Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\file.exe

"C:\Users\user\Desktop\file.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7148
Target ID:	0
Parent PID:	2580
Name:	file.exe
Path:	C:\Users\user\Desktop\file.exe
Commandline:	"C:\Users\user\Desktop\file.exe"
Size:	1798656
MD5:	3FEEA8FF886F1FC0D57DA4A2B3A109BA
Time:	21:04:02
Date:	23/11/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x440000
Modulesize:	6909952
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Detected unpacking (changes PE section rights)	Data Obfuscation	Software Packing
Yara detected Powershell download and execute	HIPS / PFW / Operating System Protection Evasion
Yara detected Stealc	Stealing of Sensitive Information, Remote Access Functionality
Machine Learning detection for sample	AV Detection
PE file contains section with special chars	System Summary
PE file contains an invalid checksum	Data Obfuscation
PE file contains sections with non-standard names	Data Obfuscation
Uses 32bit PE files	Compliance, System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011)	System Summary	Software Packing
PE file has a high occurrence of arithmetic instructions at the PE entrypoint (possbibily packed)	System Summary	Obfuscated Files or Information
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
PE file has a big raw section	System Summary
Submission file is bigger than most known malware samples	System Summary

URLs

Name

Malicious

http://185.215.113.206/c4becf79229cb002.php

185.215.113.206

Details

Name:	http://185.215.113.206/c4becf79229cb002.php
IP:	185.215.113.206
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\file.exe
Source:	network
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
HTTP GET or POST without a user agent	Networking
IP address seen in connection with other malware	Networking
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

http://185.215.113.206/c4becf79229cb002.php/i

unknown

http://185.215.113.206k

unknown

http://185.215.113.206/c4becf79229cb002.php/G

unknown

http://185.215.113.206/

185.215.113.206

Details

Name:	http://185.215.113.206/
IP:	185.215.113.206
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\file.exe
Source:	network
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
HTTP GET or POST without a user agent	Networking
IP address seen in connection with other malware	Networking
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

http://185.215.113.206

unknown

Details

Name:	http://185.215.113.206
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\file.exe
Source:	file.exe, 00000000.00000002.1745302032.000000000156E000.00000004.00000020.00020000.00000000.sdmp
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

http://185.215.113.206/c4becf79229cb002.phpy;

unknown

http://185.215.113.206/5zm$

unknown

185.215.113.206/c4becf79229cb002.php

Details

Name:	185.215.113.206/c4becf79229cb002.php
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\file.exe
Source:	config extractor
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

185.215.113.206

unknown

Portugal

Details

IP:	185.215.113.206
TargetID:	0
Current Path:	C:\Users\user\Desktop\file.exe
Country:	Portugal
Countrycode:	PRT
ASN number:	206894
ASN name:	WHOLESALECONNECTIONSNL
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
HTTP GET or POST without a user agent	Networking
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

441000

unkown

page execute and read and write

156E000

heap

page read and write

5180000

direct allocation

page read and write

4D01000

heap

page read and write

1510000

direct allocation

page read and write

407F000

stack

page read and write

1404000

heap

page read and write

1404000

heap

page read and write

4D01000

heap

page read and write

1404000

heap

page read and write

1D12E000

stack

page read and write

1D22F000

stack

page read and write

1D8A4000

heap

page read and write

52C0000

heap

page read and write

393E000

stack

page read and write

353F000

stack

page read and write

1404000

heap

page read and write

4D01000

heap

page read and write

1568000

heap

page read and write

1404000

heap

page read and write

1404000

heap

page read and write

4D01000

heap

page read and write

1404000

heap

page read and write

4D01000

heap

page read and write

1404000

heap

page read and write

497E000

stack

page read and write

357E000

stack

page read and write

1510000

direct allocation

page read and write

1404000

heap

page read and write

343E000

stack

page read and write

3BBE000

stack

page read and write

4D01000

heap

page read and write

4D01000

heap

page read and write

4ABE000

stack

page read and write

1560000

heap

page read and write

4D01000

heap

page read and write

1510000

direct allocation

page read and write

1404000

heap

page read and write

4D01000

heap

page read and write

1404000

heap

page read and write

303F000

stack

page read and write

4D01000

heap

page read and write

4D01000

heap

page read and write

51BE000

stack

page read and write

5310000

direct allocation

page execute and read and write

68A000

unkown

page read and write

15B2000

heap

page read and write

38FF000

stack

page read and write

4D01000

heap

page read and write

13CE000

stack

page read and write

3F7E000

stack

page read and write

1540000

heap

page read and write

3E3E000

stack

page read and write

1404000

heap

page read and write

4D01000

heap

page read and write

1404000

heap

page read and write

3CFE000

stack

page read and write

1510000

direct allocation

page read and write

4EF000

unkown

page execute and read and write

926000

unkown

page execute and read and write

52BF000

stack

page read and write

4D01000

heap

page read and write

1404000

heap

page read and write

1510000

direct allocation

page read and write

4D01000

heap

page read and write

1530000

direct allocation

page read and write

4D01000

heap

page read and write

4BBF000

stack

page read and write

678000

unkown

page execute and read and write

4D01000

heap

page read and write

1D5FC000

stack

page read and write

4D01000

heap

page read and write

3DFF000

stack

page read and write

3A3F000

stack

page read and write

1510000

direct allocation

page read and write

1D3AE000

stack

page read and write

13F0000

heap

page read and write

1404000

heap

page read and write

4D01000

heap

page read and write

4D01000

heap

page read and write

46FE000

stack

page read and write

1404000

heap

page read and write

1D63E000

stack

page read and write

1404000

heap

page read and write

440000

unkown

page readonly

1404000

heap

page read and write

4D01000

heap

page read and write

4D01000

heap

page read and write

1240000

heap

page read and write

37BE000

stack

page read and write

4D01000

heap

page read and write

1510000

direct allocation

page read and write

441000

unkown

page execute and write copy

2F3E000

stack

page read and write

4D20000

heap

page read and write

8F8000

unkown

page execute and read and write

4D01000

heap

page read and write

EDC000

stack

page read and write

1404000

heap

page read and write

4D01000

heap

page read and write

31BE000

stack

page read and write

4D01000

heap

page read and write

1D89F000

stack

page read and write

150F000

stack

page read and write

1CFEE000

stack

page read and write

1D36E000

stack

page read and write

1404000

heap

page read and write

1404000

heap

page read and write

1404000

heap

page read and write

4D01000

heap

page read and write

4D17000

heap

page read and write

4D01000

heap

page read and write

32BF000

stack

page read and write

935000

unkown

page execute and read and write

440000

unkown

page read and write

1D73E000

stack

page read and write

1404000

heap

page read and write

4D01000

heap

page read and write

47FF000

stack

page read and write

1510000

direct allocation

page read and write

935000

unkown

page execute and write copy

1510000

direct allocation

page read and write

1404000

heap

page read and write

1400000

heap

page read and write

3B7F000

stack

page read and write

4D01000

heap

page read and write

443E000

stack

page read and write

4D01000

heap

page read and write

40BE000

stack

page read and write

4D01000

heap

page read and write

4D01000

heap

page read and write

4BFE000

stack

page read and write

52C0000

direct allocation

page execute and read and write

1D4AF000

stack

page read and write

1D0EF000

stack

page read and write

4D01000

heap

page read and write

1404000

heap

page read and write

1404000

heap

page read and write

68C000

unkown

page execute and read and write

1D79E000

stack

page read and write

41FE000

stack

page read and write

1404000

heap

page read and write

4D01000

heap

page read and write

4D01000

heap

page read and write

1547000

heap

page read and write

4D01000

heap

page read and write

1404000

heap

page read and write

1404000

heap

page read and write

46BF000

stack

page read and write

936000

unkown

page execute and write copy

4D00000

heap

page read and write

52F0000

direct allocation

page execute and read and write

41BF000

stack

page read and write

477000

unkown

page execute and read and write

4D01000

heap

page read and write

32FE000

stack

page read and write

493F000

stack

page read and write

1404000

heap

page read and write

457E000

stack

page read and write

15B4000

heap

page read and write

3A7E000

stack

page read and write

AD3000

unkown

page execute and read and write

4A7F000

stack

page read and write

4D01000

heap

page read and write

447E000

stack

page read and write

367F000

stack

page read and write

4D01000

heap

page read and write

52F0000

direct allocation

page execute and read and write

3CBF000

stack

page read and write

5300000

direct allocation

page execute and read and write

33FF000

stack

page read and write

4CFF000

stack

page read and write

4D01000

heap

page read and write

1510000

direct allocation

page read and write

1404000

heap

page read and write

4D01000

heap

page read and write

36BE000

stack

page read and write

15E9000

heap

page read and write

68A000

unkown

page write copy

4D01000

heap

page read and write

483E000

stack

page read and write

4D01000

heap

page read and write

4D01000

heap

page read and write

1530000

direct allocation

page read and write

FDE000

stack

page read and write

52E0000

direct allocation

page execute and read and write

1404000

heap

page read and write

1530000

direct allocation

page read and write

4D6000

unkown

page execute and read and write

1D8A0000

heap

page read and write

4D01000

heap

page read and write

15B0000

heap

page read and write

4E00000

trusted library allocation

page read and write

FD5000

stack

page read and write

1D26E000

stack

page read and write

816000

unkown

page execute and read and write

52D0000

direct allocation

page execute and read and write

15E2000

heap

page read and write

4D01000

heap

page read and write

45BE000

stack

page read and write

4D01000

heap

page read and write

4D01000

heap

page read and write

433E000

stack

page read and write

1404000

heap

page read and write

1404000

heap

page read and write

91F000

unkown

page execute and read and write

1D4FD000

stack

page read and write

4D01000

heap

page read and write

37FE000

stack

page read and write

1320000

heap

page read and write

4D01000

heap

page read and write

1510000

direct allocation

page read and write

1404000

heap

page read and write

1510000

direct allocation

page read and write

4CE000

unkown

page execute and read and write

4D01000

heap

page read and write

51B6000

direct allocation

page read and write

138E000

stack

page read and write

317F000

stack

page read and write

4D01000

heap

page read and write

42FF000

stack

page read and write

1404000

heap

page read and write

1510000

direct allocation

page read and write

175F000

stack

page read and write

4D01000

heap

page read and write

15C7000

heap

page read and write

3F3F000

stack

page read and write

1404000

heap

page read and write

1404000

heap

page read and write

4D10000

heap

page read and write

4D01000

heap

page read and write

307C000

stack

page read and write

1404000

heap

page read and write

1404000

heap

page read and write

1510000

direct allocation

page read and write

1404000

heap

page read and write

AD4000

unkown

page execute and write copy

There are 227 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
file.exe

Processes

URLs

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportfile.exe

Processes

URLs

IPs

Memdumps

IOC Report
file.exe