Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\file.exe

"C:\Users\user\Desktop\file.exe"

Details

Is windows:	false
Is dropped:	false
PID:	2748
Target ID:	0
Parent PID:	4004
Name:	file.exe
Path:	C:\Users\user\Desktop\file.exe
Commandline:	"C:\Users\user\Desktop\file.exe"
Size:	1860608
MD5:	2252EE92F584848EAC43445204FEC9A4
Time:	23:02:00
Date:	01/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x540000
Modulesize:	6987776
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Detected unpacking (changes PE section rights)	Data Obfuscation	Software Packing
Yara detected Powershell download and execute	HIPS / PFW / Operating System Protection Evasion
Yara detected Stealc	Stealing of Sensitive Information, Remote Access Functionality
Machine Learning detection for sample	AV Detection
PE file contains section with special chars	System Summary
PE file contains an invalid checksum	Data Obfuscation
PE file contains sections with non-standard names	Data Obfuscation
Uses 32bit PE files	Compliance, System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011)	System Summary	Software Packing
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
PE file has a big raw section	System Summary
Submission file is bigger than most known malware samples	System Summary

URLs

Name

Malicious

http://185.215.113.37/e2b1563c6670f193.php~

unknown

http://185.215.113.37/

185.215.113.37

http://185.215.113.37/e2b1563c6670f193.phpL

unknown

http://185.215.113.37/e2b1563c6670f193.phpK

unknown

http://185.215.113.37

unknown

http://185.215.113.37e

unknown

http://185.215.113.37/e2b1563c6670f193.php

185.215.113.37

http://185.215.113.37/e2b1563c6670f193.phpd

unknown

http://185.215.113.37/ws

unknown

http://185.215.113.37/e2b1563c6670f193.phpft

unknown

http://185.215.113.37/e2b1563c6670f193.php7

unknown

There are 1 hidden URLs, click here to show them.

IPs

Domain

Country

Malicious

185.215.113.37

unknown

Portugal

Details

IP:	185.215.113.37
TargetID:	0
Current Path:	C:\Users\user\Desktop\file.exe
Country:	Portugal
Countrycode:	PRT
ASN number:	206894
ASN name:	WHOLESALECONNECTIONSNL
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
HTTP GET or POST without a user agent	Networking
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

541000

unkown

page execute and read and write

1028000

heap

page read and write

4C20000

direct allocation

page read and write

92D000

unkown

page execute and read and write

47A1000

heap

page read and write

3C5000

stack

page read and write

104D000

heap

page read and write

1092000

heap

page read and write

2A20000

direct allocation

page read and write

47A1000

heap

page read and write

4D5F000

stack

page read and write

4D9E000

stack

page read and write

29DB000

stack

page read and write

2A20000

direct allocation

page read and write

47A1000

heap

page read and write

540000

unkown

page read and write

47A1000

heap

page read and write

47A1000

heap

page read and write

47A1000

heap

page read and write

1D0CD000

stack

page read and write

1CB9E000

stack

page read and write

451F000

stack

page read and write

FBE000

stack

page read and write

4DA0000

direct allocation

page execute and read and write

47A1000

heap

page read and write

100A000

heap

page read and write

500000

heap

page read and write

2A20000

direct allocation

page read and write

E3E000

stack

page read and write

47A1000

heap

page read and write

1CB5F000

stack

page read and write

47A1000

heap

page read and write

47A1000

heap

page read and write

301E000

stack

page read and write

4DC0000

direct allocation

page execute and read and write

A46000

unkown

page execute and write copy

365E000

stack

page read and write

79E000

unkown

page execute and read and write

F75000

heap

page read and write

361F000

stack

page read and write

4D90000

direct allocation

page execute and read and write

47A1000

heap

page read and write

2FDF000

stack

page read and write

465F000

stack

page read and write

39DF000

stack

page read and write

47A1000

heap

page read and write

4DB0000

direct allocation

page execute and read and write

47A1000

heap

page read and write

47A1000

heap

page read and write

47A1000

heap

page read and write

47A1000

heap

page read and write

47A1000

heap

page read and write

47A1000

heap

page read and write

2D9E000

stack

page read and write

47B0000

heap

page read and write

420000

heap

page read and write

47A1000

heap

page read and write

339F000

stack

page read and write

47A1000

heap

page read and write

33DE000

stack

page read and write

F70000

heap

page read and write

47A1000

heap

page read and write

622000

unkown

page execute and read and write

3C9E000

stack

page read and write

47A1000

heap

page read and write

2C5F000

stack

page read and write

47A1000

heap

page read and write

F50000

heap

page read and write

47A1000

heap

page read and write

2A40000

direct allocation

page read and write

47A1000

heap

page read and write

47A1000

heap

page read and write

A37000

unkown

page execute and read and write

47A1000

heap

page read and write

441E000

stack

page read and write

5FD000

unkown

page execute and read and write

3CE000

stack

page read and write

47A1000

heap

page read and write

47A1000

heap

page read and write

47A1000

heap

page read and write

BE7000

unkown

page execute and write copy

47A1000

heap

page read and write

4BE0000

trusted library allocation

page read and write

2A20000

direct allocation

page read and write

47A1000

heap

page read and write

379E000

stack

page read and write

419E000

stack

page read and write

479F000

stack

page read and write

47A1000

heap

page read and write

2A20000

direct allocation

page read and write

47A1000

heap

page read and write

47A1000

heap

page read and write

47A1000

heap

page read and write

47A1000

heap

page read and write

1CC9F000

stack

page read and write

1CDDF000

stack

page read and write

3DDE000

stack

page read and write

375F000

stack

page read and write

47A1000

heap

page read and write

455E000

stack

page read and write

3EDE000

stack

page read and write

405E000

stack

page read and write

5F1000

unkown

page execute and read and write

4D70000

direct allocation

page execute and read and write

47A1000

heap

page read and write

34DF000

stack

page read and write

47A1000

heap

page read and write

A2C000

unkown

page execute and read and write

3D9F000

stack

page read and write

1CE4E000

stack

page read and write

106A000

heap

page read and write

47A1000

heap

page read and write

F40000

heap

page read and write

469E000

stack

page read and write

47A1000

heap

page read and write

1053000

heap

page read and write

47A1000

heap

page read and write

47A1000

heap

page read and write

351E000

stack

page read and write

47A1000

heap

page read and write

3B5E000

stack

page read and write

2A20000

direct allocation

page read and write

47A1000

heap

page read and write

47A1000

heap

page read and write

2A57000

heap

page read and write

11FE000

stack

page read and write

2A20000

direct allocation

page read and write

47A1000

heap

page read and write

2A20000

direct allocation

page read and write

47A1000

heap

page read and write

47A1000

heap

page read and write

3B1F000

stack

page read and write

1088000

heap

page read and write

2A40000

direct allocation

page read and write

A45000

unkown

page execute and read and write

2A20000

direct allocation

page read and write

1000000

heap

page read and write

1CCDE000

stack

page read and write

A45000

unkown

page execute and write copy

2A1E000

stack

page read and write

1023000

heap

page read and write

2B5F000

stack

page read and write

540000

unkown

page readonly

2D5F000

stack

page read and write

415F000

stack

page read and write

329E000

stack

page read and write

47A1000

heap

page read and write

4C5E000

stack

page read and write

47A1000

heap

page read and write

3C5F000

stack

page read and write

78A000

unkown

page execute and read and write

A0A000

unkown

page execute and read and write

47A1000

heap

page read and write

F3E000

stack

page read and write

47A1000

heap

page read and write

43DF000

stack

page read and write

47A1000

heap

page read and write

47A1000

heap

page read and write

2CC000

stack

page read and write

315E000

stack

page read and write

47A1000

heap

page read and write

3A1E000

stack

page read and write

389F000

stack

page read and write

4D90000

direct allocation

page execute and read and write

325F000

stack

page read and write

47A1000

heap

page read and write

47A1000

heap

page read and write

1CF8D000

stack

page read and write

100E000

heap

page read and write

47A1000

heap

page read and write

BE6000

unkown

page execute and read and write

2A50000

heap

page read and write

47A1000

heap

page read and write

2EDE000

stack

page read and write

47A1000

heap

page read and write

1D08C000

stack

page read and write

3F1E000

stack

page read and write

42DE000

stack

page read and write

107B000

heap

page read and write

541000

unkown

page execute and write copy

47A1000

heap

page read and write

47A0000

heap

page read and write

401F000

stack

page read and write

47A1000

heap

page read and write

47A1000

heap

page read and write

429F000

stack

page read and write

4D80000

direct allocation

page execute and read and write

2E9F000

stack

page read and write

311F000

stack

page read and write

38DE000

stack

page read and write

47A1000

heap

page read and write

47A1000

heap

page read and write

FFE000

stack

page read and write

4D60000

direct allocation

page execute and read and write

2A20000

direct allocation

page read and write

1CF4F000

stack

page read and write

2A5B000

heap

page read and write

47A1000

heap

page read and write

47A1000

heap

page read and write

47A1000

heap

page read and write

1099000

heap

page read and write

2A20000

direct allocation

page read and write

1D1CE000

stack

page read and write

47A1000

heap

page read and write

47A1000

heap

page read and write

2A20000

direct allocation

page read and write

2A20000

direct allocation

page read and write

2A20000

direct allocation

page read and write

47A1000

heap

page read and write

There are 199 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
file.exe

Processes

URLs

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportfile.exe

Processes

URLs

IPs

Memdumps

IOC Report
file.exe