Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\file.exe

"C:\Users\user\Desktop\file.exe"

Details

Is windows:	false
Is dropped:	false
PID:	2316
Target ID:	0
Parent PID:	2580
Name:	file.exe
Path:	C:\Users\user\Desktop\file.exe
Commandline:	"C:\Users\user\Desktop\file.exe"
Size:	1821184
MD5:	9230158D2D15F5F7140B53912347A845
Time:	21:00:58
Date:	02/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x950000
Modulesize:	6881280
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Detected unpacking (changes PE section rights)	Data Obfuscation	Software Packing
Yara detected Powershell download and execute	HIPS / PFW / Operating System Protection Evasion
Yara detected Stealc	Stealing of Sensitive Information, Remote Access Functionality
Machine Learning detection for sample	AV Detection
PE file contains section with special chars	System Summary
PE file contains an invalid checksum	Data Obfuscation
PE file contains sections with non-standard names	Data Obfuscation
Uses 32bit PE files	Compliance, System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011)	System Summary	Software Packing
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
PE file has a big raw section	System Summary
Submission file is bigger than most known malware samples	System Summary

URLs

Name

Malicious

http://185.215.113.37/e2b1563c6670f193.phpN

unknown

Details

Name:	http://185.215.113.37/e2b1563c6670f193.phpN
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\file.exe
Source:	file.exe, 00000000.00000002.1721406629.00000000005F6000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
URLs found in memory or binary data	Networking

http://185.215.113.37/p

unknown

Details

Name:	http://185.215.113.37/p
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\file.exe
Source:	file.exe, 00000000.00000002.1721406629.00000000005F6000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
URLs found in memory or binary data	Networking

http://185.215.113.37=

unknown

Details

Name:	http://185.215.113.37=
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\file.exe
Source:	file.exe, 00000000.00000002.1721406629.000000000059E000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
URLs found in memory or binary data	Networking

http://185.215.113.37/

185.215.113.37

Details

Name:	http://185.215.113.37/
IP:	185.215.113.37
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\file.exe
Source:	network

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
HTTP GET or POST without a user agent	Networking
IP address seen in connection with other malware	Networking
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

http://185.215.113.37

unknown

Details

Name:	http://185.215.113.37
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\file.exe
Source:	file.exe, 00000000.00000002.1721406629.000000000059E000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
URLs found in memory or binary data	Networking

http://185.215.113.37/e2b1563c6670f193.php

185.215.113.37

Details

Name:	http://185.215.113.37/e2b1563c6670f193.php
IP:	185.215.113.37
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\file.exe
Source:	network

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
HTTP GET or POST without a user agent	Networking
IP address seen in connection with other malware	Networking
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

http://185.215.113.37/ws

unknown

Details

Name:	http://185.215.113.37/ws
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\file.exe
Source:	file.exe, 00000000.00000002.1721406629.00000000005F6000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
URLs found in memory or binary data	Networking

http://185.215.113.37/e2b1563c6670f193.phpy

unknown

Details

Name:	http://185.215.113.37/e2b1563c6670f193.phpy
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\file.exe
Source:	file.exe, 00000000.00000002.1721406629.00000000005F6000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

185.215.113.37

unknown

Portugal

Details

IP:	185.215.113.37
TargetID:	0
Current Path:	C:\Users\user\Desktop\file.exe
Country:	Portugal
Countrycode:	PRT
ASN number:	206894
ASN name:	WHOLESALECONNECTIONSNL
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
HTTP GET or POST without a user agent	Networking
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

951000

unkown

page execute and read and write

4B20000

direct allocation

page read and write

59E000

heap

page read and write

4691000

heap

page read and write

4691000

heap

page read and write

453F000

stack

page read and write

4691000

heap

page read and write

4691000

heap

page read and write

4CC0000

direct allocation

page execute and read and write

363F000

stack

page read and write

E37000

unkown

page execute and read and write

467F000

stack

page read and write

612000

heap

page read and write

714000

heap

page read and write

2D7F000

stack

page read and write

4691000

heap

page read and write

1CA9F000

stack

page read and write

3EFE000

stack

page read and write

4680000

direct allocation

page read and write

3B7E000

stack

page read and write

4691000

heap

page read and write

4680000

direct allocation

page read and write

4680000

direct allocation

page read and write

4680000

direct allocation

page read and write

714000

heap

page read and write

4680000

direct allocation

page read and write

714000

heap

page read and write

4691000

heap

page read and write

570000

heap

page read and write

4B00000

heap

page read and write

714000

heap

page read and write

4691000

heap

page read and write

6EE000

stack

page read and write

4C80000

direct allocation

page execute and read and write

43C000

stack

page read and write

313F000

stack

page read and write

4691000

heap

page read and write

3CBD000

stack

page read and write

3C7F000

stack

page read and write

714000

heap

page read and write

2B3E000

stack

page read and write

4680000

direct allocation

page read and write

4691000

heap

page read and write

1C99E000

stack

page read and write

4691000

heap

page read and write

4691000

heap

page read and write

714000

heap

page read and write

714000

heap

page read and write

951000

unkown

page execute and write copy

1CBDF000

stack

page read and write

32BE000

stack

page read and write

1CEAE000

stack

page read and write

4691000

heap

page read and write

4691000

heap

page read and write

417F000

stack

page read and write

4696000

heap

page read and write

4691000

heap

page read and write

580000

heap

page read and write

714000

heap

page read and write

1CD1F000

stack

page read and write

94B000

heap

page read and write

E45000

unkown

page execute and write copy

714000

heap

page read and write

10DE000

stack

page read and write

714000

heap

page read and write

710000

heap

page read and write

407E000

stack

page read and write

4691000

heap

page read and write

4691000

heap

page read and write

714000

heap

page read and write

714000

heap

page read and write

42BF000

stack

page read and write

D34000

unkown

page execute and read and write

4691000

heap

page read and write

4C70000

direct allocation

page execute and read and write

714000

heap

page read and write

4680000

direct allocation

page read and write

33BF000

stack

page read and write

4690000

heap

page read and write

1CC1E000

stack

page read and write

E2F000

unkown

page execute and read and write

377F000

stack

page read and write

930000

heap

page read and write

4691000

heap

page read and write

714000

heap

page read and write

5E1000

heap

page read and write

4691000

heap

page read and write

4691000

heap

page read and write

4691000

heap

page read and write

535000

stack

page read and write

4680000

direct allocation

page read and write

4691000

heap

page read and write

5F6000

heap

page read and write

4680000

direct allocation

page read and write

940000

heap

page read and write

2C3F000

stack

page read and write

457E000

stack

page read and write

33FE000

stack

page read and write

590000

heap

page read and write

4691000

heap

page read and write

1CADE000

stack

page read and write

BAE000

unkown

page execute and read and write

4CA0000

direct allocation

page execute and read and write

1D0EC000

stack

page read and write

443E000

stack

page read and write

38FE000

stack

page read and write

3B3F000

stack

page read and write

714000

heap

page read and write

4691000

heap

page read and write

4691000

heap

page read and write

42FE000

stack

page read and write

4B20000

direct allocation

page read and write

E46000

unkown

page execute and write copy

947000

heap

page read and write

4680000

direct allocation

page read and write

714000

heap

page read and write

2FFF000

stack

page read and write

714000

heap

page read and write

4691000

heap

page read and write

353E000

stack

page read and write

714000

heap

page read and write

FDC000

unkown

page execute and read and write

4691000

heap

page read and write

714000

heap

page read and write

4691000

heap

page read and write

4691000

heap

page read and write

41BE000

stack

page read and write

4B5E000

stack

page read and write

714000

heap

page read and write

714000

heap

page read and write

714000

heap

page read and write

4691000

heap

page read and write

4691000

heap

page read and write

714000

heap

page read and write

61B000

heap

page read and write

714000

heap

page read and write

714000

heap

page read and write

1CE5F000

stack

page read and write

4691000

heap

page read and write

4691000

heap

page read and write

8EE000

stack

page read and write

53E000

stack

page read and write

714000

heap

page read and write

4691000

heap

page read and write

4691000

heap

page read and write

4691000

heap

page read and write

4691000

heap

page read and write

714000

heap

page read and write

4691000

heap

page read and write

4691000

heap

page read and write

4691000

heap

page read and write

46B0000

heap

page read and write

4691000

heap

page read and write

714000

heap

page read and write

A0D000

unkown

page execute and read and write

92E000

stack

page read and write

714000

heap

page read and write

43FF000

stack

page read and write

4691000

heap

page read and write

29FE000

stack

page read and write

4691000

heap

page read and write

4691000

heap

page read and write

3DBF000

stack

page read and write

4691000

heap

page read and write

714000

heap

page read and write

4691000

heap

page read and write

2EFE000

stack

page read and write

4680000

direct allocation

page read and write

4680000

direct allocation

page read and write

3A3E000

stack

page read and write

4790000

trusted library allocation

page read and write

4691000

heap

page read and write

46A0000

heap

page read and write

714000

heap

page read and write

B9A000

unkown

page execute and read and write

4691000

heap

page read and write

E0B000

unkown

page execute and read and write

4680000

direct allocation

page read and write

2AFF000

stack

page read and write

4691000

heap

page read and write

714000

heap

page read and write

714000

heap

page read and write

4691000

heap

page read and write

2DBE000

stack

page read and write

2C7E000

stack

page read and write

1CFAE000

stack

page read and write

4B20000

direct allocation

page read and write

950000

unkown

page readonly

4691000

heap

page read and write

303E000

stack

page read and write

4691000

heap

page read and write

FDD000

unkown

page execute and write copy

4691000

heap

page read and write

38BF000

stack

page read and write

403F000

stack

page read and write

4C5F000

stack

page read and write

4680000

direct allocation

page read and write

3DFE000

stack

page read and write

34FF000

stack

page read and write

A32000

unkown

page execute and read and write

598000

heap

page read and write

4691000

heap

page read and write

1CD5E000

stack

page read and write

39FF000

stack

page read and write

4691000

heap

page read and write

29BF000

stack

page read and write

1CFED000

stack

page read and write

4691000

heap

page read and write

28BE000

stack

page read and write

714000

heap

page read and write

2EBF000

stack

page read and write

327F000

stack

page read and write

317E000

stack

page read and write

A01000

unkown

page execute and read and write

4CB0000

direct allocation

page execute and read and write

4691000

heap

page read and write

714000

heap

page read and write

37BE000

stack

page read and write

714000

heap

page read and write

367E000

stack

page read and write

4691000

heap

page read and write

3F3E000

stack

page read and write

E45000

unkown

page execute and read and write

714000

heap

page read and write

4691000

heap

page read and write

4CA0000

direct allocation

page execute and read and write

950000

unkown

page read and write

4C90000

direct allocation

page execute and read and write

There are 218 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
file.exe

Processes

URLs

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportfile.exe

Processes

URLs

IPs

Memdumps

IOC Report
file.exe