Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\file.exe

"C:\Users\user\Desktop\file.exe"

Details

Is windows:	false
Is dropped:	false
PID:	6968
Target ID:	0
Parent PID:	2580
Name:	file.exe
Path:	C:\Users\user\Desktop\file.exe
Commandline:	"C:\Users\user\Desktop\file.exe"
Size:	1856512
MD5:	7104794E5BC6D9668DF3A837983E43DF
Time:	05:06:52
Date:	01/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x470000
Modulesize:	6959104
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Detected unpacking (changes PE section rights)	Data Obfuscation	Software Packing
Yara detected Powershell download and execute	HIPS / PFW / Operating System Protection Evasion
Yara detected Stealc	Stealing of Sensitive Information, Remote Access Functionality
Machine Learning detection for sample	AV Detection
PE file contains section with special chars	System Summary
PE file contains an invalid checksum	Data Obfuscation
PE file contains sections with non-standard names	Data Obfuscation
Uses 32bit PE files	Compliance, System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011)	System Summary	Software Packing
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
PE file has a big raw section	System Summary
Submission file is bigger than most known malware samples	System Summary

URLs

Name

Malicious

http://185.215.113.37/

185.215.113.37

http://185.215.113.37/e2b1563c6670f193.php2

unknown

http://185.215.113.37

unknown

http://185.215.113.37/e2b1563c6670f193.php0

unknown

http://185.215.113.37/e2b1563c6670f193.php/

unknown

http://185.215.113.37/e2b1563c6670f193.php

185.215.113.37

http://185.215.113.37/e2b1563c6670f193.php$

unknown

http://185.215.113.37/ws

unknown

http://185.215.113.37a

unknown

http://185.215.113.37/e2b1563c6670f193.php(

unknown

IPs

Domain

Country

Malicious

185.215.113.37

unknown

Portugal

Details

IP:	185.215.113.37
TargetID:	0
Current Path:	C:\Users\user\Desktop\file.exe
Country:	Portugal
Countrycode:	PRT
ASN number:	206894
ASN name:	WHOLESALECONNECTIONSNL
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
HTTP GET or POST without a user agent	Networking
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

471000

unkown

page execute and read and write

121E000

heap

page read and write

4E30000

direct allocation

page read and write

49B1000

heap

page read and write

35AF000

stack

page read and write

31EF000

stack

page read and write

961000

unkown

page execute and read and write

1094000

heap

page read and write

11E0000

direct allocation

page read and write

3FAF000

stack

page read and write

49B1000

heap

page read and write

462E000

stack

page read and write

552000

unkown

page execute and read and write

1094000

heap

page read and write

106B000

heap

page read and write

2D2B000

stack

page read and write

1094000

heap

page read and write

49B1000

heap

page read and write

43AE000

stack

page read and write

1CDEE000

stack

page read and write

1094000

heap

page read and write

1094000

heap

page read and write

49B1000

heap

page read and write

1094000

heap

page read and write

49B1000

heap

page read and write

49B1000

heap

page read and write

49B1000

heap

page read and write

49B1000

heap

page read and write

1094000

heap

page read and write

49B1000

heap

page read and write

2FAE000

stack

page read and write

49B1000

heap

page read and write

3D6E000

stack

page read and write

472F000

stack

page read and write

49B1000

heap

page read and write

49B1000

heap

page read and write

2F6F000

stack

page read and write

49B1000

heap

page read and write

382F000

stack

page read and write

1094000

heap

page read and write

3BEF000

stack

page read and write

49B1000

heap

page read and write

970000

unkown

page execute and write copy

49B1000

heap

page read and write

49B1000

heap

page read and write

1094000

heap

page read and write

1094000

heap

page read and write

49B1000

heap

page read and write

4E10000

heap

page read and write

3AEE000

stack

page read and write

49B1000

heap

page read and write

1060000

heap

page read and write

1218000

heap

page read and write

30EE000

stack

page read and write

1094000

heap

page read and write

11E0000

direct allocation

page read and write

1080000

heap

page read and write

386E000

stack

page read and write

44EE000

stack

page read and write

49B1000

heap

page read and write

11E0000

direct allocation

page read and write

119E000

stack

page read and write

1210000

heap

page read and write

EFE000

stack

page read and write

1094000

heap

page read and write

11E0000

direct allocation

page read and write

35EE000

stack

page read and write

49B1000

heap

page read and write

1094000

heap

page read and write

49B1000

heap

page read and write

2BEE000

stack

page read and write

49B1000

heap

page read and write

2E6E000

stack

page read and write

30AF000

stack

page read and write

412E000

stack

page read and write

1094000

heap

page read and write

49B1000

heap

page read and write

6CE000

unkown

page execute and read and write

49B1000

heap

page read and write

346F000

stack

page read and write

1067000

heap

page read and write

1094000

heap

page read and write

1094000

heap

page read and write

1094000

heap

page read and write

396F000

stack

page read and write

52D000

unkown

page execute and read and write

49B1000

heap

page read and write

1D02F000

stack

page read and write

49C1000

heap

page read and write

11E0000

direct allocation

page read and write

3EAE000

stack

page read and write

1094000

heap

page read and write

49B1000

heap

page read and write

49B0000

heap

page read and write

1094000

heap

page read and write

1094000

heap

page read and write

4F6F000

stack

page read and write

3D2F000

stack

page read and write

36EF000

stack

page read and write

125C000

heap

page read and write

49B1000

heap

page read and write

1094000

heap

page read and write

49B1000

heap

page read and write

1090000

heap

page read and write

11E0000

direct allocation

page read and write

1094000

heap

page read and write

2BAE000

stack

page read and write

49AF000

stack

page read and write

4FA0000

direct allocation

page execute and read and write

1296000

heap

page read and write

1094000

heap

page read and write

486F000

stack

page read and write

11E0000

direct allocation

page read and write

1CEEF000

stack

page read and write

49B1000

heap

page read and write

49B1000

heap

page read and write

49B1000

heap

page read and write

1D2BD000

stack

page read and write

1094000

heap

page read and write

1CCAE000

stack

page read and write

49B1000

heap

page read and write

1094000

heap

page read and write

96F000

unkown

page execute and write copy

436F000

stack

page read and write

49B1000

heap

page read and write

4F70000

direct allocation

page execute and read and write

3FEE000

stack

page read and write

4DF0000

trusted library allocation

page read and write

4FC0000

direct allocation

page execute and read and write

11E0000

direct allocation

page read and write

11E0000

direct allocation

page read and write

1094000

heap

page read and write

49B1000

heap

page read and write

39AE000

stack

page read and write

49B1000

heap

page read and write

2CEF000

stack

page read and write

49B1000

heap

page read and write

3C2E000

stack

page read and write

49B1000

heap

page read and write

49B1000

heap

page read and write

49B1000

heap

page read and write

B10000

unkown

page execute and write copy

1200000

direct allocation

page read and write

1262000

heap

page read and write

49B1000

heap

page read and write

1094000

heap

page read and write

1094000

heap

page read and write

1CDAF000

stack

page read and write

40EF000

stack

page read and write

B0F000

unkown

page execute and read and write

49B1000

heap

page read and write

937000

unkown

page execute and read and write

45EF000

stack

page read and write

336E000

stack

page read and write

49B1000

heap

page read and write

49B1000

heap

page read and write

3AAF000

stack

page read and write

48AE000

stack

page read and write

1094000

heap

page read and write

49B1000

heap

page read and write

11E0000

direct allocation

page read and write

4E6E000

stack

page read and write

44AF000

stack

page read and write

1094000

heap

page read and write

2E2F000

stack

page read and write

1094000

heap

page read and write

49B1000

heap

page read and write

49B1000

heap

page read and write

332F000

stack

page read and write

49B1000

heap

page read and write

49B1000

heap

page read and write

49B1000

heap

page read and write

957000

unkown

page execute and read and write

49B1000

heap

page read and write

1094000

heap

page read and write

49B1000

heap

page read and write

372E000

stack

page read and write

49B1000

heap

page read and write

6BA000

unkown

page execute and read and write

FE0000

heap

page read and write

1D2FD000

stack

page read and write

F00000

heap

page read and write

4FD0000

direct allocation

page execute and read and write

1277000

heap

page read and write

476E000

stack

page read and write

859000

unkown

page execute and read and write

426E000

stack

page read and write

4F90000

direct allocation

page execute and read and write

1CF2E000

stack

page read and write

BAC000

stack

page read and write

4FB0000

direct allocation

page execute and read and write

EF5000

stack

page read and write

471000

unkown

page execute and write copy

11E0000

direct allocation

page read and write

49B1000

heap

page read and write

49B1000

heap

page read and write

1094000

heap

page read and write

49B1000

heap

page read and write

1D3FE000

stack

page read and write

11E0000

direct allocation

page read and write

1D1BD000

stack

page read and write

322E000

stack

page read and write

470000

unkown

page read and write

3E6F000

stack

page read and write

521000

unkown

page execute and read and write

422F000

stack

page read and write

34AE000

stack

page read and write

49B1000

heap

page read and write

1094000

heap

page read and write

1094000

heap

page read and write

104D000

stack

page read and write

11E0000

direct allocation

page read and write

1D06E000

stack

page read and write

1200000

direct allocation

page read and write

1094000

heap

page read and write

4FA0000

direct allocation

page execute and read and write

49B1000

heap

page read and write

96F000

unkown

page execute and read and write

11DE000

stack

page read and write

4F80000

direct allocation

page execute and read and write

49B1000

heap

page read and write

1094000

heap

page read and write

470000

unkown

page readonly

1D16F000

stack

page read and write

49B1000

heap

page read and write

11E0000

direct allocation

page read and write

There are 216 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
file.exe

Processes

URLs

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportfile.exe

Processes

URLs

IPs

Memdumps

IOC Report
file.exe