Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\file.exe

"C:\Users\user\Desktop\file.exe"

Details

Is windows:	false
Is dropped:	false
PID:	2004
Target ID:	0
Parent PID:	2580
Name:	file.exe
Path:	C:\Users\user\Desktop\file.exe
Commandline:	"C:\Users\user\Desktop\file.exe"
Size:	1825280
MD5:	9C7193E94B13D7380DCCC18B19A95158
Time:	19:49:55
Date:	10/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xcb0000
Modulesize:	6885376
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Detected unpacking (changes PE section rights)	Data Obfuscation	Software Packing
Yara detected Powershell download and execute	HIPS / PFW / Operating System Protection Evasion
Yara detected Stealc	Stealing of Sensitive Information, Remote Access Functionality
Machine Learning detection for sample	AV Detection
PE file contains section with special chars	System Summary
PE file contains an invalid checksum	Data Obfuscation
PE file contains sections with non-standard names	Data Obfuscation
Uses 32bit PE files	Compliance, System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011)	System Summary	Software Packing
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
PE file has a big raw section	System Summary
Submission file is bigger than most known malware samples	System Summary

URLs

Name

Malicious

http://185.215.113.37/

185.215.113.37

Details

Name:	http://185.215.113.37/
IP:	185.215.113.37
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\file.exe
Source:	network

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
HTTP GET or POST without a user agent	Networking
IP address seen in connection with other malware	Networking
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

http://185.215.113.37/e2b1563c6670f193.php4&ne

unknown

Details

Name:	http://185.215.113.37/e2b1563c6670f193.php4&ne
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\file.exe
Source:	file.exe, 00000000.00000002.1706114024.00000000018C4000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
URLs found in memory or binary data	Networking

http://185.215.113.37eE

unknown

Details

Name:	http://185.215.113.37eE
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\file.exe
Source:	file.exe, 00000000.00000002.1706114024.000000000187E000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
URLs found in memory or binary data	Networking

http://185.215.113.373h

unknown

Details

Name:	http://185.215.113.373h
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\file.exe
Source:	file.exe, 00000000.00000002.1706114024.00000000018D9000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
URLs found in memory or binary data	Networking

http://185.215.113.37

unknown

Details

Name:	http://185.215.113.37
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\file.exe
Source:	file.exe, 00000000.00000002.1706114024.000000000187E000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
URLs found in memory or binary data	Networking

http://185.215.113.37/e2b1563c6670f193.phpd&

unknown

Details

Name:	http://185.215.113.37/e2b1563c6670f193.phpd&
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\file.exe
Source:	file.exe, 00000000.00000002.1706114024.00000000018C4000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
URLs found in memory or binary data	Networking

http://185.215.113.37/e2b1563c6670f193.php

185.215.113.37

Details

Name:	http://185.215.113.37/e2b1563c6670f193.php
IP:	185.215.113.37
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\file.exe
Source:	network

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
HTTP GET or POST without a user agent	Networking
IP address seen in connection with other malware	Networking
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

185.215.113.37

unknown

Portugal

Details

IP:	185.215.113.37
TargetID:	0
Current Path:	C:\Users\user\Desktop\file.exe
Country:	Portugal
Countrycode:	PRT
ASN number:	206894
ASN name:	WHOLESALECONNECTIONSNL
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
HTTP GET or POST without a user agent	Networking
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

5670000

direct allocation

page read and write

187E000

heap

page read and write

CB1000

unkown

page execute and read and write

3B5E000

stack

page read and write

51E1000

heap

page read and write

11A6000

unkown

page execute and write copy

506F000

stack

page read and write

51E1000

heap

page read and write

479F000

stack

page read and write

51E1000

heap

page read and write

51E1000

heap

page read and write

51E1000

heap

page read and write

51E1000

heap

page read and write

51D0000

direct allocation

page read and write

3DDE000

stack

page read and write

52E0000

trusted library allocation

page read and write

38DE000

stack

page read and write

51D0000

direct allocation

page read and write

1D73E000

stack

page read and write

16FE000

stack

page read and write

11A5000

unkown

page execute and write copy

18C7000

heap

page read and write

51E1000

heap

page read and write

1820000

heap

page read and write

57F0000

direct allocation

page execute and read and write

51E1000

heap

page read and write

1D5BF000

stack

page read and write

57FE000

stack

page read and write

1196000

unkown

page execute and read and write

57E0000

direct allocation

page execute and read and write

51E1000

heap

page read and write

51E1000

heap

page read and write

51E1000

heap

page read and write

51E1000

heap

page read and write

51E1000

heap

page read and write

51E1000

heap

page read and write

116D000

unkown

page execute and read and write

133D000

unkown

page execute and read and write

CB0000

unkown

page readonly

51E0000

heap

page read and write

51D0000

direct allocation

page read and write

18C4000

heap

page read and write

1D89E000

stack

page read and write

57AF000

stack

page read and write

1810000

heap

page read and write

455E000

stack

page read and write

133E000

unkown

page execute and write copy

3C5F000

stack

page read and write

51E1000

heap

page read and write

4B9E000

stack

page read and write

1DAEC000

stack

page read and write

51E1000

heap

page read and write

5800000

direct allocation

page execute and read and write

43DF000

stack

page read and write

57D0000

direct allocation

page execute and read and write

CB1000

unkown

page execute and write copy

365F000

stack

page read and write

51E1000

heap

page read and write

51E1000

heap

page read and write

1D5FE000

stack

page read and write

51E1000

heap

page read and write

D92000

unkown

page execute and read and write

D6D000

unkown

page execute and read and write

405E000

stack

page read and write

51E1000

heap

page read and write

EFA000

unkown

page execute and read and write

13DC000

stack

page read and write

1BEE000

stack

page read and write

51E1000

heap

page read and write

1D6FF000

stack

page read and write

18F4000

heap

page read and write

51E1000

heap

page read and write

51E1000

heap

page read and write

F0E000

unkown

page execute and read and write

4F2F000

stack

page read and write

469E000

stack

page read and write

51D0000

direct allocation

page read and write

19AE000

stack

page read and write

51E1000

heap

page read and write

1878000

heap

page read and write

1098000

unkown

page execute and read and write

4B5F000

stack

page read and write

355B000

heap

page read and write

51D0000

direct allocation

page read and write

51D0000

direct allocation

page read and write

3C9E000

stack

page read and write

51E3000

heap

page read and write

51E1000

heap

page read and write

51E1000

heap

page read and write

51D0000

direct allocation

page read and write

1D9ED000

stack

page read and write

51D0000

direct allocation

page read and write

48DF000

stack

page read and write

51E1000

heap

page read and write

51E1000

heap

page read and write

51E1000

heap

page read and write

51E1000

heap

page read and write

51E1000

heap

page read and write

51D0000

direct allocation

page read and write

51E1000

heap

page read and write

39DF000

stack

page read and write

4CEE000

stack

page read and write

5670000

direct allocation

page read and write

51E1000

heap

page read and write

51E1000

heap

page read and write

51E1000

heap

page read and write

51E1000

heap

page read and write

4CAF000

stack

page read and write

18D9000

heap

page read and write

47DE000

stack

page read and write

18F9000

heap

page read and write

51E1000

heap

page read and write

56AE000

stack

page read and write

3A1E000

stack

page read and write

51E1000

heap

page read and write

375F000

stack

page read and write

1AEE000

stack

page read and write

51E1000

heap

page read and write

3B1F000

stack

page read and write

415F000

stack

page read and write

51E1000

heap

page read and write

51E1000

heap

page read and write

4A5E000

stack

page read and write

5820000

direct allocation

page execute and read and write

3550000

heap

page read and write

11A5000

unkown

page execute and read and write

57F0000

direct allocation

page execute and read and write

51E1000

heap

page read and write

51E1000

heap

page read and write

51E1000

heap

page read and write

441E000

stack

page read and write

350B000

stack

page read and write

51E1000

heap

page read and write

3D9F000

stack

page read and write

51E1000

heap

page read and write

51E1000

heap

page read and write

51E1000

heap

page read and write

51E1000

heap

page read and write

51E1000

heap

page read and write

5670000

direct allocation

page read and write

51E1000

heap

page read and write

51E1000

heap

page read and write

419E000

stack

page read and write

1D83E000

stack

page read and write

51D0000

direct allocation

page read and write

51E1000

heap

page read and write

51E1000

heap

page read and write

34CF000

stack

page read and write

51E1000

heap

page read and write

465F000

stack

page read and write

3557000

heap

page read and write

57C0000

direct allocation

page execute and read and write

33CE000

stack

page read and write

4F6E000

stack

page read and write

1AAE000

stack

page read and write

1825000

heap

page read and write

51D0000

direct allocation

page read and write

4A1F000

stack

page read and write

51E1000

heap

page read and write

51E1000

heap

page read and write

51E1000

heap

page read and write

451F000

stack

page read and write

42DE000

stack

page read and write

3F1E000

stack

page read and write

51E1000

heap

page read and write

51E1000

heap

page read and write

354E000

stack

page read and write

51B0000

heap

page read and write

4BA0000

heap

page read and write

1870000

heap

page read and write

5810000

direct allocation

page execute and read and write

51E1000

heap

page read and write

51D0000

direct allocation

page read and write

51E1000

heap

page read and write

118F000

unkown

page execute and read and write

16F5000

stack

page read and write

CB0000

unkown

page read and write

429F000

stack

page read and write

3EDF000

stack

page read and write

1D99F000

stack

page read and write

51E1000

heap

page read and write

51F0000

heap

page read and write

50AE000

stack

page read and write

51AF000

stack

page read and write

491E000

stack

page read and write

1DC2E000

stack

page read and write

4DEF000

stack

page read and write

51E1000

heap

page read and write

51E1000

heap

page read and write

D61000

unkown

page execute and read and write

51D0000

direct allocation

page read and write

401F000

stack

page read and write

51E1000

heap

page read and write

51D0000

direct allocation

page read and write

4E2E000

stack

page read and write

51E1000

heap

page read and write

5200000

heap

page read and write

1730000

heap

page read and write

51E1000

heap

page read and write

379E000

stack

page read and write

51E1000

heap

page read and write

1DB2D000

stack

page read and write

389F000

stack

page read and write

51E1000

heap

page read and write

There are 194 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
file.exe

Processes

URLs

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportfile.exe

Processes

URLs

IPs

Memdumps

IOC Report
file.exe