Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding

Details

Is windows:	true
Is dropped:	false
PID:	3316
Target ID:	0
Parent PID:	564
Name:	EXCEL.EXE
Class:	excel
Path:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Commandline:	"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
Size:	28253536
MD5:	D53B85E21886D2AF9815C377537BCAC3
Time:	01:44:04
Date:	01/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x13faf0000
Modulesize:	28282880
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE

"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding

Details

Is windows:	true
Is dropped:	false
PID:	3516
Target ID:	2
Parent PID:	564
Name:	EQNEDT32.EXE
Path:	C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
Commandline:	"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
Size:	543304
MD5:	A87236E214F6D42A65F5DEDAC816AEC8
Time:	01:44:53
Date:	01/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	581632
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: File Dropped By EQNEDT32EXE	Exploits
Document exploit detected (process start blacklist hit)	Software Vulnerabilities	Exploitation for Client Execution
Sigma detected: Equation Editor Network Connection	System Summary
Sigma detected: Suspicious Binary In User Directory Spawned From Office Application	System Summary
Sigma detected: Suspicious Microsoft Office Child Process	System Summary
Office Equation Editor has been started	Exploits
Sigma detected: Modification of IE Registry Settings	System Summary
Spawns processes	System Summary	Process Injection

C:\Users\user\AppData\Local\Temp\coolz.exe

Details

Is windows:	false
Is dropped:	true
PID:	3660
Target ID:	5
Parent PID:	3516
Name:	coolz.exe
Path:	C:\Users\user\AppData\Local\Temp\coolz.exe
Commandline:	C:\Users\user\AppData\Local\Temp\coolz.exe
Size:	1179411
MD5:	0FCFEEFEF9E389286B0EF7E97E1E7F28
Time:	01:44:58
Date:	01/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	815104
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Office equation editor drops PE file	System Summary
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)	Exploits	Exploitation for Client Execution
Sigma detected: Suspicious Binary In User Directory Spawned From Office Application	System Summary
Sigma detected: Suspicious Microsoft Office Child Process	System Summary
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Drops PE files	Persistence and Installation Behavior
Sigma detected: Potentially Suspicious Execution Of Regasm/Regsvcs From Uncommon Location	System Summary
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

C:\Users\user\AppData\Local\Temp\coolz.exe

Details

Is windows:	true
Is dropped:	false
PID:	3688
Target ID:	6
Parent PID:	3660
Name:	RegSvcs.exe
Class:	system-tools
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Commandline:	C:\Users\user\AppData\Local\Temp\coolz.exe
Size:	45248
MD5:	19855C0DC5BEC9FDF925307C57F9F5FC
Time:	01:45:03
Date:	01/10/2024
Reason:	newprocess
Reputation:	moderate
Is admin:	true
Is elevated:	true
Modulebase:	0x250000
Modulesize:	57344
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Yara detected AgentTesla	Stealing of Sensitive Information, Remote Access Functionality
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sigma detected: Potentially Suspicious Execution Of Regasm/Regsvcs From Uncommon Location	System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://menyos.com/assets/home/js/bdg/food.exe

104.21.35.109

https://menyos.com/assets/home/js/bdg/food.exeiiC:

unknown

http://crl.pkioverheid.nl/DomOvLatestCRL.crl0

unknown

http://crl.entrust.net/server1.crl0

unknown

https://menyos.com/assets/home/js/bdg/food.exeC:

unknown

http://ocsp.entrust.net03

unknown

https://menyos.com/5m/

unknown

https://menyos.com/assets/home/js/bdg/food.exeuj

unknown

https://menyos.com//m/

unknown

http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0

unknown

http://www.diginotar.nl/cps/pkioverheid0

unknown

http://ocsp.entrust.net0D

unknown

https://secure.comodo.com/CPS0

unknown

https://menyos.com/assets/home/js/bdg/food.exefj

unknown

https://menyos.com/assets/home/js/bdg/food.exej

unknown

http://crl.entrust.net/2048ca.crl0

unknown

There are 6 hidden URLs, click here to show them.

Domains

Name

Malicious

menyos.com

104.21.35.109

Details

Name:	menyos.com
IP:	104.21.35.109
TargetID:	2
Current Path:	C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Office equation editor establishes network connection	Exploits	Exploitation for Client Execution
Sigma detected: Equation Editor Network Connection	System Summary
Potential document exploit detected (performs DNS queries)	Software Vulnerabilities	Exploitation for Client Execution
Potential document exploit detected (performs HTTP gets)	Software Vulnerabilities	Exploitation for Client Execution
Potential document exploit detected (unknown TCP traffic)	Software Vulnerabilities	Exploitation for Client Execution
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

IPs

Domain

Country

Malicious

104.21.35.109

menyos.com

United States

Details

IP:	104.21.35.109
TargetID:	2
Current Path:	C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	menyos.com

Signature Hits	Behavior Group	Mitre Attack
Office equation editor establishes network connection	Exploits	Exploitation for Client Execution
Sigma detected: Equation Editor Network Connection	System Summary
Potential document exploit detected (performs HTTP gets)	Software Vulnerabilities	Exploitation for Client Execution
Potential document exploit detected (unknown TCP traffic)	Software Vulnerabilities	Exploitation for Client Execution
Uses secure TLS version for HTTPS connections	Compliance, Networking

Registry

Path

Value

Malicious

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8

Blob

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C

Blob

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8

Blob

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8

Blob

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8

Blob

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8

Blob

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C

Blob

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems

# /

HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Outlook\Journaling\Microsoft Excel

Enabled

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel

MTTT

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle

ReviewToken

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems

s$/

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents

LastPurgeTime

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1033

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1033

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage

EXCELFiles

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage

ProductFiles

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage

VBAFiles

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage

EquationEditorFilesIntl_1033

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage

EquationEditorFilesIntl_1033

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

SavedLegacySettings

There are 11 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

402000

system

page execute and read and write

3AC0000

heap

page read and write

3AC0000

heap

page read and write

40F0000

heap

page read and write

3A20000

heap

page read and write

7040000

heap

page read and write

36B1000

heap

page read and write

28DF000

stack

page read and write

36A6000

heap

page read and write

3AC0000

direct allocation

page read and write

D0000

heap

page read and write

64E0000

heap

page read and write

36B0000

heap

page read and write

3A20000

heap

page read and write

89000

stack

page read and write

3F9000

stack

page read and write

3A20000

heap

page read and write

36B0000

heap

page read and write

3A4A000

direct allocation

page read and write

36B1000

heap

page read and write

36B0000

heap

page read and write

3A20000

heap

page read and write

36B0000

heap

page read and write

3AC0000

heap

page read and write

362B000

heap

page read and write

401000

unkown

page execute read

2001000

trusted library allocation

page read and write

36B1000

heap

page read and write

3AC0000

heap

page read and write

36B1000

heap

page read and write

3BC7000

direct allocation

page read and write

36B0000

heap

page read and write

2D0000

heap

page read and write

3BD0000

direct allocation

page read and write

10000

heap

page read and write

520000

heap

page read and write

3BC7000

direct allocation

page read and write

3AC0000

heap

page read and write

3A20000

heap

page read and write

3AC0000

heap

page read and write

36B0000

heap

page read and write

6524000

heap

page read and write

36B0000

heap

page read and write

3BB0000

direct allocation

page read and write

3A20000

heap

page read and write

1EE0000

heap

page read and write

68FF000

stack

page read and write

3970000

heap

page read and write

50D000

stack

page read and write

2C08000

heap

page read and write

3C30000

direct allocation

page read and write

3BC1000

direct allocation

page read and write

36B0000

heap

page read and write

3AC0000

heap

page read and write

7061000

heap

page read and write

5700000

heap

page read and write

3AC0000

heap

page read and write

1FFE000

stack

page read and write | page guard

36B0000

heap

page read and write

2DF000

heap

page read and write

3A20000

heap

page read and write

7B0000

heap

page read and write

650F000

heap

page read and write

5C8000

heap

page read and write

36B0000

heap

page read and write

36B0000

heap

page read and write

36B0000

heap

page read and write

2076000

trusted library allocation

page read and write

3A20000

heap

page read and write

36B0000

heap

page read and write

3A20000

heap

page read and write

3BB0000

direct allocation

page read and write

367C000

heap

page read and write

3A4A000

direct allocation

page read and write

3AC0000

heap

page read and write

36B1000

heap

page read and write

CD000

trusted library allocation

page execute and read and write

3A20000

heap

page read and write

3A4A000

direct allocation

page read and write

36AE000

heap

page read and write

24D4000

heap

page read and write

67A0000

remote allocation

page read and write

3A20000

heap

page read and write

3A20000

heap

page read and write

3A20000

heap

page read and write

162000

trusted library allocation

page read and write

3631000

heap

page read and write

3A20000

heap

page read and write

36B1000

heap

page read and write

367F000

heap

page read and write

3AC0000

heap

page read and write

527000

heap

page read and write

3BB0000

direct allocation

page read and write

36B0000

heap

page read and write

6D2C000

stack

page read and write

15D000

trusted library allocation

page execute and read and write

2C00000

heap

page read and write

166000

trusted library allocation

page execute and read and write

36B0000

heap

page read and write

58E000

heap

page read and write

3AC0000

heap

page read and write

362B000

heap

page read and write

3A20000

heap

page read and write

3BD0000

direct allocation

page read and write

482000

unkown

page readonly

3A20000

heap

page read and write

362B000

heap

page read and write

69A0000

heap

page read and write

3BC1000

direct allocation

page read and write

3AC0000

heap

page read and write

36B0000

heap

page read and write

4BD0000

heap

page execute and read and write

3970000

direct allocation

page read and write

36B0000

heap

page read and write

3AC0000

heap

page read and write

260000

trusted library allocation

page execute and read and write

3A20000

heap

page read and write

371A000

heap

page read and write

371A000

heap

page read and write

3AC0000

heap

page read and write

3AC0000

heap

page read and write

3AC0000

heap

page read and write

24D0000

heap

page read and write

477000

heap

page read and write

3AC0000

heap

page read and write

36B0000

heap

page read and write

36B0000

heap

page read and write

36B0000

heap

page read and write

3670000

heap

page read and write

3BC4000

direct allocation

page read and write

3A4D000

direct allocation

page read and write

3AC0000

heap

page read and write

3AC0000

heap

page read and write

4CE000

stack

page read and write

42EE000

stack

page read and write

36B0000

heap

page read and write

36AB000

heap

page read and write

36B0000

heap

page read and write

651F000

heap

page read and write

582000

heap

page read and write

1FFF000

stack

page read and write

3AC0000

heap

page read and write

4AB000

unkown

page readonly

51F000

heap

page read and write

42C000

system

page execute and read and write

3AC0000

heap

page read and write

36B0000

heap

page read and write

36B0000

heap

page read and write

490000

unkown

page write copy

4B7E000

stack

page read and write

36B0000

heap

page read and write

3632000

heap

page read and write

36B1000

heap

page read and write

3A20000

heap

page read and write

3AC0000

heap

page read and write

1ECE000

stack

page read and write

3AC0000

heap

page read and write

3C30000

direct allocation

page read and write

18A000

stack

page read and write

36B0000

heap

page read and write

3AD0000

direct allocation

page read and write

36B1000

heap

page read and write

3AC0000

heap

page read and write

3BC4000

direct allocation

page read and write

36B0000

heap

page read and write

36B0000

heap

page read and write

36B0000

heap

page read and write

5CC000

heap

page read and write

1CB000

stack

page read and write

36B0000

heap

page read and write

2B0000

trusted library allocation

page read and write

20B9000

trusted library allocation

page read and write

3A20000

heap

page read and write

3A20000

heap

page read and write

3EF000

stack

page read and write

36B0000

heap

page read and write

665E000

stack

page read and write

4F40000

heap

page read and write

20BC000

trusted library allocation

page read and write

363A000

heap

page read and write

3A20000

heap

page read and write

36B1000

heap

page read and write

577000

trusted library allocation

page read and write

36B0000

heap

page read and write

C0000

trusted library allocation

page read and write

676F000

stack

page read and write

3970000

direct allocation

page read and write

3A4D000

direct allocation

page read and write

3AC0000

heap

page read and write

3A20000

heap

page read and write

36B0000

heap

page read and write

2D7000

heap

page read and write

29DF000

stack

page read and write

1F40000

direct allocation

page read and write

7060000

heap

page read and write

400000

unkown

page readonly

416D000

stack

page read and write

66B0000

heap

page read and write

3AC0000

direct allocation

page read and write

56FF000

stack

page read and write

3A20000

heap

page read and write

2DD0000

heap

page read and write

36B0000

heap

page read and write

4BD000

heap

page read and write

5C7000

heap

page read and write

10000

heap

page read and write

3AC0000

heap

page read and write

270000

heap

page execute and read and write

3A20000

heap

page read and write

47FF000

stack

page read and write

36B0000

heap

page read and write

54F000

heap

page read and write

4F3E000

stack

page read and write

3A20000

heap

page read and write

362B000

heap

page read and write

1DE8000

trusted library allocation

page read and write

36B0000

heap

page read and write

4112000

heap

page read and write

36AF000

heap

page read and write

3AC0000

heap

page read and write

3A20000

heap

page read and write

36B1000

heap

page read and write

583000

heap

page read and write

46BE000

stack

page read and write

3AC0000

heap

page read and write

36B0000

heap

page read and write

366D000

stack

page read and write

36B1000

heap

page read and write

36B1000

heap

page read and write

369F000

heap

page read and write

36B0000

heap

page read and write

3A20000

heap

page read and write

3AC0000

heap

page read and write

3BC1000

direct allocation

page read and write

36B0000

heap

page read and write

36B0000

heap

page read and write

36B1000

heap

page read and write

3A20000

heap

page read and write

36B0000

heap

page read and write

7000000

heap

page read and write

3AC0000

heap

page read and write

36B0000

heap

page read and write

3970000

direct allocation

page read and write

69F0000

heap

page read and write

3A20000

heap

page read and write

3A20000

heap

page read and write

36B0000

heap

page read and write

3A4D000

direct allocation

page read and write

5D4000

heap

page read and write

517E000

stack

page read and write

36B1000

heap

page read and write

2C0B000

heap

page read and write

36B1000

heap

page read and write

1E8F000

stack

page read and write

3AC0000

heap

page read and write

250000

heap

page read and write

3AC0000

heap

page read and write

3AC0000

heap

page read and write

3A20000

heap

page read and write

203F000

trusted library allocation

page read and write

36B1000

heap

page read and write

6B2E000

stack

page read and write

2BDE000

stack

page read and write

40F4000

heap

page read and write

5930000

heap

page read and write

3BC1000

direct allocation

page read and write

150000

trusted library allocation

page read and write

3AC0000

heap

page read and write

3A20000

heap

page read and write

3A20000

heap

page read and write

3A20000

heap

page read and write

3AD0000

direct allocation

page read and write

2070000

trusted library allocation

page read and write

2ADF000

stack

page read and write

67A0000

remote allocation

page read and write

612000

heap

page read and write

2C04000

heap

page read and write

36B1000

heap

page read and write

3A4A000

direct allocation

page read and write

3AC0000

heap

page read and write

36B0000

heap

page read and write

3AC0000

heap

page read and write

36B0000

heap

page read and write

5708000

heap

page read and write

369F000

heap

page read and write

3029000

trusted library allocation

page read and write

51BE000

stack

page read and write

36B0000

heap

page read and write

581000

heap

page read and write

58F000

heap

page read and write

604000

heap

page read and write

618000

heap

page read and write

3A4A000

direct allocation

page read and write

3AC0000

heap

page read and write

46FF000

stack

page read and write

3AC0000

direct allocation

page read and write

172000

trusted library allocation

page read and write

3AC0000

heap

page read and write

3A20000

heap

page read and write

24F2000

heap

page read and write

7B7000

heap

page read and write

362B000

heap

page read and write

3632000

heap

page read and write

36B1000

heap

page read and write

3AC0000

heap

page read and write

36B0000

heap

page read and write

45FD000

stack

page read and write

5CC000

heap

page read and write

3AC0000

heap

page read and write

3AC0000

heap

page read and write

5CC000

heap

page read and write

544E000

stack

page read and write

3A20000

heap

page read and write

3A20000

heap

page read and write

36B0000

heap

page read and write

7EF40000

trusted library allocation

page execute and read and write

3A20000

heap

page read and write

370B000

heap

page read and write

4C0000

heap

page read and write

3A20000

heap

page read and write

16A000

trusted library allocation

page execute and read and write

36B0000

heap

page read and write

3C30000

direct allocation

page read and write

3A20000

heap

page read and write

36B0000

heap

page read and write

36B0000

heap

page read and write

175000

trusted library allocation

page execute and read and write

3A20000

heap

page read and write

160000

trusted library allocation

page read and write

1E4F000

stack

page read and write

3AC0000

heap

page read and write

17B000

trusted library allocation

page execute and read and write

366F000

heap

page read and write

3AC0000

heap

page read and write

6E2F000

stack

page read and write

3AC0000

heap

page read and write

36B0000

heap

page read and write

3AD0000

direct allocation

page read and write

4B90000

heap

page read and write

544000

heap

page read and write

3AC0000

heap

page read and write

3AC0000

heap

page read and write

630000

heap

page read and write

36B0000

heap

page read and write

3970000

direct allocation

page read and write

36B1000

heap

page read and write

3A20000

heap

page read and write

36B0000

heap

page read and write

3001000

trusted library allocation

page read and write

362B000

heap

page read and write

36B0000

heap

page read and write

36B0000

heap

page read and write

C3000

trusted library allocation

page execute and read and write

C4000

trusted library allocation

page read and write

36AF000

heap

page read and write

3AC0000

heap

page read and write

36B1000

heap

page read and write

460000

trusted library allocation

page execute and read and write

2E0000

heap

page read and write

470000

heap

page read and write

3AD0000

direct allocation

page read and write

3AC0000

heap

page read and write

36B1000

heap

page read and write

3A20000

heap

page read and write

2C0000

trusted library allocation

page read and write

64FD000

heap

page read and write

3BD0000

direct allocation

page read and write

3AD0000

direct allocation

page read and write

570000

trusted library allocation

page read and write

3A20000

heap

page read and write

1ECE000

stack

page read and write

36A8000

heap

page read and write

1F30000

heap

page read and write

36B1000

heap

page read and write

400000

system

page execute and read and write

3C30000

direct allocation

page read and write

5B0000

trusted library allocation

page read and write

3BC4000

direct allocation

page read and write

604000

heap

page read and write

3BC7000

direct allocation

page read and write

3A4D000

direct allocation

page read and write

494000

heap

page read and write

3BD0000

direct allocation

page read and write

243F000

stack

page read and write

672F000

stack

page read and write

3A20000

heap

page read and write

36B1000

heap

page read and write

3A20000

heap

page read and write

661E000

stack

page read and write

3AC0000

heap

page read and write

3A20000

heap

page read and write

3970000

direct allocation

page read and write

4B4000

heap

page read and write

3A4D000

direct allocation

page read and write

3BC7000

direct allocation

page read and write

36B0000

heap

page read and write

6C2F000

stack

page read and write

3A20000

heap

page read and write

67C0000

heap

page read and write

36B0000

heap

page read and write

58E000

heap

page read and write

3BB0000

direct allocation

page read and write

3A20000

heap

page read and write

36B0000

heap

page read and write

36B0000

heap

page read and write

B0000

trusted library allocation

page read and write

36B0000

heap

page read and write

5CD000

heap

page read and write

3BC4000

direct allocation

page read and write

4E1C000

stack

page read and write

3AC0000

direct allocation

page read and write

3AC0000

heap

page read and write

680000

heap

page execute and read and write

36B0000

heap

page read and write

36B0000

heap

page read and write

36B0000

heap

page read and write

1F2E000

stack

page read and write

3AC0000

direct allocation

page read and write

36B1000

heap

page read and write

36B0000

heap

page read and write

669C000

stack

page read and write

36B0000

heap

page read and write

6F2F000

stack

page read and write

177000

trusted library allocation

page execute and read and write

61E000

stack

page read and write

36B0000

heap

page read and write

36B0000

heap

page read and write

36B0000

heap

page read and write

3A20000

heap

page read and write

There are 419 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
Fatura 002.xlam.xlsx

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportFatura 002.xlam.xlsx

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
Fatura 002.xlam.xlsx