Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\file.exe

"C:\Users\user\Desktop\file.exe"

Details

Is windows:	false
Is dropped:	false
PID:	3536
Target ID:	0
Parent PID:	1028
Name:	file.exe
Path:	C:\Users\user\Desktop\file.exe
Commandline:	"C:\Users\user\Desktop\file.exe"
Size:	1874432
MD5:	0AB8FD273F356FC72FC0D8971976F60E
Time:	03:45:00
Date:	04/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xb00000
Modulesize:	7032832
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Detected unpacking (changes PE section rights)	Data Obfuscation	Software Packing
Yara detected Powershell download and execute	HIPS / PFW / Operating System Protection Evasion
Yara detected Stealc	Stealing of Sensitive Information, Remote Access Functionality
Machine Learning detection for sample	AV Detection
PE file contains section with special chars	System Summary
PE file contains an invalid checksum	Data Obfuscation
PE file contains sections with non-standard names	Data Obfuscation
Uses 32bit PE files	Compliance, System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011)	System Summary	Software Packing
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
PE file has a big raw section	System Summary
Submission file is bigger than most known malware samples	System Summary

URLs

Name

Malicious

http://185.215.113.37/e2b1563c6670f193.phpn

unknown

Details

Name:	http://185.215.113.37/e2b1563c6670f193.phpn
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\file.exe
Source:	file.exe, 00000000.00000002.2102191694.0000000001249000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
URLs found in memory or binary data	Networking

http://185.215.113.37/

185.215.113.37

Details

Name:	http://185.215.113.37/
IP:	185.215.113.37
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\file.exe
Source:	network

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
HTTP GET or POST without a user agent	Networking
IP address seen in connection with other malware	Networking
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

http://185.215.113.37

unknown

Details

Name:	http://185.215.113.37
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\file.exe
Source:	file.exe, 00000000.00000002.2102191694.00000000011DE000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
URLs found in memory or binary data	Networking

http://185.215.113.37/H

unknown

Details

Name:	http://185.215.113.37/H
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\file.exe
Source:	file.exe, 00000000.00000002.2102191694.0000000001238000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
URLs found in memory or binary data	Networking

http://185.215.113.37/e2b1563c6670f193.phpV

unknown

Details

Name:	http://185.215.113.37/e2b1563c6670f193.phpV
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\file.exe
Source:	file.exe, 00000000.00000002.2102191694.0000000001249000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
URLs found in memory or binary data	Networking

http://185.215.113.37/e2b1563c6670f193.php

185.215.113.37

Details

Name:	http://185.215.113.37/e2b1563c6670f193.php
IP:	185.215.113.37
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\file.exe
Source:	network

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
HTTP GET or POST without a user agent	Networking
IP address seen in connection with other malware	Networking
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

185.215.113.37

unknown

Portugal

Details

IP:	185.215.113.37
TargetID:	0
Current Path:	C:\Users\user\Desktop\file.exe
Country:	Portugal
Countrycode:	PRT
ASN number:	206894
ASN name:	WHOLESALECONNECTIONSNL
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
HTTP GET or POST without a user agent	Networking
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

11DE000

heap

page read and write

50C0000

direct allocation

page read and write

B01000

unkown

page execute and read and write

4C20000

direct allocation

page read and write

1D00F000

stack

page read and write

399E000

stack

page read and write

4C31000

heap

page read and write

395F000

stack

page read and write

4C31000

heap

page read and write

4C20000

direct allocation

page read and write

4C31000

heap

page read and write

4C50000

heap

page read and write

31DF000

stack

page read and write

4C31000

heap

page read and write

4C31000

heap

page read and write

4C20000

direct allocation

page read and write

4C31000

heap

page read and write

3FDE000

stack

page read and write

4C20000

direct allocation

page read and write

5230000

direct allocation

page execute and read and write

11D0000

heap

page read and write

335E000

stack

page read and write

1D53E000

stack

page read and write

4C31000

heap

page read and write

499F000

stack

page read and write

4D30000

trusted library allocation

page read and write

4C31000

heap

page read and write

1223000

heap

page read and write

11B1000

unkown

page execute and read and write

4C31000

heap

page read and write

4C31000

heap

page read and write

4C31000

heap

page read and write

4C31000

heap

page read and write

EF1000

unkown

page execute and read and write

100D000

unkown

page execute and read and write

385E000

stack

page read and write

381F000

stack

page read and write

4C31000

heap

page read and write

7C0000

heap

page read and write

4C20000

direct allocation

page read and write

BBD000

unkown

page execute and read and write

1D71E000

stack

page read and write

7D0000

heap

page read and write

5240000

direct allocation

page execute and read and write

4C31000

heap

page read and write

461E000

stack

page read and write

485F000

stack

page read and write

4C31000

heap

page read and write

4C31000

heap

page read and write

349E000

stack

page read and write

4C31000

heap

page read and write

1D81F000

stack

page read and write

4C31000

heap

page read and write

4C31000

heap

page read and write

3D1F000

stack

page read and write

4C31000

heap

page read and write

4C31000

heap

page read and write

45DF000

stack

page read and write

11DA000

heap

page read and write

1D822000

heap

page read and write

4C31000

heap

page read and write

4C31000

heap

page read and write

2F50000

heap

page read and write

100D000

unkown

page execute and write copy

4C31000

heap

page read and write

2F30000

heap

page read and write

BB1000

unkown

page execute and read and write

1D67C000

stack

page read and write

524E000

stack

page read and write

4C31000

heap

page read and write

4C31000

heap

page read and write

4C31000

heap

page read and write

125E000

heap

page read and write

4C31000

heap

page read and write

AFF000

stack

page read and write

1D14F000

stack

page read and write

4C31000

heap

page read and write

3A9F000

stack

page read and write

4C31000

heap

page read and write

321E000

stack

page read and write

4C31000

heap

page read and write

4C31000

heap

page read and write

1D3EF000

stack

page read and write

1255000

heap

page read and write

D4A000

unkown

page execute and read and write

1238000

heap

page read and write

3F9F000

stack

page read and write

4C30000

heap

page read and write

162E000

stack

page read and write

4C31000

heap

page read and write

1D18E000

stack

page read and write

489E000

stack

page read and write

76C000

stack

page read and write

4C31000

heap

page read and write

4C20000

direct allocation

page read and write

4ADF000

stack

page read and write

4C31000

heap

page read and write

4C31000

heap

page read and write

4C31000

heap

page read and write

4C31000

heap

page read and write

130E000

stack

page read and write

435F000

stack

page read and write

2F20000

heap

page read and write

50C0000

direct allocation

page read and write

36DF000

stack

page read and write

4C31000

heap

page read and write

4C31000

heap

page read and write

4C31000

heap

page read and write

4C20000

direct allocation

page read and write

471F000

stack

page read and write

4C31000

heap

page read and write

4C31000

heap

page read and write

FCF000

unkown

page execute and read and write

331F000

stack

page read and write

4C40000

heap

page read and write

4C20000

direct allocation

page read and write

5260000

direct allocation

page execute and read and write

4C1F000

stack

page read and write

3D5E000

stack

page read and write

4C31000

heap

page read and write

4C31000

heap

page read and write

1249000

heap

page read and write

4C31000

heap

page read and write

4C31000

heap

page read and write

439E000

stack

page read and write

4C31000

heap

page read and write

B00000

unkown

page readonly

FFF000

unkown

page execute and read and write

4C31000

heap

page read and write

40DF000

stack

page read and write

421F000

stack

page read and write

4C20000

direct allocation

page read and write

4C31000

heap

page read and write

FF3000

unkown

page execute and read and write

309F000

stack

page read and write

11B2000

unkown

page execute and write copy

4C31000

heap

page read and write

2F57000

heap

page read and write

1355000

heap

page read and write

121F000

heap

page read and write

4C31000

heap

page read and write

4C31000

heap

page read and write

152F000

stack

page read and write

4C31000

heap

page read and write

1D57D000

stack

page read and write

D5E000

unkown

page execute and read and write

5250000

direct allocation

page execute and read and write

51FF000

stack

page read and write

5270000

direct allocation

page execute and read and write

1350000

heap

page read and write

2E1E000

stack

page read and write

1D28F000

stack

page read and write

4C31000

heap

page read and write

AF5000

stack

page read and write

1D820000

heap

page read and write

3BDF000

stack

page read and write

4C31000

heap

page read and write

2F5B000

heap

page read and write

4C47000

heap

page read and write

4C31000

heap

page read and write

4C20000

direct allocation

page read and write

411E000

stack

page read and write

359F000

stack

page read and write

BE2000

unkown

page execute and read and write

4C31000

heap

page read and write

2F1F000

stack

page read and write

4C31000

heap

page read and write

4C31000

heap

page read and write

4C20000

direct allocation

page read and write

50FE000

stack

page read and write

425E000

stack

page read and write

B00000

unkown

page read and write

4B1E000

stack

page read and write

371E000

stack

page read and write

4C20000

direct allocation

page read and write

345F000

stack

page read and write

4C31000

heap

page read and write

2F9C000

stack

page read and write

3E5F000

stack

page read and write

49DE000

stack

page read and write

44DE000

stack

page read and write

4C31000

heap

page read and write

3ADE000

stack

page read and write

4C31000

heap

page read and write

475E000

stack

page read and write

3E9E000

stack

page read and write

4C31000

heap

page read and write

50C0000

direct allocation

page read and write

4C31000

heap

page read and write

30DE000

stack

page read and write

449F000

stack

page read and write

4C31000

heap

page read and write

4C20000

direct allocation

page read and write

4C31000

heap

page read and write

B01000

unkown

page execute and write copy

4C31000

heap

page read and write

5220000

direct allocation

page execute and read and write

134E000

stack

page read and write

35DE000

stack

page read and write

5210000

direct allocation

page execute and read and write

1D2EE000

stack

page read and write

4C31000

heap

page read and write

3C1E000

stack

page read and write

5240000

direct allocation

page execute and read and write

1D43D000

stack

page read and write

1D04E000

stack

page read and write

100E000

unkown

page execute and write copy

4C31000

heap

page read and write

4C20000

direct allocation

page read and write

There are 199 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
file.exe

Processes

URLs

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportfile.exe

Processes

URLs

IPs

Memdumps

IOC Report
file.exe