Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

fcl52nBWuY.exe

PE32 executable (GUI) Intel 80386, for MS Windows

initial sample

Details

Filetype:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	6.786957907165894
Filename:	fcl52nBWuY.exe
Filesize:	339886
MD5:	f80c1317f5043d991a91e5fb6399e658
SHA1:	b62f2cfb8d9856dd59416675bc5d0bfaa748a1be
SHA256:	86549cf9c343d0533ef80be2f080a7e3c38c77a1dfbde0a2f89048127979ec2a
SHA512:	e43b555e36bd06d380656f5752229059de59c1e973832a7b533212f00bfc968edc8ae43fb3e407dd58d93ed80e7833185049d751a75aaa8382e4f91612d1fb0b
SSDEEP:	6144:ntH/xNLaAOvIBd7lAAxWS1elIoSN6WX+t45q0cp:ntH5NLaAdDhAAEIFcWX+t4oz
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............w...w...w..<.V..w..<.T..w..<.U..w....Z..w.......w.......w.......w....$..w....4..w...w...v.......w.......w....X..w.......w.

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Allocates memory with a write watch (potentially for evading sandboxes)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion Security Software Discovery
Contains functionality to call native functions	System Summary
Contains functionality to check if a debugger is running (IsDebuggerPresent)	Anti Debugging
Contains functionality to communicate with device drivers	System Summary
Contains functionality to query CPU information (cpuid)	Language, Device and Operating System Detection	System Information Discovery
Contains functionality to query locales information (e.g. system language)	Language, Device and Operating System Detection
Contains functionality to read the PEB	Anti Debugging
Contains functionality which may be used to detect a debugger (GetProcessHeap)	Anti Debugging	Security Software Discovery
Detected potential crypto function	System Summary	Archive Collected Data Encrypted Channel
File is packed with WinRar	Data Obfuscation	Software Packing
Found evasive API chain (date check)	Malware Analysis System Evasion	Native API
Found potential string decryption / allocating functions	System Summary	Deobfuscate/Decode Files or Information Obfuscated Files or Information
PE file contains sections with non-standard names	Data Obfuscation
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary	Masquerading
Uses code obfuscation techniques (call, push, ret)	Data Obfuscation
Contains functionality for error logging	System Summary
Contains functionality to enumerate / list files inside a directory	Spreading, Malware Analysis System Evasion	File and Directory Discovery
Contains functionality to instantiate COM classes	System Summary
Contains functionality to load and extract PE file embedded resources	System Summary
Contains functionality to query local / system time	Language, Device and Operating System Detection	System Time Discovery
Contains functionality to query system information	Malware Analysis System Evasion
Contains functionality to query windows version	Language, Device and Operating System Detection
Contains functionality to register its own exception handler	Anti Debugging
Creates files inside the user directory	System Summary	Masquerading
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion
Might use command line arguments	System Summary	Masquerading
PE file has an executable .text section and no other executable section	System Summary
Program exit points	Malware Analysis System Evasion
Reads ini files	System Summary
Reads software policies	System Summary
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
Tries to load missing DLLs	System Summary	DLL Side-Loading
Uses an in-process (OLE) Automation server	System Summary
PE file contains a valid data directory to section mapping	System Summary	Security Software Discovery
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a mix of data directories often seen in goodware	System Summary

C:\Users\user\Desktop\???i????-623-6341-11.docx.lnk

MS Windows shortcut, Item id list present, Has Description string, Has command line arguments, Icon number=0, ctime=Wed Nov 8 04:43:43 2023, mtime=Wed Nov 8 04:43:43 2023, atime=Wed Nov 8 04:43:43 2023, length=0, window=hide

dropped

Details

File:	C:\Users\user\Desktop\???i????-623-6341-11.docx.lnk
Category:	dropped
Dump:	???i????-623-6341-11.docx.lnk.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\fcl52nBWuY.exe
Type:	MS Windows shortcut, Item id list present, Has Description string, Has command line arguments, Icon number=0, ctime=Wed Nov 8 04:43:43 2023, mtime=Wed Nov 8 04:43:43 2023, atime=Wed Nov 8 04:43:43 2023, length=0, window=hide
Entropy:	5.73833469346233
Encrypted:	false
Ssdeep:	384:BeqmQq06/c/JNjKn3kHRi13pFLQpHTdUe2IJbv27RznfCLd:nmtNV3kHRi13r0hl2IJkRjSd
Size:	20332
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Suspicious LNK Double Extension File Created	System Summary

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\fcl52nBWuY.exe

"C:\Users\user\Desktop\fcl52nBWuY.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7652
Target ID:	0
Parent PID:	2592
Name:	fcl52nBWuY.exe
Path:	C:\Users\user\Desktop\fcl52nBWuY.exe
Commandline:	"C:\Users\user\Desktop\fcl52nBWuY.exe"
Size:	339886
MD5:	F80C1317F5043D991A91E5FB6399E658
Time:	09:32:21
Date:	30/09/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x40000
Modulesize:	487424
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
PE file contains sections with non-standard names	Data Obfuscation
Sample file is different than original file name gathered from version info	System Summary
Sigma detected: Suspicious LNK Double Extension File Created	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
PE file contains a valid data directory to section mapping	System Summary
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a mix of data directories often seen in goodware	System Summary

Memdumps

Base Address

Regiontype

Protect

Malicious

C6A0000

trusted library allocation

page read and write

7534000

heap

page read and write

C3D9000

heap

page read and write

C3A7000

heap

page read and write

329E000

heap

page read and write

323F000

heap

page read and write

7521000

heap

page read and write

C394000

heap

page read and write

7590000

heap

page read and write

32B8000

heap

page read and write

3229000

heap

page read and write

32E6000

heap

page read and write

C38C000

heap

page read and write

C38A000

heap

page read and write

C3A0000

heap

page read and write

7559000

heap

page read and write

5260000

heap

page read and write

32BC000

heap

page read and write

32F7000

heap

page read and write

3226000

heap

page read and write

2DF0000

heap

page read and write

32CD000

heap

page read and write

C3A0000

heap

page read and write

756B000

heap

page read and write

757B000

heap

page read and write

32CA000

heap

page read and write

34CD000

stack

page read and write

7549000

heap

page read and write

40000

unkown

page readonly

32F0000

heap

page read and write

32E5000

heap

page read and write

B852000

trusted library allocation

page read and write

3207000

heap

page read and write

7534000

heap

page read and write

5241000

trusted library allocation

page read and write

C43E000

heap

page read and write

BC37000

heap

page read and write

C344000

heap

page read and write

C38C000

heap

page read and write

5264000

heap

page read and write

329C000

heap

page read and write

C3A1000

heap

page read and write

32C2000

heap

page read and write

329E000

heap

page read and write

C07C000

stack

page read and write

3286000

heap

page read and write

32AA000

heap

page read and write

3130000

heap

page read and write

323A000

heap

page read and write

32DC000

heap

page read and write

32B1000

heap

page read and write

758E000

heap

page read and write

7569000

heap

page read and write

77C0000

heap

page read and write

32C4000

heap

page read and write

757E000

heap

page read and write

C390000

heap

page read and write

32C2000

heap

page read and write

757E000

heap

page read and write

C38A000

heap

page read and write

32CD000

heap

page read and write

757E000

heap

page read and write

32CD000

heap

page read and write

7F511000

trusted library allocation

page execute read

323A000

heap

page read and write

32B9000

heap

page read and write

BC30000

heap

page read and write

7557000

heap

page read and write

32BF000

heap

page read and write

7578000

heap

page read and write

C341000

heap

page read and write

7570000

heap

page read and write

3237000

heap

page read and write

3271000

heap

page read and write

C39A000

heap

page read and write

75A0000

heap

page read and write

7590000

heap

page read and write

C394000

heap

page read and write

40000

unkown

page readonly

32C1000

heap

page read and write

32F7000

heap

page read and write

C3E9000

heap

page read and write

32E5000

heap

page read and write

C3A8000

heap

page read and write

C394000

heap

page read and write

7599000

heap

page read and write

A5000

unkown

page write copy

77CF000

heap

page read and write

7510000

heap

page read and write

32B7000

heap

page read and write

7555000

heap

page read and write

329E000

heap

page read and write

C390000

heap

page read and write

A5000

unkown

page readonly

2DB6000

stack

page read and write

C39A000

heap

page read and write

581C000

stack

page read and write

318E000

stack

page read and write

5420000

heap

page read and write

32E5000

heap

page read and write

7B90000

heap

page read and write

7560000

heap

page read and write

30F6000

stack

page read and write

7580000

heap

page read and write

755A000

heap

page read and write

7562000

heap

page read and write

32E7000

heap

page read and write

32CA000

heap

page read and write

A6000

unkown

page readonly

32E2000

heap

page read and write

C3E9000

heap

page read and write

C38E000

heap

page read and write

7993000

heap

page read and write

7990000

heap

page read and write

7561000

heap

page read and write

77C6000

heap

page read and write

7575000

heap

page read and write

3229000

heap

page read and write

7573000

heap

page read and write

32B8000

heap

page read and write

C39A000

heap

page read and write

C3A1000

heap

page read and write

7559000

heap

page read and write

754C000

heap

page read and write

32F7000

heap

page read and write

C38A000

heap

page read and write

32B8000

heap

page read and write

7553000

heap

page read and write

7569000

heap

page read and write

32A1000

heap

page read and write

32C2000

heap

page read and write

C336000

heap

page read and write

C390000

heap

page read and write

32DC000

heap

page read and write

544F000

heap

page read and write

7581000

heap

page read and write

7553000

heap

page read and write

C3A1000

heap

page read and write

557E000

stack

page read and write

32AE000

heap

page read and write

32CA000

heap

page read and write

32AA000

heap

page read and write

32BF000

heap

page read and write

75A0000

heap

page read and write

323A000

heap

page read and write

C3A3000

heap

page read and write

C3A7000

heap

page read and write

3257000

heap

page read and write

7521000

heap

page read and write

C390000

heap

page read and write

547E000

stack

page read and write

75A3000

heap

page read and write

C39A000

heap

page read and write

BC31000

heap

page read and write

7552000

heap

page read and write

7562000

heap

page read and write

32AE000

heap

page read and write

3245000

heap

page read and write

C3A1000

heap

page read and write

7579000

heap

page read and write

85000

unkown

page read and write

7575000

heap

page read and write

32D0000

heap

page read and write

32A1000

heap

page read and write

C394000

heap

page read and write

C3DA000

heap

page read and write

BEFE000

stack

page read and write

32DC000

heap

page read and write

C3A7000

heap

page read and write

41000

unkown

page execute read

32D0000

heap

page read and write

C3EB000

heap

page read and write

C38A000

heap

page read and write

83000

unkown

page read and write

C38C000

heap

page read and write

7589000

heap

page read and write

7590000

heap

page read and write

75A0000

heap

page read and write

7569000

heap

page read and write

7549000

heap

page read and write

C3A7000

heap

page read and write

32C4000

heap

page read and write

3200000

heap

page read and write

571E000

stack

page read and write

7575000

heap

page read and write

80000

unkown

page read and write

7555000

heap

page read and write

32AA000

heap

page read and write

323A000

heap

page read and write

3271000

heap

page read and write

C3A7000

heap

page read and write

7551000

heap

page read and write

3190000

heap

page read and write

C394000

heap

page read and write

32DC000

heap

page read and write

322F000

heap

page read and write

3281000

heap

page read and write

7549000

heap

page read and write

C39A000

heap

page read and write

7562000

heap

page read and write

7590000

heap

page read and write

525A000

trusted library allocation

page read and write

3140000

heap

page readonly

32A2000

heap

page read and write

32A9000

heap

page read and write

C39A000

heap

page read and write

758E000

heap

page read and write

74000

unkown

page readonly

32C1000

heap

page read and write

329E000

heap

page read and write

326B000

heap

page read and write

756B000

heap

page read and write

7562000

heap

page read and write

32E5000

heap

page read and write

3245000

heap

page read and write

32CD000

heap

page read and write

32A1000

heap

page read and write

7592000

heap

page read and write

7534000

heap

page read and write

35FD000

heap

page read and write

32CD000

heap

page read and write

32DC000

heap

page read and write

756B000

heap

page read and write

32C4000

heap

page read and write

C39A000

heap

page read and write

C3A1000

heap

page read and write

32E7000

heap

page read and write

32BC000

heap

page read and write

3282000

heap

page read and write

5990000

heap

page read and write

754A000

heap

page read and write

32D0000

heap

page read and write

30DC000

stack

page read and write

C333000

heap

page read and write

C394000

heap

page read and write

3283000

heap

page read and write

32CD000

heap

page read and write

756F000

heap

page read and write

328C000

heap

page read and write

2DF5000

heap

page read and write

32F1000

heap

page read and write

C38A000

heap

page read and write

7569000

heap

page read and write

5880000

trusted library allocation

page read and write

329E000

heap

page read and write

35F0000

heap

page read and write

35CF000

stack

page read and write

32E5000

heap

page read and write

32B1000

heap

page read and write

7559000

heap

page read and write

32CD000

heap

page read and write

7559000

heap

page read and write

7573000

heap

page read and write

C3A7000

heap

page read and write

7997000

heap

page read and write

32AA000

heap

page read and write

7534000

heap

page read and write

7554000

heap

page read and write

C38B000

heap

page read and write

C17E000

stack

page read and write

55DE000

stack

page read and write

7F520000

trusted library allocation

page execute read

41000

unkown

page execute read

6D10000

trusted library allocation

page read and write

32BF000

heap

page read and write

32E5000

heap

page read and write

32FA000

heap

page read and write

7549000

heap

page read and write

32A1000

heap

page read and write

C390000

heap

page read and write

7561000

heap

page read and write

7560000

heap

page read and write

75A0000

heap

page read and write

C340000

heap

page read and write

754C000

heap

page read and write

C330000

heap

page read and write

7555000

heap

page read and write

C3D9000

heap

page read and write

C342000

heap

page read and write

323E000

heap

page read and write

32FA000

heap

page read and write

32C1000

heap

page read and write

757F000

heap

page read and write

C390000

heap

page read and write

C383000

heap

page read and write

75A0000

heap

page read and write

3230000

heap

page read and write

755F000

heap

page read and write

754A000

heap

page read and write

3245000

heap

page read and write

32DC000

heap

page read and write

C394000

heap

page read and write

C3A7000

heap

page read and write

C386000

heap

page read and write

C382000

heap

page read and write

7566000

heap

page read and write

C3A1000

heap

page read and write

32BC000

heap

page read and write

32AA000

heap

page read and write

75A4000

heap

page read and write

56DF000

stack

page read and write

326A000

heap

page read and write

32EF000

heap

page read and write

32A1000

heap

page read and write

C38D000

heap

page read and write

32CA000

heap

page read and write

7575000

heap

page read and write

5440000

trusted library allocation

page read and write

32D0000

heap

page read and write

BFFF000

stack

page read and write

80000

unkown

page write copy

30F2000

stack

page read and write

C38C000

heap

page read and write

32CF000

heap

page read and write

757E000

heap

page read and write

35F8000

heap

page read and write

C3E9000

heap

page read and write

31DD000

stack

page read and write

5580000

heap

page read and write

C690000

trusted library allocation

page read and write

32BF000

heap

page read and write

A4000

unkown

page read and write

C690000

trusted library allocation

page read and write

3293000

heap

page read and write

7593000

heap

page read and write

7552000

heap

page read and write

7559000

heap

page read and write

7552000

heap

page read and write

5430000

heap

page read and write

C394000

heap

page read and write

32F9000

heap

page read and write

C39A000

heap

page read and write

32DC000

heap

page read and write

6D0E000

stack

page read and write

7511000

heap

page read and write

32E5000

heap

page read and write

585B000

stack

page read and write

74000

unkown

page readonly

32CD000

heap

page read and write

77C4000

heap

page read and write

32D0000

heap

page read and write

7587000

heap

page read and write

C3E9000

heap

page read and write

754A000

heap

page read and write

7552000

heap

page read and write

There are 335 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
fcl52nBWuY.exe

Files

Processes

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportfcl52nBWuY.exe

Files

Processes

Memdumps

IOC Report
fcl52nBWuY.exe