Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\file.exe

"C:\Users\user\Desktop\file.exe"

Details

Is windows:	false
Is dropped:	false
PID:	1892
Target ID:	0
Parent PID:	1028
Name:	file.exe
Path:	C:\Users\user\Desktop\file.exe
Commandline:	"C:\Users\user\Desktop\file.exe"
Size:	1864192
MD5:	64B7A8116F8B1BC1984041382B79150F
Time:	11:32:00
Date:	08/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xb80000
Modulesize:	4907008
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Detected unpacking (changes PE section rights)	Data Obfuscation	Software Packing
LummaC encrypted strings found	HIPS / PFW / Operating System Protection Evasion	PowerShell Deobfuscate/Decode Files or Information
Machine Learning detection for sample	AV Detection
PE file contains section with special chars	System Summary
PE file contains an invalid checksum	Data Obfuscation
PE file contains sections with non-standard names	Data Obfuscation
Uses 32bit PE files	Compliance, System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011)	System Summary	Software Packing
PE file has a high occurrence of arithmetic instructions at the PE entrypoint (possbibily packed)	System Summary	Obfuscated Files or Information
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
Sample reads its own file content	System Summary
PE file has a big raw section	System Summary
Submission file is bigger than most known malware samples	System Summary

URLs

Name

Malicious

dissapoiznw.storec

studennotediw.storec

licendfilteo.sitec

https://steamcommunity.com/profiles/76561199724331900p

unknown

clearancek.site

https://steamcommunity.com/profiles/76561199724331900

104.102.49.254

bathdoomgaz.storec

eaglepawnoy.storec

mobbipenju.store

spirittunek.storec

https://steamcommunity.com/my/wishlist/

unknown

https://player.vimeo.com

unknown

https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=cdfm

unknown

https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english

unknown

https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp

unknown

https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f

unknown

https://steamcommunity.com/?subsection=broadcasts

unknown

https://help.steampowered.com/en/

unknown

https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/

unknown

https://steamcommunity.com/market/

unknown

https://store.steampowered.com/news/

unknown

https://community.akamai.steamstatic.com/

unknown

https://store.steampowered.com/subscriber_agreement/

unknown

https://www.gstatic.cn/recaptcha/

unknown

http://store.steampowered.com/subscriber_agreement/

unknown

https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org

unknown

https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6

unknown

https://recaptcha.net/recaptcha/;

unknown

http://www.valvesoftware.com/legal.htm

unknown

https://steamcommunity.com/discussions/

unknown

https://www.youtube.com

unknown

https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png

unknown

https://www.google.com

unknown

https://community.akamai.steamstatic.com/public/css/skin_1/fatalerror.css?v=wctRWaBvNt2z&l=engli

unknown

https://store.steampowered.com/stats/

unknown

https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png

unknown

https://medal.tv

unknown

https://broadcast.st.dl.eccdnx.com

unknown

https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1

unknown

https://store.steampowered.com/steam_refunds/

unknown

https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&

unknown

https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback

unknown

https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900

unknown

https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL

unknown

https://s.ytimg.com;

unknown

https://steamcommunity.com/workshop/

unknown

https://login.steampowered.com/

unknown

https://steamcommunity.com/7

unknown

https://store.steampowered.com/legal/

unknown

https://steam.tv/

unknown

https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english

unknown

https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv

unknown

https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl

unknown

http://store.steampowered.com/privacy_agreement/

unknown

https://store.steampowered.com/points/shop/

unknown

https://recaptcha.net

unknown

https://store.steampowered.com/

unknown

https://clearancek.site/api

unknown

https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw

unknown

https://steamcommunity.com

unknown

https://sketchfab.com

unknown

https://lv.queniujq.cn

unknown

https://www.youtube.com/

unknown

http://127.0.0.1:27060

unknown

https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&a

unknown

https://store.steampowered.com/privacy_agreement/

unknown

https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en

unknown

https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0

unknown

https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=10oP_O2R

unknown

https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016

unknown

https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am

unknown

https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english

unknown

https://www.google.com/recaptcha/

unknown

https://checkout.steampowered.com/

unknown

https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english

unknown

https://help.steampowered.com/

unknown

https://api.steampowered.com/

unknown

http://store.steampowered.com/account/cookiepreferences/

unknown

https://store.steampowered.com/mobile

unknown

https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png

unknown

https://steamcommunity.com/

unknown

https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC

unknown

https://store.steampowered.com/;

unknown

https://api.steampowered.c

unknown

https://store.steampowered.com/about/

unknown

There are 75 hidden URLs, click here to show them.

Domains

Name

Malicious

eaglepawnoy.store

unknown

Details

Name:	eaglepawnoy.store
TargetID:	-1

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

bathdoomgaz.store

unknown

Details

Name:	bathdoomgaz.store
TargetID:	-1

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

spirittunek.store

unknown

Details

Name:	spirittunek.store
TargetID:	-1

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

licendfilteo.site

unknown

Details

Name:	licendfilteo.site
TargetID:	-1

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
LummaC encrypted strings found	HIPS / PFW / Operating System Protection Evasion	PowerShell Deobfuscate/Decode Files or Information
Sample uses string decryption to hide its real strings	AV Detection
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

studennotediw.store

unknown

Details

Name:	studennotediw.store
TargetID:	-1

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

mobbipenju.store

unknown

Details

Name:	mobbipenju.store
TargetID:	-1

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

clearancek.site

unknown

Details

Name:	clearancek.site
TargetID:	-1

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
LummaC encrypted strings found	HIPS / PFW / Operating System Protection Evasion	PowerShell Deobfuscate/Decode Files or Information
Sample uses string decryption to hide its real strings	AV Detection
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

dissapoiznw.store

unknown

Details

Name:	dissapoiznw.store
TargetID:	-1

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

steamcommunity.com

104.102.49.254

Details

Name:	steamcommunity.com
IP:	104.102.49.254
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Found strings which match to known social media urls	Networking
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

IPs

Domain

Country

Malicious

104.102.49.254

steamcommunity.com

United States

Details

IP:	104.102.49.254
TargetID:	0
Current Path:	C:\Users\user\Desktop\file.exe
Country:	United States
Countrycode:	USA
ASN number:	16625
ASN name:	AKAMAI-ASUS
Private:	false
Domain:	steamcommunity.com

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

B81000

unkown

page execute and read and write

1524000

heap

page read and write

4E90000

direct allocation

page read and write

3BCF000

stack

page read and write

1619000

heap

page read and write

15E3000

heap

page read and write

1524000

heap

page read and write

1524000

heap

page read and write

4E90000

direct allocation

page read and write

15C5000

heap

page read and write

30AE000

stack

page read and write

1524000

heap

page read and write

4E90000

direct allocation

page read and write

3ACE000

stack

page read and write

15B8000

heap

page read and write

15C2000

heap

page read and write

1614000

heap

page read and write

15B8000

heap

page read and write

1524000

heap

page read and write

45CF000

stack

page read and write

55EE000

stack

page read and write

15C9000

heap

page read and write

54D0000

direct allocation

page execute and read and write

1524000

heap

page read and write

161D000

heap

page read and write

4E90000

direct allocation

page read and write

5320000

remote allocation

page read and write

4EA1000

heap

page read and write

54E0000

direct allocation

page execute and read and write

5AED000

stack

page read and write

54B0000

direct allocation

page execute and read and write

586F000

stack

page read and write

15ED000

heap

page read and write

5480000

direct allocation

page execute and read and write

4E90000

direct allocation

page read and write

4EA0000

heap

page read and write

3180000

heap

page read and write

1524000

heap

page read and write

58AE000

stack

page read and write

434F000

stack

page read and write

1524000

heap

page read and write

5330000

direct allocation

page read and write

10BC000

stack

page read and write

52E0000

heap

page read and write

572D000

stack

page read and write

3D4E000

stack

page read and write

14F0000

heap

page read and write

460E000

stack

page read and write

1658000

heap

page read and write

4E90000

direct allocation

page read and write

4EB0000

heap

page read and write

4E90000

direct allocation

page read and write

1524000

heap

page read and write

1605000

heap

page read and write

488E000

stack

page read and write

161D000

heap

page read and write

15E2000

heap

page read and write

177F000

stack

page read and write

156E000

stack

page read and write

1524000

heap

page read and write

338F000

stack

page read and write

1524000

heap

page read and write

384E000

stack

page read and write

3E8E000

stack

page read and write

17BE000

stack

page read and write

B80000

unkown

page readonly

562D000

stack

page read and write

B81000

unkown

page execute and write copy

410E000

stack

page read and write

15E0000

heap

page read and write

15CE000

heap

page read and write

1601000

heap

page read and write

BE0000

unkown

page execute and read and write

4B0E000

stack

page read and write

398E000

stack

page read and write

4D8E000

stack

page read and write

1524000

heap

page read and write

161D000

heap

page read and write

E8C000

unkown

page execute and read and write

1663000

heap

page read and write

438E000

stack

page read and write

15C2000

heap

page read and write

474E000

stack

page read and write

1601000

heap

page read and write

4EA1000

heap

page read and write

4C4E000

stack

page read and write

B80000

unkown

page read and write

44CD000

stack

page read and write

35CE000

stack

page read and write

4E90000

direct allocation

page read and write

15ED000

heap

page read and write

59AF000

stack

page read and write

546F000

stack

page read and write

1524000

heap

page read and write

3A8F000

stack

page read and write

4EA1000

heap

page read and write

1524000

heap

page read and write

158E000

heap

page read and write

15E0000

heap

page read and write

161A000

heap

page read and write

52E0000

trusted library allocation

page read and write

4E90000

direct allocation

page read and write

D68000

unkown

page execute and read and write

380F000

stack

page read and write

4E90000

direct allocation

page read and write

54A0000

direct allocation

page execute and read and write

5B5E000

stack

page read and write

59EE000

stack

page read and write

1605000

heap

page read and write

4EA1000

heap

page read and write

4E8F000

stack

page read and write

15ED000

heap

page read and write

420F000

stack

page read and write

5490000

direct allocation

page execute and read and write

316E000

stack

page read and write

3F8F000

stack

page read and write

358F000

stack

page read and write

4EA1000

heap

page read and write

15C5000

heap

page read and write

15C8000

heap

page read and write

3E4F000

stack

page read and write

54B0000

direct allocation

page execute and read and write

3FCE000

stack

page read and write

4ACF000

stack

page read and write

4EA1000

heap

page read and write

49CE000

stack

page read and write

4E90000

direct allocation

page read and write

1524000

heap

page read and write

E8D000

unkown

page execute and write copy

54BD000

stack

page read and write

3170000

heap

page read and write

1614000

heap

page read and write

536E000

stack

page read and write

40CF000

stack

page read and write

15CE000

heap

page read and write

1520000

heap

page read and write

54B0000

direct allocation

page execute and read and write

5330000

direct allocation

page read and write

328F000

stack

page read and write

1524000

heap

page read and write

576E000

stack

page read and write

4C0F000

stack

page read and write

4EA1000

heap

page read and write

1524000

heap

page read and write

54B0000

direct allocation

page execute and read and write

470F000

stack

page read and write

161D000

heap

page read and write

1652000

heap

page read and write

484F000

stack

page read and write

4D4F000

stack

page read and write

1524000

heap

page read and write

11BD000

stack

page read and write

18BF000

stack

page read and write

1410000

heap

page read and write

1524000

heap

page read and write

54F9000

trusted library allocation

page read and write

1524000

heap

page read and write

1524000

heap

page read and write

370E000

stack

page read and write

165D000

heap

page read and write

424E000

stack

page read and write

3187000

heap

page read and write

15B3000

heap

page read and write

36CF000

stack

page read and write

448F000

stack

page read and write

E7E000

unkown

page execute and read and write

30EB000

stack

page read and write

4E90000

direct allocation

page read and write

4E90000

direct allocation

page read and write

4E90000

direct allocation

page read and write

4EA1000

heap

page read and write

E8C000

unkown

page execute and write copy

E76000

unkown

page execute and read and write

4EA1000

heap

page read and write

5C5F000

stack

page read and write

1524000

heap

page read and write

1524000

heap

page read and write

54B0000

direct allocation

page execute and read and write

5330000

direct allocation

page read and write

E4A000

unkown

page execute and read and write

5320000

remote allocation

page read and write

54B0000

direct allocation

page execute and read and write

158A000

heap

page read and write

1524000

heap

page read and write

5320000

remote allocation

page read and write

312E000

stack

page read and write

3D0F000

stack

page read and write

54C0000

direct allocation

page execute and read and write

1524000

heap

page read and write

1580000

heap

page read and write

498F000

stack

page read and write

102A000

unkown

page execute and read and write

1614000

heap

page read and write

3C0E000

stack

page read and write

394F000

stack

page read and write

348F000

stack

page read and write

1605000

heap

page read and write

1601000

heap

page read and write

There are 188 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
file.exe

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportfile.exe

Processes

URLs

Domains

IPs

Memdumps

IOC Report
file.exe