Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\file.exe

"C:\Users\user\Desktop\file.exe"

Details

Is windows:	false
Is dropped:	false
PID:	6652
Target ID:	0
Parent PID:	2580
Name:	file.exe
Path:	C:\Users\user\Desktop\file.exe
Commandline:	"C:\Users\user\Desktop\file.exe"
Size:	1825792
MD5:	EBDDC57C042F9C28F78E5D1FA1C75020
Time:	06:14:09
Date:	12/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x540000
Modulesize:	6885376
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Detected unpacking (changes PE section rights)	Data Obfuscation	Software Packing
Yara detected Powershell download and execute	HIPS / PFW / Operating System Protection Evasion
Yara detected Stealc	Stealing of Sensitive Information, Remote Access Functionality
Machine Learning detection for sample	AV Detection
PE file contains section with special chars	System Summary
PE file contains an invalid checksum	Data Obfuscation
PE file contains sections with non-standard names	Data Obfuscation
Uses 32bit PE files	Compliance, System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011)	System Summary	Software Packing
PE file has a high occurrence of arithmetic instructions at the PE entrypoint (possbibily packed)	System Summary	Obfuscated Files or Information
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
PE file has a big raw section	System Summary
Submission file is bigger than most known malware samples	System Summary

URLs

Name

Malicious

http://185.215.113.37=

unknown

http://185.215.113.37/e2b1563c6670f193.phpows

unknown

http://185.215.113.37/

185.215.113.37

http://185.215.113.37/e2b1563c6670f193.php2

unknown

http://185.215.113.37

unknown

http://185.215.113.37/e2b1563c6670f193.php&

unknown

http://185.215.113.37/e2b1563c6670f193.php

185.215.113.37

http://185.215.113.37/e2b1563c6670f193.phpY

unknown

http://185.215.113.37/e2b1563c6670f193.phpg

unknown

http://185.215.113.37D

unknown

IPs

Domain

Country

Malicious

185.215.113.37

unknown

Portugal

Details

IP:	185.215.113.37
TargetID:	0
Current Path:	C:\Users\user\Desktop\file.exe
Country:	Portugal
Countrycode:	PRT
ASN number:	206894
ASN name:	WHOLESALECONNECTIONSNL
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
HTTP GET or POST without a user agent	Networking
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

541000

unkown

page execute and read and write

105E000

heap

page read and write

4F00000

direct allocation

page read and write

1058000

heap

page read and write

1040000

direct allocation

page read and write

4A81000

heap

page read and write

4A81000

heap

page read and write

4A81000

heap

page read and write

1034000

heap

page read and write

A26000

unkown

page execute and read and write

4A81000

heap

page read and write

4A81000

heap

page read and write

4A81000

heap

page read and write

1040000

direct allocation

page read and write

1040000

direct allocation

page read and write

37BF000

stack

page read and write

2CB0000

heap

page read and write

1CEAE000

stack

page read and write

1034000

heap

page read and write

4A81000

heap

page read and write

2F3E000

stack

page read and write

1034000

heap

page read and write

125E000

stack

page read and write

1034000

heap

page read and write

1034000

heap

page read and write

1034000

heap

page read and write

139E000

stack

page read and write

A1C000

unkown

page execute and read and write

1034000

heap

page read and write

1034000

heap

page read and write

367F000

stack

page read and write

4A81000

heap

page read and write

1CE6F000

stack

page read and write

1D0EF000

stack

page read and write

38FF000

stack

page read and write

1034000

heap

page read and write

1034000

heap

page read and write

1040000

direct allocation

page read and write

1040000

direct allocation

page read and write

5040000

direct allocation

page execute and read and write

3CFE000

stack

page read and write

3CBF000

stack

page read and write

503F000

stack

page read and write

3DFF000

stack

page read and write

A35000

unkown

page execute and read and write

1D12E000

stack

page read and write

1D3BD000

stack

page read and write

4A81000

heap

page read and write

4A81000

heap

page read and write

36BE000

stack

page read and write

4A81000

heap

page read and write

4A81000

heap

page read and write

F65000

stack

page read and write

BCE000

unkown

page execute and write copy

1034000

heap

page read and write

47FF000

stack

page read and write

4A81000

heap

page read and write

1040000

direct allocation

page read and write

4A81000

heap

page read and write

2CA0000

direct allocation

page execute and read and write

483E000

stack

page read and write

4A81000

heap

page read and write

4A81000

heap

page read and write

1034000

heap

page read and write

1034000

heap

page read and write

BCD000

unkown

page execute and read and write

1050000

heap

page read and write

540000

unkown

page readonly

918000

unkown

page execute and read and write

5080000

direct allocation

page execute and read and write

5060000

direct allocation

page execute and read and write

307E000

stack

page read and write

4A81000

heap

page read and write

1034000

heap

page read and write

1CFAF000

stack

page read and write

4A81000

heap

page read and write

1040000

direct allocation

page read and write

1040000

direct allocation

page read and write

10C5000

heap

page read and write

4A81000

heap

page read and write

3BBE000

stack

page read and write

4A81000

heap

page read and write

4A81000

heap

page read and write

4ED0000

heap

page read and write

45BE000

stack

page read and write

1040000

direct allocation

page read and write

5FD000

unkown

page execute and read and write

1034000

heap

page read and write

4A81000

heap

page read and write

1034000

heap

page read and write

F6E000

stack

page read and write

1034000

heap

page read and write

1034000

heap

page read and write

4A81000

heap

page read and write

4A90000

heap

page read and write

5050000

direct allocation

page execute and read and write

2C90000

direct allocation

page read and write

4A81000

heap

page read and write

31BE000

stack

page read and write

1034000

heap

page read and write

1034000

heap

page read and write

4A81000

heap

page read and write

10B6000

heap

page read and write

4A81000

heap

page read and write

4A81000

heap

page read and write

4A81000

heap

page read and write

41BF000

stack

page read and write

4A81000

heap

page read and write

1034000

heap

page read and write

1020000

heap

page read and write

40BE000

stack

page read and write

4A81000

heap

page read and write

1034000

heap

page read and write

9F9000

unkown

page execute and read and write

2DBF000

stack

page read and write

1D22F000

stack

page read and write

4A81000

heap

page read and write

1CD6E000

stack

page read and write

4A81000

heap

page read and write

4A81000

heap

page read and write

4A81000

heap

page read and write

1034000

heap

page read and write

1034000

heap

page read and write

457F000

stack

page read and write

4A81000

heap

page read and write

4A81000

heap

page read and write

2C7E000

stack

page read and write

1034000

heap

page read and write

3F3F000

stack

page read and write

149F000

stack

page read and write

4A81000

heap

page read and write

317F000

stack

page read and write

A35000

unkown

page execute and write copy

357E000

stack

page read and write

4A81000

heap

page read and write

78A000

unkown

page execute and read and write

1034000

heap

page read and write

10D4000

heap

page read and write

1034000

heap

page read and write

493F000

stack

page read and write

3E3E000

stack

page read and write

10A3000

heap

page read and write

4A81000

heap

page read and write

79E000

unkown

page execute and read and write

4A81000

heap

page read and write

42FF000

stack

page read and write

4EC0000

trusted library allocation

page read and write

1034000

heap

page read and write

4A81000

heap

page read and write

4A81000

heap

page read and write

1034000

heap

page read and write

4A7F000

stack

page read and write

3B7F000

stack

page read and write

541000

unkown

page execute and write copy

1034000

heap

page read and write

10DC000

heap

page read and write

46BF000

stack

page read and write

2EFF000

stack

page read and write

2CB7000

heap

page read and write

4A81000

heap

page read and write

1034000

heap

page read and write

4A81000

heap

page read and write

353F000

stack

page read and write

3A7E000

stack

page read and write

4A81000

heap

page read and write

4A81000

heap

page read and write

4A81000

heap

page read and write

4A81000

heap

page read and write

497E000

stack

page read and write

1040000

direct allocation

page read and write

4A80000

heap

page read and write

5090000

direct allocation

page execute and read and write

4A81000

heap

page read and write

1040000

direct allocation

page read and write

FD0000

heap

page read and write

46FE000

stack

page read and write

1034000

heap

page read and write

1030000

heap

page read and write

407F000

stack

page read and write

1034000

heap

page read and write

393E000

stack

page read and write

32BF000

stack

page read and write

2DFC000

stack

page read and write

1040000

direct allocation

page read and write

4A81000

heap

page read and write

4A81000

heap

page read and write

443F000

stack

page read and write

4A81000

heap

page read and write

4A81000

heap

page read and write

2C90000

direct allocation

page read and write

4A81000

heap

page read and write

1D4BE000

stack

page read and write

5070000

direct allocation

page execute and read and write

4A81000

heap

page read and write

1034000

heap

page read and write

303F000

stack

page read and write

4A81000

heap

page read and write

37FE000

stack

page read and write

1034000

heap

page read and write

135F000

stack

page read and write

447E000

stack

page read and write

3A3F000

stack

page read and write

41FE000

stack

page read and write

1040000

direct allocation

page read and write

1CFEE000

stack

page read and write

343E000

stack

page read and write

32FE000

stack

page read and write

4F3E000

stack

page read and write

433E000

stack

page read and write

1D37C000

stack

page read and write

10C7000

heap

page read and write

1D27E000

stack

page read and write

FC0000

heap

page read and write

1034000

heap

page read and write

1040000

direct allocation

page read and write

A36000

unkown

page execute and write copy

3F7E000

stack

page read and write

5060000

direct allocation

page execute and read and write

540000

unkown

page read and write

2CBB000

heap

page read and write

5F1000

unkown

page execute and read and write

E6C000

stack

page read and write

4A81000

heap

page read and write

1034000

heap

page read and write

4A81000

heap

page read and write

622000

unkown

page execute and read and write

33FF000

stack

page read and write

4A81000

heap

page read and write

There are 218 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
file.exe

Processes

URLs

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportfile.exe

Processes

URLs

IPs

Memdumps

IOC Report
file.exe