Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

NJna3TEAEr.exe

PE32 executable (GUI) Intel 80386, for MS Windows

initial sample

C:\ProgramData\AKKFHDAK

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3

dropped

C:\ProgramData\BJZFPPWAPT.png

ASCII text, with very long lines (1024), with CRLF line terminators

dropped

C:\ProgramData\CBGCBGCAFIIECBFIDHIJKFBAKE

SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3

dropped

C:\ProgramData\CFCBKKKJJJKKEBGDAFIDAAAEHD

SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7

dropped

C:\ProgramData\DAKEHIJJKEGIDHIEHDAFIIDBFB

SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4

dropped

C:\ProgramData\EEGWXUHVUG.docx

ASCII text, with very long lines (1024), with CRLF line terminators

dropped

C:\ProgramData\EFOYFBOLXA.docx

ASCII text, with very long lines (1024), with CRLF line terminators

dropped

C:\ProgramData\EFOYFBOLXA.pdf

ASCII text, with very long lines (1024), with CRLF line terminators

dropped

C:\ProgramData\EGHCBKKKFHCGCBFIJEHDGIDGCF

SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2

dropped

C:\ProgramData\EIVQSAOTAQ.png

ASCII text, with very long lines (1024), with CRLF line terminators

dropped

C:\ProgramData\EOWRVPQCCS.jpg

ASCII text, with very long lines (1024), with CRLF line terminators

dropped

C:\ProgramData\FBKEHJEGCFBFHJJKJEHD

ASCII text, with very long lines (1743), with CRLF line terminators

dropped

C:\ProgramData\FHDHCAAK

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8

dropped

C:\ProgramData\GIGIYTFFYT.jpg

ASCII text, with very long lines (1024), with CRLF line terminators

dropped

C:\ProgramData\GRXZDKKVDB.jpg

ASCII text, with very long lines (1024), with CRLF line terminators

dropped

C:\ProgramData\GRXZDKKVDB.xlsx

ASCII text, with very long lines (1024), with CRLF line terminators

dropped

C:\ProgramData\IJEGHJECFCFCBFIDBGCG

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1

dropped

C:\ProgramData\JDDHMPCDUJ.png

ASCII text, with very long lines (1024), with CRLF line terminators

dropped

C:\ProgramData\KKEHDBAEGIIIEBGCAAFH

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1

dropped

C:\ProgramData\NVWZAPQSQL.docx

ASCII text, with very long lines (1024), with CRLF line terminators

dropped

C:\ProgramData\NVWZAPQSQL.xlsx

ASCII text, with very long lines (1024), with CRLF line terminators

dropped

C:\ProgramData\PALRGUCVEH.pdf

ASCII text, with very long lines (1024), with CRLF line terminators

dropped

C:\ProgramData\PALRGUCVEH.xlsx

ASCII text, with very long lines (1024), with CRLF line terminators

dropped

C:\ProgramData\ZGGKNSUKOP.pdf

ASCII text, with very long lines (1024), with CRLF line terminators

dropped

C:\ProgramData\freebl3.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\ProgramData\mozglue.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\ProgramData\msvcp140.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\ProgramData\nss3.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\ProgramData\softokn3.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\ProgramData\vcruntime140.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm

data

dropped

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm

data

dropped

There are 29 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\NJna3TEAEr.exe

"C:\Users\user\Desktop\NJna3TEAEr.exe"

Details

Is windows:	false
Is dropped:	false
PID:	1220
Target ID:	0
Parent PID:	1028
Name:	NJna3TEAEr.exe
Path:	C:\Users\user\Desktop\NJna3TEAEr.exe
Commandline:	"C:\Users\user\Desktop\NJna3TEAEr.exe"
Size:	330408
MD5:	C57F035E099BFE7F8D56917A22266DC9
Time:	17:16:55
Date:	03/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x2e0000
Modulesize:	2502656
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Found malware configuration	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Yara detected Powershell download and execute	HIPS / PFW / Operating System Protection Evasion
Yara detected Stealc	Stealing of Sensitive Information, Remote Access Functionality
Yara detected Vidar stealer	Stealing of Sensitive Information, Remote Access Functionality
Machine Learning detection for sample	AV Detection
PE file has a writeable .text section	System Summary
PE / OLE file has an invalid certificate	System Summary
PE file contains an invalid checksum	Data Obfuscation
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
URLs found in memory or binary data	Networking
Binary contains paths to debug symbols	Compliance, System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary

URLs

Name

Malicious

http://193.233.112.44/0853a005e18f0946/softokn3.dll

193.233.112.44

https://t.me/

unknown

http://193.233.112.44/

193.233.112.44

https://t.me/hwlflcqshvwp/383ccd496f3c5eee.php

http://193.233.112.44/0853a005e18f0946/nss3.dll

193.233.112.44

https://t.me/hwlflcqshvwp

149.154.167.99

http://193.233.112.44/0853a005e18f0946/msvcp140.dll

193.233.112.44

http://193.233.112.44

unknown

http://193.233.112.44/0853a005e18f0946/freebl3.dll

193.233.112.44

http://193.233.112.44/383ccd496f3c5eee.php

193.233.112.44

http://193.233.112.44/0853a005e18f0946/vcruntime140.dll

193.233.112.44

http://193.233.112.44/0853a005e18f0946/mozglue.dll

193.233.112.44

http://193.233.112.44/0853a005e18f0946/sqlite3.dll

193.233.112.44

https://duckduckgo.com/chrome_newtab

unknown

https://duckduckgo.com/ac/?q=

unknown

http://193.233.112.44/383ccd496f3c5eee.phpH

unknown

http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#

unknown

http://ocsp.sectigo.com0

unknown

https://web.telegram.org

unknown

https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi

unknown

http://193.233.112.44/383ccd496f3c5eee.php#j

unknown

https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.

unknown

https://t.me/hwlflcqshvwpi5

unknown

http://193.233.112.44/383ccd496f3c5eee.php?k

unknown

https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=

unknown

http://193.233.112.44/383ccd496f3c5eee.phpindows

unknown

http://193.233.112.44/383ccd496f3c5eee.php9

unknown

http://193.233.112.44/383ccd496f3c5eee.php3k

unknown

http://91.214.78.145

unknown

http://193.233.112.44/0853a005e18f0946/mozglue.dll0

unknown

http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0

unknown

http://91.214.78.145/

91.214.78.145

http://193.233.112.44/0853a005e18f0946/nss3.dllg

unknown

http://193.233.112.44/383ccd496f3c5eee.phpKj

unknown

http://193.233.112.44/383ccd496f3c5eee.phpj

unknown

http://193.233.112.44/383ccd496f3c5eee.phps

unknown

https://t.me/T

unknown

http://193.233.112.44/383ccd496f3c5eee.phpnfigOverlay

unknown

http://193.233.112.44/383ccd496f3c5eee.phpwser

unknown

https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search

unknown

http://193.233.112.44/383ccd496f3c5eee.phpp

unknown

http://193.233.112.44/0853a005e18f0946/freebl3.dllx

unknown

http://193.233.112.44/383ccd496f3c5eee.phpc

unknown

http://193.233.112.44/383ccd496f3c5eee.phpWj

unknown

http://193.233.112.44/0853a005e18f0946/softokn3.dll&

unknown

http://www.sqlite.org/copyright.html.

unknown

http://193.233.112.44/383ccd496f3c5eee.phpb

unknown

http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#

unknown

http://www.mozilla.com/en-US/blocklist/

unknown

https://t.me/hwlflcqshvwp:

unknown

https://sectigo.com/CPS0

unknown

http://193.233.12

unknown

https://mozilla.org0/

unknown

https://www.google.com/images/branding/product/ico/googleg_lodp.ico

unknown

http://193.233.112.44/y

unknown

http://193.233.112.44/383ccd496f3c5eee.phpnts

unknown

https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=

unknown

http://193.233.112.44383ccd496f3c5eee.phpdf6f2e2e1bb7ac40e04ec15ba23e52t8ZWpiYWxiYWtvcGxjaGxnaGVjZGF

unknown

http://www.microsoft.

unknown

https://www.ecosia.org/newtab/

unknown

http://193.233.112.44/0853a005e18f0946/nss3.dll)

unknown

https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta

unknown

https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br

unknown

http://193.233.112.44/0853a005e18f0946/nss3.dll/

unknown

http://193.233.112.44/383ccd496f3c5eee.phpsj

unknown

https://ac.ecosia.org/autocomplete?q=

unknown

http://193.233.112.44/383ccd496f3c5eee.php=----2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZG

unknown

https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg

unknown

https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg

unknown

http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z

unknown

https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL

unknown

https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref

unknown

http://91.214.78.145/W

unknown

https://t.me/hwlflcqshvwp)

unknown

https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477

unknown

https://support.mozilla.org

unknown

https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=

unknown

There are 67 hidden URLs, click here to show them.

Domains

Name

Malicious

t.me

149.154.167.99

Details

Name:	t.me
IP:	149.154.167.99
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
HTTP GET or POST without a user agent	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

IPs

Domain

Country

Malicious

193.233.112.44

unknown

Russian Federation

Details

IP:	193.233.112.44
TargetID:	0
Current Path:	C:\Users\user\Desktop\NJna3TEAEr.exe
Country:	Russian Federation
Countrycode:	RUS
ASN number:	20549
ASN name:	FREE-MPEIRU
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
HTTP GET or POST without a user agent	Networking
Suricata IDS alerts with low severity for network traffic	Networking
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

149.154.167.99

t.me

United Kingdom

Details

IP:	149.154.167.99
TargetID:	0
Current Path:	C:\Users\user\Desktop\NJna3TEAEr.exe
Country:	United Kingdom
Countrycode:	GBR
ASN number:	62041
ASN name:	TELEGRAMRU
Private:	false
Domain:	t.me

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

91.214.78.145

unknown

Russian Federation

Details

IP:	91.214.78.145
TargetID:	0
Current Path:	C:\Users\user\Desktop\NJna3TEAEr.exe
Country:	Russian Federation
Countrycode:	RUS
ASN number:	49373
ASN name:	FOTONTELECOM-STUB-ASFOTONTELECOMRU
Private:	false

Signature Hits	Behavior Group	Mitre Attack
HTTP GET or POST without a user agent	Networking
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
URLs found in memory or binary data	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

2E1000

unkown

page execute and write copy

164E000

heap

page read and write

2E1000

unkown

page execute and write copy

1BAC3000

heap

page read and write

1BAD8000

heap

page read and write

1BABE000

heap

page read and write

2DCBE000

stack

page read and write

1BAD8000

heap

page read and write

53C000

unkown

page readonly

34C40000

heap

page read and write

125B000

stack

page read and write

1BAE8000

heap

page read and write

1790000

heap

page read and write

2DE59000

heap

page read and write

1B97E000

stack

page read and write

33E36000

heap

page read and write

33E30000

heap

page read and write

1BAC8000

heap

page read and write

170D000

heap

page read and write

541000

unkown

page readonly

6C670000

unkown

page readonly

1BAD8000

heap

page read and write

1BAC3000

heap

page read and write

1BAD0000

heap

page read and write

1BADD000

heap

page read and write

1BAF8000

heap

page read and write

30B000

unkown

page write copy

1BAEA000

heap

page read and write

6C80F000

unkown

page readonly

61EB7000

direct allocation

page readonly

1BAF8000

heap

page read and write

1BAC8000

heap

page read and write

1B59D000

stack

page read and write

1BABE000

heap

page read and write

1BAD6000

heap

page read and write

6C855000

unkown

page readonly

164A000

heap

page read and write

1BAD0000

heap

page read and write

61ED3000

direct allocation

page read and write

34D6A000

heap

page read and write

16C8000

heap

page read and write

1B1AF000

stack

page read and write

1BBB4000

heap

page read and write

1BAD6000

heap

page read and write

1BAD2000

heap

page read and write

1BAD1000

heap

page read and write

6C65E000

unkown

page read and write

2DE51000

heap

page read and write

1BAD8000

heap

page read and write

27C59000

heap

page read and write

3C0000

unkown

page read and write

13C0000

heap

page read and write

1B69D000

stack

page read and write

4FC000

unkown

page read and write

1B940000

remote allocation

page read and write

171E000

heap

page read and write

1B44E000

stack

page read and write

33DF0000

heap

page read and write

1BAB5000

heap

page read and write

1BAE3000

heap

page read and write

33E21000

heap

page read and write

1BAD8000

heap

page read and write

6C850000

unkown

page read and write

61E01000

direct allocation

page execute read

3C3000

unkown

page read and write

1BAD6000

heap

page read and write

1358000

stack

page read and write

413000

unkown

page read and write

16BB000

heap

page read and write

27C00000

heap

page read and write

6C84E000

unkown

page read and write

4F6000

unkown

page read and write

1BAC8000

heap

page read and write

1460000

heap

page read and write

1BAD8000

heap

page read and write

183E000

heap

page read and write

1BAD0000

heap

page read and write

21BC9000

heap

page read and write

1467000

heap

page read and write

1717000

heap

page read and write

1BAD3000

heap

page read and write

1BAC9000

heap

page read and write

32A000

unkown

page read and write

1BAF7000

heap

page read and write

2DE5F000

heap

page read and write

3B9000

unkown

page read and write

1BAC8000

heap

page read and write

1BA7F000

stack

page read and write

27BE0000

heap

page read and write

27C5F000

heap

page read and write

1BABF000

heap

page read and write

1BAD2000

heap

page read and write

33E28000

heap

page read and write

1BAD4000

heap

page read and write

1BAD8000

heap

page read and write

1B7F0000

heap

page read and write

1724000

heap

page read and write

1B2AF000

stack

page read and write

16AF000

heap

page read and write

1BAE4000

heap

page read and write

2FE000

unkown

page readonly

61EB4000

direct allocation

page read and write

2DE66000

heap

page read and write

1BAD8000

heap

page read and write

1B3EF000

stack

page read and write

1BAD8000

heap

page read and write

440000

unkown

page read and write

163E000

stack

page read and write

135D000

stack

page read and write

44D000

unkown

page read and write

1BAC3000

heap

page read and write

13B0000

heap

page read and write

1BAF2000

heap

page read and write

16C4000

heap

page read and write

1BAB0000

trusted library allocation

page read and write

6C64D000

unkown

page readonly

1BAD7000

heap

page read and write

1BACA000

heap

page read and write

541000

unkown

page readonly

1B7EC000

stack

page read and write

1BB12000

heap

page read and write

144E000

stack

page read and write

2DE6E000

heap

page read and write

2FE000

unkown

page readonly

1BAD3000

heap

page read and write

1BAC9000

heap

page read and write

1BADC000

heap

page read and write

21B23000

heap

page read and write

1BAF9000

heap

page read and write

44F000

unkown

page read and write

1640000

heap

page read and write

27C62000

heap

page read and write

3EE000

unkown

page read and write

27C43000

heap

page read and write

182E000

stack

page read and write

1BB53000

heap

page read and write

1BAD8000

heap

page read and write

1BADC000

heap

page read and write

1BAC9000

heap

page read and write

1B2EE000

stack

page read and write

3E2000

unkown

page read and write

16C8000

heap

page read and write

61ED0000

direct allocation

page read and write

61ECC000

direct allocation

page read and write

1BAD6000

heap

page read and write

61ED4000

direct allocation

page readonly

1833000

heap

page read and write

1BADB000

heap

page read and write

171F000

heap

page read and write

1830000

heap

page read and write

1465000

heap

page read and write

1BACE000

heap

page read and write

1BAE4000

heap

page read and write

3B6000

unkown

page read and write

1BAF8000

heap

page read and write

1BAF8000

heap

page read and write

16C2000

heap

page read and write

1353000

stack

page read and write

1BAF8000

heap

page read and write

6C5D0000

unkown

page readonly

140E000

stack

page read and write

1BADD000

heap

page read and write

27C82000

heap

page read and write

21C60000

heap

page read and write

1BAD8000

heap

page read and write

1BABE000

heap

page read and write

1BAD1000

heap

page read and write

1BAD1000

heap

page read and write

33E3A000

heap

page read and write

33E32000

heap

page read and write

1BACA000

heap

page read and write

2E0000

unkown

page readonly

2DDC0000

trusted library allocation

page read and write

1B54F000

stack

page read and write

1BAD6000

heap

page read and write

2DDBF000

stack

page read and write

1BAE8000

heap

page read and write

6C84F000

unkown

page write copy

1BABE000

heap

page read and write

1BAD8000

heap

page read and write

27CA2000

heap

page read and write

1BAF8000

heap

page read and write

1BAD8000

heap

page read and write

27C47000

heap

page read and write

34D60000

heap

page read and write

21C74000

heap

page read and write

27C4D000

heap

page read and write

1B940000

remote allocation

page read and write

6C5D1000

unkown

page execute read

1BACA000

heap

page read and write

6C662000

unkown

page readonly

27C56000

heap

page read and write

193F000

stack

page read and write

61E00000

direct allocation

page execute and read and write

1BACE000

heap

page read and write

1BAC8000

heap

page read and write

2E0000

unkown

page readonly

6C671000

unkown

page execute read

1B940000

remote allocation

page read and write

33A000

unkown

page read and write

30B000

unkown

page write copy

1BADB000

heap

page read and write

52A000

unkown

page read and write

27C45000

heap

page read and write

1BABE000

heap

page read and write

3527D000

heap

page read and write

1BAC3000

heap

page read and write

420000

unkown

page read and write

53C000

unkown

page readonly

27CC2000

heap

page read and write

1BAF9000

heap

page read and write

1735000

heap

page read and write

1469000

heap

page read and write

1BB42000

heap

page read and write

1BB22000

heap

page read and write

1BB02000

heap

page read and write

1BAC3000

heap

page read and write

1BACE000

heap

page read and write

17EE000

stack

page read and write

27C41000

heap

page read and write

1BACC000

heap

page read and write

27CA5000

heap

page read and write

1B6ED000

stack

page read and write

1BAB0000

heap

page read and write

4D6000

unkown

page read and write

1B7F9000

heap

page read and write

1712000

heap

page read and write

1BABF000

heap

page read and write

61ECD000

direct allocation

page readonly

1BAD8000

heap

page read and write

1690000

heap

page read and write

1BAE4000

heap

page read and write

1BAD8000

heap

page read and write

There are 223 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
NJna3TEAEr.exe

Files

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportNJna3TEAEr.exe

Files

Processes

URLs

Domains

IPs

Memdumps

IOC Report
NJna3TEAEr.exe