Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\17324340651fd0721b4a9b07278d0f63e6333ccd4883a9dc52eb27994b32b0d64dfb919b72906.dat-decoded.exe

"C:\Users\user\Desktop\17324340651fd0721b4a9b07278d0f63e6333ccd4883a9dc52eb27994b32b0d64dfb919b72906.dat-decoded.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7420
Target ID:	0
Parent PID:	4004
Name:	17324340651fd0721b4a9b07278d0f63e6333ccd4883a9dc52eb27994b32b0d64dfb919b72906.dat-decoded.exe
Path:	C:\Users\user\Desktop\17324340651fd0721b4a9b07278d0f63e6333ccd4883a9dc52eb27994b32b0d64dfb919b72906.dat-decoded.exe
Commandline:	"C:\Users\user\Desktop\17324340651fd0721b4a9b07278d0f63e6333ccd4883a9dc52eb27994b32b0d64dfb919b72906.dat-decoded.exe"
Size:	78336
MD5:	DC9544BF3A585C21A620BB1D85A4DFDC
Time:	02:42:41
Date:	24/11/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xf00000
Modulesize:	106496
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Yara detected AsyncRAT	Key, Mouse, Clipboard, Microphone and Screen Capturing, Boot Survival, Malware Analysis System Evasion, Lowering of HIPS / PFW / Operating System Security Settings	Scheduled Task/Job Obfuscated Files or Information
Yara detected PureLog Stealer	Stealing of Sensitive Information, Remote Access Functionality
Machine Learning detection for sample	AV Detection
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)	Malware Analysis System Evasion	Security Software Discovery
Binary contains a suspicious time stamp	Data Obfuscation	Timestomp
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

Domains

Name

Malicious

deadpoolstart2025.duckdns.org

181.71.217.114

Details

Name:	deadpoolstart2025.duckdns.org
IP:	181.71.217.114
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Uses dynamic DNS services	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

ax-0001.ax-msedge.net

150.171.28.10

fp2e7a.wpc.phicdn.net

192.229.221.95

IPs

Domain

Country

Malicious

181.71.217.114

deadpoolstart2025.duckdns.org

Colombia

Details

IP:	181.71.217.114
TargetID:	0
Current Path:	C:\Users\user\Desktop\17324340651fd0721b4a9b07278d0f63e6333ccd4883a9dc52eb27994b32b0d64dfb919b72906.dat-decoded.exe
Country:	Colombia
Countrycode:	COL
ASN number:	27831
ASN name:	ColombiaMovilCO
Private:	false
Domain:	deadpoolstart2025.duckdns.org

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

Memdumps

Base Address

Regiontype

Protect

Malicious

F02000

unkown

page readonly

144D000

heap

page read and write

7FFD343F0000

trusted library allocation

page read and write

F00000

unkown

page readonly

1BB00000

heap

page read and write

7FF419400000

trusted library allocation

page execute and read and write

7FFD3426D000

trusted library allocation

page execute and read and write

FC0000

heap

page read and write

FA0000

heap

page read and write

7FFD3425D000

trusted library allocation

page execute and read and write

312F000

stack

page read and write

7FFD34300000

trusted library allocation

page read and write

1743000

trusted library allocation

page read and write

7FFD34253000

trusted library allocation

page execute and read and write

1B6BC000

stack

page read and write

146D000

heap

page read and write

F90000

heap

page read and write

7FFD34370000

trusted library allocation

page execute and read and write

1430000

trusted library allocation

page read and write

1410000

trusted library allocation

page read and write

1B4BD000

heap

page read and write

1476000

heap

page read and write

7FFD34254000

trusted library allocation

page read and write

12F4000

stack

page read and write

7FFD34260000

trusted library allocation

page read and write

13133000

trusted library allocation

page read and write

17C0000

heap

page read and write

7FFD3430C000

trusted library allocation

page execute and read and write

1BA00000

heap

page read and write

1770000

heap

page execute and read and write

7FFD34310000

trusted library allocation

page execute and read and write

1750000

heap

page execute and read and write

14B1000

heap

page read and write

1BBA9000

heap

page read and write

1440000

heap

page read and write

7FFD34336000

trusted library allocation

page execute and read and write

7FFD34274000

trusted library allocation

page read and write

14B4000

heap

page read and write

1880000

heap

page read and write

1482000

heap

page read and write

1885000

heap

page read and write

1455000

heap

page read and write

F00000

unkown

page readonly

FE0000

heap

page read and write

14AF000

heap

page read and write

FE5000

heap

page read and write

1740000

trusted library allocation

page read and write

13131000

trusted library allocation

page read and write

1BBA4000

heap

page read and write

1BEFE000

stack

page read and write

7FFD34306000

trusted library allocation

page read and write

13D0000

heap

page read and write

1BFFE000

stack

page read and write

7FFD3427D000

trusted library allocation

page execute and read and write

163E000

stack

page read and write

1BDFE000

stack

page read and write

7FFD34263000

trusted library allocation

page read and write

7FFD34270000

trusted library allocation

page read and write

1484000

heap

page read and write

F16000

unkown

page readonly

3131000

trusted library allocation

page read and write

7FFD342AC000

trusted library allocation

page execute and read and write

There are 52 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
17324340651fd0721b4a9b07278d0f63e6333ccd4883a9dc52eb27994b32b0d64dfb919b72906.dat-decoded.exe

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report17324340651fd0721b4a9b07278d0f63e6333ccd4883a9dc52eb27994b32b0d64dfb919b72906.dat-decoded.exe

Processes

Domains

IPs

Memdumps

IOC Report
17324340651fd0721b4a9b07278d0f63e6333ccd4883a9dc52eb27994b32b0d64dfb919b72906.dat-decoded.exe