Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\file.exe

"C:\Users\user\Desktop\file.exe"

Details

Is windows:	false
Is dropped:	false
PID:	6780
Target ID:	0
Parent PID:	2580
Name:	file.exe
Path:	C:\Users\user\Desktop\file.exe
Commandline:	"C:\Users\user\Desktop\file.exe"
Size:	1909760
MD5:	FF372169F2C0278490593F4ABBFCCEAC
Time:	16:08:06
Date:	07/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xc50000
Modulesize:	7114752
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Detected unpacking (changes PE section rights)	Data Obfuscation	Software Packing
Yara detected Powershell download and execute	HIPS / PFW / Operating System Protection Evasion
Yara detected Stealc	Stealing of Sensitive Information, Remote Access Functionality
Machine Learning detection for sample	AV Detection
PE file contains section with special chars	System Summary
PE file contains an invalid checksum	Data Obfuscation
PE file contains sections with non-standard names	Data Obfuscation
Uses 32bit PE files	Compliance, System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011)	System Summary	Software Packing
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
PE file has a big raw section	System Summary
Submission file is bigger than most known malware samples	System Summary

URLs

Name

Malicious

http://185.215.113.37/

185.215.113.37

Details

Name:	http://185.215.113.37/
IP:	185.215.113.37
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\file.exe
Source:	network

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
HTTP GET or POST without a user agent	Networking
IP address seen in connection with other malware	Networking
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

http://185.215.113.37/e2b1563c6670f193.php;

unknown

Details

Name:	http://185.215.113.37/e2b1563c6670f193.php;
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\file.exe
Source:	file.exe, 00000000.00000002.1798536060.0000000000837000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
URLs found in memory or binary data	Networking

http://185.215.113.37/e2b1563c6670f193.phpk

unknown

Details

Name:	http://185.215.113.37/e2b1563c6670f193.phpk
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\file.exe
Source:	file.exe, 00000000.00000002.1798536060.0000000000837000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
URLs found in memory or binary data	Networking

http://185.215.113.37

unknown

Details

Name:	http://185.215.113.37
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\file.exe
Source:	file.exe, 00000000.00000002.1798536060.00000000007DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1798536060.0000000000837000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
URLs found in memory or binary data	Networking

http://185.215.113.37/e2b1563c6670f193.phpx9

unknown

Details

Name:	http://185.215.113.37/e2b1563c6670f193.phpx9
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\file.exe
Source:	file.exe, 00000000.00000002.1798536060.0000000000837000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
URLs found in memory or binary data	Networking

http://185.215.113.37/e2b1563c6670f193.php

185.215.113.37

Details

Name:	http://185.215.113.37/e2b1563c6670f193.php
IP:	185.215.113.37
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\file.exe
Source:	network

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
HTTP GET or POST without a user agent	Networking
IP address seen in connection with other malware	Networking
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

http://185.215.113.37/e2b1563c6670f193.phpY

unknown

Details

Name:	http://185.215.113.37/e2b1563c6670f193.phpY
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\file.exe
Source:	file.exe, 00000000.00000002.1798536060.00000000007DE000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
URLs found in memory or binary data	Networking

http://185.215.113.37/e2b1563c6670f193.php65d60108622213

unknown

Details

Name:	http://185.215.113.37/e2b1563c6670f193.php65d60108622213
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\file.exe
Source:	file.exe, 00000000.00000002.1798536060.0000000000837000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
URLs found in memory or binary data	Networking

http://185.215.113.37S

unknown

Details

Name:	http://185.215.113.37S
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\file.exe
Source:	file.exe, 00000000.00000002.1798536060.00000000007DE000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

185.215.113.37

unknown

Portugal

Details

IP:	185.215.113.37
TargetID:	0
Current Path:	C:\Users\user\Desktop\file.exe
Country:	Portugal
Countrycode:	PRT
ASN number:	206894
ASN name:	WHOLESALECONNECTIONSNL
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
HTTP GET or POST without a user agent	Networking
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7DE000

heap

page read and write

4A80000

direct allocation

page read and write

C51000

unkown

page execute and read and write

423F000

stack

page read and write

825000

heap

page read and write

4F5000

stack

page read and write

413E000

stack

page read and write

664000

heap

page read and write

664000

heap

page read and write

620000

direct allocation

page read and write

112B000

unkown

page execute and read and write

4601000

heap

page read and write

4601000

heap

page read and write

4601000

heap

page read and write

347F000

stack

page read and write

4601000

heap

page read and write

427E000

stack

page read and write

4BF0000

direct allocation

page execute and read and write

4601000

heap

page read and write

1CB4E000

stack

page read and write

664000

heap

page read and write

664000

heap

page read and write

3C3D000

stack

page read and write

664000

heap

page read and write

664000

heap

page read and write

4BD0000

direct allocation

page execute and read and write

4601000

heap

page read and write

44BF000

stack

page read and write

45FF000

stack

page read and write

C50000

unkown

page readonly

664000

heap

page read and write

664000

heap

page read and write

3ABF000

stack

page read and write

3FBF000

stack

page read and write

D32000

unkown

page execute and read and write

2D3E000

stack

page read and write

10C000

stack

page read and write

4610000

heap

page read and write

664000

heap

page read and write

1C8CE000

stack

page read and write

2ABF000

stack

page read and write

1CDDE000

stack

page read and write

620000

direct allocation

page read and write

337E000

stack

page read and write

4601000

heap

page read and write

4601000

heap

page read and write

664000

heap

page read and write

36FF000

stack

page read and write

44FE000

stack

page read and write

4601000

heap

page read and write

4601000

heap

page read and write

4601000

heap

page read and write

4601000

heap

page read and write

664000

heap

page read and write

4601000

heap

page read and write

664000

heap

page read and write

3FFE000

stack

page read and write

437F000

stack

page read and write

610000

heap

page read and write

4601000

heap

page read and write

664000

heap

page read and write

664000

heap

page read and write

EAE000

unkown

page execute and read and write

4601000

heap

page read and write

4601000

heap

page read and write

664000

heap

page read and write

30FE000

stack

page read and write

373E000

stack

page read and write

4601000

heap

page read and write

4601000

heap

page read and write

43BE000

stack

page read and write

818000

heap

page read and write

7C0000

direct allocation

page execute and read and write

1CC8E000

stack

page read and write

34BE000

stack

page read and write

64B000

heap

page read and write

640000

heap

page read and write

1169000

unkown

page execute and read and write

1CD8F000

stack

page read and write

4601000

heap

page read and write

4601000

heap

page read and write

4601000

heap

page read and write

4601000

heap

page read and write

C50000

unkown

page read and write

664000

heap

page read and write

4601000

heap

page read and write

116A000

unkown

page execute and write copy

3E7F000

stack

page read and write

4BD0000

direct allocation

page execute and read and write

2BFE000

stack

page read and write

620000

direct allocation

page read and write

664000

heap

page read and write

664000

heap

page read and write

4600000

heap

page read and write

4601000

heap

page read and write

1CA0E000

stack

page read and write

4601000

heap

page read and write

620000

direct allocation

page read and write

4601000

heap

page read and write

323E000

stack

page read and write

30BF000

stack

page read and write

664000

heap

page read and write

4ABE000

stack

page read and write

4601000

heap

page read and write

660000

heap

page read and write

664000

heap

page read and write

29BF000

stack

page read and write

620000

direct allocation

page read and write

853000

heap

page read and write

4601000

heap

page read and write

664000

heap

page read and write

4601000

heap

page read and write

7B0000

direct allocation

page execute and read and write

4601000

heap

page read and write

C51000

unkown

page execute and write copy

650000

direct allocation

page read and write

620000

direct allocation

page read and write

4601000

heap

page read and write

2CFF000

stack

page read and write

1CEDC000

stack

page read and write

D0D000

unkown

page execute and read and write

4700000

trusted library allocation

page read and write

664000

heap

page read and write

664000

heap

page read and write

1152000

unkown

page execute and read and write

76F000

stack

page read and write

31FF000

stack

page read and write

664000

heap

page read and write

4601000

heap

page read and write

60E000

stack

page read and write

7D8000

heap

page read and write

1316000

unkown

page execute and write copy

387E000

stack

page read and write

2BBF000

stack

page read and write

664000

heap

page read and write

1315000

unkown

page execute and read and write

4A40000

heap

page read and write

35BF000

stack

page read and write

4601000

heap

page read and write

1DE000

stack

page read and write

4601000

heap

page read and write

2FBE000

stack

page read and write

1CF1D000

stack

page read and write

664000

heap

page read and write

620000

direct allocation

page read and write

4601000

heap

page read and write

4601000

heap

page read and write

4FE000

stack

page read and write

1040000

unkown

page execute and read and write

4601000

heap

page read and write

383F000

stack

page read and write

4601000

heap

page read and write

837000

heap

page read and write

4601000

heap

page read and write

3AFE000

stack

page read and write

4607000

heap

page read and write

4601000

heap

page read and write

4601000

heap

page read and write

3D3F000

stack

page read and write

4601000

heap

page read and write

3BFF000

stack

page read and write

4601000

heap

page read and write

2F7F000

stack

page read and write

3EBE000

stack

page read and write

C0C000

stack

page read and write

160000

heap

page read and write

650000

direct allocation

page read and write

9CF000

stack

page read and write

4601000

heap

page read and write

620000

direct allocation

page read and write

4601000

heap

page read and write

664000

heap

page read and write

115B000

unkown

page execute and read and write

7D0000

heap

page read and write

647000

heap

page read and write

664000

heap

page read and write

4601000

heap

page read and write

664000

heap

page read and write

7AE000

stack

page read and write

4601000

heap

page read and write

1C9CF000

stack

page read and write

620000

direct allocation

page read and write

4601000

heap

page read and write

E9A000

unkown

page execute and read and write

664000

heap

page read and write

1CB0F000

stack

page read and write

397F000

stack

page read and write

1CC4F000

stack

page read and write

4601000

heap

page read and write

4BC0000

direct allocation

page execute and read and write

3D7E000

stack

page read and write

4601000

heap

page read and write

2E7E000

stack

page read and write

4601000

heap

page read and write

620000

direct allocation

page read and write

851000

heap

page read and write

4601000

heap

page read and write

664000

heap

page read and write

4601000

heap

page read and write

620000

direct allocation

page read and write

4601000

heap

page read and write

620000

direct allocation

page read and write

39BE000

stack

page read and write

4BE0000

direct allocation

page execute and read and write

4601000

heap

page read and write

C4E000

stack

page read and write

D01000

unkown

page execute and read and write

664000

heap

page read and write

333F000

stack

page read and write

4601000

heap

page read and write

1169000

unkown

page execute and write copy

664000

heap

page read and write

664000

heap

page read and write

664000

heap

page read and write

4620000

heap

page read and write

35FE000

stack

page read and write

4601000

heap

page read and write

4601000

heap

page read and write

620000

direct allocation

page read and write

620000

direct allocation

page read and write

664000

heap

page read and write

4601000

heap

page read and write

4601000

heap

page read and write

40FF000

stack

page read and write

846000

heap

page read and write

2E3F000

stack

page read and write

4BBF000

stack

page read and write

170000

heap

page read and write

1D01E000

stack

page read and write

664000

heap

page read and write

There are 220 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
file.exe

Processes

URLs

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportfile.exe

Processes

URLs

IPs

Memdumps

IOC Report
file.exe