Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

Yx1Wz608PO.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

initial sample

C:\Users\user\Desktop\rifaien2-04RCQxCd2dv0My0K.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-0G3Ju1SgiNMbtyyd.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-0Jvg60acvlNTEetj.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-1u0hu8IxGgzV53b3.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-2McOOOA0Nrrao2kH.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-2ZT16A8KKoDdHefl.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-3Yd5eRNryysSeb1S.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-3v9iLS8WuKhI5HYt.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-4cVt4GKfpP1OEa7u.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-5JMaNQJ1bicgDKr9.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-5nuJmBGqOVTVsVLa.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-6Q71fxUu8dtMFFZU.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-6R5WtqjpUktSTdyX.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-6wusbbrgmMpcBTFV.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-7bKKZTcwZ1AvB69O.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-7c2sZoOt8ZtCld1t.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-7tNM8tQoTbkooJnZ.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-96Wr0t4vpAyIwn2t.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-9KCDfoTvJTmqygky.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-9PANsJP5rpGyNZO8.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-9ZuBld8Y8200Rptx.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-A57jwvvBTZZBhtF8.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-A6jVTXjeaWbirx4X.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-AJCcQtfVrsedwKsZ.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-AbJq5JvGluWbFwwZ.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-AjoycwODvDSL5IAO.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-BGQBJ4RqEFRi5PE5.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-BtW7KCBSW9z60IjW.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-BxQHxwmcvdOeGoyr.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-COs3jWZ0Jp7WCrwG.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-DlmIbpKoNTOiCR62.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-E8VR5WWssDiJ6hpJ.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-EJnWcEY70jNTCKDa.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-FgpAC8WJsCEb80wY.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-G55U73FCHlQNV6Tv.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-GswVbQAeth6AirwL.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-HGWO8ZYntiaZkSsz.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-I6zVOkc7a2MoLHpC.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-IUG4zGcbBzvzNdJv.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-Iz6XhHUHigVtubDW.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-J68guXWHhSRdzOvX.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-L9Cwe3j2i64ZA5Re.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-LRhmhC00EPTolTjv.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-LUEYWSrnqnW64tyL.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-MkDE7nUolYAvIS4K.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-NxxFR5QGAAQFk5K5.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-O1lC3PbxC9VoVOC0.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-OEkS0r3Z3ATRkGxW.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-OIzrhQpACDLMrvoU.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-OMok4oiMxwrfC1T9.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-OTSOrmhlpPBxx1z0.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-P95T1li6WZS69JnD.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-QmVIHCjf9VqYQ95N.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-R4CZoQ4QiFrvNxlX.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-S9mLKeVTibmzm085.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-SKNw52t2NOdB7utQ.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-SMLg9RViRYG2pkp6.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-SZUDU6LfgbhpapuC.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-T5UBOmxC86bktOIn.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-TYDJ5mBBlE7fOmsC.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-TcaUQfBZEuTk2vBh.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-ToqId0cmF9KU3PM3.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-VJi5bt4v05AnA3zO.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-VzjNx1jPI8EBAf3Q.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-WBUGMs1oWatC1b9R.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-WbnLg1fQUOoUplSV.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-XK86MMSGqdyh0W5j.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-XzoPd5NlxkpB2Qkz.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-YQ9gXxkityqTj37o.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-Yf4NmWwsZ4N1yY95.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-YmUvcvAsSxinM0iL.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-b3ZWCYI3KgQ9GVd3.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-bq6a0w9PvOP4ugLz.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-cBftW9zYcUyutts4.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-cR40kHbNSjvP90Vq.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-d57ykrWvlTZrDkZc.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-dIQ7PuzulNOWjRao.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-dJL9srUqHWxbpcQx.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-dOfNWxhGxDVM5njb.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-ddYzW9sGfJmlWZnw.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-eei39BxrAlW6aX8E.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-epoE6KTuro0m1xNJ.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-hjuuzUmtGWBSTnRJ.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-i3DqfztkSkxjdOOT.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-iQ6mR49yFM8ZeZJU.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-iW7fhM4FzUmYb7vN.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-ifcsZ28RZVEhoCrQ.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-j3TM965RhhPaWaoT.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

modified

C:\Users\user\Desktop\rifaien2-jjtIOSCKSFCJbo5i.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-kCfzpzzrLEJySBVF.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-kcYq3LQT7lYbdaDe.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-lPPuG2RrxVsPwO3X.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-lT8PohiYenvvawzn.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-lb1B7z5W8Hr4HXyC.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-mZiov3C61rXFF0QW.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-nIZ5n5lptzBCBPzM.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-nSkjqsOEKHn8zr0H.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-oe1pzZn0FqkWwHnO.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-ohgyDPAuvT69bY1P.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-pZiVwtzAoHPN50fS.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-pjdvkdP0LsUtRXiu.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-pzfLarqkprlSO2uY.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-r2gYxmdgnH5fh0Tl.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-sN0y7l8Im6L0ds43.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-sRruH8z25Svnoo9L.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-sz8sEdTvyndgp7Ss.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-tolfs77xPfDJew2m.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-vHRnMKXku4QndQxg.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-vRPnVm1Qja67kBU8.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-vo3rAgWF4nEMJ6aR.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-vsxK6NHsLYHm3jak.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-wBSYZWWVkUWmC8pQ.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-xQCbPBaBXuF4MpsD.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-xqnIfi8BvwfeKF7n.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-yaHGIObEHeHxPiG1.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-ymsS3UBlm6KtwJ4n.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-zmf4GTpATeIJdXHM.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

C:\Users\user\Desktop\rifaien2-zp2ChanxJl0jb6U5.exe

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

dropped

\Device\ConDrv

HTML document, ASCII text, with CRLF, CR line terminators

dropped

There are 110 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\Yx1Wz608PO.exe

"C:\Users\user\Desktop\Yx1Wz608PO.exe"

Details

Is windows:	true
Is dropped:	false
PID:	7420
Target ID:	0
Parent PID:	2580
Name:	Yx1Wz608PO.exe
Path:	C:\Users\user\Desktop\Yx1Wz608PO.exe
Commandline:	"C:\Users\user\Desktop\Yx1Wz608PO.exe"
Size:	84992
MD5:	295F29368A4822ED7BABAAC02992CA00
Time:	15:01:11
Date:	10/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	172032
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
PE file contains sections with non-standard names	Data Obfuscation
Uses 32bit PE files	Compliance, System Summary
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
Spawns processes	System Summary	Process Injection
URLs found in memory or binary data	Networking

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	7428
Target ID:	1
Parent PID:	7420
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	15:01:11
Date:	10/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7699e0000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

http://wecan.hasthe.technology/upload

104.21.59.199

https://computernewb.com/collab-vm/=

unknown

http://wecan.hasthe.techno

unknown

https://computernewb.com/collab-vm/H

unknown

https://computernewb.com/collab-vm/h

unknown

https://computernewb.com/collab-vm/logy

unknown

https://computernewb.com/collab-vm/6

unknown

http://curl.haxx.se/docs/http-cookies.html#

unknown

http://wecan.hasthe.technology/uploadcurl_easy_perform()

unknown

https://computernewb.com/collab-vm/

unknown

http://curl.haxx.se/docs/http-cookies.html

unknown

There are 1 hidden URLs, click here to show them.

Domains

Name

Malicious

wecan.hasthe.technology

104.21.59.199

Details

Name:	wecan.hasthe.technology
IP:	104.21.59.199
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
HTTP GET or POST without a user agent	Networking
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

104.21.59.199

wecan.hasthe.technology

United States

Details

IP:	104.21.59.199
TargetID:	0
Current Path:	C:\Users\user\Desktop\Yx1Wz608PO.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	wecan.hasthe.technology

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking

172.67.183.40

unknown

United States

Memdumps

Base Address

Regiontype

Protect

Malicious

75D000

heap

page read and write

75D000

heap

page read and write

124F000

stack

page read and write

950000

heap

page read and write

80E000

heap

page read and write

80E000

heap

page read and write

75D000

heap

page read and write

95E000

heap

page read and write

75D000

heap

page read and write

75D000

heap

page read and write

7F0000

heap

page read and write

756000

heap

page read and write

75D000

heap

page read and write

104F000

stack

page read and write

756000

heap

page read and write

756000

heap

page read and write

75D000

heap

page read and write

756000

heap

page read and write

756000

heap

page read and write

80E000

heap

page read and write

756000

heap

page read and write

6B0000

heap

page read and write

80E000

heap

page read and write

756000

heap

page read and write

424000

unkown

page execute and read and write

9D000

stack

page read and write

80E000

heap

page read and write

80E000

heap

page read and write

756000

heap

page read and write

80E000

heap

page read and write

75D000

heap

page read and write

80E000

heap

page read and write

75D000

heap

page read and write

62D000

stack

page read and write

756000

heap

page read and write

428000

unkown

page execute and write copy

75D000

heap

page read and write

75D000

heap

page read and write

75D000

heap

page read and write

756000

heap

page read and write

756000

heap

page read and write

756000

heap

page read and write

756000

heap

page read and write

80E000

heap

page read and write

756000

heap

page read and write

75D000

heap

page read and write

75D000

heap

page read and write

1D0000

heap

page read and write

80E000

heap

page read and write

414000

unkown

page execute and write copy

75D000

heap

page read and write

80E000

heap

page read and write

75D000

heap

page read and write

80E000

heap

page read and write

66E000

stack

page read and write

756000

heap

page read and write

80E000

heap

page read and write

756000

heap

page read and write

75D000

heap

page read and write

80E000

heap

page read and write

80E000

heap

page read and write

80E000

heap

page read and write

80E000

heap

page read and write

756000

heap

page read and write

75D000

heap

page read and write

80E000

heap

page read and write

75D000

heap

page read and write

75D000

heap

page read and write

756000

heap

page read and write

75D000

heap

page read and write

80E000

heap

page read and write

80E000

heap

page read and write

75D000

heap

page read and write

427000

unkown

page execute and read and write

80E000

heap

page read and write

75D000

heap

page read and write

756000

heap

page read and write

80E000

heap

page read and write

756000

heap

page read and write

750000

heap

page read and write

756000

heap

page read and write

95A000

heap

page read and write

75D000

heap

page read and write

F0000

heap

page read and write

756000

heap

page read and write

80E000

heap

page read and write

756000

heap

page read and write

80E000

heap

page read and write

80E000

heap

page read and write

80E000

heap

page read and write

80E000

heap

page read and write

756000

heap

page read and write

80E000

heap

page read and write

75D000

heap

page read and write

75D000

heap

page read and write

75D000

heap

page read and write

41F000

unkown

page execute and read and write

80E000

heap

page read and write

756000

heap

page read and write

75D000

heap

page read and write

75D000

heap

page read and write

823000

heap

page read and write

756000

heap

page read and write

80E000

heap

page read and write

756000

heap

page read and write

1F0000

heap

page read and write

80E000

heap

page read and write

75D000

heap

page read and write

75D000

heap

page read and write

80E000

heap

page read and write

75D000

heap

page read and write

756000

heap

page read and write

756000

heap

page read and write

7E5000

heap

page read and write

80E000

heap

page read and write

75D000

heap

page read and write

756000

heap

page read and write

756000

heap

page read and write

756000

heap

page read and write

756000

heap

page read and write

75D000

heap

page read and write

756000

heap

page read and write

79E000

stack

page read and write

823000

heap

page read and write

756000

heap

page read and write

756000

heap

page read and write

401000

unkown

page execute and read and write

756000

heap

page read and write

80E000

heap

page read and write

756000

heap

page read and write

429000

unkown

page read and write

80E000

heap

page read and write

756000

heap

page read and write

75D000

heap

page read and write

80E000

heap

page read and write

75D000

heap

page read and write

80E000

heap

page read and write

429000

unkown

page write copy

75D000

heap

page read and write

75D000

heap

page read and write

75D000

heap

page read and write

756000

heap

page read and write

756000

heap

page read and write

756000

heap

page read and write

74E000

stack

page read and write

80E000

heap

page read and write

80E000

heap

page read and write

75D000

heap

page read and write

7E0000

heap

page read and write

80E000

heap

page read and write

400000

unkown

page readonly

756000

heap

page read and write

80E000

heap

page read and write

756000

heap

page read and write

80E000

heap

page read and write

756000

heap

page read and write

756000

heap

page read and write

144F000

stack

page read and write

75D000

heap

page read and write

80E000

heap

page read and write

80E000

heap

page read and write

80E000

heap

page read and write

80E000

heap

page read and write

75D000

heap

page read and write

75D000

heap

page read and write

756000

heap

page read and write

75D000

heap

page read and write

75D000

heap

page read and write

80E000

heap

page read and write

756000

heap

page read and write

75D000

heap

page read and write

80E000

heap

page read and write

75D000

heap

page read and write

80E000

heap

page read and write

C4F000

stack

page read and write

756000

heap

page read and write

756000

heap

page read and write

80E000

heap

page read and write

75D000

heap

page read and write

75D000

heap

page read and write

75D000

heap

page read and write

400000

unkown

page readonly

70E000

stack

page read and write

80E000

heap

page read and write

756000

heap

page read and write

75D000

heap

page read and write

75D000

heap

page read and write

756000

heap

page read and write

80E000

heap

page read and write

There are 179 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
Yx1Wz608PO

Files

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportYx1Wz608PO

Files

Processes

URLs

Domains

IPs

Memdumps

IOC Report
Yx1Wz608PO