Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\file.exe

"C:\Users\user\Desktop\file.exe"

Details

Is windows:	false
Is dropped:	false
PID:	6444
Target ID:	1
Parent PID:	4056
Name:	file.exe
Path:	C:\Users\user\Desktop\file.exe
Commandline:	"C:\Users\user\Desktop\file.exe"
Size:	1852416
MD5:	64F25A20BC6A8730E6D230E5D63DAC8E
Time:	22:20:17
Date:	23/11/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x580000
Modulesize:	4829184
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Detected unpacking (changes PE section rights)	Data Obfuscation	Software Packing
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
PE file contains section with special chars	System Summary
PE file contains an invalid checksum	Data Obfuscation
PE file contains sections with non-standard names	Data Obfuscation
Uses 32bit PE files	Compliance, System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011)	System Summary	Software Packing
PE file has a high occurrence of arithmetic instructions at the PE entrypoint (possbibily packed)	System Summary	Obfuscated Files or Information
Sample is known by Antivirus	System Summary
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
Sample reads its own file content	System Summary
PE file has a big raw section	System Summary
Submission file is bigger than most known malware samples	System Summary

URLs

Name

Malicious

https://property-imper.sbs/api6

unknown

Details

Name:	https://property-imper.sbs/api6
TargetID:	1
From Memory:	true
Current Path:	C:\Users\user\Desktop\file.exe
Source:	file.exe, 00000001.00000002.1447078609.000000000116F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1401010991.0000000001117000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1402955652.000000000116D000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

https://property-imper.sbs/

unknown

Details

Name:	https://property-imper.sbs/
TargetID:	1
From Memory:	true
Current Path:	C:\Users\user\Desktop\file.exe
Source:	file.exe, 00000001.00000003.1401010991.0000000001117000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1407874228.0000000001119000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1402955652.000000000116D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1446968605.000000000111A000.00000004.00000020.00020000.00000000.sdmp
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

https://property-imper.sbs/api

104.21.33.116

Details

Name:	https://property-imper.sbs/api
IP:	104.21.33.116
TargetID:	1
From Memory:	false
Current Path:	C:\Users\user\Desktop\file.exe
Source:	network
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
IP address seen in connection with other malware	Networking
Suricata IDS alerts with low severity for network traffic	Networking
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

Domains

Name

Malicious

property-imper.sbs

104.21.33.116

Details

Name:	property-imper.sbs
IP:	104.21.33.116
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Suricata IDS alerts with low severity for network traffic	Networking
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

IPs

Domain

Country

Malicious

104.21.33.116

property-imper.sbs

United States

Details

IP:	104.21.33.116
TargetID:	1
Current Path:	C:\Users\user\Desktop\file.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	property-imper.sbs

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Suricata IDS alerts with low severity for network traffic	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

48C1000

heap

page read and write

117E000

heap

page read and write

2BCF000

stack

page read and write

1101000

heap

page read and write

83F000

unkown

page execute and read and write

387F000

stack

page read and write

48C1000

heap

page read and write

4F10000

direct allocation

page execute and read and write

F70000

heap

page read and write

2EBE000

stack

page read and write

4D50000

direct allocation

page read and write

4D50000

direct allocation

page read and write

10A0000

direct allocation

page read and write

87C000

unkown

page execute and read and write

10F5000

heap

page read and write

2C0B000

stack

page read and write

581000

unkown

page execute and write copy

2FBF000

stack

page read and write

580000

unkown

page read and write

463F000

stack

page read and write

4EC0000

direct allocation

page execute and read and write

10F5000

heap

page read and write

2ACE000

stack

page read and write

1101000

heap

page read and write

542E000

stack

page read and write

E10000

heap

page read and write

2FFE000

stack

page read and write

1181000

heap

page read and write

73C8F000

unkown

page readonly

116F000

heap

page read and write

48C1000

heap

page read and write

1117000

heap

page read and write

48D0000

heap

page read and write

4D50000

direct allocation

page read and write

F5E000

stack

page read and write

377E000

stack

page read and write

581000

unkown

page execute and read and write

48C1000

heap

page read and write

2D3F000

stack

page read and write

1185000

heap

page read and write

477F000

stack

page read and write

48C1000

heap

page read and write

1186000

heap

page read and write

34FE000

stack

page read and write

48C1000

heap

page read and write

10A0000

direct allocation

page read and write

11EE000

stack

page read and write

48C1000

heap

page read and write

117F000

heap

page read and write

48C1000

heap

page read and write

10E7000

heap

page read and write

3EFE000

stack

page read and write

73C8D000

unkown

page read and write

529E000

stack

page read and write

73C86000

unkown

page readonly

10A0000

direct allocation

page read and write

87D000

unkown

page execute and write copy

580000

unkown

page readonly

467E000

stack

page read and write

3DBE000

stack

page read and write

75E000

unkown

page execute and read and write

48C1000

heap

page read and write

4D00000

trusted library allocation

page read and write

10A0000

direct allocation

page read and write

48C1000

heap

page read and write

2C37000

heap

page read and write

1185000

heap

page read and write

43FE000

stack

page read and write

1187000

heap

page read and write

10F7000

heap

page read and write

4EE0000

direct allocation

page execute and read and write

53C0000

remote allocation

page read and write

363E000

stack

page read and write

48C1000

heap

page read and write

86D000

unkown

page execute and read and write

313E000

stack

page read and write

453E000

stack

page read and write

10A0000

direct allocation

page read and write

F75000

heap

page read and write

10A0000

direct allocation

page read and write

73C71000

unkown

page execute read

511D000

stack

page read and write

48C0000

heap

page read and write

56F0000

heap

page read and write

3B3E000

stack

page read and write

10A0000

direct allocation

page read and write

10A0000

direct allocation

page read and write

3C7E000

stack

page read and write

48C1000

heap

page read and write

4EF0000

direct allocation

page execute and read and write

3D7F000

stack

page read and write

4D4D000

stack

page read and write

10A0000

direct allocation

page read and write

552F000

stack

page read and write

3EBF000

stack

page read and write

4EE0000

direct allocation

page execute and read and write

EF0000

heap

page read and write

1119000

heap

page read and write

53C0000

remote allocation

page read and write

10A0000

direct allocation

page read and write

10A0000

direct allocation

page read and write

4EE0000

direct allocation

page execute and read and write

4D9B000

stack

page read and write

48C1000

heap

page read and write

5D7000

unkown

page read and write

515E000

stack

page read and write

39FE000

stack

page read and write

117E000

heap

page read and write

2C30000

heap

page read and write

373F000

stack

page read and write

34BF000

stack

page read and write

48C1000

heap

page read and write

595F000

stack

page read and write

38BE000

stack

page read and write

35FF000

stack

page read and write

10F7000

heap

page read and write

43BF000

stack

page read and write

1189000

heap

page read and write

4F00000

direct allocation

page execute and read and write

10A0000

direct allocation

page read and write

BAB000

stack

page read and write

427F000

stack

page read and write

48C1000

heap

page read and write

413F000

stack

page read and write

10BE000

heap

page read and write

5D9000

unkown

page execute and read and write

4EE0000

direct allocation

page execute and read and write

AAB000

stack

page read and write

556E000

stack

page read and write

A17000

unkown

page execute and read and write

47BE000

stack

page read and write

4D94000

direct allocation

page read and write

4D50000

direct allocation

page read and write

5D7000

unkown

page write copy

48C1000

heap

page read and write

10EF000

heap

page read and write

4E9F000

stack

page read and write

10A0000

direct allocation

page read and write

525F000

stack

page read and write

48C1000

heap

page read and write

327E000

stack

page read and write

116D000

heap

page read and write

111A000

heap

page read and write

48C1000

heap

page read and write

1117000

heap

page read and write

10E3000

heap

page read and write

4EE0000

direct allocation

page execute and read and write

42BE000

stack

page read and write

117A000

heap

page read and write

1090000

heap

page read and write

A18000

unkown

page execute and write copy

48C1000

heap

page read and write

107F000

stack

page read and write

56DE000

stack

page read and write

87C000

unkown

page execute and write copy

53C0000

remote allocation

page read and write

337F000

stack

page read and write

501C000

stack

page read and write

30FF000

stack

page read and write

10EF000

heap

page read and write

44FF000

stack

page read and write

566E000

stack

page read and write

4EB0000

direct allocation

page execute and read and write

48BF000

stack

page read and write

10A0000

direct allocation

page read and write

2D7E000

stack

page read and write

2E7F000

stack

page read and write

5C5000

unkown

page execute and read and write

323F000

stack

page read and write

3AFF000

stack

page read and write

48C1000

heap

page read and write

4EED000

stack

page read and write

12EF000

stack

page read and write

585E000

stack

page read and write

117E000

heap

page read and write

39BF000

stack

page read and write

417E000

stack

page read and write

403E000

stack

page read and write

10BA000

heap

page read and write

3C3F000

stack

page read and write

73C70000

unkown

page readonly

867000

unkown

page execute and read and write

117E000

heap

page read and write

4F2D000

trusted library allocation

page read and write

10E7000

heap

page read and write

3FFF000

stack

page read and write

10B0000

heap

page read and write

48C1000

heap

page read and write

1185000

heap

page read and write

2C10000

heap

page read and write

2C3D000

heap

page read and write

4ED0000

direct allocation

page execute and read and write

4EE0000

direct allocation

page execute and read and write

57FF000

stack

page read and write

48C1000

heap

page read and write

539F000

stack

page read and write

48C1000

heap

page read and write

1185000

heap

page read and write

33BE000

stack

page read and write

There are 189 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
file.exe

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportfile.exe

Processes

URLs

Domains

IPs

Memdumps

IOC Report
file.exe