Automated Malware Analysis IOC Report for

Details

Name:	5535.1.00005630fcbe1000.00005630fcbf7000.rw-.sdmp
TargetID:	16
Dumpstage:	process exit
Protect:	page read and write
Base address:	5630fcbf7000
Size:	90112

Details

Name:	5527.1.00007fe39c74c000.00007fe39cf53000.rw-.sdmp
TargetID:	12
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe39cf53000
Size:	8417280

Details

Name:	5578.1.00007ffdea5f8000.00007ffdea5f9000.r-x.sdmp
TargetID:	17
Dumpstage:	process exit
Protect:	page execute read
Base address:	7ffdea5f9000
Size:	4096

Details

Name:	5527.1.00007fe29802d000.00007fe29802e000.rw-.sdmp
TargetID:	12
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe29802e000
Size:	4096

Details

Name:	5580.1.00007fe39d345000.00007fe39d347000.rw-.sdmp
TargetID:	18
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe39d347000
Size:	8192

Details

Name:	5535.1.00007fe29802e000.00007fe298035000.rw-.sdmp
TargetID:	16
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe298035000
Size:	28672

Details

Name:	5578.1.00005630fabe2000.00005630fcbe0000.rwx.sdmp
TargetID:	17
Dumpstage:	process exit
Protect:	page execute and read and write
Base address:	5630fcbe0000
Size:	33546240

Details

Name:	5578.1.00007fe39d920000.00007fe39d923000.rw-.sdmp
TargetID:	17
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe39d923000
Size:	12288

Details

Name:	5580.1.00005630fabe2000.00005630fcbe0000.rwx.sdmp
TargetID:	18
Dumpstage:	process exit
Protect:	page execute and read and write
Base address:	5630fcbe0000
Size:	33546240

Details

Name:	5527.1.00007fe29802e000.00007fe298035000.rw-.sdmp
TargetID:	12
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe298035000
Size:	28672

Details

Name:	5578.1.00005630fd751000.00005630fd89f000.rw-.sdmp
TargetID:	17
Dumpstage:	process exit
Protect:	page read and write
Base address:	5630fd89f000
Size:	1368064

Signature Hits	Behavior Group	Mitre Attack
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery

Details

Name:	5578.1.00007fe39dc4f000.00007fe39dc51000.rw-.sdmp
TargetID:	17
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe39dc51000
Size:	8192

Details

Name:	5580.1.00005630fa7d7000.00005630fa988000.r-x.sdmp
TargetID:	18
Dumpstage:	process exit
Protect:	page execute read
Base address:	5630fa988000
Size:	1773568

Details

Name:	5527.1.00007fe39dc95000.00007fe39dc96000.rw-.sdmp
TargetID:	12
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe39dc96000
Size:	4096

Details

Name:	5527.1.00007fe398000000.00007fe398021000.rw-.sdmp
TargetID:	12
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe398021000
Size:	135168

Details

Name:	5578.1.00007fe39c74c000.00007fe39cf53000.rw-.sdmp
TargetID:	17
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe39cf53000
Size:	8417280

Details

Name:	5578.1.00007fe29802d000.00007fe29802e000.rw-.sdmp
TargetID:	17
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe29802e000
Size:	4096

Details

Name:	5535.1.00005630fabe2000.00005630fcbe0000.rwx.sdmp
TargetID:	16
Dumpstage:	process exit
Protect:	page execute and read and write
Base address:	5630fcbe0000
Size:	33546240

Details

Name:	5578.1.00007fe398000000.00007fe398021000.rw-.sdmp
TargetID:	17
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe398021000
Size:	135168

Details

Name:	5535.1.00007ffdea5f8000.00007ffdea5f9000.r-x.sdmp
TargetID:	16
Dumpstage:	process exit
Protect:	page execute read
Base address:	7ffdea5f9000
Size:	4096

Details

Name:	5535.1.00005630fabcf000.00005630fabd9000.rw-.sdmp
TargetID:	16
Dumpstage:	process exit
Protect:	page read and write
Base address:	5630fabd9000
Size:	40960

Details

Name:	5535.1.00007fe39d920000.00007fe39d923000.rw-.sdmp
TargetID:	16
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe39d923000
Size:	12288

Details

Name:	5580.1.00007fe398000000.00007fe398021000.rw-.sdmp
TargetID:	18
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe398021000
Size:	135168

Details

Name:	5535.1.00007fe39c74c000.00007fe39cf53000.rw-.sdmp
TargetID:	16
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe39cf53000
Size:	8417280

Details

Name:	5535.1.00005630fa7d7000.00005630fa988000.r-x.sdmp
TargetID:	16
Dumpstage:	process exit
Protect:	page execute read
Base address:	5630fa988000
Size:	1773568

Details

Name:	5578.1.00007fe39d73f000.00007fe39d741000.rw-.sdmp
TargetID:	17
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe39d741000
Size:	8192

Details

Name:	5527.1.00005630fabd9000.00005630fabe2000.rw-.sdmp
TargetID:	12
Dumpstage:	process exit
Protect:	page read and write
Base address:	5630fabe2000
Size:	36864

Details

Name:	5535.1.00007fe39d5d1000.00007fe39d5d5000.rw-.sdmp
TargetID:	16
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe39d5d5000
Size:	16384

Details

Name:	5535.1.00007fe39c6ca000.00007fe39c74b000.rw-.sdmp
TargetID:	16
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe39c74b000
Size:	528384

Details

Name:	5580.1.00005630fd751000.00005630fd89f000.rw-.sdmp
TargetID:	18
Dumpstage:	process exit
Protect:	page read and write
Base address:	5630fd89f000
Size:	1368064

Signature Hits	Behavior Group	Mitre Attack
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery

Details

Name:	5527.1.00007fe3977ff000.00007fe397fff000.rw-.sdmp
TargetID:	12
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe397fff000
Size:	8388608

Details

Name:	5578.1.00007fe39d5ae000.00007fe39d5b2000.rw-.sdmp
TargetID:	17
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe39d5b2000
Size:	16384

Details

Name:	5527.1.00007ffdea5f8000.00007ffdea5f9000.r-x.sdmp
TargetID:	12
Dumpstage:	process exit
Protect:	page execute read
Base address:	7ffdea5f9000
Size:	4096

Details

Name:	5578.1.00005630fcbe1000.00005630fcbf7000.rw-.sdmp
TargetID:	17
Dumpstage:	process exit
Protect:	page read and write
Base address:	5630fcbf7000
Size:	90112

Details

Name:	5535.1.00007fe39dc2c000.00007fe39dc2d000.rw-.sdmp
TargetID:	16
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe39dc2d000
Size:	4096

Details

Name:	5535.1.00007fe39d5ae000.00007fe39d5b2000.rw-.sdmp
TargetID:	16
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe39d5b2000
Size:	16384

Details

Name:	5527.1.00007fe39d5ae000.00007fe39d5b2000.rw-.sdmp
TargetID:	12
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe39d5b2000
Size:	16384

Details

Name:	5578.1.00007fe29802e000.00007fe298035000.rw-.sdmp
TargetID:	17
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe298035000
Size:	28672

Details

Name:	5527.1.00005630fabe2000.00005630fcbe0000.rwx.sdmp
TargetID:	12
Dumpstage:	process exit
Protect:	page execute and read and write
Base address:	5630fcbe0000
Size:	33546240

Details

Name:	5527.1.00007fe39c6ca000.00007fe39c74b000.rw-.sdmp
TargetID:	12
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe39c74b000
Size:	528384

Details

Name:	5580.1.00005630fcbe1000.00005630fcbf7000.rw-.sdmp
TargetID:	18
Dumpstage:	process exit
Protect:	page read and write
Base address:	5630fcbf7000
Size:	90112

Details

Name:	5578.1.00007fe39cfe3000.00007fe39cfe5000.rw-.sdmp
TargetID:	17
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe39cfe5000
Size:	8192

Details

Name:	5527.1.00007ffdea5ca000.00007ffdea5eb000.rw-.sdmp
TargetID:	12
Dumpstage:	process exit
Protect:	page read and write
Base address:	7ffdea5eb000
Size:	135168

Signature Hits	Behavior Group	Mitre Attack
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery

Details

Name:	5580.1.00007fe39d920000.00007fe39d923000.rw-.sdmp
TargetID:	18
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe39d923000
Size:	12288

Details

Name:	5580.1.00007fe39cfe3000.00007fe39cfe5000.rw-.sdmp
TargetID:	18
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe39cfe5000
Size:	8192

Details

Name:	5578.1.00007fe39d345000.00007fe39d347000.rw-.sdmp
TargetID:	17
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe39d347000
Size:	8192

Details

Name:	5578.1.00005630fabcf000.00005630fabd9000.rw-.sdmp
TargetID:	17
Dumpstage:	process exit
Protect:	page read and write
Base address:	5630fabd9000
Size:	40960

Details

Name:	5580.1.00007fe39c6ca000.00007fe39c74b000.rw-.sdmp
TargetID:	18
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe39c74b000
Size:	528384

Details

Name:	5527.1.00007fe39d920000.00007fe39d923000.rw-.sdmp
TargetID:	12
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe39d923000
Size:	12288

Details

Name:	5535.1.00007fe39d345000.00007fe39d347000.rw-.sdmp
TargetID:	16
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe39d347000
Size:	8192

Details

Name:	5580.1.00005630fabcf000.00005630fabd9000.rw-.sdmp
TargetID:	18
Dumpstage:	process exit
Protect:	page read and write
Base address:	5630fabd9000
Size:	40960

Details

Name:	5580.1.00007fe298017000.00007fe298025000.r-x.sdmp
TargetID:	18
Dumpstage:	process exit
Protect:	page execute read
Base address:	7fe298025000
Size:	57344

Details

Name:	5578.1.00007fe298017000.00007fe298025000.r-x.sdmp
TargetID:	17
Dumpstage:	process exit
Protect:	page execute read
Base address:	7fe298025000
Size:	57344

Details

Name:	5527.1.00007fe39d5d1000.00007fe39d5d5000.rw-.sdmp
TargetID:	12
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe39d5d5000
Size:	16384

Details

Name:	5578.1.00007ffdea5ca000.00007ffdea5eb000.rw-.sdmp
TargetID:	17
Dumpstage:	process exit
Protect:	page read and write
Base address:	7ffdea5eb000
Size:	135168

Signature Hits	Behavior Group	Mitre Attack
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery

Details

Name:	5580.1.00005630fabd9000.00005630fabe2000.rw-.sdmp
TargetID:	18
Dumpstage:	process exit
Protect:	page read and write
Base address:	5630fabe2000
Size:	36864

Details

Name:	5527.1.00007fe39d345000.00007fe39d347000.rw-.sdmp
TargetID:	12
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe39d347000
Size:	8192

Details

Name:	5580.1.00007fe3977ff000.00007fe397fff000.rw-.sdmp
TargetID:	18
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe397fff000
Size:	8388608

Details

Name:	5580.1.00007fe39dc95000.00007fe39dc96000.rw-.sdmp
TargetID:	18
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe39dc96000
Size:	4096

Details

Name:	5580.1.00007fe39d73f000.00007fe39d741000.rw-.sdmp
TargetID:	18
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe39d741000
Size:	8192

Details

Name:	5580.1.00007fe39d5ae000.00007fe39d5b2000.rw-.sdmp
TargetID:	18
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe39d5b2000
Size:	16384

Details

Name:	5535.1.00007fe29802d000.00007fe29802e000.rw-.sdmp
TargetID:	16
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe29802e000
Size:	4096

Details

Name:	5580.1.00007ffdea5ca000.00007ffdea5eb000.rw-.sdmp
TargetID:	18
Dumpstage:	process exit
Protect:	page read and write
Base address:	7ffdea5eb000
Size:	135168

Signature Hits	Behavior Group	Mitre Attack
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery

Details

Name:	5535.1.00007fe398000000.00007fe398021000.rw-.sdmp
TargetID:	16
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe398021000
Size:	135168

Details

Name:	5580.1.00007fe39dc2c000.00007fe39dc2d000.rw-.sdmp
TargetID:	18
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe39dc2d000
Size:	4096

Details

Name:	5580.1.00007fe29802d000.00007fe29802e000.rw-.sdmp
TargetID:	18
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe29802e000
Size:	4096

Details

Name:	5580.1.00007fe39d5d1000.00007fe39d5d5000.rw-.sdmp
TargetID:	18
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe39d5d5000
Size:	16384

Details

Name:	5527.1.00007fe39dc2c000.00007fe39dc2d000.rw-.sdmp
TargetID:	12
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe39dc2d000
Size:	4096

Details

Name:	5535.1.00007ffdea5ca000.00007ffdea5eb000.rw-.sdmp
TargetID:	16
Dumpstage:	process exit
Protect:	page read and write
Base address:	7ffdea5eb000
Size:	135168

Signature Hits	Behavior Group	Mitre Attack
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery

Details

Name:	5527.1.00005630fabcf000.00005630fabd9000.rw-.sdmp
TargetID:	12
Dumpstage:	process exit
Protect:	page read and write
Base address:	5630fabd9000
Size:	40960

Details

Name:	5578.1.00005630fa7d7000.00005630fa988000.r-x.sdmp
TargetID:	17
Dumpstage:	process exit
Protect:	page execute read
Base address:	5630fa988000
Size:	1773568

Details

Name:	5535.1.00007fe39d73f000.00007fe39d741000.rw-.sdmp
TargetID:	16
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe39d741000
Size:	8192

Details

Name:	5535.1.00007fe298017000.00007fe298025000.r-x.sdmp
TargetID:	16
Dumpstage:	process exit
Protect:	page execute read
Base address:	7fe298025000
Size:	57344

Details

Name:	5578.1.00007fe39d5d1000.00007fe39d5d5000.rw-.sdmp
TargetID:	17
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe39d5d5000
Size:	16384

Details

Name:	5535.1.00007fe3977ff000.00007fe397fff000.rw-.sdmp
TargetID:	16
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe397fff000
Size:	8388608

Details

Name:	5527.1.00007fe39db02000.00007fe39db04000.rw-.sdmp
TargetID:	12
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe39db04000
Size:	8192

Details

Name:	5527.1.00005630fa7d7000.00005630fa988000.r-x.sdmp
TargetID:	12
Dumpstage:	process exit
Protect:	page execute read
Base address:	5630fa988000
Size:	1773568

Details

Name:	5535.1.00005630fd751000.00005630fd89f000.rw-.sdmp
TargetID:	16
Dumpstage:	process exit
Protect:	page read and write
Base address:	5630fd89f000
Size:	1368064

Signature Hits	Behavior Group	Mitre Attack
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery

Details

Name:	5527.1.00007fe298017000.00007fe298025000.r-x.sdmp
TargetID:	12
Dumpstage:	process exit
Protect:	page execute read
Base address:	7fe298025000
Size:	57344

Details

Name:	5535.1.00007fe39dc95000.00007fe39dc96000.rw-.sdmp
TargetID:	16
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe39dc96000
Size:	4096

Details

Name:	5535.1.00007fe39dc4f000.00007fe39dc51000.rw-.sdmp
TargetID:	16
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe39dc51000
Size:	8192

Details

Name:	5580.1.00007fe29802e000.00007fe298035000.rw-.sdmp
TargetID:	18
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe298035000
Size:	28672

Details

Name:	5535.1.00007fe39db02000.00007fe39db04000.rw-.sdmp
TargetID:	16
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe39db04000
Size:	8192

Details

Name:	5580.1.00007ffdea5f8000.00007ffdea5f9000.r-x.sdmp
TargetID:	18
Dumpstage:	process exit
Protect:	page execute read
Base address:	7ffdea5f9000
Size:	4096

Details

Name:	5580.1.00007fe39db02000.00007fe39db04000.rw-.sdmp
TargetID:	18
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe39db04000
Size:	8192

Details

Name:	5578.1.00007fe39dc95000.00007fe39dc96000.rw-.sdmp
TargetID:	17
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe39dc96000
Size:	4096

Details

Name:	5578.1.00007fe39db02000.00007fe39db04000.rw-.sdmp
TargetID:	17
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe39db04000
Size:	8192

Details

Name:	5578.1.00007fe3977ff000.00007fe397fff000.rw-.sdmp
TargetID:	17
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe397fff000
Size:	8388608

Details

Name:	5527.1.00007fe39d73f000.00007fe39d741000.rw-.sdmp
TargetID:	12
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe39d741000
Size:	8192

Details

Name:	5578.1.00007fe39c6ca000.00007fe39c74b000.rw-.sdmp
TargetID:	17
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe39c74b000
Size:	528384

Details

Name:	5580.1.00007fe39dc4f000.00007fe39dc51000.rw-.sdmp
TargetID:	18
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe39dc51000
Size:	8192

Details

Name:	5578.1.00007fe39dc2c000.00007fe39dc2d000.rw-.sdmp
TargetID:	17
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe39dc2d000
Size:	4096

Details

Name:	5527.1.00007fe39cfe3000.00007fe39cfe5000.rw-.sdmp
TargetID:	12
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe39cfe5000
Size:	8192

Details

Name:	5535.1.00005630fabd9000.00005630fabe2000.rw-.sdmp
TargetID:	16
Dumpstage:	process exit
Protect:	page read and write
Base address:	5630fabe2000
Size:	36864

Details

Name:	5527.1.00005630fcbe1000.00005630fcbf7000.rw-.sdmp
TargetID:	12
Dumpstage:	process exit
Protect:	page read and write
Base address:	5630fcbf7000
Size:	90112

Details

Name:	5527.1.00005630fd751000.00005630fd89f000.rw-.sdmp
TargetID:	12
Dumpstage:	process exit
Protect:	page read and write
Base address:	5630fd89f000
Size:	1368064

Signature Hits	Behavior Group	Mitre Attack
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery

Details

Name:	5527.1.00007fe39dc4f000.00007fe39dc51000.rw-.sdmp
TargetID:	12
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe39dc51000
Size:	8192

Details

Name:	5535.1.00007fe298035000.00007fe29803f000.rw-.sdmp
TargetID:	16
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe29803f000
Size:	40960

Details

Name:	5578.1.00005630fabd9000.00005630fabe2000.rw-.sdmp
TargetID:	17
Dumpstage:	process exit
Protect:	page read and write
Base address:	5630fabe2000
Size:	36864

Details

Name:	5580.1.00007fe39c74c000.00007fe39cf53000.rw-.sdmp
TargetID:	18
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe39cf53000
Size:	8417280

Details

Name:	5535.1.00007fe39cfe3000.00007fe39cfe5000.rw-.sdmp
TargetID:	16
Dumpstage:	process exit
Protect:	page read and write
Base address:	7fe39cfe5000
Size:	8192

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
na.elf

Processes

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportna.elf

Processes

Memdumps

IOC Report
na.elf