Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\JT1yqn67un.exe

"C:\Users\user\Desktop\JT1yqn67un.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7460
Target ID:	0
Parent PID:	2580
Name:	JT1yqn67un.exe
Path:	C:\Users\user\Desktop\JT1yqn67un.exe
Commandline:	"C:\Users\user\Desktop\JT1yqn67un.exe"
Size:	194048
MD5:	9E88E85A46486F7F56B3AABA6E29737C
Time:	04:35:19
Date:	08/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xf00000
Modulesize:	212992
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Yara detected KoiLoader	Data Obfuscation
Yara detected UAC Bypass using CMSTP	Exploits
Machine Learning detection for sample	AV Detection
Uses 32bit PE files	Compliance, System Summary
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
URLs found in memory or binary data	Networking
PE file contains a valid data directory to section mapping	System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a mix of data directories often seen in goodware	System Summary

URLs

Name

Malicious

http://2.58.14.95/malto.php

Details

Name:	http://2.58.14.95/malto.php
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\JT1yqn67un.exe
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery
URLs found in memory or binary data	Networking

https://lacasadelverde.com/css

unknown

Details

Name:	https://lacasadelverde.com/css
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\JT1yqn67un.exe
Source:	JT1yqn67un.exe

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery
URLs found in memory or binary data	Networking

https://lacasadelverde.com/css/c

unknown

Details

Name:	https://lacasadelverde.com/css/c
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\JT1yqn67un.exe
Source:	JT1yqn67un.exe, 00000000.00000002.1735347599.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, JT1yqn67un.exe, 00000000.00000002.1735137661.00000000005E1000.00000020.00001000.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery
URLs found in memory or binary data	Networking

http://2.58.14.95/malto.php%temp%

unknown

Details

Name:	http://2.58.14.95/malto.php%temp%
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\JT1yqn67un.exe
Source:	JT1yqn67un.exe, 00000000.00000002.1735347599.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, JT1yqn67un.exe, 00000000.00000002.1735137661.00000000005E1000.00000020.00001000.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery
URLs found in memory or binary data	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

B8E000

heap

page read and write

5E1000

direct allocation

page execute read

5EB000

direct allocation

page readonly

F1B000

unkown

page read and write

F1D000

unkown

page readonly

F01000

unkown

page execute read

5C0000

heap

page read and write

5B0000

heap

page read and write

A0E000

stack

page read and write

F1D000

unkown

page readonly

F1B000

unkown

page write copy

A60000

heap

page read and write

F01000

unkown

page execute read

DB0000

heap

page read and write

F00000

unkown

page readonly

5EC000

direct allocation

page execute and read and write

F13000

unkown

page readonly

F13000

unkown

page readonly

A4E000

stack

page read and write

EF0000

heap

page read and write

B80000

heap

page read and write

54B000

stack

page read and write

D7E000

stack

page read and write

B8A000

heap

page read and write

F00000

unkown

page readonly

8FC000

stack

page read and write

5E0000

direct allocation

page readonly

B6F000

stack

page read and write

There are 18 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
JT1yqn67un.exe

Processes

URLs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportJT1yqn67un.exe

Processes

URLs

Memdumps

IOC Report
JT1yqn67un.exe