66 FA DC CF E9 B3 3F 7A 15 85 38 42 6D A3 6A 64 14 CB 41 56 ED FE 59 95 38 F1 FA AB E9 4B 06 52 B7 83 58 97 69 5A 3D 75 98 98 9F CE ED 1D 79 20 30 90 20 F1 57 23 2F 00 62 F2 FE BD 48 D8 62 D9 25 72 A2 12 C8 7A 04 2F A5 E3 74 75 DD 7A 1C 60 40 6B 37 C3 D8 4F 7D C1 E7 68 97 5E 36 08 A8 1C 35 78 81 AF A7 4E B4 88 D0 AB 10 74 03 CB 8C 9B AC 63 27 B9 DC 75 E6 6B 5D 32 18 95 0B FD 03 C5 66 DF C6 57 65 56 E9 77 31 59 42 23 46 2D 2A 03 7B 32 C5 3B AB C6 6A 2F B5 48 7F 9E 7A 61 60 40 DA AA 16 B4 38 26 8D B3 71 4A 6D 28 4A 21 0E 26 DA D0 30 B3 FA 74 3E CF EF 28 24 47 39 B8 EE 10 06 5A 65 67 F2 37 66 D9 57 26 A4 2A 9B DF A0 37 5D C0 ED 65 59 F9 E9 E6 F8 8E A7 AE 3A F4 72 E5 F8 62 BB B5 97 A7 A0 1C 32 5B 35 14 43 53 6B C4 C9 E8 3E 21 61 8C 3C 3F CE 4A 14 8B DA 41 39 D1 C5 E3 34 A3 C4 44 0C 5D BB 0D 78 E8 31 BE 4A A9 CF B3 D5 12 21 AE 6D 28 4C 86 98 E4 0A 99 81 BF 98 11 99 86 28 AB EB 15 EF A9 50 B9 43 AE B1 03 69 06 63 6D 11 93 D9 C0 FB 97 FE 0A F5 CD 4F 10 90 9E 19 FB 6F 66 44 0C 50 20 B1 A3 A7 27 45 15 FA C9 45 20 EA B9 DF CE C6 E4 61 4F 08 09 FA 5D 13 8F 03 FB DA 95 85 E0 5C BC 2D A9 CC 8E BA 76 B9 6A 80 2E 69 74 62 19 28 02 EC 60 11 A6 0F 64 C2 FF 9B 5E 7D 0F F1 D4 6B 4D FD 99 BB C1 3D 05 DE 6E F2 B2 CE 1F 51 A5 E3 43 D1 E7 24 76 36 2F 9A 02 0D DA 34 A6 2D E0 1D 22 14 C5 7E FD B7 0F 31 B1 4A D0 AA A7 73 57 C5 C2 63 D8 C3 2F 37 39 12 BF C0 91 F7 AC A6 AB 48 ED 82 4B C7 4D 30 06 EA 6C A7 C2 B1 A1 09 02 96 6A 3D 02 03 01 00 01 A3 50 30 4E 30 1D 06 03 55 1D 0E 04 16 04 14 BB 3B 3F AA 10 70 C8 55 F7 24 E9 3B FD 32 19 F4 F6 11 6B 3A 30 1F 06 03 55 1D 23 04 18 30 16 80 14 BB 3B 3F AA 10 70 C8 55 F7 24 E9 3B FD 32 19 F4 F6 11 6B 3A 30 0C 06 03 55 1D 13 04 05 30 03 01 01 FF 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 82 02 01 00 48 3C 18 2B 72 E4 57 52 A8 95 35 C6 A1 73 71 20 85 20 94 FF 55 E7 1B 02 9C 05 C8 31 F8 85 B2 79 BE B2 47 55 74 E0 55 70 6B 17 24 9F 0B 6A 92 FE 41 04 22 4F 25 F4 5C DA 25 EF A9 32 CD CC 57 AD 88 5B 56 14 5F 7A 38 02 D3 18 23 8D A5 D8 FB 9F 43 A3 1A 68 2E 42 06 72 26 01 A2 EB DB AF 70 2E 57 12 35 7C B2 A1 EF AB 12 E0 81 55 84 37 C8 FD 95 AE DE 58 60 40 52 A1 C7 75 18 A1 2F 92 5A C0 AB C9 1B A7 17 19 4E 4D D8 53 FB C6 C3 7C 33 53 51 5B 3A 64 31 60 A4 B3 07 72 D7 39 1A F9 8A A2 70 E4 B4 D6 BF 6A AD 24 76 74 CE C7 EA 87 3E 28 6C EF 08 09 4F 79 FB CF 77 FF FA F8 77 04 4A 30 90 5B 27 11 5C 79 60 60 64 1A CB 6E 2C 5E 1C B0 53 AC 28 4A 8B 8B DF AE 01 41 D2 12 3F 7B 22 54 D2 8E 3C C4 A1 FF 4A 6C D3 1B EB 1D 35 94 14 F5 79 44 BE C2 E6 93 9B BA 4D D0 81 94 E9 25 BE 43 FC 2C 92 E5 CA DC 5D 9D CF CA 8B CF 0C E0 3D 29 21 44 4A C0 19 F4 F3 D5 7E F5 74 35 2B FC DF A3 F7 3C C5 D6 7A 7A 0B B6 2B C7 BF F9 8F 6E B5 56 44 0F A9 45 80 9F 88 21 82 99 2C DC 85 DA 25 65 55 ED D3 1C 36 4E D6 63 46 68 AF 6C 87 5C C5 F6 89 C2 E1 70 F4 87 0F F1 DE F0 8E 72 E4 CA CB 83 2B CD B1 7A 54 41 AF 97 38 DF F7 EA 8C 7A B2 D1 1B E9 E9 D3 BF 41 0F 21 F0 AA 8D 95 B6 CD 91 90 DF 71 E7 72 96 9D 3F 18 B9 98 8C CE 15 45 99 83 FB BD 61 4E AD 63 36 71 86 5D BD A3 17 61 6F 31 57 A4 25 3D ED 24 6A 9E 94 E0 D8 67 F0 17 12 86 B7 4E 65 93 A6 BD 8A 2A 06 6B EC 0F DE E0 B5 9C A0 AF D5 A4 32 A2 70 75 A1 02 A9 7F 85 D9 39 38 80 BB 41 A6 0F A3 8D 1F F1 66 E0 04 B3 A2 88 03 8B A7 AF E1 A1 60 95 F6 CB 76 12 C8 51 83 1E 14 E2 0B B5 6C F1 4B 96 21 F9 DE AA B2 CD 71 B8 63

Signature Hits	Behavior Group	Mitre Attack
Installs new ROOT certificates	Persistence and Installation Behavior	Install Root Certificate
Stores large binary data to the registry	Hooking and other Techniques for Hiding and Protection	Modify Registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8

Blob

Details

TargetID:	0
Path:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Value name:	Blob
Value data:	5C 00 00 00 01 00 00 00 04 00 00 00 00 10 00 00 19 00 00 00 01 00 00 00 10 00 00 00 49 50 8B 6C BE 29 D8 39 31 16 93 FA 24 E5 8D 98 0F 00 00 00 01 00 00 00 14 00 00 00 71 75 75 34 54 C2 98 2E 84 ED 48 F5 B4 EE 52 48 7F 4A 37 CD 03 00 00 00 01 00 00 00 14 00 00 00 3F 72 8A 35 DE 52 B2 C8 99 4A 4F B1 01 A0 3B 95 E8 7B 06 C8 14 00 00 00 01 00 00 00 14 00 00 00 BB 3B 3F AA 10 70 C8 55 F7 24 E9 3B FD 32 19 F4 F6 11 6B 3A 04 00 00 00 01 00 00 00 10 00 00 00 0A 0A 18 29 36 E6 C3 DF 7F A3 4D 0F FD 41 5E 22 20 00 00 00 01 00 00 00 FD 05 00 00 30 82 05 F9 30 82 03 E1 A0 03 02 01 02 02 09 00 D2 1E F1 F6 E3 4F 6B B8 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30 81 92 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 0C 0A 43 61 6C 69 66 6F 72 6E 69 61 31 16 30 14 06 03 55 04 07 0C 0D 53 61 6E 20 46 72 61 6E 63 69 73 63 6F 31 2A 30 28 06 03 55 04 0A 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 31 2A 30 28 06 03 55 04 03 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 30 1E 17 0D 31 35 30 33 31 37 31 34 31 36 33 38 5A 17 0D 34 35 30 33 30 39 31 34 31 36 33 38 5A 30 81 92 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 0C 0A 43 61 6C 69 66 6F 72 6E 69 61 31 16 30 14 06 03 55 04 07 0C 0D 53 61 6E 20 46 72 61 6E 63 69 73 63 6F 31 2A 30 28 06 03 55 04 0A 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 31 2A 30 28 06 03 55 04 03 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 30 82 02 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 02 0F 00 30 82 02 0A 02 82 02 01 00 AE 85 81 A8 AB 4F 18 6F B8 FF D9 66 4D B0 3F E7 A3 06 9B 8D 6E 32 30 46 84 32 00 D0 A2 58 15 E3 83 1A 98 23 89 66 FA DC CF E9 B3 3F 7A 15 85 38 42 6D A3 6A 64 14 CB 41 56 ED FE 59 95 38 F1 FA AB E9 4B 06 52 B7 83 58 97 69 5A 3D 75 98 98 9F CE ED 1D 79 20 30 90 20 F1 57 23 2F 00 62 F2 FE BD 48 D8 62 D9 25 72 A2 12 C8 7A 04 2F A5 E3 74 75 DD 7A 1C 60 40 6B 37 C3 D8 4F 7D C1 E7 68 97 5E 36 08 A8 1C 35 78 81 AF A7 4E B4 88 D0 AB 10 74 03 CB 8C 9B AC 63 27 B9 DC 75 E6 6B 5D 32 18 95 0B FD 03 C5 66 DF C6 57 65 56 E9 77 31 59 42 23 46 2D 2A 03 7B 32 C5 3B AB C6 6A 2F B5 48 7F 9E 7A 61 60 40 DA AA 16 B4 38 26 8D B3 71 4A 6D 28 4A 21 0E 26 DA D0 30 B3 FA 74 3E CF EF 28 24 47 39 B8 EE 10 06 5A 65 67 F2 37 66 D9 57 26 A4 2A 9B DF A0 37 5D C0 ED 65 59 F9 E9 E6 F8 8E A7 AE 3A F4 72 E5 F8 62 BB B5 97 A7 A0 1C 32 5B 35 14 43 53 6B C4 C9 E8 3E 21 61 8C 3C 3F CE 4A 14 8B DA 41 39 D1 C5 E3 34 A3 C4 44 0C 5D BB 0D 78 E8 31 BE 4A A9 CF B3 D5 12 21 AE 6D 28 4C 86 98 E4 0A 99 81 BF 98 11 99 86 28 AB EB 15 EF A9 50 B9 43 AE B1 03 69 06 63 6D 11 93 D9 C0 FB 97 FE 0A F5 CD 4F 10 90 9E 19 FB 6F 66 44 0C 50 20 B1 A3 A7 27 45 15 FA C9 45 20 EA B9 DF CE C6 E4 61 4F 08 09 FA 5D 13 8F 03 FB DA 95 85 E0 5C BC 2D A9 CC 8E BA 76 B9 6A 80 2E 69 74 62 19 28 02 EC 60 11 A6 0F 64 C2 FF 9B 5E 7D 0F F1 D4 6B 4D FD 99 BB C1 3D 05 DE 6E F2 B2 CE 1F 51 A5 E3 43 D1 E7 24 76 36 2F 9A 02 0D DA 34 A6 2D E0 1D 22 14 C5 7E FD B7 0F 31 B1 4A D0 AA A7 73 57 C5 C2 63 D8 C3 2F 37 39 12 BF C0 91 F7 AC A6 AB 48 ED 82 4B C7 4D 30 06 EA 6C A7 C2 B1 A1 09 02 96 6A 3D 02 03 01 00 01 A3 50 30 4E 30 1D 06 03 55 1D 0E 04 16 04 14 BB 3B 3F AA 10 70 C8 55 F7 24 E9 3B FD 32 19 F4 F6 11 6B 3A 30 1F 06 03 55 1D 23 04 18 30 16 80 14 BB 3B 3F AA 10 70 C8 55 F7 24 E9 3B FD 32 19 F4 F6 11 6B 3A 30 0C 06 03 55 1D 13 04 05 30 03 01 01 FF 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 82 02 01 00 48 3C 18 2B 72 E4 57 52 A8 95 35 C6 A1 73 71 20 85 20 94 FF 55 E7 1B 02 9C 05 C8 31 F8 85 B2 79 BE B2 47 55 74 E0 55 70 6B 17 24 9F 0B 6A 92 FE 41 04 22 4F 25 F4 5C DA 25 EF A9 32 CD CC 57 AD 88 5B 56 14 5F 7A 38 02 D3 18 23 8D A5 D8 FB 9F 43 A3 1A 68 2E 42 06 72 26 01 A2 EB DB AF 70 2E 57 12 35 7C B2 A1 EF AB 12 E0 81 55 84 37 C8 FD 95 AE DE 58 60 40 52 A1 C7 75 18 A1 2F 92 5A C0 AB C9 1B A7 17 19 4E 4D D8 53 FB C6 C3 7C 33 53 51 5B 3A 64 31 60 A4 B3 07 72 D7 39 1A F9 8A A2 70 E4 B4 D6 BF 6A AD 24 76 74 CE C7 EA 87 3E 28 6C EF 08 09 4F 79 FB CF 77 FF FA F8 77 04 4A 30 90 5B 27 11 5C 79 60 60 64 1A CB 6E 2C 5E 1C B0 53 AC 28 4A 8B 8B DF AE 01 41 D2 12 3F 7B 22 54 D2 8E 3C C4 A1 FF 4A 6C D3 1B EB 1D 35 94 14 F5 79 44 BE C2 E6 93 9B BA 4D D0 81 94 E9 25 BE 43 FC 2C 92 E5 CA DC 5D 9D CF CA 8B CF 0C E0 3D 29 21 44 4A C0 19 F4 F3 D5 7E F5 74 35 2B FC DF A3 F7 3C C5 D6 7A 7A 0B B6 2B C7 BF F9 8F 6E B5 56 44 0F A9 45 80 9F 88 21 82 99 2C DC 85 DA 25 65 55 ED D3 1C 36 4E D6 63 46 68 AF 6C 87 5C C5 F6 89 C2 E1 70 F4 87 0F F1 DE F0 8E 72 E4 CA CB 83 2B CD B1 7A 54 41 AF 97 38 DF F7 EA 8C 7A B2 D1 1B E9 E9 D3 BF 41 0F 21 F0 AA 8D 95 B6 CD 91 90 DF 71 E7 72 96 9D 3F 18 B9 98 8C CE 15 45 99 83 FB BD 61 4E AD 63 36 71 86 5D BD A3 17 61 6F 31 57 A4 25 3D ED 24 6A 9E 94 E0 D8 67 F0 17 12 86 B7 4E 65 93 A6 BD 8A 2A 06 6B EC 0F DE E0 B5 9C A0 AF D5 A4 32 A2 70 75 A1 02 A9 7F 85 D9 39 38 80 BB 41 A6 0F A3 8D 1F F1 66 E0 04 B3 A2 88 03 8B A7 AF E1 A1 60 95 F6 CB 76 12 C8 51 83 1E 14 E2 0B B5 6C F1 4B 96 21 F9 DE AA B2 CD 71 B8 63

Signature Hits	Behavior Group	Mitre Attack
Installs new ROOT certificates	Persistence and Installation Behavior	Install Root Certificate
Stores large binary data to the registry	Hooking and other Techniques for Hiding and Protection	Modify Registry

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

SavedLegacySettings

Details

TargetID:	0
Path:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Value name:	SavedLegacySettings
Value data:	46 00 00 00 2A 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 02 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Modification of IE Registry Settings	System Summary

Memdumps

Base Address

Regiontype

Protect

Malicious

57BC000

heap

page read and write

965000

heap

page read and write

967000

heap

page read and write

296000

heap

page read and write

A10000

trusted library allocation

page read and write

642E000

unkown

page read and write

933000

heap

page read and write

967000

heap

page read and write

138F000

unkown

page read and write

962000

heap

page read and write

71A0000

heap

page read and write

2B2000

trusted library allocation

page read and write

97D000

heap

page read and write

3AED000

heap

page read and write

199000

stack

page read and write

386D000

stack

page read and write

3AE4000

heap

page read and write

5BAC000

stack

page read and write

3A7C000

heap

page read and write

57B7000

heap

page read and write

39F3000

heap

page read and write

7EF96000

trusted library allocation

page execute read

127B000

unkown

page readonly

371A000

heap

page read and write

3AD8000

heap

page read and write

955000

heap

page read and write

3A67000

heap

page read and write

33E0000

heap

page read and write

57EB000

heap

page read and write

7FE000

stack

page read and write

36DE000

heap

page read and write

1395000

unkown

page read and write

138D000

unkown

page write copy

589E000

heap

page read and write

834000

heap

page read and write

8E0000

heap

page read and write

965000

heap

page read and write

37BF000

heap

page read and write

99E000

heap

page read and write

70DF000

stack

page read and write

345E000

heap

page read and write

AB4000

heap

page read and write

972000

heap

page read and write

7EF98000

trusted library allocation

page execute read

5DBC000

stack

page read and write

676B000

stack

page read and write

150000

trusted library allocation

page read and write

8B8000

heap

page read and write

97D000

heap

page read and write

5854000

heap

page read and write

817000

heap

page read and write

270000

trusted library allocation

page read and write

658F000

stack

page read and write

5FED000

stack

page read and write

94B000

heap

page read and write

5EEE000

stack

page read and write

3A8F000

heap

page read and write

92D000

heap

page read and write

5814000

heap

page read and write

3798000

heap

page read and write

57B3000

heap

page read and write

57D8000

heap

page read and write

4F02000

unkown

page readonly

7EF90000

trusted library allocation

page execute read

3A62000

heap

page read and write

A50000

heap

page read and write

967000

heap

page read and write

3460000

heap

page read and write

949000

heap

page read and write

8BE000

heap

page read and write

967000

heap

page read and write

5825000

heap

page read and write

962000

heap

page read and write

810000

heap

page read and write

5B0000

heap

page read and write

92F000

heap

page read and write

585F000

heap

page read and write

2B0000

trusted library allocation

page read and write

933000

heap

page read and write

7EF92000

trusted library allocation

page execute read

36F1000

heap

page read and write

8BA000

heap

page read and write

57C0000

heap

page read and write

39BA000

heap

page read and write

580B000

heap

page read and write

962000

heap

page read and write

344E000

heap

page read and write

3947000

heap

page read and write

961000

heap

page read and write

962000

heap

page read and write

6E5F000

stack

page read and write

1394000

unkown

page write copy

2F10000

heap

page read and write

949000

heap

page read and write

95D000

heap

page read and write

57C7000

heap

page read and write

4EF7000

unkown

page readonly

13B0000

unkown

page read and write

7EF9A000

trusted library allocation

page execute read

61DE000

stack

page read and write

349C000

heap

page read and write

57BE000

heap

page read and write

33FE000

heap

page read and write

EA1000

unkown

page execute read

965000

heap

page read and write

13B7000

unkown

page readonly

57B5000

heap

page read and write

33DE000

stack

page read and write

961000

heap

page read and write

382E000

stack

page read and write

689F000

stack

page read and write

DCF000

heap

page read and write

967000

heap

page read and write

81E000

heap

page read and write

97D000

heap

page read and write

967000

heap

page read and write

57CE000

heap

page read and write

97D000

heap

page read and write

CB0000

heap

page read and write

962000

heap

page read and write

962000

heap

page read and write

3A59000

heap

page read and write

150000

trusted library allocation

page read and write

1390000

unkown

page write copy

8F6000

heap

page read and write

57CB000

heap

page read and write

57C5000

heap

page read and write

8BC000

heap

page read and write

5CFC000

stack

page read and write

35FE000

stack

page read and write

6B7C000

stack

page read and write

2AF0000

heap

page read and write

4EF2000

unkown

page readonly

3670000

heap

page read and write

3443000

heap

page read and write

138E000

unkown

page write copy

5770000

heap

page read and write

98E000

heap

page read and write

965000

heap

page read and write

39FC000

heap

page read and write

10000

heap

page read and write

EA0000

unkown

page readonly

3AE0000

heap

page read and write

905000

heap

page read and write

345C000

heap

page read and write

8F3000

heap

page read and write

3A72000

heap

page read and write

961000

heap

page read and write

57F0000

heap

page read and write

965000

heap

page read and write

604E000

stack

page read and write

210000

heap

page read and write

127B000

unkown

page readonly

33E6000

heap

page read and write

969000

heap

page read and write

97B000

heap

page read and write

615F000

stack

page read and write

908000

heap

page read and write

3910000

heap

page read and write

97D000

heap

page read and write

3786000

heap

page read and write

5D50000

heap

page read and write

910000

heap

page read and write

4EF0000

unkown

page readonly

359D000

stack

page read and write

964000

heap

page read and write

2C0000

remote allocation

page read and write

EA1000

unkown

page execute read

CB9000

heap

page read and write

139D000

unkown

page write copy

4B12000

trusted library section

page read and write

13B7000

unkown

page readonly

13C7000

unkown

page readonly

57EE000

heap

page read and write

200000

trusted library allocation

page read and write

4AF4000

trusted library section

page read and write

693E000

stack

page read and write

E9D000

stack

page read and write

97D000

heap

page read and write

6CAB000

stack

page read and write

CD7000

heap

page read and write

8FF000

heap

page read and write

AB0000

heap

page read and write

7EF94000

trusted library allocation

page execute read

280000

trusted library allocation

page read and write

2A0000

trusted library allocation

page read and write

33F8000

heap

page read and write

6A7F000

stack

page read and write

13C7000

unkown

page readonly

397F000

heap

page read and write

3C9000

stack

page read and write

962000

heap

page read and write

220000

trusted library allocation

page read and write

2A2000

trusted library allocation

page read and write

57F2000

heap

page read and write

3AE2000

heap

page read and write

955000

heap

page read and write

282000

trusted library allocation

page read and write

36B6000

heap

page read and write

97D000

heap

page read and write

57B1000

heap

page read and write

33FA000

heap

page read and write

260000

trusted library allocation

page read and write

800000

trusted library allocation

page read and write

97B000

heap

page read and write

343D000

heap

page read and write

AD2000

heap

page read and write

5847000

heap

page read and write

290000

heap

page read and write

138D000

unkown

page read and write

A12000

trusted library allocation

page read and write

EA0000

unkown

page readonly

97D000

heap

page read and write

57C9000

heap

page read and write

89B000

heap

page read and write

E20000

heap

page read and write

2C0000

remote allocation

page read and write

AAC000

stack

page read and write

13B4000

unkown

page read and write

38A0000

heap

page read and write

97E000

heap

page read and write

8EA000

heap

page read and write

3704000

heap

page read and write

3A07000

heap

page read and write

1393000

unkown

page read and write

8B2000

heap

page read and write

9A3000

heap

page read and write

57BA000

heap

page read and write

39ED000

heap

page read and write

There are 219 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
Gelato Italiano_74695.exe.bin

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportGelato Italiano_74695.exe.bin

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
Gelato Italiano_74695.exe.bin