Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\file.exe

"C:\Users\user\Desktop\file.exe"

Details

Is windows:	false
Is dropped:	false
PID:	6432
Target ID:	0
Parent PID:	1028
Name:	file.exe
Path:	C:\Users\user\Desktop\file.exe
Commandline:	"C:\Users\user\Desktop\file.exe"
Size:	1867264
MD5:	64D0F74791E4442E0F5A2E1E28E07CC8
Time:	16:08:07
Date:	07/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x760000
Modulesize:	4923392
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Detected unpacking (changes PE section rights)	Data Obfuscation	Software Packing
LummaC encrypted strings found	HIPS / PFW / Operating System Protection Evasion	PowerShell Deobfuscate/Decode Files or Information
Machine Learning detection for sample	AV Detection
PE file contains section with special chars	System Summary
PE file contains an invalid checksum	Data Obfuscation
PE file contains sections with non-standard names	Data Obfuscation
Uses 32bit PE files	Compliance, System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011)	System Summary	Software Packing
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
Sample reads its own file content	System Summary
PE file has a big raw section	System Summary
Submission file is bigger than most known malware samples	System Summary

URLs

Name

Malicious

studennotediw.stor

spirittunek.stor

eaglepawnoy.stor

clearancek.site

mobbipenju.stor

https://steamcommunity.com/profiles/76561199724331900

104.102.49.254

licendfilteo.site

bathdoomgaz.stor

dissapoiznw.stor

https://steamcommunity.com/my/wishlist/

unknown

https://player.vimeo.com

unknown

https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=cdfm

unknown

https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english

unknown

https://steamcommunity.com/0

unknown

https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp

unknown

https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f

unknown

https://steamcommunity.com/?subsection=broadcasts

unknown

https://help.steampowered.com/en/

unknown

https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/

unknown

https://steamcommunity.com/market/

unknown

https://store.steampowered.com/news/

unknown

https://community.akamai.steamstatic.com/

unknown

https://store.steampowered.com/subscriber_agreement/

unknown

https://www.gstatic.cn/recaptcha/

unknown

http://store.steampowered.com/subscriber_agreement/

unknown

https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org

unknown

https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6

unknown

https://recaptcha.net/recaptcha/;

unknown

http://www.valvesoftware.com/legal.htm

unknown

https://steamcommunity.com/discussions/

unknown

https://www.youtube.com

unknown

https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png

unknown

https://www.google.com

unknown

https://community.akamai.steamstatic.com/public/css/skin_1/fatalerror.css?v=wctRWaBvNt2z&l=engli

unknown

https://store.steampowered.com/stats/

unknown

https://studennotediw.store/apiT

unknown

https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png

unknown

https://medal.tv

unknown

https://broadcast.st.dl.eccdnx.com

unknown

https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1

unknown

https://store.steampowered.com/steam_refunds/

unknown

https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&

unknown

https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback

unknown

https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900

unknown

https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL

unknown

https://s.ytimg.com;

unknown

https://steamcommunity.com/workshop/

unknown

https://login.steampowered.com/

unknown

https://store.steampowered.com/legal/

unknown

https://steam.tv/

unknown

https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english

unknown

https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv

unknown

https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl

unknown

http://store.steampowered.com/privacy_agreement/

unknown

https://store.steampowered.com/points/shop/

unknown

https://recaptcha.net

unknown

https://store.steampowered.com/

unknown

https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw

unknown

https://steamcommunity.com

unknown

https://sketchfab.com

unknown

https://lv.queniujq.cn

unknown

https://www.youtube.com/

unknown

http://127.0.0.1:27060

unknown

https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&a

unknown

https://store.steampowered.com/privacy_agreement/

unknown

https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en

unknown

https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0

unknown

https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=10oP_O2R

unknown

https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016

unknown

https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am

unknown

https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english

unknown

https://www.google.com/recaptcha/

unknown

https://checkout.steampowered.com/

unknown

https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english

unknown

https://help.steampowered.com/

unknown

https://api.steampowered.com/

unknown

http://store.steampowered.com/account/cookiepreferences/

unknown

https://store.steampowered.com/mobile

unknown

https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png

unknown

https://steamcommunity.com/

unknown

https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC

unknown

https://store.steampowered.com/;

unknown

https://store.steampowered.com/about/

unknown

There are 73 hidden URLs, click here to show them.

Domains

Name

Malicious

licendfilteo.site

unknown

Details

Name:	licendfilteo.site
TargetID:	-1

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
LummaC encrypted strings found	HIPS / PFW / Operating System Protection Evasion	PowerShell Deobfuscate/Decode Files or Information
Sample uses string decryption to hide its real strings	AV Detection
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

clearancek.site

unknown

Details

Name:	clearancek.site
TargetID:	-1

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
LummaC encrypted strings found	HIPS / PFW / Operating System Protection Evasion	PowerShell Deobfuscate/Decode Files or Information
Sample uses string decryption to hide its real strings	AV Detection
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

steamcommunity.com

104.102.49.254

Details

Name:	steamcommunity.com
IP:	104.102.49.254
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Found strings which match to known social media urls	Networking
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

eaglepawnoy.store

unknown

bathdoomgaz.store

unknown

spirittunek.store

unknown

studennotediw.store

unknown

mobbipenju.store

unknown

dissapoiznw.store

unknown

IPs

Domain

Country

Malicious

104.102.49.254

steamcommunity.com

United States

Details

IP:	104.102.49.254
TargetID:	0
Current Path:	C:\Users\user\Desktop\file.exe
Country:	United States
Countrycode:	USA
ASN number:	16625
ASN name:	AKAMAI-ASUS
Private:	false
Domain:	steamcommunity.com

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

761000

unkown

page execute and read and write

4951000

heap

page read and write

94C000

unkown

page execute and read and write

D1D000

stack

page read and write

4940000

direct allocation

page read and write

4951000

heap

page read and write

318E000

stack

page read and write

4F60000

direct allocation

page execute and read and write

541F000

stack

page read and write

4940000

direct allocation

page read and write

350F000

stack

page read and write

4DCD000

stack

page read and write

4F30000

direct allocation

page execute and read and write

509E000

stack

page read and write

114C000

heap

page read and write

4F60000

direct allocation

page execute and read and write

4940000

direct allocation

page read and write

454F000

stack

page read and write

4920000

heap

page read and write

51DD000

stack

page read and write

4D90000

trusted library allocation

page read and write

11B2000

heap

page read and write

38CF000

stack

page read and write

1165000

heap

page read and write

13EF000

stack

page read and write

32CE000

stack

page read and write

41CE000

stack

page read and write

3A0F000

stack

page read and write

469F000

stack

page read and write

547D000

stack

page read and write

4F70000

direct allocation

page execute and read and write

3DCF000

stack

page read and write

117C000

heap

page read and write

1170000

heap

page read and write

11C8000

heap

page read and write

4F40000

direct allocation

page execute and read and write

304E000

stack

page read and write

4951000

heap

page read and write

4951000

heap

page read and write

108E000

stack

page read and write

1128000

heap

page read and write

10EE000

heap

page read and write

519D000

stack

page read and write

4951000

heap

page read and write

354E000

stack

page read and write

112E000

heap

page read and write

C0F000

unkown

page execute and write copy

4951000

heap

page read and write

2C8F000

stack

page read and write

55EE000

stack

page read and write

4951000

heap

page read and write

52DF000

stack

page read and write

4951000

heap

page read and write

A60000

unkown

page execute and read and write

408E000

stack

page read and write

114C000

heap

page read and write

4F60000

direct allocation

page execute and read and write

557D000

stack

page read and write

4F60000

direct allocation

page execute and read and write

4E1E000

stack

page read and write

4940000

direct allocation

page read and write

760000

unkown

page read and write

4DE0000

direct allocation

page read and write

103E000

stack

page read and write

4951000

heap

page read and write

4940000

direct allocation

page read and write

6E0000

heap

page read and write

3A4E000

stack

page read and write

2F0E000

stack

page read and write

404E000

stack

page read and write

4940000

direct allocation

page read and write

37CE000

stack

page read and write

4FAB000

trusted library allocation

page read and write

4DE0000

direct allocation

page read and write

3E0E000

stack

page read and write

4951000

heap

page read and write

4940000

direct allocation

page read and write

46DE000

stack

page read and write

3F4E000

stack

page read and write

11BA000

heap

page read and write

4951000

heap

page read and write

531E000

stack

page read and write

A59000

unkown

page execute and read and write

430E000

stack

page read and write

C0E000

unkown

page execute and read and write

4F60000

direct allocation

page execute and read and write

1129000

heap

page read and write

11E0000

heap

page read and write

68C000

stack

page read and write

4940000

direct allocation

page read and write

4951000

heap

page read and write

760000

unkown

page readonly

4940000

direct allocation

page read and write

A6F000

unkown

page execute and write copy

1124000

heap

page read and write

314F000

stack

page read and write

761000

unkown

page execute and write copy

4940000

direct allocation

page read and write

5430000

remote allocation

page read and write

390E000

stack

page read and write

A28000

unkown

page execute and read and write

11E5000

heap

page read and write

328F000

stack

page read and write

4940000

direct allocation

page read and write

10E0000

heap

page read and write

1171000

heap

page read and write

75E000

stack

page read and write

418F000

stack

page read and write

7C0000

unkown

page execute and read and write

4951000

heap

page read and write

47DF000

stack

page read and write

368E000

stack

page read and write

4550000

heap

page read and write

1097000

heap

page read and write

3CCE000

stack

page read and write

440F000

stack

page read and write

459E000

stack

page read and write

6F0000

heap

page read and write

117C000

heap

page read and write

491F000

stack

page read and write

3B8E000

stack

page read and write

33CF000

stack

page read and write

378F000

stack

page read and write

4F90000

direct allocation

page execute and read and write

5430000

remote allocation

page read and write

112E000

heap

page read and write

4951000

heap

page read and write

4951000

heap

page read and write

4F6E000

stack

page read and write

1120000

heap

page read and write

1165000

heap

page read and write

42CF000

stack

page read and write

1140000

heap

page read and write

56EF000

stack

page read and write

10DB000

stack

page read and write

2DCE000

stack

page read and write

2D8F000

stack

page read and write

4940000

direct allocation

page read and write

364F000

stack

page read and write

A6F000

unkown

page execute and read and write

4951000

heap

page read and write

4DE0000

direct allocation

page read and write

1090000

heap

page read and write

3F0F000

stack

page read and write

5430000

remote allocation

page read and write

4940000

direct allocation

page read and write

4951000

heap

page read and write

12EF000

stack

page read and write

117D000

heap

page read and write

4F1F000

stack

page read and write

A70000

unkown

page execute and write copy

4951000

heap

page read and write

2ECF000

stack

page read and write

300F000

stack

page read and write

4F60000

direct allocation

page execute and read and write

4950000

heap

page read and write

340E000

stack

page read and write

4940000

direct allocation

page read and write

4F50000

direct allocation

page execute and read and write

10EA000

heap

page read and write

1140000

heap

page read and write

481E000

stack

page read and write

4F80000

direct allocation

page execute and read and write

3C8F000

stack

page read and write

1118000

heap

page read and write

3B4F000

stack

page read and write

444E000

stack

page read and write

There are 157 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
file.exe

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportfile.exe

Processes

URLs

Domains

IPs

Memdumps

IOC Report
file.exe