Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\rOLZ579082-GHJ678992-PLRZ9000W029W00.exe

"C:\Users\user\Desktop\rOLZ579082-GHJ678992-PLRZ9000W029W00.exe"

Details

Is windows:	false
Is dropped:	false
PID:	6556
Target ID:	0
Parent PID:	2580
Name:	rOLZ579082-GHJ678992-PLRZ9000W029W00.exe
Path:	C:\Users\user\Desktop\rOLZ579082-GHJ678992-PLRZ9000W029W00.exe
Commandline:	"C:\Users\user\Desktop\rOLZ579082-GHJ678992-PLRZ9000W029W00.exe"
Size:	1156309
MD5:	E38004414DE6DDE9350BB396DBEE11E9
Time:	13:02:00
Date:	29/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	778240
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
PE file contains an invalid checksum	Data Obfuscation
Uses 32bit PE files	Compliance, System Summary
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
Spawns processes	System Summary	Process Injection
Submission file is bigger than most known malware samples	System Summary

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

"C:\Users\user\Desktop\rOLZ579082-GHJ678992-PLRZ9000W029W00.exe"

Details

Is windows:	true
Is dropped:	false
PID:	7112
Target ID:	4
Parent PID:	6556
Name:	RegSvcs.exe
Class:	system-tools
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Commandline:	"C:\Users\user\Desktop\rOLZ579082-GHJ678992-PLRZ9000W029W00.exe"
Size:	45984
MD5:	9D352BC46709F0CB5EC974633A0C3C94
Time:	13:02:51
Date:	29/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x2c0000
Modulesize:	57344
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Yara detected AgentTesla	Stealing of Sensitive Information, Remote Access Functionality
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sigma detected: Suspicious Outbound SMTP Connections	System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#

unknown

Details

Name:	http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#
TargetID:	4
From Memory:	true
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Source:	RegSvcs.exe, 00000004.00000002.2932585654.00000000026D6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000004.00000002.2934424598.0000000005A70000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

https://sectigo.com/CPS0

unknown

https://account.dyn.com/

unknown

http://ocsp.sectigo.com0

unknown

http://cp8nl.hyperhost.ua

unknown

Domains

Name

Malicious

cp8nl.hyperhost.ua

185.174.175.187

Details

Name:	cp8nl.hyperhost.ua
IP:	185.174.175.187
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Sigma detected: Suspicious Outbound SMTP Connections	System Summary
Uses SMTP (mail sending)	Networking	Application Layer Protocol
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

185.174.175.187

cp8nl.hyperhost.ua

Ukraine

Details

IP:	185.174.175.187
TargetID:	4
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Country:	Ukraine
Countrycode:	UKR
ASN number:	21100
ASN name:	ITLDC-NLUA
Private:	false
Domain:	cp8nl.hyperhost.ua

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Sigma detected: Suspicious Outbound SMTP Connections	System Summary
Uses SMTP (mail sending)	Networking	Application Layer Protocol

Memdumps

Base Address

Regiontype

Protect

Malicious

26CE000

trusted library allocation

page read and write

2681000

trusted library allocation

page read and write

26F9000

trusted library allocation

page read and write

392000

system

page execute and read and write

4B26000

trusted library allocation

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

4D30000

trusted library allocation

page execute and read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

C27000

trusted library allocation

page execute and read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

6F8000

stack

page read and write

C40000

trusted library allocation

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

4B1E000

trusted library allocation

page read and write

3D22000

heap

page read and write

2EA4000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

4F4E000

stack

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

26D6000

trusted library allocation

page read and write

3D22000

heap

page read and write

4B7C000

stack

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

C16000

trusted library allocation

page execute and read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

47BD000

stack

page read and write

3D22000

heap

page read and write

3681000

trusted library allocation

page read and write

64F0000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

E50000

heap

page read and write

4B1A000

trusted library allocation

page read and write

4F8E000

stack

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

4C00000

heap

page read and write

A10000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

E10000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

4B04000

trusted library allocation

page read and write

3D22000

heap

page read and write

5160000

trusted library allocation

page execute and read and write

9F4000

trusted library allocation

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

5AC0000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

401000

unkown

page execute read

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

9F0000

trusted library allocation

page read and write

C10000

trusted library allocation

page read and write

490000

unkown

page write copy

3D4C000

heap

page read and write

4D40000

heap

page execute and read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

C60000

heap

page read and write

3D4C000

heap

page read and write

4BFC000

trusted library allocation

page read and write

4BCE000

stack

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

623E000

stack

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

5DFE000

stack

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

4B0E000

trusted library allocation

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

51B0000

trusted library allocation

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

26E9000

trusted library allocation

page read and write

267E000

stack

page read and write

3A8E000

heap

page read and write

A00000

trusted library allocation

page read and write

3D4C000

heap

page read and write

8B5000

heap

page read and write

3D4C000

heap

page read and write

508E000

stack

page read and write

3D4C000

heap

page read and write

C2B000

trusted library allocation

page execute and read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

586F000

stack

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

4C03000

heap

page read and write

4C10000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

C25000

trusted library allocation

page execute and read and write

3D4C000

heap

page read and write

5A70000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

67A0000

heap

page read and write

A0D000

trusted library allocation

page execute and read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

C1A000

trusted library allocation

page execute and read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

36E1000

trusted library allocation

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

C12000

trusted library allocation

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

AE6000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D32000

heap

page read and write

400000

unkown

page readonly

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

2701000

trusted library allocation

page read and write

3D4C000

heap

page read and write

5C50000

trusted library allocation

page read and write

64C0000

trusted library allocation

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

4B0B000

trusted library allocation

page read and write

3D22000

heap

page read and write

5156000

trusted library allocation

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

9FD000

trusted library allocation

page execute and read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

482000

unkown

page readonly

4B21000

trusted library allocation

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

5150000

trusted library allocation

page read and write

4BF0000

trusted library allocation

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

E20000

trusted library allocation

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

4B32000

trusted library allocation

page read and write

3D22000

heap

page read and write

E30000

trusted library allocation

page read and write

A2E000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

4B00000

trusted library allocation

page read and write

3D22000

heap

page read and write

4B12000

trusted library allocation

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

2570000

heap

page execute and read and write

4BE9000

trusted library allocation

page read and write

3D4C000

heap

page read and write

420E000

heap

page read and write

3D22000

heap

page read and write

4BE0000

trusted library allocation

page read and write

24AE000

stack

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

A3A000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

A47000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

46BC000

stack

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

7F0F0000

trusted library allocation

page execute and read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

C22000

trusted library allocation

page read and write

710000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

5C47000

trusted library allocation

page read and write

5C3E000

stack

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

9F3000

trusted library allocation

page execute and read and write

3D4C000

heap

page read and write

51AD000

stack

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

A18000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

50CE000

stack

page read and write

4B06000

trusted library allocation

page read and write

850000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

24B8000

trusted library allocation

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

5BFE000

stack

page read and write

3D4C000

heap

page read and write

3CE000

system

page execute and read and write

4B2D000

trusted library allocation

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

2E31000

heap

page read and write

3D22000

heap

page read and write

4E4C000

stack

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

359000

stack

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

390000

system

page execute and read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

26CC000

trusted library allocation

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

613E000

stack

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

36A9000

trusted library allocation

page read and write

830000

heap

page read and write

4AB000

unkown

page readonly

E00000

trusted library allocation

page read and write

3D22000

heap

page read and write

E40000

trusted library allocation

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

6500000

trusted library allocation

page execute and read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

8B0000

heap

page read and write

3D4C000

heap

page read and write

5ACD000

heap

page read and write

ACC000

heap

page read and write

3D4C000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

26E7000

trusted library allocation

page read and write

3D22000

heap

page read and write

A44000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

3E01000

heap

page read and write

3D4C000

heap

page read and write

3D22000

heap

page read and write

3D4C000

heap

page read and write

9E0000

trusted library allocation

page read and write

3D4C000

heap

page read and write

5C40000

trusted library allocation

page read and write

3D22000

heap

page read and write

3D22000

heap

page read and write

C50000

trusted library allocation

page execute and read and write

26F5000

trusted library allocation

page read and write

3D4C000

heap

page read and write

There are 494 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
rOLZ579082-GHJ678992-PLRZ9000W029W00.exe

Files

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportrOLZ579082-GHJ678992-PLRZ9000W029W00.exe

Files

Processes

URLs

Domains

IPs

Memdumps

IOC Report
rOLZ579082-GHJ678992-PLRZ9000W029W00.exe