Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\file.exe

"C:\Users\user\Desktop\file.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7264
Target ID:	0
Parent PID:	2580
Name:	file.exe
Path:	C:\Users\user\Desktop\file.exe
Commandline:	"C:\Users\user\Desktop\file.exe"
Size:	1836032
MD5:	EFB3596CF052AE112E2B81B16870436E
Time:	08:17:57
Date:	24/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x910000
Modulesize:	6934528
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Detected unpacking (changes PE section rights)	Data Obfuscation	Software Packing
Yara detected Powershell download and execute	HIPS / PFW / Operating System Protection Evasion
Yara detected Stealc	Stealing of Sensitive Information, Remote Access Functionality
Machine Learning detection for sample	AV Detection
PE file contains section with special chars	System Summary
PE file contains an invalid checksum	Data Obfuscation
PE file contains sections with non-standard names	Data Obfuscation
Uses 32bit PE files	Compliance, System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011)	System Summary	Software Packing
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
PE file has a big raw section	System Summary
Submission file is bigger than most known malware samples	System Summary

URLs

Name

Malicious

http://185.215.113.37/0

unknown

Details

Name:	http://185.215.113.37/0
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\file.exe
Source:	file.exe, 00000000.00000002.1747007538.0000000001088000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
URLs found in memory or binary data	Networking

http://185.215.113.37/

185.215.113.37

Details

Name:	http://185.215.113.37/
IP:	185.215.113.37
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\file.exe
Source:	network

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
HTTP GET or POST without a user agent	Networking
IP address seen in connection with other malware	Networking
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

http://185.215.113.37/e2b1563c6670f193.php;

unknown

Details

Name:	http://185.215.113.37/e2b1563c6670f193.php;
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\file.exe
Source:	file.exe, 00000000.00000002.1747007538.0000000001072000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
URLs found in memory or binary data	Networking

http://185.215.113.37

unknown

Details

Name:	http://185.215.113.37
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\file.exe
Source:	file.exe, 00000000.00000002.1747007538.0000000001088000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1747007538.000000000102E000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
URLs found in memory or binary data	Networking

http://185.215.113.37/e2b1563c6670f193.php

185.215.113.37

Details

Name:	http://185.215.113.37/e2b1563c6670f193.php
IP:	185.215.113.37
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\file.exe
Source:	network

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
HTTP GET or POST without a user agent	Networking
IP address seen in connection with other malware	Networking
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

http://185.215.113.37/G

unknown

Details

Name:	http://185.215.113.37/G
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\file.exe
Source:	file.exe, 00000000.00000002.1747007538.0000000001088000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
URLs found in memory or binary data	Networking

http://185.215.113.37/e2b1563c6670f193.phpS

unknown

Details

Name:	http://185.215.113.37/e2b1563c6670f193.phpS
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\file.exe
Source:	file.exe, 00000000.00000002.1747007538.0000000001072000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

185.215.113.37

unknown

Portugal

Details

IP:	185.215.113.37
TargetID:	0
Current Path:	C:\Users\user\Desktop\file.exe
Country:	Portugal
Countrycode:	PRT
ASN number:	206894
ASN name:	WHOLESALECONNECTIONSNL
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
HTTP GET or POST without a user agent	Networking
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

911000

unkown

page execute and read and write

4CC0000

direct allocation

page read and write

102E000

heap

page read and write

4841000

heap

page read and write

4841000

heap

page read and write

4841000

heap

page read and write

911000

unkown

page execute and write copy

2C20000

direct allocation

page read and write

36FE000

stack

page read and write

DF6000

unkown

page execute and read and write

4C80000

trusted library allocation

page read and write

6FE000

stack

page read and write

347E000

stack

page read and write

4841000

heap

page read and write

3BFE000

stack

page read and write

4841000

heap

page read and write

4841000

heap

page read and write

6F5000

stack

page read and write

2C00000

direct allocation

page read and write

4841000

heap

page read and write

2E3F000

stack

page read and write

4841000

heap

page read and write

1088000

heap

page read and write

4E3E000

stack

page read and write

4841000

heap

page read and write

3CFF000

stack

page read and write

2F3F000

stack

page read and write

4841000

heap

page read and write

2BBF000

stack

page read and write

4841000

heap

page read and write

2C00000

direct allocation

page read and write

4841000

heap

page read and write

3FBE000

stack

page read and write

4841000

heap

page read and write

4841000

heap

page read and write

4841000

heap

page read and write

4852000

heap

page read and write

E00000

unkown

page execute and read and write

2C00000

direct allocation

page read and write

8CE000

stack

page read and write

4841000

heap

page read and write

437E000

stack

page read and write

3A7F000

stack

page read and write

383E000

stack

page read and write

4841000

heap

page read and write

2C37000

heap

page read and write

2C00000

direct allocation

page read and write

4841000

heap

page read and write

2C00000

direct allocation

page read and write

4841000

heap

page read and write

82E000

stack

page read and write

2C00000

direct allocation

page read and write

4841000

heap

page read and write

1CFDF000

stack

page read and write

4841000

heap

page read and write

447F000

stack

page read and write

1CC3E000

stack

page read and write

4841000

heap

page read and write

40FE000

stack

page read and write

4841000

heap

page read and write

1D26E000

stack

page read and write

106C000

heap

page read and write

2C00000

direct allocation

page read and write

1CBFE000

stack

page read and write

2C20000

direct allocation

page read and write

1CD7E000

stack

page read and write

4841000

heap

page read and write

2F7E000

stack

page read and write

4841000

heap

page read and write

31FE000

stack

page read and write

1CD3F000

stack

page read and write

3D0000

heap

page read and write

7E0000

heap

page read and write

4841000

heap

page read and write

4841000

heap

page read and write

2C30000

heap

page read and write

31BF000

stack

page read and write

1D02D000

stack

page read and write

4860000

heap

page read and write

2D3F000

stack

page read and write

486A000

heap

page read and write

131E000

stack

page read and write

4841000

heap

page read and write

36BF000

stack

page read and write

4841000

heap

page read and write

4841000

heap

page read and write

2C00000

direct allocation

page read and write

4841000

heap

page read and write

40BF000

stack

page read and write

4841000

heap

page read and write

4841000

heap

page read and write

45BF000

stack

page read and write

35BE000

stack

page read and write

1CE7F000

stack

page read and write

32FF000

stack

page read and write

2C00000

direct allocation

page read and write

4841000

heap

page read and write

1D12D000

stack

page read and write

46FF000

stack

page read and write

4841000

heap

page read and write

3E3F000

stack

page read and write

2C00000

direct allocation

page read and write

397E000

stack

page read and write

4841000

heap

page read and write

3ABE000

stack

page read and write

4841000

heap

page read and write

1000000

heap

page read and write

4841000

heap

page read and write

2C00000

direct allocation

page read and write

4E30000

direct allocation

page execute and read and write

86E000

stack

page read and write

44BE000

stack

page read and write

FAA000

unkown

page execute and write copy

4841000

heap

page read and write

4841000

heap

page read and write

307F000

stack

page read and write

E0E000

unkown

page execute and write copy

3E0000

heap

page read and write

4841000

heap

page read and write

30BE000

stack

page read and write

4E50000

direct allocation

page execute and read and write

4E40000

direct allocation

page execute and read and write

2C00000

direct allocation

page read and write

B6E000

unkown

page execute and read and write

DD4000

unkown

page execute and read and write

333E000

stack

page read and write

2C00000

direct allocation

page read and write

357F000

stack

page read and write

10AC000

heap

page read and write

CF6000

unkown

page execute and read and write

7E5000

heap

page read and write

3E7E000

stack

page read and write

4841000

heap

page read and write

37C000

stack

page read and write

FEE000

stack

page read and write

4841000

heap

page read and write

45FE000

stack

page read and write

4E60000

direct allocation

page execute and read and write

343F000

stack

page read and write

910000

unkown

page read and write

4841000

heap

page read and write

90B000

stack

page read and write

FA9000

unkown

page execute and read and write

4841000

heap

page read and write

4841000

heap

page read and write

2BFE000

stack

page read and write

4841000

heap

page read and write

4841000

heap

page read and write

1CEDE000

stack

page read and write

3BBF000

stack

page read and write

4841000

heap

page read and write

1028000

heap

page read and write

3D3E000

stack

page read and write

4841000

heap

page read and write

4841000

heap

page read and write

B5A000

unkown

page execute and read and write

10A4000

heap

page read and write

473E000

stack

page read and write

433F000

stack

page read and write

4841000

heap

page read and write

4841000

heap

page read and write

FF0000

heap

page read and write

4841000

heap

page read and write

423E000

stack

page read and write

121F000

stack

page read and write

4E20000

direct allocation

page execute and read and write

E0F000

unkown

page execute and write copy

393F000

stack

page read and write

4840000

heap

page read and write

41FF000

stack

page read and write

E0E000

unkown

page execute and read and write

4841000

heap

page read and write

4841000

heap

page read and write

9CD000

unkown

page execute and read and write

9F2000

unkown

page execute and read and write

4841000

heap

page read and write

4841000

heap

page read and write

37FF000

stack

page read and write

1020000

heap

page read and write

4E10000

direct allocation

page execute and read and write

4841000

heap

page read and write

4E30000

direct allocation

page execute and read and write

4841000

heap

page read and write

4E00000

direct allocation

page execute and read and write

2C3B000

heap

page read and write

4841000

heap

page read and write

1D16D000

stack

page read and write

910000

unkown

page readonly

4841000

heap

page read and write

483F000

stack

page read and write

4841000

heap

page read and write

4841000

heap

page read and write

3F7E000

stack

page read and write

4DFF000

stack

page read and write

4841000

heap

page read and write

4841000

heap

page read and write

2C00000

direct allocation

page read and write

1072000

heap

page read and write

4841000

heap

page read and write

4841000

heap

page read and write

1096000

heap

page read and write

4841000

heap

page read and write

4841000

heap

page read and write

4841000

heap

page read and write

4CFE000

stack

page read and write

9C1000

unkown

page execute and read and write

There are 196 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
file.exe

Processes

URLs

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportfile.exe

Processes

URLs

IPs

Memdumps

IOC Report
file.exe