Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

114117914 - Rebound Electronics.exe

PE32 executable (GUI) Intel 80386, for MS Windows

initial sample

Details

Filetype:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	6.96129693013498
Filename:	114117914 - Rebound Electronics.exe
Filesize:	1069056
MD5:	f336089abf758f7bb565ebd1366e2ad2
SHA1:	3e5ee53a5014900cef867428b99d92567669bf7f
SHA256:	69e4226931e9735180c32894ac2e0604fc2c9e820781d3fc79b96451ca738072
SHA512:	96c866c68314876afe0a7fd54e6124b0899916cc456099354e217a67ffdbef6235003d34262545fc58bd29658ebb2818d07876127f30a4e120ecb197c9d97b4a
SSDEEP:	24576:Ztb20pkaCqT5TBWgNQ7ajzpeVKp/teALURW6A:qVg5tQ7ajiKp17N5
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........d..............'.a.....H.k.....H.h.....H.i......}%......}5...............~.......k.......o.......1.......j.....Rich...........

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection	Disable or Modify Tools
Binary is likely a compiled AutoIt script file	System Summary	Security Software Discovery
Machine Learning detection for sample	AV Detection
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Disable or Modify Tools Security Software Discovery
Switches to a custom stack to bypass stack traces	Malware Analysis System Evasion
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Disable or Modify Tools
Contains functionality for read data from the clipboard	Key, Mouse, Clipboard, Microphone and Screen Capturing	Clipboard Data
Contains functionality to block mouse and keyboard input (often used to hinder debugging)	Anti Debugging	Disable or Modify Tools
Contains functionality to check if a debugger is running (IsDebuggerPresent)	Anti Debugging	Security Software Discovery
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)	Anti Debugging
Contains functionality to check if a window is minimized (may be used to check if an application is visible)	Hooking and other Techniques for Hiding and Protection	Security Software Discovery Application Window Discovery
Contains functionality to communicate with device drivers	System Summary
Contains functionality to dynamically determine API calls	Data Obfuscation, Anti Debugging
Contains functionality to execute programs as a different user	HIPS / PFW / Operating System Protection Evasion	Disable or Modify Tools
Contains functionality to launch a process as a different user	System Summary	Valid Accounts Access Token Manipulation
Contains functionality to launch a program with higher privileges	HIPS / PFW / Operating System Protection Evasion	Exploitation for Privilege Escalation
Contains functionality to modify clipboard data	Key, Mouse, Clipboard, Microphone and Screen Capturing	Process Discovery
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)	Remote Access Functionality
Contains functionality to query CPU information (cpuid)	Language, Device and Operating System Detection	Disable or Modify Tools
Contains functionality to read the PEB	Anti Debugging	Security Software Discovery
Contains functionality to read the clipboard data	Key, Mouse, Clipboard, Microphone and Screen Capturing	Disable or Modify Tools
Contains functionality to retrieve information about pressed keystrokes	Key, Mouse, Clipboard, Microphone and Screen Capturing	Input Capture
Contains functionality to shutdown / reboot the system	System Summary	System Shutdown/Reboot
Contains functionality to simulate keystroke presses	HIPS / PFW / Operating System Protection Evasion
Contains functionality to simulate mouse events	HIPS / PFW / Operating System Protection Evasion
Contains functionality which may be used to detect a debugger (GetProcessHeap)	Anti Debugging	Security Software Discovery
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Disable or Modify Tools
Detected potential crypto function	System Summary	System Time Discovery Process Discovery Archive Collected Data Encrypted Channel
Extensive use of GetProcAddress (often used to hide API calls)	Hooking and other Techniques for Hiding and Protection	Security Software Discovery
Found evaded block containing many API calls	Malware Analysis System Evasion	Disable or Modify Tools Process Discovery
Found evasive API chain (date check)	Malware Analysis System Evasion	Native API
Found large amount of non-executed APIs	Malware Analysis System Evasion	System Time Discovery
Found potential string decryption / allocating functions	System Summary	Deobfuscate/Decode Files or Information
OS version to string mapping found (often used in BOTs)	Stealing of Sensitive Information	Disable or Modify Tools System Shutdown/Reboot
Potential key logger detected (key state polling based)	Key, Mouse, Clipboard, Microphone and Screen Capturing	Disable or Modify Tools
Sample file is different than original file name gathered from version info	System Summary	Security Software Discovery System Shutdown/Reboot
Uses 32bit PE files	Compliance, System Summary	Disable or Modify Tools
Uses code obfuscation techniques (call, push, ret)	Data Obfuscation	Obfuscated Files or Information Security Software Discovery
.NET source code contains calls to encryption/decryption functions	System Summary	Security Software Discovery
Contains functionality for error logging	System Summary	Disable or Modify Tools
Contains functionality to add an ACL to a security descriptor	HIPS / PFW / Operating System Protection Evasion
Contains functionality to adjust token privileges (e.g. debug / backup)	System Summary
Contains functionality to check free disk space	System Summary
Contains functionality to create a new security descriptor	HIPS / PFW / Operating System Protection Evasion
Contains functionality to download additional files from the internet	Networking
Contains functionality to enum processes or threads	System Summary	Process Discovery
Contains functionality to enumerate / list files inside a directory	Spreading, Malware Analysis System Evasion	File and Directory Discovery
Contains functionality to instantiate COM classes	System Summary	Security Software Discovery
Contains functionality to load and extract PE file embedded resources	System Summary
Contains functionality to query local / system time	Language, Device and Operating System Detection
Contains functionality to query system information	Malware Analysis System Evasion	System Information Discovery
Contains functionality to query the account / user name	Language, Device and Operating System Detection	Account Discovery Security Software Discovery System Owner/User Discovery
Contains functionality to query time zone information	Language, Device and Operating System Detection	System Time Discovery
Contains functionality to query windows version	Language, Device and Operating System Detection
Contains functionality to register its own exception handler	Anti Debugging	Security Software Discovery
Creates temporary files	System Summary	Security Software Discovery
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection	Disable or Modify Tools
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Security Software Discovery
PE file has an executable .text section and no other executable section	System Summary
Program exit points	Malware Analysis System Evasion	Disable or Modify Tools
Reads software policies	System Summary
Sample is known by Antivirus	System Summary	Disable or Modify Tools
Tries to load missing DLLs	System Summary	DLL Side-Loading Disable or Modify Tools
PE file contains a valid data directory to section mapping	System Summary	Security Software Discovery
PE file contains a debug data directory	System Summary
PE file contains a mix of data directories often seen in goodware	System Summary
Submission file is bigger than most known malware samples	System Summary	Disable or Modify Tools

C:\Users\user\AppData\Local\Temp\Gehman

data

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\Gehman
Category:	dropped
Dump:	Gehman.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Users\user\Desktop\114117914 - Rebound Electronics.exe
Type:	data
Entropy:	6.978122878832643
Encrypted:	false
Ssdeep:	6144:Pd7W+iPXbrMXBBTTp786yWOs+g2YJpbVpVignsFJtOYS+STih4Jy8n27TDAkiDUH:PtWlToOTssTTziNUDQmu2ie
Size:	274944
Whitelisted:	false
Reputation:	low

C:\Users\user\AppData\Local\Temp\autA7C0.tmp

data

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\autA7C0.tmp
Category:	dropped
Dump:	autA7C0.tmp.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\114117914 - Rebound Electronics.exe
Type:	data
Entropy:	7.951202430520291
Encrypted:	false
Ssdeep:	3072:E1O0NKxROVdZ7Mvf3rgCsw1U7safDPEdE0FORVzs9MO:scOV/7MvfkCxCQafDPJ0FSYf
Size:	141798
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Creates temporary files	System Summary

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\114117914 - Rebound Electronics.exe

"C:\Users\user\Desktop\114117914 - Rebound Electronics.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7496
Target ID:	0
Parent PID:	2580
Name:	114117914 - Rebound Electronics.exe
Path:	C:\Users\user\Desktop\114117914 - Rebound Electronics.exe
Commandline:	"C:\Users\user\Desktop\114117914 - Rebound Electronics.exe"
Size:	1069056
MD5:	F336089ABF758F7BB565EBD1366E2AD2
Time:	04:11:57
Date:	20/11/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xc20000
Modulesize:	1093632
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Yara detected Telegram RAT	Stealing of Sensitive Information, Remote Access Functionality
Yara detected VIP Keylogger	Stealing of Sensitive Information, Remote Access Functionality
Binary is likely a compiled AutoIt script file	System Summary
Machine Learning detection for sample	AV Detection
Yara detected Generic Downloader	Networking
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
OS version to string mapping found (often used in BOTs)	Stealing of Sensitive Information
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Spawns processes	System Summary	Process Injection
PE file contains a valid data directory to section mapping	System Summary
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
PE file contains a mix of data directories often seen in goodware	System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

"C:\Users\user\Desktop\114117914 - Rebound Electronics.exe"

Details

Is windows:	true
Is dropped:	false
PID:	7520
Target ID:	1
Parent PID:	7496
Name:	RegSvcs.exe
Class:	system-tools
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Commandline:	"C:\Users\user\Desktop\114117914 - Rebound Electronics.exe"
Size:	45984
MD5:	9D352BC46709F0CB5EC974633A0C3C94
Time:	04:11:58
Date:	20/11/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0xd50000
Modulesize:	57344
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Yara detected Telegram RAT	Stealing of Sensitive Information, Remote Access Functionality
Yara detected VIP Keylogger	Stealing of Sensitive Information, Remote Access Functionality
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Process Injection
Yara detected Generic Downloader	Networking
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sigma detected: Suspicious Outbound SMTP Connections	System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://www.office.com/

unknown

https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:899552%0D%0ADate%20and%20Time:%2020/11/2024%20/%2021:02:20%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20899552%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D

149.154.167.220

https://api.telegram.org

unknown

https://api.telegram.org/bot

unknown

https://www.office.com/lB

unknown

https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:899552%0D%0ADate%20a

unknown

http://checkip.dyndns.org

unknown

https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016

unknown

https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17

unknown

https://api.telegram.org/bot/sendMessage?chat_id=&text=

unknown

https://chrome.google.com/webstore?hl=en

unknown

https://reallyfreegeoip.org/xml/8.46.123.75

188.114.97.3

http://varders.kozow.com:8081

unknown

http://aborters.duckdns.org:8081

unknown

http://checkip.dyndns.org/

132.226.247.73

http://51.38.247.67:8081/_send_.php?L

unknown

http://anotherarmy.dns.army:8081

unknown

http://panta.home.pl

unknown

https://reallyfreegeoip.org/xml/8.46.123.75$

unknown

https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install

unknown

http://checkip.dyndns.org/q

unknown

https://chrome.google.com/webstore?hl=enlB

unknown

https://reallyfreegeoip.org

unknown

https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

unknown

http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded

unknown

https://reallyfreegeoip.org/xml/

unknown

There are 17 hidden URLs, click here to show them.

Domains

Name

Malicious

panta.home.pl

188.128.134.93

Details

Name:	panta.home.pl
IP:	188.128.134.93
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Sigma detected: Suspicious Outbound SMTP Connections	System Summary
Uses SMTP (mail sending)	Networking	Application Layer Protocol
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

reallyfreegeoip.org

188.114.97.3

Details

Name:	reallyfreegeoip.org
IP:	188.114.97.3
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Tries to detect the country of the analysis system (by using the IP)	Location Tracking
HTTP GET or POST without a user agent	Networking
May check the online IP address of the machine	Networking	System Network Configuration Discovery
Suricata IDS alerts with low severity for network traffic	Networking
Uses insecure TLS / SSL version for HTTPS connection	Compliance, Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

api.telegram.org

149.154.167.220

Details

Name:	api.telegram.org
IP:	149.154.167.220
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Uses the Telegram API (likely for C&C communication)	Networking	Web Service
HTTP GET or POST without a user agent	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

checkip.dyndns.com

132.226.247.73

checkip.dyndns.org

unknown

Details

Name:	checkip.dyndns.org
TargetID:	-1
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
May check the online IP address of the machine	Networking	System Network Configuration Discovery
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

188.128.134.93

panta.home.pl

Poland

Details

IP:	188.128.134.93
TargetID:	1
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Country:	Poland
Countrycode:	POL
ASN number:	12824
ASN name:	HOMEPL-ASPL
Private:	false
Domain:	panta.home.pl

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Sigma detected: Suspicious Outbound SMTP Connections	System Summary
Uses SMTP (mail sending)	Networking	Application Layer Protocol

149.154.167.220

api.telegram.org

United Kingdom

Details

IP:	149.154.167.220
TargetID:	1
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Country:	United Kingdom
Countrycode:	GBR
ASN number:	62041
ASN name:	TELEGRAMRU
Private:	false
Domain:	api.telegram.org

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

188.114.97.3

reallyfreegeoip.org

European Union

Details

IP:	188.114.97.3
TargetID:	1
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Country:	European Union
Countrycode:	EU
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	reallyfreegeoip.org

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts with low severity for network traffic	Networking
Uses insecure TLS / SSL version for HTTPS connection	Compliance, Networking

132.226.247.73

checkip.dyndns.com

United States

Details

IP:	132.226.247.73
TargetID:	1
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Country:	United States
Countrycode:	USA
ASN number:	16989
ASN name:	UTMEMUS
Private:	false
Domain:	checkip.dyndns.com

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts with low severity for network traffic	Networking

Registry

Path

Value

Malicious

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32

EnableFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32

EnableAutoFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32

FileTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32

ConsoleTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32

MaxFileSize

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32

FileDirectory

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS

EnableFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS

EnableAutoFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS

FileTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS

ConsoleTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS

MaxFileSize

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS

FileDirectory

There are 5 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

30B4000

trusted library allocation

page read and write

402000

system

page execute and read and write

3DE0000

direct allocation

page read and write

2F31000

trusted library allocation

page read and write

44ED000

direct allocation

page read and write

15D0000

heap

page execute and read and write

3113000

trusted library allocation

page read and write

2FDD000

trusted library allocation

page read and write

1200000

trusted library allocation

page read and write

63FE000

stack

page read and write

413C000

trusted library allocation

page read and write

11A0000

heap

page read and write

33FE000

trusted library allocation

page read and write

CCE000

unkown

page readonly

55C0000

heap

page execute and read and write

6AF0000

trusted library allocation

page execute and read and write

428D000

trusted library allocation

page read and write

4393000

direct allocation

page read and write

3346000

trusted library allocation

page read and write

165D000

stack

page read and write

41B6000

trusted library allocation

page read and write

6AC0000

trusted library allocation

page read and write

125A000

stack

page read and write

4068000

trusted library allocation

page read and write

30CB000

trusted library allocation

page read and write

3E40000

heap

page read and write

6C07000

trusted library allocation

page read and write

1912000

heap

page read and write

3DC0000

heap

page read and write

44ED000

direct allocation

page read and write

41BA000

trusted library allocation

page read and write

40E8000

trusted library allocation

page read and write

1A55000

heap

page read and write

45AE000

direct allocation

page read and write

1969000

heap

page read and write

6BF0000

trusted library allocation

page read and write

2FF2000

trusted library allocation

page read and write

2F82000

trusted library allocation

page read and write

1A55000

heap

page read and write

33A2000

trusted library allocation

page read and write

3117000

trusted library allocation

page read and write

123E000

heap

page read and write

6AE0000

trusted library allocation

page execute and read and write

4024000

trusted library allocation

page read and write

4078000

trusted library allocation

page read and write

67FE000

stack

page read and write

3145000

trusted library allocation

page read and write

18CE000

heap

page read and write

43C0000

direct allocation

page read and write

4410000

direct allocation

page read and write

4206000

trusted library allocation

page read and write

68FE000

stack

page read and write

DEA000

stack

page read and write

197A000

heap

page read and write

CAD000

unkown

page readonly

2F10000

trusted library allocation

page read and write

CE4000

unkown

page readonly

188A000

heap

page read and write

44E9000

direct allocation

page read and write

18CA000

heap

page read and write

6BE0000

trusted library allocation

page read and write

1510000

trusted library allocation

page read and write

697E000

stack

page read and write

3F31000

trusted library allocation

page read and write

4016000

trusted library allocation

page read and write

407F000

trusted library allocation

page read and write

4227000

trusted library allocation

page read and write

4124000

trusted library allocation

page read and write

30EA000

trusted library allocation

page read and write

4050000

trusted library allocation

page read and write

3FF3000

trusted library allocation

page read and write

553E000

trusted library allocation

page read and write

552B000

trusted library allocation

page read and write

3250000

trusted library allocation

page read and write

421E000

trusted library allocation

page read and write

15E0000

heap

page read and write

4204000

trusted library allocation

page read and write

4295000

trusted library allocation

page read and write

3E44000

heap

page read and write

4229000

trusted library allocation

page read and write

150A000

trusted library allocation

page execute and read and write

5552000

trusted library allocation

page read and write

C20000

unkown

page readonly

18CA000

heap

page read and write

11B0000

heap

page read and write

3F59000

trusted library allocation

page read and write

4278000

trusted library allocation

page read and write

2FAC000

trusted library allocation

page read and write

552E000

trusted library allocation

page read and write

1204000

trusted library allocation

page read and write

591D000

stack

page read and write

41C2000

trusted library allocation

page read and write

44E9000

direct allocation

page read and write

311B000

trusted library allocation

page read and write

1512000

trusted library allocation

page read and write

400A000

trusted library allocation

page read and write

16C0000

heap

page read and write

5520000

trusted library allocation

page read and write

4018000

trusted library allocation

page read and write

18C0000

heap

page read and write

45AE000

direct allocation

page read and write

317E000

trusted library allocation

page read and write

10F7000

stack

page read and write

12A4000

heap

page read and write

3018000

trusted library allocation

page read and write

4410000

direct allocation

page read and write

6C20000

trusted library allocation

page read and write

CDA000

unkown

page write copy

40DF000

trusted library allocation

page read and write

4287000

trusted library allocation

page read and write

18CA000

heap

page read and write

1517000

trusted library allocation

page execute and read and write

1228000

heap

page read and write

4270000

direct allocation

page read and write

1203000

trusted library allocation

page execute and read and write

66B1000

heap

page read and write

4066000

trusted library allocation

page read and write

5513000

heap

page read and write

4012000

trusted library allocation

page read and write

157E000

stack

page read and write

45AE000

direct allocation

page read and write

1530000

trusted library allocation

page read and write

55D0000

trusted library allocation

page read and write

41AE000

trusted library allocation

page read and write

6C00000

trusted library allocation

page read and write

162F000

stack

page read and write

3126000

trusted library allocation

page read and write

30C4000

trusted library allocation

page read and write

18CE000

heap

page read and write

18CE000

heap

page read and write

163B000

stack

page read and write

18BE000

heap

page read and write

4393000

direct allocation

page read and write

2FE5000

trusted library allocation

page read and write

64FE000

stack

page read and write

1500000

trusted library allocation

page read and write

4118000

trusted library allocation

page read and write

C21000

unkown

page execute read

6BE5000

trusted library allocation

page read and write

30E6000

trusted library allocation

page read and write

1750000

heap

page read and write

428A000

trusted library allocation

page read and write

666E000

heap

page read and write

6B00000

trusted library allocation

page execute and read and write

3FF1000

trusted library allocation

page read and write

55E6000

trusted library allocation

page read and write

2FA8000

trusted library allocation

page read and write

42CB000

trusted library allocation

page read and write

2EEE000

stack

page read and write

453D000

direct allocation

page read and write

33D0000

trusted library allocation

page read and write

44E9000

direct allocation

page read and write

427D000

trusted library allocation

page read and write

453D000

direct allocation

page read and write

554D000

trusted library allocation

page read and write

119E000

stack

page read and write

314E000

trusted library allocation

page read and write

41A7000

trusted library allocation

page read and write

3121000

trusted library allocation

page read and write

3318000

trusted library allocation

page read and write

4539000

direct allocation

page read and write

328F000

trusted library allocation

page read and write

1600000

heap

page read and write

5532000

trusted library allocation

page read and write

2F9A000

trusted library allocation

page read and write

5AB0000

trusted library allocation

page read and write

4196000

heap

page read and write

207E000

stack

page read and write

11F0000

trusted library allocation

page read and write

6ABF000

stack

page read and write

69BE000

stack

page read and write

56A0000

heap

page read and write

41E6000

trusted library allocation

page read and write

4343000

direct allocation

page read and write

42D2000

trusted library allocation

page read and write

6C60000

heap

page read and write

5A1E000

stack

page read and write

455E000

direct allocation

page read and write

67BF000

stack

page read and write

55F0000

trusted library allocation

page read and write

C20000

unkown

page readonly

6C40000

trusted library allocation

page execute and read and write

44ED000

direct allocation

page read and write

4539000

direct allocation

page read and write

4220000

direct allocation

page read and write

1256000

heap

page read and write

1220000

heap

page read and write

1506000

trusted library allocation

page execute and read and write

CE4000

unkown

page readonly

1969000

heap

page read and write

4271000

trusted library allocation

page read and write

2FD1000

trusted library allocation

page read and write

4003000

trusted library allocation

page read and write

C21000

unkown

page execute read

42A0000

trusted library allocation

page read and write

124A000

heap

page read and write

3F9D000

trusted library allocation

page read and write

4197000

trusted library allocation

page read and write

7160000

heap

page read and write

4191000

trusted library allocation

page read and write

3F3B000

trusted library allocation

page read and write

4195000

trusted library allocation

page read and write

196A000

heap

page read and write

1951000

heap

page read and write

1931000

heap

page read and write

42B5000

trusted library allocation

page read and write

3F53000

trusted library allocation

page read and write

55E4000

trusted library allocation

page read and write

41BE000

trusted library allocation

page read and write

1A53000

heap

page read and write

14F0000

trusted library allocation

page read and write

151B000

trusted library allocation

page execute and read and write

6BE2000

trusted library allocation

page read and write

5560000

trusted library allocation

page read and write

4270000

direct allocation

page read and write

3220000

trusted library allocation

page read and write

4F38000

trusted library allocation

page read and write

4257000

trusted library allocation

page read and write

4393000

direct allocation

page read and write

4042000

trusted library allocation

page read and write

40EA000

trusted library allocation

page read and write

30E2000

trusted library allocation

page read and write

130A000

heap

page read and write

4343000

direct allocation

page read and write

6B70000

trusted library allocation

page read and write

3119000

trusted library allocation

page read and write

1515000

trusted library allocation

page execute and read and write

41C8000

trusted library allocation

page read and write

401E000

trusted library allocation

page read and write

41F4000

trusted library allocation

page read and write

2EF0000

trusted library allocation

page read and write

171E000

stack

page read and write

2F20000

heap

page read and write

30F0000

trusted library allocation

page read and write

30E8000

trusted library allocation

page read and write

303D000

trusted library allocation

page read and write

4539000

direct allocation

page read and write

16D0000

heap

page read and write

6C10000

trusted library allocation

page read and write

6B94000

trusted library allocation

page read and write

6BA0000

trusted library allocation

page execute and read and write

4062000

trusted library allocation

page read and write

5510000

heap

page read and write

40C7000

trusted library allocation

page read and write

2EAE000

stack

page read and write

41CA000

trusted library allocation

page read and write

4220000

direct allocation

page read and write

400000

system

page execute and read and write

31AE000

trusted library allocation

page read and write

2FE9000

trusted library allocation

page read and write

2FD9000

trusted library allocation

page read and write

14EE000

stack

page read and write

66A5000

heap

page read and write

6640000

heap

page read and write

55FD000

trusted library allocation

page read and write

43C0000

direct allocation

page read and write

2FD5000

trusted library allocation

page read and write

186E000

stack

page read and write

4026000

trusted library allocation

page read and write

4270000

direct allocation

page read and write

2F00000

trusted library allocation

page read and write

43C0000

direct allocation

page read and write

2F8F000

trusted library allocation

page read and write

6B80000

trusted library allocation

page read and write

6B60000

trusted library allocation

page execute and read and write

5AA0000

trusted library allocation

page execute and read and write

1A56000

heap

page read and write

5AC0000

trusted library allocation

page execute and read and write

553A000

trusted library allocation

page read and write

1150000

heap

page read and write

342D000

trusted library allocation

page read and write

30F5000

trusted library allocation

page read and write

247E000

stack

page read and write

2510000

heap

page read and write

4087000

trusted library allocation

page read and write

4060000

trusted library allocation

page read and write

18CA000

heap

page read and write

2FE1000

trusted library allocation

page read and write

6BB6000

trusted library allocation

page read and write

42BB000

trusted library allocation

page read and write

15C0000

trusted library allocation

page execute and read and write

1880000

heap

page read and write

CDF000

unkown

page write copy

6AD0000

trusted library allocation

page execute and read and write

2FEE000

trusted library allocation

page read and write

18C7000

heap

page read and write

50CE000

stack

page read and write

55EA000

trusted library allocation

page read and write

18C9000

heap

page execute and read and write

426C000

trusted library allocation

page read and write

2FA4000

trusted library allocation

page read and write

42AE000

trusted library allocation

page read and write

66DD000

heap

page read and write

3374000

trusted library allocation

page read and write

1502000

trusted library allocation

page read and write

161C000

stack

page read and write

5541000

trusted library allocation

page read and write

32BD000

trusted library allocation

page read and write

CDA000

unkown

page read and write

11B5000

heap

page read and write

14FD000

trusted library allocation

page execute and read and write

3FED000

trusted library allocation

page read and write

42DA000

trusted library allocation

page read and write

1999000

heap

page read and write

41BC000

trusted library allocation

page read and write

453D000

direct allocation

page read and write

550E000

stack

page read and write

5546000

trusted library allocation

page read and write

CCE000

unkown

page readonly

4410000

direct allocation

page read and write

CAD000

unkown

page readonly

693E000

stack

page read and write

120D000

trusted library allocation

page execute and read and write

42B9000

trusted library allocation

page read and write

1295000

heap

page read and write

32EA000

trusted library allocation

page read and write

4220000

direct allocation

page read and write

5526000

trusted library allocation

page read and write

663E000

stack

page read and write

455E000

direct allocation

page read and write

1907000

heap

page read and write

653E000

stack

page read and write

15BC000

stack

page read and write

41C6000

trusted library allocation

page read and write

4343000

direct allocation

page read and write

455E000

direct allocation

page read and write

188E000

heap

page read and write

18F3000

heap

page read and write

18CA000

heap

page read and write

4022000

trusted library allocation

page read and write

677D000

stack

page read and write

1210000

heap

page read and write

66A8000

heap

page read and write

There are 323 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
114117914 - Rebound Electronics.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report114117914 - Rebound Electronics.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
114117914 - Rebound Electronics.exe