Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\file.exe

"C:\Users\user\Desktop\file.exe"

Details

Is windows:	false
Is dropped:	false
PID:	3360
Target ID:	0
Parent PID:	4084
Name:	file.exe
Path:	C:\Users\user\Desktop\file.exe
Commandline:	"C:\Users\user\Desktop\file.exe"
Size:	1878528
MD5:	542CD6EF81CDD42518BA3BAF58EB90E6
Time:	14:01:16
Date:	24/11/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x2f0000
Modulesize:	4898816
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Detected unpacking (changes PE section rights)	Data Obfuscation	Software Packing
Machine Learning detection for sample	AV Detection
PE file contains section with special chars	System Summary
PE file contains an invalid checksum	Data Obfuscation
PE file contains sections with non-standard names	Data Obfuscation
Uses 32bit PE files	Compliance, System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011)	System Summary	Software Packing
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
Sample reads its own file content	System Summary
PE file has a big raw section	System Summary
Submission file is bigger than most known malware samples	System Summary

URLs

Name

Malicious

https://property-imper.sbs/apiC

unknown

https://property-imper.sbs/

unknown

Details

Name:	https://property-imper.sbs/
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\file.exe
Source:	file.exe, 00000000.00000002.1496657784.0000000000F06000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1495270125.0000000000EA5000.00000004.00000020.00020000.00000000.sdmp
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

https://property-imper.sbs/apiM

unknown

Details

Name:	https://property-imper.sbs/apiM
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\file.exe
Source:	file.exe, 00000000.00000003.1495632957.0000000000F06000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1495270125.0000000000F06000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1496657784.0000000000F06000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

https://property-imper.sbs/api

104.21.33.116

Details

Name:	https://property-imper.sbs/api
IP:	104.21.33.116
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\file.exe
Source:	network
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
IP address seen in connection with other malware	Networking
Suricata IDS alerts with low severity for network traffic	Networking
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

Domains

Name

Malicious

property-imper.sbs

104.21.33.116

Details

Name:	property-imper.sbs
IP:	104.21.33.116
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Suricata IDS alerts with low severity for network traffic	Networking
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

IPs

Domain

Country

Malicious

104.21.33.116

property-imper.sbs

United States

Details

IP:	104.21.33.116
TargetID:	0
Current Path:	C:\Users\user\Desktop\file.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	property-imper.sbs

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Suricata IDS alerts with low severity for network traffic	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

E30000

direct allocation

page read and write

3CFD000

stack

page read and write

4CD0000

direct allocation

page execute and read and write

4CF0000

direct allocation

page execute and read and write

393E000

stack

page read and write

F12000

heap

page read and write

347000

unkown

page read and write

46C1000

heap

page read and write

E89000

heap

page read and write

5F7000

unkown

page execute and read and write

E30000

direct allocation

page read and write

2C7F000

stack

page read and write

E30000

direct allocation

page read and write

E91000

heap

page read and write

4D00000

direct allocation

page execute and read and write

E30000

direct allocation

page read and write

EFF000

heap

page read and write

55EF000

stack

page read and write

DBD000

stack

page read and write

3A7E000

stack

page read and write

4F8D000

stack

page read and write

347000

unkown

page write copy

343E000

stack

page read and write

D74000

heap

page read and write

547E000

stack

page read and write

2DBF000

stack

page read and write

4B40000

direct allocation

page read and write

46D0000

heap

page read and write

EEC000

heap

page read and write

5F8000

unkown

page execute and write copy

46C1000

heap

page read and write

4B40000

direct allocation

page read and write

D6E000

stack

page read and write

F06000

heap

page read and write

EFB000

heap

page read and write

103F000

stack

page read and write

D74000

heap

page read and write

E89000

heap

page read and write

113F000

stack

page read and write

51D0000

remote allocation

page read and write

4B00000

heap

page read and write

46C1000

heap

page read and write

E81000

heap

page read and write

46C1000

heap

page read and write

D74000

heap

page read and write

41FE000

stack

page read and write

46C1000

heap

page read and write

46C1000

heap

page read and write

E30000

direct allocation

page read and write

3B7F000

stack

page read and write

4F4D000

stack

page read and write

3F3F000

stack

page read and write

F13000

heap

page read and write

E30000

direct allocation

page read and write

5680000

heap

page read and write

798000

unkown

page execute and read and write

537E000

stack

page read and write

46C1000

heap

page read and write

E30000

direct allocation

page read and write

E20000

heap

page read and write

51D0000

remote allocation

page read and write

EA5000

heap

page read and write

407F000

stack

page read and write

4D1C000

trusted library allocation

page read and write

3E3E000

stack

page read and write

46BF000

stack

page read and write

2F3E000

stack

page read and write

E78000

heap

page read and write

D74000

heap

page read and write

F06000

heap

page read and write

46C1000

heap

page read and write

E73000

heap

page read and write

2977000

heap

page read and write

3DFE000

stack

page read and write

5E8000

unkown

page execute and read and write

F12000

heap

page read and write

D74000

heap

page read and write

32FE000

stack

page read and write

D74000

heap

page read and write

457F000

stack

page read and write

4CD0000

direct allocation

page execute and read and write

32BF000

stack

page read and write

E1E000

stack

page read and write

F1D000

heap

page read and write

D70000

heap

page read and write

317F000

stack

page read and write

3F7E000

stack

page read and write

F15000

heap

page read and write

2EFF000

stack

page read and write

5F7000

unkown

page execute and write copy

F12000

heap

page read and write

46C1000

heap

page read and write

523E000

stack

page read and write

E30000

direct allocation

page read and write

4D6000

unkown

page execute and read and write

433E000

stack

page read and write

46C1000

heap

page read and write

46C1000

heap

page read and write

4CD0000

direct allocation

page execute and read and write

D74000

heap

page read and write

31BE000

stack

page read and write

D74000

heap

page read and write

4CA0000

direct allocation

page execute and read and write

D74000

heap

page read and write

D74000

heap

page read and write

45BE000

stack

page read and write

799000

unkown

page execute and write copy

2A7F000

stack

page read and write

E30000

direct allocation

page read and write

367F000

stack

page read and write

291B000

stack

page read and write

37FE000

stack

page read and write

D74000

heap

page read and write

41BF000

stack

page read and write

4CC0000

direct allocation

page execute and read and write

D74000

heap

page read and write

D00000

heap

page read and write

F06000

heap

page read and write

37BF000

stack

page read and write

E78000

heap

page read and write

E30000

direct allocation

page read and write

D74000

heap

page read and write

303F000

stack

page read and write

33FF000

stack

page read and write

46C1000

heap

page read and write

2DFE000

stack

page read and write

F1A000

heap

page read and write

38FF000

stack

page read and write

E30000

direct allocation

page read and write

46C0000

heap

page read and write

F1B000

heap

page read and write

443F000

stack

page read and write

4C8F000

stack

page read and write

2970000

heap

page read and write

9BB000

stack

page read and write

E30000

direct allocation

page read and write

46C1000

heap

page read and write

46C1000

heap

page read and write

307E000

stack

page read and write

F06000

heap

page read and write

349000

unkown

page execute and read and write

D74000

heap

page read and write

E81000

heap

page read and write

2B7F000

stack

page read and write

2F1000

unkown

page execute and read and write

353F000

stack

page read and write

E40000

heap

page read and write

E91000

heap

page read and write

2F0000

unkown

page readonly

47C0000

trusted library allocation

page read and write

508F000

stack

page read and write

297C000

heap

page read and write

4B40000

direct allocation

page read and write

3A3F000

stack

page read and write

447E000

stack

page read and write

46C1000

heap

page read and write

4CE0000

direct allocation

page execute and read and write

46C1000

heap

page read and write

3CBF000

stack

page read and write

4E4D000

stack

page read and write

E4A000

heap

page read and write

3BBE000

stack

page read and write

36BE000

stack

page read and write

E30000

direct allocation

page read and write

54EE000

stack

page read and write

357E000

stack

page read and write

EFD000

heap

page read and write

50CE000

stack

page read and write

46C1000

heap

page read and write

46C1000

heap

page read and write

F19000

heap

page read and write

4CD0000

direct allocation

page execute and read and write

2F0000

unkown

page read and write

4CD0000

direct allocation

page execute and read and write

D74000

heap

page read and write

EEC000

heap

page read and write

EFF000

heap

page read and write

51CF000

stack

page read and write

EFF000

heap

page read and write

335000

unkown

page execute and read and write

46C1000

heap

page read and write

D74000

heap

page read and write

E30000

direct allocation

page read and write

F0E000

heap

page read and write

4CB0000

direct allocation

page execute and read and write

5B6000

unkown

page execute and read and write

D74000

heap

page read and write

2F1000

unkown

page execute and write copy

4B84000

direct allocation

page read and write

2CBE000

stack

page read and write

4B40000

direct allocation

page read and write

D74000

heap

page read and write

F12000

heap

page read and write

295E000

stack

page read and write

42FF000

stack

page read and write

4CDD000

stack

page read and write

E4E000

heap

page read and write

8BB000

stack

page read and write

4B8C000

stack

page read and write

40BE000

stack

page read and write

C20000

heap

page read and write

D74000

heap

page read and write

D74000

heap

page read and write

51D0000

remote allocation

page read and write

533F000

stack

page read and write

EA5000

heap

page read and write

5DF000

unkown

page execute and read and write

46C1000

heap

page read and write

4CD0000

direct allocation

page execute and read and write

4E0D000

stack

page read and write

There are 200 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
file.exe

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportfile.exe

Processes

URLs

Domains

IPs

Memdumps

IOC Report
file.exe