Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\XTN21MDFrg.exe

"C:\Users\user\Desktop\XTN21MDFrg.exe"

Details

Is windows:	false
Is dropped:	false
PID:	2620
Target ID:	0
Parent PID:	4004
Name:	XTN21MDFrg.exe
Path:	C:\Users\user\Desktop\XTN21MDFrg.exe
Commandline:	"C:\Users\user\Desktop\XTN21MDFrg.exe"
Size:	314880
MD5:	962C5A8ED8AF958EB0168B57C08CEA04
Time:	02:38:09
Date:	24/11/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xaa0000
Modulesize:	368640
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
Sample uses string decryption to hide its real strings	AV Detection
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary

URLs

Name

Malicious

thicktoys.sbs

Details

Name:	thicktoys.sbs
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\XTN21MDFrg.exe
Source:	config extractor
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
LummaC encrypted strings found	HIPS / PFW / Operating System Protection Evasion	PowerShell Deobfuscate/Decode Files or Information
Sample uses string decryption to hide its real strings	AV Detection

300snails.sbs

Details

Name:	300snails.sbs
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\XTN21MDFrg.exe
Source:	config extractor
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
LummaC encrypted strings found	HIPS / PFW / Operating System Protection Evasion	PowerShell Deobfuscate/Decode Files or Information
Sample uses string decryption to hide its real strings	AV Detection

faintbl0w.sbs

Details

Name:	faintbl0w.sbs
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\XTN21MDFrg.exe
Source:	config extractor
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
LummaC encrypted strings found	HIPS / PFW / Operating System Protection Evasion	PowerShell Deobfuscate/Decode Files or Information
Sample uses string decryption to hide its real strings	AV Detection

3xc1aimbl0w.sbs

Details

Name:	3xc1aimbl0w.sbs
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\XTN21MDFrg.exe
Source:	config extractor
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
LummaC encrypted strings found	HIPS / PFW / Operating System Protection Evasion	PowerShell Deobfuscate/Decode Files or Information
Sample uses string decryption to hide its real strings	AV Detection

Memdumps

Base Address

Regiontype

Protect

Malicious

810000

heap

page read and write

AA0000

unkown

page readonly

98E000

heap

page read and write

AF6000

unkown

page readonly

9A4000

heap

page read and write

AA1000

unkown

page execute read

AE2000

unkown

page readonly

AE5000

unkown

page write copy

AA1000

unkown

page execute read

2650000

heap

page read and write

980000

heap

page read and write

AF6000

unkown

page readonly

5BC000

stack

page read and write

98A000

heap

page read and write

820000

heap

page read and write

9AA000

heap

page read and write

4BC000

stack

page read and write

890000

heap

page read and write

AA0000

unkown

page readonly

AE2000

unkown

page readonly

AE5000

unkown

page write copy

There are 11 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
XTN21MDFrg.exe

Processes

URLs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportXTN21MDFrg.exe

Processes

URLs

Memdumps

IOC Report
XTN21MDFrg.exe