Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\file.exe

"C:\Users\user\Desktop\file.exe"

Details

Is windows:	false
Is dropped:	false
PID:	4480
Target ID:	0
Parent PID:	1028
Name:	file.exe
Path:	C:\Users\user\Desktop\file.exe
Commandline:	"C:\Users\user\Desktop\file.exe"
Size:	1869824
MD5:	FFB497D86A175802A94BEB58EF45BCBF
Time:	12:12:59
Date:	20/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x1b0000
Modulesize:	7000064
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Detected unpacking (changes PE section rights)	Data Obfuscation	Software Packing
Yara detected Powershell download and execute	HIPS / PFW / Operating System Protection Evasion
Yara detected Stealc	Stealing of Sensitive Information, Remote Access Functionality
Machine Learning detection for sample	AV Detection
PE file contains section with special chars	System Summary
PE file contains an invalid checksum	Data Obfuscation
PE file contains sections with non-standard names	Data Obfuscation
Uses 32bit PE files	Compliance, System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011)	System Summary	Software Packing
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
PE file has a big raw section	System Summary
Submission file is bigger than most known malware samples	System Summary

URLs

Name

Malicious

http://185.215.113.37/

185.215.113.37

http://185.215.113.37

unknown

http://185.215.113.37/e2b1563c6670f193.phpt5b

unknown

http://185.215.113.37/e2b1563c6670f193.phpf

unknown

http://185.215.113.37/e2b1563c6670f193.php

185.215.113.37

http://185.215.113.37/ws

unknown

http://185.215.113.378

unknown

http://185.215.113.37/e2b1563c6670f193.php)

unknown

http://185.215.113.37/e2b1563c6670f193.phph

unknown

http://185.215.113.37/e2b1563c6670f193.php7

unknown

IPs

Domain

Country

Malicious

185.215.113.37

unknown

Portugal

Details

IP:	185.215.113.37
TargetID:	0
Current Path:	C:\Users\user\Desktop\file.exe
Country:	Portugal
Countrycode:	PRT
ASN number:	206894
ASN name:	WHOLESALECONNECTIONSNL
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
HTTP GET or POST without a user agent	Networking
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

1B1000

unkown

page execute and read and write

4B60000

direct allocation

page read and write

ECE000

heap

page read and write

D74000

heap

page read and write

4D00000

direct allocation

page execute and read and write

47D0000

trusted library allocation

page read and write

46E0000

heap

page read and write

2B7E000

stack

page read and write

46C0000

direct allocation

page read and write

447E000

stack

page read and write

D74000

heap

page read and write

46D1000

heap

page read and write

1CFFC000

stack

page read and write

D74000

heap

page read and write

46C0000

direct allocation

page read and write

D74000

heap

page read and write

40E000

unkown

page execute and read and write

46C0000

direct allocation

page read and write

8EC000

stack

page read and write

46D1000

heap

page read and write

6A7000

unkown

page execute and read and write

4CF0000

direct allocation

page execute and read and write

46D1000

heap

page read and write

433E000

stack

page read and write

4B40000

heap

page read and write

46D1000

heap

page read and write

2C7F000

stack

page read and write

D74000

heap

page read and write

59D000

unkown

page execute and read and write

D74000

heap

page read and write

46D1000

heap

page read and write

D74000

heap

page read and write

46D1000

heap

page read and write

3E3E000

stack

page read and write

46D1000

heap

page read and write

4B9E000

stack

page read and write

28F7000

heap

page read and write

D74000

heap

page read and write

1D03E000

stack

page read and write

1B0000

unkown

page read and write

D74000

heap

page read and write

46C0000

direct allocation

page read and write

6B6000

unkown

page execute and read and write

46D1000

heap

page read and write

46D1000

heap

page read and write

1D2A4000

heap

page read and write

46D1000

heap

page read and write

31BE000

stack

page read and write

46D1000

heap

page read and write

DBE000

stack

page read and write

46C0000

direct allocation

page read and write

D74000

heap

page read and write

443F000

stack

page read and write

46D1000

heap

page read and write

41FE000

stack

page read and write

32BF000

stack

page read and write

1CAEF000

stack

page read and write

3BBE000

stack

page read and write

46C0000

direct allocation

page read and write

2EFF000

stack

page read and write

46E5000

heap

page read and write

D74000

heap

page read and write

46D1000

heap

page read and write

367F000

stack

page read and write

4D10000

direct allocation

page execute and read and write

2B3F000

stack

page read and write

F13000

heap

page read and write

D74000

heap

page read and write

D70000

heap

page read and write

46D1000

heap

page read and write

46BF000

stack

page read and write

6B7000

unkown

page execute and write copy

32FE000

stack

page read and write

46D1000

heap

page read and write

3DFF000

stack

page read and write

46C0000

direct allocation

page read and write

1C9EE000

stack

page read and write

F26000

heap

page read and write

3F3F000

stack

page read and write

46D1000

heap

page read and write

2DFE000

stack

page read and write

1CEFE000

stack

page read and write

36BE000

stack

page read and write

46D1000

heap

page read and write

3CFE000

stack

page read and write

D74000

heap

page read and write

46D1000

heap

page read and write

46D1000

heap

page read and write

2CBE000

stack

page read and write

D74000

heap

page read and write

D74000

heap

page read and write

D74000

heap

page read and write

EBF000

stack

page read and write

303F000

stack

page read and write

46D1000

heap

page read and write

D74000

heap

page read and write

46D1000

heap

page read and write

46D1000

heap

page read and write

46D1000

heap

page read and write

46D1000

heap

page read and write

1D2A0000

heap

page read and write

26D000

unkown

page execute and read and write

D74000

heap

page read and write

4CE0000

direct allocation

page execute and read and write

28E0000

heap

page read and write

46D1000

heap

page read and write

4CD0000

direct allocation

page execute and read and write

46D1000

heap

page read and write

46D1000

heap

page read and write

292000

unkown

page execute and read and write

9E5000

stack

page read and write

1CD6E000

stack

page read and write

46D1000

heap

page read and write

D74000

heap

page read and write

D74000

heap

page read and write

46D1000

heap

page read and write

4C9F000

stack

page read and write

46D1000

heap

page read and write

46D1000

heap

page read and write

1CDAE000

stack

page read and write

1CEAF000

stack

page read and write

46C0000

direct allocation

page read and write

357E000

stack

page read and write

46D1000

heap

page read and write

317F000

stack

page read and write

46D1000

heap

page read and write

1CB2E000

stack

page read and write

4CE0000

direct allocation

page execute and read and write

46D1000

heap

page read and write

46D1000

heap

page read and write

3A7E000

stack

page read and write

261000

unkown

page execute and read and write

69D000

unkown

page execute and read and write

2A3B000

stack

page read and write

46D1000

heap

page read and write

46D1000

heap

page read and write

D74000

heap

page read and write

457F000

stack

page read and write

D74000

heap

page read and write

46D1000

heap

page read and write

D74000

heap

page read and write

407F000

stack

page read and write

46D0000

heap

page read and write

10FF000

stack

page read and write

D74000

heap

page read and write

46D1000

heap

page read and write

4B60000

direct allocation

page read and write

F0D000

heap

page read and write

3F7E000

stack

page read and write

1B1000

unkown

page execute and write copy

1CC2F000

stack

page read and write

38FF000

stack

page read and write

46D1000

heap

page read and write

46D1000

heap

page read and write

1B0000

unkown

page readonly

393E000

stack

page read and write

46D1000

heap

page read and write

1D13E000

stack

page read and write

FFE000

stack

page read and write

D74000

heap

page read and write

F41000

heap

page read and write

1D19E000

stack

page read and write

46F0000

heap

page read and write

46D1000

heap

page read and write

28DE000

stack

page read and write

D74000

heap

page read and write

1CC6E000

stack

page read and write

46D1000

heap

page read and write

33FF000

stack

page read and write

353F000

stack

page read and write

4CB0000

direct allocation

page execute and read and write

46D1000

heap

page read and write

D74000

heap

page read and write

46D1000

heap

page read and write

D74000

heap

page read and write

D74000

heap

page read and write

29FF000

stack

page read and write

4B60000

direct allocation

page read and write

46C0000

direct allocation

page read and write

46D1000

heap

page read and write

EC0000

heap

page read and write

3A3F000

stack

page read and write

D74000

heap

page read and write

41BF000

stack

page read and write

D74000

heap

page read and write

46D1000

heap

page read and write

46D1000

heap

page read and write

46D1000

heap

page read and write

37FE000

stack

page read and write

6B6000

unkown

page execute and write copy

3FA000

unkown

page execute and read and write

46D1000

heap

page read and write

2F3E000

stack

page read and write

46D1000

heap

page read and write

45BE000

stack

page read and write

46C0000

direct allocation

page read and write

46D1000

heap

page read and write

307E000

stack

page read and write

ECA000

heap

page read and write

46C0000

direct allocation

page read and write

C40000

heap

page read and write

28F0000

heap

page read and write

46D1000

heap

page read and write

4CC0000

direct allocation

page execute and read and write

859000

unkown

page execute and read and write

343E000

stack

page read and write

D20000

heap

page read and write

D74000

heap

page read and write

46C0000

direct allocation

page read and write

D74000

heap

page read and write

46D1000

heap

page read and write

46D1000

heap

page read and write

D74000

heap

page read and write

46C0000

direct allocation

page read and write

3B7F000

stack

page read and write

9EF000

stack

page read and write

2DBF000

stack

page read and write

37BF000

stack

page read and write

3CBF000

stack

page read and write

D74000

heap

page read and write

42FF000

stack

page read and write

D74000

heap

page read and write

46D1000

heap

page read and write

46D1000

heap

page read and write

46D1000

heap

page read and write

46D1000

heap

page read and write

46C0000

direct allocation

page read and write

D74000

heap

page read and write

1D29F000

stack

page read and write

67B000

unkown

page execute and read and write

40BE000

stack

page read and write

There are 221 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
file.exe

Processes

URLs

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportfile.exe

Processes

URLs

IPs

Memdumps

IOC Report
file.exe