Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

oJK2UKac7G.exe

PE32 executable (GUI) Intel 80386, for MS Windows

initial sample

Details

Filetype:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	6.739366892065669
Filename:	oJK2UKac7G.exe
Filesize:	331935
MD5:	f708711b3c0f40e0202645136934ee1a
SHA1:	6d38fa14ba708bd26ab8462258c6fa1afd7e7d97
SHA256:	d21aa84542303ca70b59b53e9de9f092f9001f409158a9d46a5e8ce82ab60fb6
SHA512:	01469c1a56b996630039fa22c410666339f6ce8aa6594c039738806295647dc4b1a51f7216c8df064ff7b24010e1f8934da30ac80ec077b4e9f7cdcac920d5a1
SSDEEP:	6144:ntH/xNLaAOvIBd7lAAxWS1elIoSN6WX+t45qd:ntH5NLaAdDhAAEIFcWX+t4od
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............w...w...w..<.V..w..<.T..w..<.U..w....Z..w.......w.......w.......w....$..w....4..w...w...v.......w.......w....X..w.......w.

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Allocates memory with a write watch (potentially for evading sandboxes)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion Security Software Discovery
Contains functionality to call native functions	System Summary
Contains functionality to check if a debugger is running (IsDebuggerPresent)	Anti Debugging
Contains functionality to communicate with device drivers	System Summary
Contains functionality to query CPU information (cpuid)	Language, Device and Operating System Detection
Contains functionality to query locales information (e.g. system language)	Language, Device and Operating System Detection
Contains functionality to read the PEB	Anti Debugging
Contains functionality which may be used to detect a debugger (GetProcessHeap)	Anti Debugging	Security Software Discovery
Detected potential crypto function	System Summary	Archive Collected Data Encrypted Channel
File is packed with WinRar	Data Obfuscation	Software Packing
Found potential string decryption / allocating functions	System Summary	Deobfuscate/Decode Files or Information
PE file contains sections with non-standard names	Data Obfuscation
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Uses 32bit PE files	Compliance, System Summary	Masquerading
Uses code obfuscation techniques (call, push, ret)	Data Obfuscation	Obfuscated Files or Information
Contains functionality for error logging	System Summary
Contains functionality to enumerate / list files inside a directory	Spreading, Malware Analysis System Evasion	File and Directory Discovery
Contains functionality to instantiate COM classes	System Summary
Contains functionality to load and extract PE file embedded resources	System Summary
Contains functionality to query local / system time	Language, Device and Operating System Detection	System Time Discovery
Contains functionality to query system information	Malware Analysis System Evasion	System Information Discovery
Contains functionality to query windows version	Language, Device and Operating System Detection
Contains functionality to register its own exception handler	Anti Debugging
Creates files inside the user directory	System Summary	Masquerading
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion
Might use command line arguments	System Summary	Masquerading
PE file has an executable .text section and no other executable section	System Summary
Program exit points	Malware Analysis System Evasion
Reads ini files	System Summary
Reads software policies	System Summary
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
Tries to load missing DLLs	System Summary	DLL Side-Loading
Uses an in-process (OLE) Automation server	System Summary
PE file contains a valid data directory to section mapping	System Summary	Security Software Discovery
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a mix of data directories often seen in goodware	System Summary

C:\Users\user\Desktop\???i????-623-6341-11.docx.lnk

MS Windows shortcut, Item id list present, Has Description string, Has command line arguments, Icon number=0, ctime=Tue Dec 5 07:31:59 2023, mtime=Tue Dec 5 07:31:59 2023, atime=Tue Dec 5 07:31:59 2023, length=0, window=hide

dropped

Details

File:	C:\Users\user\Desktop\???i????-623-6341-11.docx.lnk
Category:	dropped
Dump:	???i????-623-6341-11.docx.lnk.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\oJK2UKac7G.exe
Type:	MS Windows shortcut, Item id list present, Has Description string, Has command line arguments, Icon number=0, ctime=Tue Dec 5 07:31:59 2023, mtime=Tue Dec 5 07:31:59 2023, atime=Tue Dec 5 07:31:59 2023, length=0, window=hide
Entropy:	6.070389175338264
Encrypted:	false
Ssdeep:	192:8WuGpe8SDQRDKx4yzWRIxPdUlDG4UteRefk82v87LnAX:IGM8BDs4BEUGWwL7LnAX
Size:	7271
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Suspicious LNK Double Extension File Created	System Summary

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\oJK2UKac7G.exe

"C:\Users\user\Desktop\oJK2UKac7G.exe"

Details

Is windows:	false
Is dropped:	false
PID:	2820
Target ID:	0
Parent PID:	4004
Name:	oJK2UKac7G.exe
Path:	C:\Users\user\Desktop\oJK2UKac7G.exe
Commandline:	"C:\Users\user\Desktop\oJK2UKac7G.exe"
Size:	331935
MD5:	F708711B3C0F40E0202645136934EE1A
Time:	09:36:17
Date:	30/09/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xc90000
Modulesize:	487424
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
PE file contains sections with non-standard names	Data Obfuscation
Sigma detected: Suspicious LNK Double Extension File Created	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
PE file contains a valid data directory to section mapping	System Summary
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a mix of data directories often seen in goodware	System Summary

Memdumps

Base Address

Regiontype

Protect

Malicious

306D000

heap

page read and write

50F0000

heap

page read and write

30AB000

heap

page read and write

B96E000

stack

page read and write

30AB000

heap

page read and write

50C1000

heap

page read and write

CC4000

unkown

page readonly

C91000

unkown

page execute read

3086000

heap

page read and write

3077000

heap

page read and write

BAE8000

heap

page read and write

302B000

heap

page read and write

B2B2000

trusted library allocation

page read and write

CF6000

unkown

page readonly

307F000

heap

page read and write

2E1E000

stack

page read and write

BAF8000

heap

page read and write

3032000

heap

page read and write

BAF4000

heap

page read and write

3270000

heap

page read and write

50B5000

heap

page read and write

3260000

heap

page read and write

307F000

heap

page read and write

50D9000

heap

page read and write

50D5000

heap

page read and write

50D8000

heap

page read and write

50C1000

heap

page read and write

2FFA000

heap

page read and write

50A9000

heap

page read and write

3060000

heap

page read and write

32E8000

heap

page read and write

3001000

heap

page read and write

3041000

heap

page read and write

BAE3000

heap

page read and write

3081000

heap

page read and write

50C0000

heap

page read and write

BAE8000

heap

page read and write

307B000

heap

page read and write

50DE000

heap

page read and write

307D000

heap

page read and write

3068000

heap

page read and write

308A000

heap

page read and write

3083000

heap

page read and write

305D000

heap

page read and write

BB2B000

heap

page read and write

5354000

heap

page read and write

7F601000

trusted library allocation

page execute read

304B000

heap

page read and write

3086000

heap

page read and write

50B3000

heap

page read and write

50C2000

heap

page read and write

302B000

heap

page read and write

3019000

heap

page read and write

50B3000

heap

page read and write

50B9000

heap

page read and write

3060000

heap

page read and write

BA9F000

heap

page read and write

BB3B000

heap

page read and write

50A9000

heap

page read and write

308A000

heap

page read and write

50C2000

heap

page read and write

3088000

heap

page read and write

3037000

heap

page read and write

50C0000

heap

page read and write

50DB000

heap

page read and write

50D0000

heap

page read and write

3060000

heap

page read and write

3060000

heap

page read and write

5180000

trusted library allocation

page read and write

3083000

heap

page read and write

CD5000

unkown

page read and write

3006000

heap

page read and write

30B0000

heap

page read and write

3000000

heap

page read and write

307F000

heap

page read and write

307B000

heap

page read and write

3069000

heap

page read and write

30B0000

heap

page read and write

BA9A000

heap

page read and write

50B6000

heap

page read and write

BAF8000

heap

page read and write

2E50000

heap

page read and write

30A6000

heap

page read and write

50B2000

heap

page read and write

50D5000

heap

page read and write

67CE000

heap

page read and write

50B5000

heap

page read and write

5040000

trusted library allocation

page read and write

9E6000

stack

page read and write

307D000

heap

page read and write

BAF3000

heap

page read and write

BAE0000

heap

page read and write

3096000

heap

page read and write

5100000

heap

page read and write

50F9000

heap

page read and write

3019000

heap

page read and write

5547000

heap

page read and write

5540000

heap

page read and write

BAA3000

heap

page read and write

681E000

stack

page read and write

32A4000

heap

page read and write

321A000

trusted library allocation

page read and write

3006000

heap

page read and write

50CF000

heap

page read and write

50DB000

heap

page read and write

50DB000

heap

page read and write

306D000

heap

page read and write

3077000

heap

page read and write

3032000

heap

page read and write

BAA1000

heap

page read and write

4ECF000

stack

page read and write

50BA000

heap

page read and write

305D000

heap

page read and write

3086000

heap

page read and write

BAE8000

heap

page read and write

3000000

heap

page read and write

308D000

heap

page read and write

50DE000

heap

page read and write

3083000

heap

page read and write

5070000

heap

page read and write

9CB000

stack

page read and write

BAE8000

heap

page read and write

50DB000

heap

page read and write

3070000

heap

page read and write

BA9F000

heap

page read and write

BAE8000

heap

page read and write

BAA1000

heap

page read and write

30A6000

heap

page read and write

3070000

heap

page read and write

5094000

heap

page read and write

3081000

heap

page read and write

2FF0000

heap

page read and write

BAF9000

heap

page read and write

BBEB000

stack

page read and write

BAE3000

heap

page read and write

BAEA000

heap

page read and write

50B2000

heap

page read and write

BB4A000

heap

page read and write

308A000

heap

page read and write

BAF4000

heap

page read and write

67C0000

heap

page read and write

50B3000

heap

page read and write

B69E000

heap

page read and write

50B9000

heap

page read and write

3088000

heap

page read and write

3086000

heap

page read and write

30B0000

heap

page read and write

3019000

heap

page read and write

2F9E000

stack

page read and write

3090000

heap

page read and write

3077000

heap

page read and write

C91000

unkown

page execute read

3076000

heap

page read and write

3068000

heap

page read and write

3002000

heap

page read and write

BAEF000

heap

page read and write

CF5000

unkown

page readonly

BA96000

heap

page read and write

31FE000

stack

page read and write

50B2000

heap

page read and write

50B5000

heap

page read and write

30B4000

heap

page read and write

50DB000

heap

page read and write

3083000

heap

page read and write

6A9C000

stack

page read and write

C60000

heap

page readonly

30B4000

heap

page read and write

695E000

stack

page read and write

3201000

trusted library allocation

page read and write

308D000

heap

page read and write

3046000

heap

page read and write

31BD000

stack

page read and write

3037000

heap

page read and write

3053000

heap

page read and write

3060000

heap

page read and write

50B1000

heap

page read and write

50AC000

heap

page read and write

2FF8000

heap

page read and write

3000000

heap

page read and write

3090000

heap

page read and write

305D000

heap

page read and write

5081000

heap

page read and write

30AB000

heap

page read and write

3090000

heap

page read and write

308A000

heap

page read and write

30B0000

heap

page read and write

302B000

heap

page read and write

50B3000

heap

page read and write

50DB000

heap

page read and write

CD3000

unkown

page read and write

308D000

heap

page read and write

BAEE000

heap

page read and write

305D000

heap

page read and write

307D000

heap

page read and write

3090000

heap

page read and write

3081000

heap

page read and write

308A000

heap

page read and write

2FFA000

heap

page read and write

308A000

heap

page read and write

50F0000

heap

page read and write

2E55000

heap

page read and write

50F2000

heap

page read and write

BAF8000

heap

page read and write

C70000

heap

page read and write

CF5000

unkown

page write copy

3068000

heap

page read and write

3083000

heap

page read and write

50B9000

heap

page read and write

2FE8000

heap

page read and write

BAF8000

heap

page read and write

BA9A000

heap

page read and write

2FC7000

heap

page read and write

5103000

heap

page read and write

2FF7000

heap

page read and write

5543000

heap

page read and write

BAEC000

heap

page read and write

5100000

heap

page read and write

307F000

heap

page read and write

C90000

unkown

page readonly

BA6F000

stack

page read and write

50BF000

heap

page read and write

3054000

heap

page read and write

5094000

heap

page read and write

BAF4000

heap

page read and write

305D000

heap

page read and write

3090000

heap

page read and write

50C2000

heap

page read and write

50E9000

heap

page read and write

302B000

heap

page read and write

3081000

heap

page read and write

50DB000

heap

page read and write

50F3000

heap

page read and write

308D000

heap

page read and write

50A9000

heap

page read and write

CC4000

unkown

page readonly

50AA000

heap

page read and write

50DF000

heap

page read and write

307F000

heap

page read and write

307B000

heap

page read and write

3069000

heap

page read and write

535F000

heap

page read and write

3090000

heap

page read and write

3096000

heap

page read and write

50DB000

heap

page read and write

50C1000

heap

page read and write

3068000

heap

page read and write

5040000

heap

page read and write

50B5000

heap

page read and write

5071000

heap

page read and write

BE45000

heap

page read and write

C100000

trusted library allocation

page read and write

50DB000

heap

page read and write

3077000

heap

page read and write

2F5E000

stack

page read and write

50C9000

heap

page read and write

BA9A000

heap

page read and write

5094000

heap

page read and write

307B000

heap

page read and write

32ED000

heap

page read and write

50B2000

heap

page read and write

3083000

heap

page read and write

50F0000

heap

page read and write

3081000

heap

page read and write

50B9000

heap

page read and write

BAFA000

heap

page read and write

3006000

heap

page read and write

50B5000

heap

page read and write

30B4000

heap

page read and write

307D000

heap

page read and write

50C2000

heap

page read and write

305D000

heap

page read and write

50E1000

heap

page read and write

7540000

heap

page read and write

3030000

heap

page read and write

3078000

heap

page read and write

50C9000

heap

page read and write

BAE4000

heap

page read and write

50AC000

heap

page read and write

C100000

trusted library allocation

page read and write

50C1000

heap

page read and write

302B000

heap

page read and write

BB3B000

heap

page read and write

50E7000

heap

page read and write

BB4A000

heap

page read and write

BB2B000

heap

page read and write

3086000

heap

page read and write

50C1000

heap

page read and write

5100000

heap

page read and write

50B9000

heap

page read and write

2FFA000

heap

page read and write

30AB000

heap

page read and write

BB3B000

heap

page read and write

6B9F000

stack

page read and write

5081000

heap

page read and write

BB4B000

heap

page read and write

3069000

heap

page read and write

3061000

heap

page read and write

6A5C000

stack

page read and write

5104000

heap

page read and write

3060000

heap

page read and write

2FFA000

heap

page read and write

7F610000

trusted library allocation

page execute read

50B5000

heap

page read and write

30B4000

heap

page read and write

3042000

heap

page read and write

BAF4000

heap

page read and write

308D000

heap

page read and write

BAEC000

heap

page read and write

BB3B000

heap

page read and write

307D000

heap

page read and write

3017000

heap

page read and write

C90000

unkown

page readonly

CD0000

unkown

page write copy

30B0000

heap

page read and write

50B3000

heap

page read and write

3079000

heap

page read and write

30A6000

heap

page read and write

BAF8000

heap

page read and write

3076000

heap

page read and write

3068000

heap

page read and write

5094000

heap

page read and write

50B5000

heap

page read and write

BAF4000

heap

page read and write

3036000

heap

page read and write

C110000

trusted library allocation

page read and write

BAF8000

heap

page read and write

30A6000

heap

page read and write

BAF4000

heap

page read and write

308D000

heap

page read and write

3090000

heap

page read and write

BAF8000

heap

page read and write

C50000

heap

page read and write

BB3B000

heap

page read and write

50D3000

heap

page read and write

50D5000

heap

page read and write

32A0000

heap

page read and write

3088000

heap

page read and write

30B0000

heap

page read and write

BA9C000

heap

page read and write

2FFB000

heap

page read and write

3088000

heap

page read and write

8E6000

stack

page read and write

2FFA000

heap

page read and write

50C6000

heap

page read and write

50A9000

heap

page read and write

306D000

heap

page read and write

6BA0000

trusted library allocation

page read and write

307D000

heap

page read and write

307F000

heap

page read and write

BAF3000

heap

page read and write

BCED000

stack

page read and write

691F000

stack

page read and write

50C1000

heap

page read and write

CF4000

unkown

page read and write

3088000

heap

page read and write

50C9000

heap

page read and write

BA90000

heap

page read and write

3088000

heap

page read and write

2FEA000

heap

page read and write

50B3000

heap

page read and write

5356000

heap

page read and write

5350000

heap

page read and write

BB3D000

heap

page read and write

3019000

heap

page read and write

BB3B000

heap

page read and write

5100000

heap

page read and write

32E0000

heap

page read and write

50D5000

heap

page read and write

2FC0000

heap

page read and write

BAF8000

heap

page read and write

50D3000

heap

page read and write

BA96000

heap

page read and write

2FF1000

heap

page read and write

5100000

heap

page read and write

3086000

heap

page read and write

3081000

heap

page read and write

50C9000

heap

page read and write

CD0000

unkown

page read and write

There are 368 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
oJK2UKac7G.exe

Files

Processes

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportoJK2UKac7G.exe

Files

Processes

Memdumps

IOC Report
oJK2UKac7G.exe