Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\file.exe

"C:\Users\user\Desktop\file.exe"

Details

Is windows:	false
Is dropped:	false
PID:	5876
Target ID:	0
Parent PID:	4004
Name:	file.exe
Path:	C:\Users\user\Desktop\file.exe
Commandline:	"C:\Users\user\Desktop\file.exe"
Size:	2931200
MD5:	85707847C7675BA7765548F0C2D35D62
Time:	08:17:58
Date:	24/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xcf0000
Modulesize:	3174400
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Detected unpacking (changes PE section rights)	Data Obfuscation	Software Packing
Multi AV Scanner detection for submitted file	AV Detection
LummaC encrypted strings found	HIPS / PFW / Operating System Protection Evasion	PowerShell Deobfuscate/Decode Files or Information
Machine Learning detection for sample	AV Detection
PE file contains section with special chars	System Summary
PE file contains an invalid checksum	Data Obfuscation
PE file contains sections with non-standard names	Data Obfuscation
Uses 32bit PE files	Compliance, System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011)	System Summary	Software Packing
Sample is known by Antivirus	System Summary
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
Sample reads its own file content	System Summary
URLs found in memory or binary data	Networking
PE file has a big raw section	System Summary
Submission file is bigger than most known malware samples	System Summary

URLs

Name

Malicious

studennotediw.store

dissapoiznw.store

https://steamcommunity.com/profiles/76561199724331900

104.102.49.254

eaglepawnoy.store

bathdoomgaz.store

clearancek.site

spirittunek.store

licendfilteo.site

https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=bOP7RorZq4_W&am

unknown

https://player.vimeo.com

unknown

https://licendfilteo.site:443/apip

unknown

https://bathdoomgaz.store:443/api

unknown

https://steamcommunity.com/?subsection=broadcasts

unknown

https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcV

unknown

https://community.cloudflare.steamstatic.com/public/shared/c

unknown

https://store.steampowered.com/subscriber_agreement/

unknown

https://www.gstatic.cn/recaptcha/

unknown

https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpE

unknown

http://www.valvesoftware.com/legal.htm

unknown

https://www.youtube.com

unknown

https://community.cloudflare.steamstatic.com/pub

unknown

https://www.google.com

unknown

https://steamcommunity.com/5tH

unknown

https://spirittunek.store/api2

unknown

https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback

unknown

https://community.cloudflare.ste

unknown

https://s.ytimg.com;

unknown

https://eaglepawnoy.store:443/api

unknown

https://steam.tv/

unknown

https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=W9BX

unknown

https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&

unknown

https://store.steampower

unknown

https://community.cloudflare.steamstatic.com/public/ja

unknown

http://store.steampowered.com/privacy_agreement/

unknown

https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&

unknown

https://store.steampowered.com/points/shop/

unknown

https://sketchfab.com

unknown

https://lv.queniujq.cn

unknown

https://www.youtube.com/

unknown

https://store.steampowered.com/privacy_agreement/

unknown

https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/

unknown

https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png

unknown

https://community.cloudflare.stea

unknown

https://bathdoomgaz.store/api

unknown

https://community.clo

unknown

https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016

unknown

https://www.google.com/recaptcha/

unknown

https://checkout.steampowered.com/

unknown

https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b

unknown

https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png

unknown

https://steamcommunity.com/my/w

unknown

https://store.steampowered.com/;

unknown

https://store.steampowered.com/about/

unknown

https://community.cloudflare.steamstatic.co

unknown

https://community.cloudflare.steamstatic.com/

unknown

https://steamcommunity.com/my/wishlist/

unknown

https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&

unknown

https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cbcfeb0e5371aba2

unknown

https://community.cloudfl

unknown

https://help.steampowered.com/en/

unknown

https://steamcommunity.com/market/

unknown

https://store.steampowered.com/news/

unknown

https://community.cloudflare.steamstatic.com/public/javasc

unknown

https://community.cloudflare.steamstatic.com/public/share

unknown

http://store.steampowered.com/subscriber_agreement/

unknown

https://licendfilteo.site/api:

unknown

https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=

unknown

https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org

unknown

https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=ljhW-PbGuX

unknown

https://recaptcha.net/recaptcha/;

unknown

https://steamcommunity.com/discussions/

unknown

https://clearancek.site/apiR

unknown

https://store.steampowered.com/stats/

unknown

https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=bOP7RorZq4_W&l=englis

unknown

https://medal.tv

unknown

https://broadcast.st.dl.eccdnx.com

unknown

https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&amp

unknown

https://store.steampowered.com/steam_refunds/

unknown

https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v

unknown

https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.p

unknown

https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900

unknown

https://community.cloudflare.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1

unknown

https://clearancek.site:443/api

unknown

https://steamcommunity.com/workshop/

unknown

https://login.steampowered.com/

unknown

https://store.steampowered.com/legal/

unknown

https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&l=engl

unknown

https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&l=

unknown

https://community.cloudflare.steamstatic

unknown

https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=pwVcIAtHNXwg&l=english&am

unknown

https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=vh4BMeDcNiCU&l=engli

unknown

https://recaptcha.net

unknown

https://steamcommunity.com:443/profiles/76561199724331900v

unknown

https://community.cloudflare.steamstatic.com/publ

unknown

https://store.steampowered.com/

unknown

https://community.cloudflare.steamstatic.com/public

unknown

https://community.cloudflare.steamstatic.com/public/

unknown

https://community.cloudflare.steamstatic.com/public/css/skin_1/fatalerror.css?v=wctRWaBvNt2z&l=e

unknown

https://steamcommunity.com

unknown

https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=Ff_1prscqzeu&

unknown

There are 90 hidden URLs, click here to show them.

Domains

Name

Malicious

steamcommunity.com

104.102.49.254

Details

Name:	steamcommunity.com
IP:	104.102.49.254
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Found strings which match to known social media urls	Networking
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

eaglepawnoy.store

unknown

Details

Name:	eaglepawnoy.store
TargetID:	-1

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
LummaC encrypted strings found	HIPS / PFW / Operating System Protection Evasion	PowerShell Deobfuscate/Decode Files or Information
Sample uses string decryption to hide its real strings	AV Detection
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

bathdoomgaz.store

unknown

Details

Name:	bathdoomgaz.store
TargetID:	-1

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
LummaC encrypted strings found	HIPS / PFW / Operating System Protection Evasion	PowerShell Deobfuscate/Decode Files or Information
Sample uses string decryption to hide its real strings	AV Detection
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

spirittunek.store

unknown

Details

Name:	spirittunek.store
TargetID:	-1

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
LummaC encrypted strings found	HIPS / PFW / Operating System Protection Evasion	PowerShell Deobfuscate/Decode Files or Information
Sample uses string decryption to hide its real strings	AV Detection
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

licendfilteo.site

unknown

Details

Name:	licendfilteo.site
TargetID:	-1

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
LummaC encrypted strings found	HIPS / PFW / Operating System Protection Evasion	PowerShell Deobfuscate/Decode Files or Information
Sample uses string decryption to hide its real strings	AV Detection
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

studennotediw.store

unknown

Details

Name:	studennotediw.store
TargetID:	-1

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
LummaC encrypted strings found	HIPS / PFW / Operating System Protection Evasion	PowerShell Deobfuscate/Decode Files or Information
Sample uses string decryption to hide its real strings	AV Detection
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

mobbipenju.store

unknown

Details

Name:	mobbipenju.store
TargetID:	-1

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
LummaC encrypted strings found	HIPS / PFW / Operating System Protection Evasion	PowerShell Deobfuscate/Decode Files or Information
Sample uses string decryption to hide its real strings	AV Detection
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

clearancek.site

unknown

Details

Name:	clearancek.site
TargetID:	-1

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
LummaC encrypted strings found	HIPS / PFW / Operating System Protection Evasion	PowerShell Deobfuscate/Decode Files or Information
Sample uses string decryption to hide its real strings	AV Detection
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

dissapoiznw.store

unknown

Details

Name:	dissapoiznw.store
TargetID:	-1

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
LummaC encrypted strings found	HIPS / PFW / Operating System Protection Evasion	PowerShell Deobfuscate/Decode Files or Information
Sample uses string decryption to hide its real strings	AV Detection
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

104.102.49.254

steamcommunity.com

United States

Details

IP:	104.102.49.254
TargetID:	0
Current Path:	C:\Users\user\Desktop\file.exe
Country:	United States
Countrycode:	USA
ASN number:	16625
ASN name:	AKAMAI-ASUS
Private:	false
Domain:	steamcommunity.com

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

CF1000

unkown

page execute and read and write

42FF000

stack

page read and write

2720000

direct allocation

page read and write

4301000

heap

page read and write

4301000

heap

page read and write

6EC000

heap

page read and write

5BE000

stack

page read and write

4B8E000

stack

page read and write

3F3F000

stack

page read and write

4790000

direct allocation

page read and write

48F0000

direct allocation

page execute and read and write

FE5000

unkown

page execute and write copy

6AE000

heap

page read and write

4301000

heap

page read and write

4940000

direct allocation

page execute and read and write

5E0000

heap

page read and write

CF1000

unkown

page execute and write copy

3CBF000

stack

page read and write

491E000

stack

page read and write

4FD000

stack

page read and write

660000

heap

page read and write

477D000

stack

page read and write

6E5000

heap

page read and write

283F000

stack

page read and write

31BE000

stack

page read and write

4930000

direct allocation

page execute and read and write

6EB000

heap

page read and write

6D8000

heap

page read and write

4DE0000

remote allocation

page read and write

630000

heap

page read and write

6A8000

heap

page read and write

2B3F000

stack

page read and write

F63000

unkown

page execute and write copy

ED0000

unkown

page execute and read and write

FF3000

unkown

page execute and read and write

41BF000

stack

page read and write

69F000

heap

page read and write

6D6000

heap

page read and write

2C7F000

stack

page read and write

F67000

unkown

page execute and write copy

48E0000

direct allocation

page execute and read and write

6FB000

heap

page read and write

EB2000

unkown

page execute and read and write

F52000

unkown

page execute and write copy

33FF000

stack

page read and write

EC2000

unkown

page execute and read and write

343E000

stack

page read and write

66A000

heap

page read and write

393E000

stack

page read and write

47CE000

stack

page read and write

4B4D000

stack

page read and write

36BE000

stack

page read and write

2720000

direct allocation

page read and write

2F3E000

stack

page read and write

5E5000

heap

page read and write

37FE000

stack

page read and write

EEC000

unkown

page execute and read and write

FDC000

unkown

page execute and write copy

FDC000

unkown

page execute and write copy

2A3F000

stack

page read and write

6F7000

heap

page read and write

4301000

heap

page read and write

307E000

stack

page read and write

6FD000

heap

page read and write

4C8E000

stack

page read and write

6C1000

heap

page read and write

4301000

heap

page read and write

D50000

unkown

page execute and read and write

4DE0000

remote allocation

page read and write

3F7E000

stack

page read and write

2720000

direct allocation

page read and write

4A4E000

stack

page read and write

ED0000

unkown

page execute and write copy

D5B000

unkown

page execute and read and write

728000

heap

page read and write

2720000

direct allocation

page read and write

4301000

heap

page read and write

4301000

heap

page read and write

FF3000

unkown

page execute and write copy

728000

heap

page read and write

4C09000

trusted library allocation

page read and write

4790000

direct allocation

page read and write

6A9000

heap

page read and write

F54000

unkown

page execute and read and write

EE9000

unkown

page execute and write copy

2CBE000

stack

page read and write

6A4000

heap

page read and write

F55000

unkown

page execute and write copy

EB4000

unkown

page execute and write copy

2720000

direct allocation

page read and write

4740000

trusted library allocation

page read and write

F36000

unkown

page execute and write copy

6C1000

heap

page read and write

4301000

heap

page read and write

EFE000

unkown

page execute and write copy

2720000

direct allocation

page read and write

41FE000

stack

page read and write

4F2D000

stack

page read and write

357E000

stack

page read and write

D5A000

unkown

page execute and write copy

4301000

heap

page read and write

26DE000

stack

page read and write

F70000

unkown

page execute and read and write

2730000

heap

page read and write

4301000

heap

page read and write

EFF000

unkown

page execute and read and write

4DCF000

stack

page read and write

2720000

direct allocation

page read and write

4C12000

trusted library allocation

page read and write

4301000

heap

page read and write

CF0000

unkown

page read and write

738000

heap

page read and write

4301000

heap

page read and write

550000

heap

page read and write

6E5000

heap

page read and write

4900000

direct allocation

page execute and read and write

2737000

heap

page read and write

C6E000

stack

page read and write

F07000

unkown

page execute and write copy

EF6000

unkown

page execute and read and write

4310000

heap

page read and write

CF0000

unkown

page readonly

4E2E000

stack

page read and write

317F000

stack

page read and write

F13000

unkown

page execute and read and write

697000

heap

page read and write

F35000

unkown

page execute and read and write

4301000

heap

page read and write

4DE0000

remote allocation

page read and write

271E000

stack

page read and write

4301000

heap

page read and write

701000

heap

page read and write

3CFE000

stack

page read and write

540000

heap

page read and write

4F9E000

stack

page read and write

FCF000

unkown

page execute and write copy

32FE000

stack

page read and write

D50000

unkown

page execute and write copy

2720000

direct allocation

page read and write

4BFC000

trusted library allocation

page read and write

2720000

direct allocation

page read and write

6F3000

heap

page read and write

4790000

direct allocation

page read and write

407F000

stack

page read and write

6C4000

heap

page read and write

48CF000

stack

page read and write

F3B000

unkown

page execute and read and write

739000

heap

page read and write

2DFE000

stack

page read and write

6FB000

heap

page read and write

40BE000

stack

page read and write

3B7F000

stack

page read and write

6FB000

heap

page read and write

FF4000

unkown

page execute and write copy

4956000

trusted library allocation

page read and write

37BF000

stack

page read and write

F66000

unkown

page execute and read and write

4301000

heap

page read and write

2720000

direct allocation

page read and write

4910000

direct allocation

page execute and read and write

EF5000

unkown

page execute and write copy

3A3F000

stack

page read and write

353F000

stack

page read and write

293F000

stack

page read and write

2720000

direct allocation

page read and write

1EC000

stack

page read and write

701000

heap

page read and write

3BBE000

stack

page read and write

F5B000

unkown

page execute and read and write

2EFF000

stack

page read and write

4300000

heap

page read and write

F2D000

unkown

page execute and write copy

66E000

heap

page read and write

4AFD000

trusted library allocation

page read and write

3DFF000

stack

page read and write

FAD000

unkown

page execute and read and write

A2F000

stack

page read and write

38FF000

stack

page read and write

2720000

direct allocation

page read and write

FDE000

unkown

page execute and write copy

640000

heap

page read and write

CEE000

stack

page read and write

303F000

stack

page read and write

4910000

direct allocation

page execute and read and write

ED8000

unkown

page execute and read and write

6F3000

heap

page read and write

4C1F000

trusted library allocation

page read and write

6AE000

heap

page read and write

269F000

stack

page read and write

2DBF000

stack

page read and write

736000

heap

page read and write

D5C000

unkown

page execute and write copy

6F7000

heap

page read and write

4910000

direct allocation

page execute and read and write

2720000

direct allocation

page read and write

4301000

heap

page read and write

4301000

heap

page read and write

367F000

stack

page read and write

4301000

heap

page read and write

2B7E000

stack

page read and write

62E000

stack

page read and write

F29000

unkown

page execute and write copy

701000

heap

page read and write

3A7E000

stack

page read and write

509F000

stack

page read and write

ED7000

unkown

page execute and write copy

6C4000

heap

page read and write

92F000

stack

page read and write

32BF000

stack

page read and write

FE5000

unkown

page execute and write copy

728000

heap

page read and write

4910000

direct allocation

page execute and read and write

FDD000

unkown

page execute and read and write

6F3000

heap

page read and write

4910000

direct allocation

page execute and read and write

2720000

direct allocation

page read and write

4910000

direct allocation

page execute and read and write

6FC000

heap

page read and write

4CCE000

stack

page read and write

3E3E000

stack

page read and write

4920000

direct allocation

page execute and read and write

CAB000

stack

page read and write

F2C000

unkown

page execute and read and write

4301000

heap

page read and write

6F7000

heap

page read and write

There are 215 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
file.exe

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportfile.exe

Processes

URLs

Domains

IPs

Memdumps

IOC Report
file.exe