Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\file.exe

"C:\Users\user\Desktop\file.exe"

Details

Is windows:	false
Is dropped:	false
PID:	2552
Target ID:	0
Parent PID:	3504
Name:	file.exe
Path:	C:\Users\user\Desktop\file.exe
Commandline:	"C:\Users\user\Desktop\file.exe"
Size:	1831424
MD5:	8BAEB58F65C1B9077A14792BD25A17F3
Time:	10:38:32
Date:	04/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xee0000
Modulesize:	6901760
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Detected unpacking (changes PE section rights)	Data Obfuscation	Software Packing
Multi AV Scanner detection for submitted file	AV Detection
Yara detected Powershell download and execute	HIPS / PFW / Operating System Protection Evasion
Yara detected Stealc	Stealing of Sensitive Information, Remote Access Functionality
Machine Learning detection for sample	AV Detection
PE file contains section with special chars	System Summary
PE file contains an invalid checksum	Data Obfuscation
PE file contains sections with non-standard names	Data Obfuscation
Uses 32bit PE files	Compliance, System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011)	System Summary	Software Packing
PE file has a high occurrence of arithmetic instructions at the PE entrypoint (possbibily packed)	System Summary	Obfuscated Files or Information
Sample is known by Antivirus	System Summary
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
PE file has a big raw section	System Summary
Submission file is bigger than most known malware samples	System Summary

URLs

Name

Malicious

http://185.215.113.37/

185.215.113.37

Details

Name:	http://185.215.113.37/
IP:	185.215.113.37
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\file.exe
Source:	network

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
HTTP GET or POST without a user agent	Networking
IP address seen in connection with other malware	Networking
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

http://185.215.113.37

unknown

Details

Name:	http://185.215.113.37
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\file.exe
Source:	file.exe, 00000000.00000002.1627926455.000000000166E000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
URLs found in memory or binary data	Networking

http://185.215.113.37/e2b1563c6670f193.php

185.215.113.37

Details

Name:	http://185.215.113.37/e2b1563c6670f193.php
IP:	185.215.113.37
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\file.exe
Source:	network

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
HTTP GET or POST without a user agent	Networking
IP address seen in connection with other malware	Networking
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

http://185.215.113.37/e2b1563c6670f193.phpW

unknown

Details

Name:	http://185.215.113.37/e2b1563c6670f193.phpW
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\file.exe
Source:	file.exe, 00000000.00000002.1627926455.00000000016B3000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
URLs found in memory or binary data	Networking

http://185.215.113.37/e2b1563c6670f193.phpg

unknown

Details

Name:	http://185.215.113.37/e2b1563c6670f193.phpg
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\file.exe
Source:	file.exe, 00000000.00000002.1627926455.00000000016B3000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

185.215.113.37

unknown

Portugal

Details

IP:	185.215.113.37
TargetID:	0
Current Path:	C:\Users\user\Desktop\file.exe
Country:	Portugal
Countrycode:	PRT
ASN number:	206894
ASN name:	WHOLESALECONNECTIONSNL
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
HTTP GET or POST without a user agent	Networking
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

EE1000

unkown

page execute and read and write

53C0000

direct allocation

page read and write

166E000

heap

page read and write

4F41000

heap

page read and write

E74000

heap

page read and write

EBE000

stack

page read and write

1650000

direct allocation

page read and write

5380000

trusted library allocation

page read and write

403F000

stack

page read and write

5520000

direct allocation

page execute and read and write

4F41000

heap

page read and write

E74000

heap

page read and write

EE1000

unkown

page execute and write copy

E74000

heap

page read and write

4F41000

heap

page read and write

E74000

heap

page read and write

E74000

heap

page read and write

3DFE000

stack

page read and write

4F3F000

stack

page read and write

4F41000

heap

page read and write

F9D000

unkown

page execute and read and write

42FE000

stack

page read and write

4F41000

heap

page read and write

47BF000

stack

page read and write

1650000

direct allocation

page read and write

E74000

heap

page read and write

E74000

heap

page read and write

1D46F000

stack

page read and write

E74000

heap

page read and write

1650000

direct allocation

page read and write

4F41000

heap

page read and write

4F41000

heap

page read and write

53FE000

stack

page read and write

D85000

stack

page read and write

4F41000

heap

page read and write

E74000

heap

page read and write

4F41000

heap

page read and write

4F41000

heap

page read and write

54FF000

stack

page read and write

4F41000

heap

page read and write

E74000

heap

page read and write

4BBE000

stack

page read and write

317B000

heap

page read and write

4CFE000

stack

page read and write

5530000

direct allocation

page execute and read and write

EE0000

unkown

page read and write

4F40000

heap

page read and write

4F41000

heap

page read and write

EE0000

unkown

page readonly

E74000

heap

page read and write

4F41000

heap

page read and write

4F41000

heap

page read and write

4F41000

heap

page read and write

E74000

heap

page read and write

4F41000

heap

page read and write

16EF000

heap

page read and write

DF0000

heap

page read and write

ED0000

heap

page read and write

47FE000

stack

page read and write

1D4AE000

stack

page read and write

39FF000

stack

page read and write

4F41000

heap

page read and write

1650000

direct allocation

page read and write

DE0000

heap

page read and write

16B3000

heap

page read and write

3B3F000

stack

page read and write

4F41000

heap

page read and write

38FE000

stack

page read and write

D8E000

stack

page read and write

16E6000

heap

page read and write

1572000

unkown

page execute and write copy

1D97C000

stack

page read and write

4F41000

heap

page read and write

1650000

direct allocation

page read and write

4F41000

heap

page read and write

4F41000

heap

page read and write

1660000

heap

page read and write

4F41000

heap

page read and write

E74000

heap

page read and write

4F41000

heap

page read and write

E74000

heap

page read and write

4F41000

heap

page read and write

3170000

heap

page read and write

E74000

heap

page read and write

457E000

stack

page read and write

4DFF000

stack

page read and write

4F41000

heap

page read and write

13C9000

unkown

page execute and read and write

353E000

stack

page read and write

4F41000

heap

page read and write

E74000

heap

page read and write

4F41000

heap

page read and write

4CBF000

stack

page read and write

E74000

heap

page read and write

12C5000

unkown

page execute and read and write

4F41000

heap

page read and write

E74000

heap

page read and write

327F000

stack

page read and write

FC2000

unkown

page execute and read and write

4F41000

heap

page read and write

4F41000

heap

page read and write

4F41000

heap

page read and write

38BF000

stack

page read and write

4F41000

heap

page read and write

43FF000

stack

page read and write

E74000

heap

page read and write

4F41000

heap

page read and write

363F000

stack

page read and write

453F000

stack

page read and write

E74000

heap

page read and write

3F3E000

stack

page read and write

E74000

heap

page read and write

1D87D000

stack

page read and write

E74000

heap

page read and write

185E000

stack

page read and write

4F41000

heap

page read and write

4F41000

heap

page read and write

4F41000

heap

page read and write

E74000

heap

page read and write

E74000

heap

page read and write

4F41000

heap

page read and write

3150000

direct allocation

page read and write

1650000

direct allocation

page read and write

4A3F000

stack

page read and write

1D83E000

stack

page read and write

4F41000

heap

page read and write

467F000

stack

page read and write

13D8000

unkown

page execute and write copy

4F41000

heap

page read and write

4F41000

heap

page read and write

113E000

unkown

page execute and read and write

E5E000

stack

page read and write

1650000

direct allocation

page read and write

46BE000

stack

page read and write

4F41000

heap

page read and write

4F41000

heap

page read and write

1D32F000

stack

page read and write

3EFF000

stack

page read and write

33FE000

stack

page read and write

4F41000

heap

page read and write

4F41000

heap

page read and write

4F41000

heap

page read and write

E74000

heap

page read and write

4F41000

heap

page read and write

4F41000

heap

page read and write

E74000

heap

page read and write

195E000

stack

page read and write

3CBE000

stack

page read and write

1D73D000

stack

page read and write

3C7F000

stack

page read and write

32BB000

stack

page read and write

4F41000

heap

page read and write

1650000

direct allocation

page read and write

1D6FF000

stack

page read and write

E74000

heap

page read and write

E74000

heap

page read and write

E74000

heap

page read and write

E74000

heap

page read and write

1650000

direct allocation

page read and write

5520000

direct allocation

page execute and read and write

4F41000

heap

page read and write

E74000

heap

page read and write

37BE000

stack

page read and write

166A000

heap

page read and write

E74000

heap

page read and write

C8C000

stack

page read and write

5390000

heap

page read and write

4A7E000

stack

page read and write

34FF000

stack

page read and write

1650000

direct allocation

page read and write

1650000

direct allocation

page read and write

E74000

heap

page read and write

E74000

heap

page read and write

13C2000

unkown

page execute and read and write

5510000

direct allocation

page execute and read and write

4F60000

heap

page read and write

E70000

heap

page read and write

407E000

stack

page read and write

1650000

direct allocation

page read and write

1650000

direct allocation

page read and write

5550000

direct allocation

page execute and read and write

1D22E000

stack

page read and write

13D8000

unkown

page execute and read and write

E74000

heap

page read and write

313E000

stack

page read and write

4F41000

heap

page read and write

4F41000

heap

page read and write

4F50000

heap

page read and write

4F41000

heap

page read and write

417F000

stack

page read and write

3B7E000

stack

page read and write

F91000

unkown

page execute and read and write

3A3E000

stack

page read and write

3177000

heap

page read and write

1D36E000

stack

page read and write

3DBF000

stack

page read and write

33BF000

stack

page read and write

5540000

direct allocation

page execute and read and write

48FF000

stack

page read and write

1650000

direct allocation

page read and write

42BF000

stack

page read and write

1D5AE000

stack

page read and write

4F41000

heap

page read and write

4F41000

heap

page read and write

4F41000

heap

page read and write

5500000

direct allocation

page execute and read and write

3150000

direct allocation

page read and write

E74000

heap

page read and write

4B7F000

stack

page read and write

13D9000

unkown

page execute and write copy

4F41000

heap

page read and write

4F41000

heap

page read and write

377F000

stack

page read and write

4E3E000

stack

page read and write

1D5FE000

stack

page read and write

139F000

unkown

page execute and read and write

4F41000

heap

page read and write

112A000

unkown

page execute and read and write

4F41000

heap

page read and write

41BE000

stack

page read and write

16CB000

heap

page read and write

367E000

stack

page read and write

493E000

stack

page read and write

443E000

stack

page read and write

4F41000

heap

page read and write

1571000

unkown

page execute and read and write

3160000

direct allocation

page execute and read and write

4F41000

heap

page read and write

E74000

heap

page read and write

4F41000

heap

page read and write

There are 220 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
file.exe

Processes

URLs

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportfile.exe

Processes

URLs

IPs

Memdumps

IOC Report
file.exe