Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\1730537046a28265099d74997f6aaf573f6441587128b68a620c5fd7396901e33fe86509f2931.dat-decoded.exe

"C:\Users\user\Desktop\1730537046a28265099d74997f6aaf573f6441587128b68a620c5fd7396901e33fe86509f2931.dat-decoded.exe"

Details

Is windows:	false
Is dropped:	false
PID:	6900
Target ID:	0
Parent PID:	4084
Name:	1730537046a28265099d74997f6aaf573f6441587128b68a620c5fd7396901e33fe86509f2931.dat-decoded.exe
Path:	C:\Users\user\Desktop\1730537046a28265099d74997f6aaf573f6441587128b68a620c5fd7396901e33fe86509f2931.dat-decoded.exe
Commandline:	"C:\Users\user\Desktop\1730537046a28265099d74997f6aaf573f6441587128b68a620c5fd7396901e33fe86509f2931.dat-decoded.exe"
Size:	32768
MD5:	BE1159A311A95AE71088EDC986B697AE
Time:	04:46:30
Date:	02/11/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x90000
Modulesize:	49152
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Yara detected Njrat	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Machine Learning detection for sample	AV Detection
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

IPs

Domain

Country

Malicious

104.243.246.120

unknown

United States

Details

IP:	104.243.246.120
TargetID:	0
Current Path:	C:\Users\user\Desktop\1730537046a28265099d74997f6aaf573f6441587128b68a620c5fd7396901e33fe86509f2931.dat-decoded.exe
Country:	United States
Countrycode:	USA
ASN number:	3223
ASN name:	VOXILITYGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Registry

Path

Value

Malicious

HKEY_CURRENT_USER

HKEY_CURRENT_USER\SOFTWARE\1df325350b784c

[kl]

Memdumps

Base Address

Regiontype

Protect

Malicious

92000

unkown

page readonly

49AC000

stack

page read and write

8F0000

heap

page read and write

682000

trusted library allocation

page execute and read and write

67A000

trusted library allocation

page execute and read and write

C60000

trusted library allocation

page read and write

98000

unkown

page readonly

7A0000

trusted library allocation

page execute and read and write

496B000

stack

page read and write

75C000

stack

page read and write

6CB000

trusted library allocation

page execute and read and write

6A7000

trusted library allocation

page execute and read and write

660000

trusted library allocation

page read and write

49E9000

stack

page read and write

4CCE000

unkown

page read and write

180000

heap

page read and write

1E0000

heap

page execute and read and write

190000

heap

page read and write

620000

heap

page read and write

4A50000

unclassified section

page read and write

4AC0000

heap

page read and write

C90000

heap

page read and write

A20000

heap

page read and write

690000

heap

page read and write

4798000

trusted library allocation

page read and write

C1E000

stack

page read and write

91B000

heap

page read and write

2791000

trusted library allocation

page read and write

85E000

heap

page read and write

6C7000

trusted library allocation

page execute and read and write

920000

heap

page read and write

790000

heap

page read and write

6C2000

trusted library allocation

page read and write

2794000

trusted library allocation

page read and write

492D000

stack

page read and write

680000

trusted library allocation

page read and write

5050000

heap

page read and write

C5C000

stack

page read and write

4AB0000

trusted library allocation

page execute and read and write

4FE0000

heap

page read and write

1DE000

stack

page read and write

672000

trusted library allocation

page execute and read and write

82E000

heap

page read and write

910000

heap

page read and write

70E000

stack

page read and write

3791000

trusted library allocation

page read and write

68A000

trusted library allocation

page execute and read and write

4F9000

stack

page read and write

4F6000

stack

page read and write

810000

trusted library allocation

page read and write

27E5000

trusted library allocation

page read and write

6B2000

trusted library allocation

page execute and read and write

780000

trusted library allocation

page read and write

4AC3000

heap

page read and write

C70000

trusted library allocation

page execute and read and write

6BA000

trusted library allocation

page execute and read and write

90000

unkown

page readonly

4BCE000

stack

page read and write

7F3C0000

trusted library allocation

page execute and read and write

E30000

heap

page read and write

82B000

heap

page read and write

8E6000

heap

page read and write

4AAE000

stack

page read and write

6AA000

trusted library allocation

page execute and read and write

820000

heap

page read and write

696000

heap

page read and write

A30000

heap

page read and write

2809000

trusted library allocation

page read and write

129000

stack

page read and write

4FB0000

heap

page read and write

There are 60 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
1730537046a28265099d74997f6aaf573f6441587128b68a620c5fd7396901e33fe86509f2931.dat-decoded.exe

Processes

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report1730537046a28265099d74997f6aaf573f6441587128b68a620c5fd7396901e33fe86509f2931.dat-decoded.exe

Processes

IPs

Registry

Memdumps

IOC Report
1730537046a28265099d74997f6aaf573f6441587128b68a620c5fd7396901e33fe86509f2931.dat-decoded.exe