Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\QUOTATION_OCTQTRA071244PDF.scr.exe

"C:\Users\user\Desktop\QUOTATION_OCTQTRA071244PDF.scr.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7484
Target ID:	0
Parent PID:	2580
Name:	QUOTATION_OCTQTRA071244PDF.scr.exe
Path:	C:\Users\user\Desktop\QUOTATION_OCTQTRA071244PDF.scr.exe
Commandline:	"C:\Users\user\Desktop\QUOTATION_OCTQTRA071244PDF.scr.exe"
Size:	1929216
MD5:	CBD14BDFFD1CD9896494F1FFF3C4E701
Time:	05:22:46
Date:	04/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x2105c8b0000
Modulesize:	1941504
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Initial sample is a PE file and has a suspicious name	System Summary
PE file does not import any functions	System Summary
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
URLs found in memory or binary data	Networking
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file has a big raw section	System Summary
PE file contains a COM descriptor data directory	System Summary
PE file has a big code size	System Summary
Submission file is bigger than most known malware samples	System Summary

URLs

Name

Malicious

http://filetransfer.io/data-package/eZFzMENr/download

188.114.96.3

https://s23.filetransfer.io/storage/download/ZRP1AkSP9kG2

188.114.97.3

http://s23.filetransfer.io

unknown

https://s23.filetransfer.io/storage/download/EYxNoMbJWmad

188.114.97.3

https://s23.filetransfer.io/storage/download/UHZCmkCE5dCM

188.114.97.3

https://s23.filetransfer.io/storage/download/T4jQBjNxmaAP

188.114.97.3

https://s23.filetransfer.io/storage/download/goqkE17IMIu9

188.114.97.3

https://s23.filetransfer.io/storage/download/LnCn4Sq9X9QI

188.114.97.3

http://filetransfer.io/data-package/eZFzMENr

unknown

https://s23.filetransfer.io/storage/download/FMdaPuCZHHPj

188.114.97.3

https://s23.filetransfer.io/storage/download/JLKER12CLEEH

188.114.97.3

https://s23.filetransfer.io

unknown

https://s23.filetransfer.io/storage/download/8d0YtsDOnedA

188.114.97.3

https://s23.filetransfer.io/storage/download/RQn9FsWdafFG

188.114.97.3

https://s23.filetransfer.io/storage/download/EobBo452Hdxh

188.114.97.3

https://s23.filetransfer.io/storage/download/FdQTbjLkThhR

188.114.97.3

https://s23.filetransfer.io/storage/download/4CRE38zxXqXG

188.114.97.3

https://s23.filetrP

unknown

https://s23.filetransfer.io/storage/download/yGXCKBDIQrAq

188.114.97.3

https://s23.filetransfer.io/storage/download/9QRVQG14oBWg

188.114.97.3

https://s23.filetransfer.io/storage/download/sHIqABNcW3Ed

188.114.97.3

https://s23.filetransfer.io/storage/download/hCsyUwJb1Z1u

188.114.97.3

https://s23.filetransfer.io/storage/download/9EV86OzjvzKc

188.114.97.3

https://s23.filetransfer.io/storage/download/sI6TJT4vJ3Bm

188.114.97.3

https://filetransfer.io

unknown

https://s23.filetransfer.io/storage/download/C8OPC9MoIN8L

188.114.97.3

http://filetransfer.io

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

unknown

https://s23.filetransfer.io/storage/download/FecmNNRs2mj0

188.114.97.3

https://s23.filetransfer.io/storage/download/qr9THGkhopIj

188.114.97.3

https://s23.filetransfer.io/storage/download/8hFS5k720mAD

188.114.97.3

https://s23.filetransfer.io/storage/download/a6rLoYyAawaq

188.114.97.3

https://s23.filetransfer.io/storage/download/60jvYrdp5AfK

188.114.97.3

https://filetransfer.io/data-package/eZFzMENr/download

188.114.96.3

https://s23.filetransfer.io/storage/download/rNUQbvqXCkvY

188.114.97.3

https://s23.filetransfer.io/storage/download/oU6fOMiuNfFu

188.114.97.3

https://s23.filetransfer.io/storage/download/rF55DMjHHO7R

188.114.97.3

https://s23.filetransfer.io/storage/download/VzWqBQCvAaEg

188.114.97.3

https://filetransfer.ioX

unknown

https://s23.filetransfer.io/storage/download/UOzJ7nwkJVlJ

188.114.97.3

https://s23.filetransfer.io/storage/download/TSnbub9PBiUP

188.114.97.3

https://s23.filetransfer.io/storage/download/faOOXr9t1pNr

188.114.97.3

https://s23.filetransfer.io/storage/download/9R6i4hkSrRN5

188.114.97.3

https://s23.filetransfer.io/storage/download/5LUME3vteHCP

188.114.97.3

https://s23.filetransfer.io/storage/download/f5l4KzAPcLFN

188.114.97.3

https://s23.filetransfer.io/storage/download/KrgAyDYAYOu9

188.114.97.3

https://s23.filetransfer.io/storage/download/WRMLI4CLhfdR

188.114.97.3

https://s23.filetransfer.io/storage/download/h6my69Vdddiu

188.114.97.3

https://s23.filetransfer.io/storage/download/5ERBgCCUdqAJ

188.114.97.3

https://s23.filetransfer.io/storage/download/JNVqWjkJZeyM

188.114.97.3

https://s23.filetrPX

unknown

https://s23.filetransfer.io/storage/download/XKE7H4fnB1y6

188.114.97.3

https://filetransfer.io(

unknown

https://s23.filetransfer.iox

unknown

There are 44 hidden URLs, click here to show them.

Domains

Name

Malicious

filetransfer.io

188.114.96.3

Details

Name:	filetransfer.io
IP:	188.114.96.3
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
HTTP GET or POST without a user agent	Networking
Suricata IDS alerts with low severity for network traffic	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

s23.filetransfer.io

188.114.97.3

Details

Name:	s23.filetransfer.io
IP:	188.114.97.3
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
HTTP GET or POST without a user agent	Networking
Suricata IDS alerts with low severity for network traffic	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

IPs

Domain

Country

Malicious

188.114.97.3

s23.filetransfer.io

European Union

Details

IP:	188.114.97.3
TargetID:	0
Current Path:	C:\Users\user\Desktop\QUOTATION_OCTQTRA071244PDF.scr.exe
Country:	European Union
Countrycode:	EU
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	s23.filetransfer.io

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts with low severity for network traffic	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

188.114.96.3

filetransfer.io

European Union

Details

IP:	188.114.96.3
TargetID:	0
Current Path:	C:\Users\user\Desktop\QUOTATION_OCTQTRA071244PDF.scr.exe
Country:	European Union
Countrycode:	EU
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	filetransfer.io

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts with low severity for network traffic	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

Registry

Path

Value

Malicious

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\QUOTATION_OCTQTRA071244PDF_RASAPI32

EnableFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\QUOTATION_OCTQTRA071244PDF_RASAPI32

EnableAutoFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\QUOTATION_OCTQTRA071244PDF_RASAPI32

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\QUOTATION_OCTQTRA071244PDF_RASAPI32

FileTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\QUOTATION_OCTQTRA071244PDF_RASAPI32

ConsoleTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\QUOTATION_OCTQTRA071244PDF_RASAPI32

MaxFileSize

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\QUOTATION_OCTQTRA071244PDF_RASAPI32

FileDirectory

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\QUOTATION_OCTQTRA071244PDF_RASMANCS

EnableFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\QUOTATION_OCTQTRA071244PDF_RASMANCS

EnableAutoFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\QUOTATION_OCTQTRA071244PDF_RASMANCS

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\QUOTATION_OCTQTRA071244PDF_RASMANCS

FileTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\QUOTATION_OCTQTRA071244PDF_RASMANCS

ConsoleTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\QUOTATION_OCTQTRA071244PDF_RASMANCS

MaxFileSize

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\QUOTATION_OCTQTRA071244PDF_RASMANCS

FileDirectory

There are 4 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

21077090000

heap

page read and write

7969DFA000

stack

page read and write

21077000000

heap

page read and write

2105CDB0000

trusted library allocation

page read and write

7FFD9B700000

trusted library allocation

page read and write

2105CDC0000

heap

page read and write

2105C8B0000

unkown

page readonly

2105E97A000

trusted library allocation

page read and write

2105EA71000

trusted library allocation

page read and write

2105E791000

trusted library allocation

page read and write

79695FA000

stack

page read and write

7FFD9B882000

trusted library allocation

page read and write

2105CC20000

heap

page read and write

2105E945000

trusted library allocation

page read and write

2105E80C000

trusted library allocation

page read and write

21077008000

heap

page read and write

2105E809000

trusted library allocation

page read and write

7FFD9B6F3000

trusted library allocation

page read and write

2105E8FD000

trusted library allocation

page read and write

2105E980000

trusted library allocation

page read and write

2105E859000

trusted library allocation

page read and write

2105CD40000

heap

page read and write

21076FA0000

heap

page read and write

2105EB25000

trusted library allocation

page read and write

2105CC8E000

heap

page read and write

2105E999000

trusted library allocation

page read and write

2105E81C000

trusted library allocation

page read and write

7FFD9B6FD000

trusted library allocation

page execute and read and write

2105CC51000

heap

page read and write

7FF40D690000

trusted library allocation

page execute and read and write

7FFD9B70D000

trusted library allocation

page execute and read and write

2105EA65000

trusted library allocation

page read and write

7FFD9B6E4000

trusted library allocation

page read and write

2105EA63000

trusted library allocation

page read and write

2105E8C9000

trusted library allocation

page read and write

2105E993000

trusted library allocation

page read and write

2105EA79000

trusted library allocation

page read and write

79675FE000

stack

page read and write

2105E87E000

trusted library allocation

page read and write

2105E96D000

trusted library allocation

page read and write

2105CC60000

heap

page read and write

2105CDB3000

trusted library allocation

page read and write

7FFD9B8A0000

trusted library allocation

page read and write

2105E976000

trusted library allocation

page read and write

2105EA43000

trusted library allocation

page read and write

2105EA81000

trusted library allocation

page read and write

79699FF000

stack

page read and write

2105E986000

trusted library allocation

page read and write

210767C0000

trusted library allocation

page read and write

2106E797000

trusted library allocation

page read and write

2107709B000

heap

page read and write

7FFD9B6F8000

trusted library allocation

page read and write

79669FE000

stack

page read and write

2105EB6E000

trusted library allocation

page read and write

2106E881000

trusted library allocation

page read and write

2105CA31000

unkown

page readonly

2105EA15000

trusted library allocation

page read and write

2105E8EF000

trusted library allocation

page read and write

2105CE60000

heap

page read and write

2105E610000

heap

page read and write

2105CBF0000

heap

page read and write

2105E833000

trusted library allocation

page read and write

2105CE40000

heap

page read and write

2105EA75000

trusted library allocation

page read and write

2105EB0F000

trusted library allocation

page read and write

2105E8FA000

trusted library allocation

page read and write

2105CE65000

heap

page read and write

2105E91A000

trusted library allocation

page read and write

7FFD9B8B0000

trusted library allocation

page read and write

7FFD9B6E3000

trusted library allocation

page execute and read and write

7FFD9B73C000

trusted library allocation

page execute and read and write

2105E82A000

trusted library allocation

page read and write

2105E780000

heap

page execute and read and write

2105E972000

trusted library allocation

page read and write

2105E8F6000

trusted library allocation

page read and write

2105E807000

trusted library allocation

page read and write

2105E8E3000

trusted library allocation

page read and write

7FFD9B8A9000

trusted library allocation

page read and write

21076FD4000

heap

page read and write

7FFD9B7A0000

trusted library allocation

page execute and read and write

2105E8E9000

trusted library allocation

page read and write

7967DFE000

stack

page read and write

2105E7DA000

trusted library allocation

page read and write

2105E7F8000

trusted library allocation

page read and write

2105E95B000

trusted library allocation

page read and write

2105E7DE000

trusted library allocation

page read and write

796A9FB000

stack

page read and write

2105EA6D000

trusted library allocation

page read and write

2105EB23000

trusted library allocation

page read and write

79689FD000

stack

page read and write

2105E876000

trusted library allocation

page read and write

2105EC07000

trusted library allocation

page read and write

2105E95D000

trusted library allocation

page read and write

2105E800000

trusted library allocation

page read and write

2105EB03000

trusted library allocation

page read and write

2105CDC5000

heap

page read and write

79665E9000

stack

page read and write

2105CC95000

heap

page read and write

2106E791000

trusted library allocation

page read and write

2105CDA0000

trusted library allocation

page read and write

21076FD2000

heap

page read and write

2105CD80000

trusted library allocation

page read and write

7965FFF000

stack

page read and write

2105CCE8000

heap

page read and write

2105E7E6000

trusted library allocation

page read and write

79679FC000

stack

page read and write

2106E7A1000

trusted library allocation

page read and write

7FFD9B704000

trusted library allocation

page read and write

7FFD9B79C000

trusted library allocation

page execute and read and write

2105CC8C000

heap

page read and write

2105E827000

trusted library allocation

page read and write

7FFD9B796000

trusted library allocation

page read and write

2105CD20000

heap

page read and write

796A5FD000

stack

page read and write

2105E8DF000

trusted library allocation

page read and write

7FFD9B800000

trusted library allocation

page execute and read and write

2105E871000

trusted library allocation

page read and write

2105C8B2000

unkown

page readonly

7FFD9B790000

trusted library allocation

page read and write

2105CCEC000

heap

page read and write

2105E802000

trusted library allocation

page read and write

7965FBF000

stack

page read and write

2105E87B000

trusted library allocation

page read and write

7FFD9B6ED000

trusted library allocation

page execute and read and write

7FFD9B7C6000

trusted library allocation

page execute and read and write

2105CCFE000

heap

page read and write

2105EB1D000

trusted library allocation

page read and write

2105CC4C000

heap

page read and write

2105E95F000

trusted library allocation

page read and write

21076F90000

heap

page read and write

2105CB10000

heap

page read and write

2105E760000

heap

page execute and read and write

7FFD9B8C0000

trusted library allocation

page execute and read and write

7FFD9B70B000

trusted library allocation

page execute and read and write

2105CC54000

heap

page read and write

2105E9C9000

trusted library allocation

page read and write

There are 126 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
QUOTATION_OCTQTRA071244PDF.scr.exe

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportQUOTATION_OCTQTRA071244PDF.scr.exe

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
QUOTATION_OCTQTRA071244PDF.scr.exe