Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\file.exe

"C:\Users\user\Desktop\file.exe"

Details

Is windows:	false
Is dropped:	false
PID:	320
Target ID:	5
Parent PID:	4056
Name:	file.exe
Path:	C:\Users\user\Desktop\file.exe
Commandline:	"C:\Users\user\Desktop\file.exe"
Size:	1879040
MD5:	8453F1D8DF8F15F1BBC160BD225B7DF3
Time:	23:46:16
Date:	24/11/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xe30000
Modulesize:	4898816
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Detected unpacking (changes PE section rights)	Data Obfuscation	Software Packing
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
PE file contains section with special chars	System Summary
PE file contains an invalid checksum	Data Obfuscation
PE file contains sections with non-standard names	Data Obfuscation
Uses 32bit PE files	Compliance, System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011)	System Summary	Software Packing
Sample is known by Antivirus	System Summary
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
Sample reads its own file content	System Summary
PE file has a big raw section	System Summary
Submission file is bigger than most known malware samples	System Summary

URLs

Name

Malicious

https://frogs-severz.sbs/api

104.21.88.250

Details

Name:	https://frogs-severz.sbs/api
IP:	104.21.88.250
TargetID:	5
From Memory:	false
Current Path:	C:\Users\user\Desktop\file.exe
Source:	network

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Suricata IDS alerts with low severity for network traffic	Networking
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

https://frogs-severz.sbs/w

unknown

https://frogs-severz.sbs/apin

unknown

https://frogs-severz.sbs/

unknown

Details

Name:	https://frogs-severz.sbs/
TargetID:	5
From Memory:	true
Current Path:	C:\Users\user\Desktop\file.exe
Source:	file.exe, 00000005.00000003.1345252759.000000000174A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000005.00000002.1346505388.000000000174A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000005.00000002.1346187098.00000000016FA000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

http://crl.microsoftb

unknown

Domains

Name

Malicious

frogs-severz.sbs

104.21.88.250

Details

Name:	frogs-severz.sbs
IP:	104.21.88.250
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Suricata IDS alerts with low severity for network traffic	Networking
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

property-imper.sbs

unknown

IPs

Domain

Country

Malicious

104.21.88.250

frogs-severz.sbs

United States

Details

IP:	104.21.88.250
TargetID:	5
Current Path:	C:\Users\user\Desktop\file.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	frogs-severz.sbs

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Suricata IDS alerts with low severity for network traffic	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

1660000

direct allocation

page read and write

38CE000

stack

page read and write

34CF000

stack

page read and write

32C7000

heap

page read and write

E87000

unkown

page write copy

350E000

stack

page read and write

5500000

direct allocation

page execute and read and write

440E000

stack

page read and write

43CF000

stack

page read and write

378E000

stack

page read and write

1494000

heap

page read and write

12D8000

unkown

page execute and read and write

4F20000

heap

page read and write

174A000

heap

page read and write

4F11000

heap

page read and write

4A4E000

stack

page read and write

428F000

stack

page read and write

3DCE000

stack

page read and write

567D000

stack

page read and write

4F11000

heap

page read and write

173F000

heap

page read and write

4F11000

heap

page read and write

1746000

heap

page read and write

1128000

unkown

page execute and read and write

364E000

stack

page read and write

5B4E000

stack

page read and write

4F11000

heap

page read and write

3A0E000

stack

page read and write

32A0000

direct allocation

page read and write

47CE000

stack

page read and write

404E000

stack

page read and write

1660000

direct allocation

page read and write

1765000

heap

page read and write

454E000

stack

page read and write

1660000

direct allocation

page read and write

1742000

heap

page read and write

4F11000

heap

page read and write

5520000

direct allocation

page execute and read and write

1660000

direct allocation

page read and write

1137000

unkown

page execute and write copy

4F11000

heap

page read and write

42CE000

stack

page read and write

1758000

heap

page read and write

5CBF000

stack

page read and write

5510000

direct allocation

page execute and read and write

53CB000

stack

page read and write

E31000

unkown

page execute and read and write

1494000

heap

page read and write

1660000

direct allocation

page read and write

5A00000

remote allocation

page read and write

174A000

heap

page read and write

478F000

stack

page read and write

5350000

heap

page read and write

54CF000

stack

page read and write

5549000

trusted library allocation

page read and write

450F000

stack

page read and write

321F000

stack

page read and write

168E000

heap

page read and write

16FA000

heap

page read and write

1494000

heap

page read and write

53D4000

direct allocation

page read and write

73D1F000

unkown

page readonly

3ECF000

stack

page read and write

4C8F000

stack

page read and write

5530000

direct allocation

page execute and read and write

5A00000

remote allocation

page read and write

33CF000

stack

page read and write

1751000

heap

page read and write

E75000

unkown

page execute and read and write

3B0F000

stack

page read and write

1756000

heap

page read and write

1494000

heap

page read and write

111F000

unkown

page execute and read and write

1494000

heap

page read and write

1746000

heap

page read and write

E87000

unkown

page read and write

197E000

stack

page read and write

4F11000

heap

page read and write

16BF000

heap

page read and write

59FE000

stack

page read and write

1660000

direct allocation

page read and write

4F10000

heap

page read and write

1660000

direct allocation

page read and write

550D000

stack

page read and write

15AE000

stack

page read and write

4F11000

heap

page read and write

168A000

heap

page read and write

164E000

stack

page read and write

E89000

unkown

page execute and read and write

388F000

stack

page read and write

1494000

heap

page read and write

4F11000

heap

page read and write

5500000

direct allocation

page execute and read and write

1138000

unkown

page execute and write copy

54F0000

direct allocation

page execute and read and write

563D000

stack

page read and write

5500000

direct allocation

page execute and read and write

4F11000

heap

page read and write

3C8E000

stack

page read and write

4B8E000

stack

page read and write

32CC000

heap

page read and write

58BF000

stack

page read and write

1494000

heap

page read and write

32C0000

heap

page read and write

1765000

heap

page read and write

1660000

direct allocation

page read and write

329E000

stack

page read and write

1460000

heap

page read and write

5A00000

remote allocation

page read and write

16D1000

heap

page read and write

1494000

heap

page read and write

73D1D000

unkown

page read and write

1660000

direct allocation

page read and write

5390000

direct allocation

page read and write

1765000

heap

page read and write

4F11000

heap

page read and write

3D8F000

stack

page read and write

4A0F000

stack

page read and write

4F11000

heap

page read and write

E30000

unkown

page readonly

39CF000

stack

page read and write

58FE000

stack

page read and write

73D16000

unkown

page readonly

1660000

direct allocation

page read and write

1494000

heap

page read and write

187F000

stack

page read and write

57BE000

stack

page read and write

1660000

direct allocation

page read and write

3C4F000

stack

page read and write

1660000

direct allocation

page read and write

4E0E000

stack

page read and write

1450000

heap

page read and write

54D0000

direct allocation

page execute and read and write

1490000

heap

page read and write

4F11000

heap

page read and write

4DCF000

stack

page read and write

4F11000

heap

page read and write

3B4E000

stack

page read and write

1494000

heap

page read and write

1494000

heap

page read and write

1494000

heap

page read and write

32A0000

direct allocation

page read and write

73D01000

unkown

page execute read

32A0000

direct allocation

page read and write

490E000

stack

page read and write

4F11000

heap

page read and write

5E20000

heap

page read and write

374F000

stack

page read and write

4F11000

heap

page read and write

4F11000

heap

page read and write

1494000

heap

page read and write

E31000

unkown

page execute and write copy

414F000

stack

page read and write

4F0F000

stack

page read and write

4F11000

heap

page read and write

16C4000

heap

page read and write

1494000

heap

page read and write

3F0E000

stack

page read and write

1660000

direct allocation

page read and write

400F000

stack

page read and write

1494000

heap

page read and write

5500000

direct allocation

page execute and read and write

54E0000

direct allocation

page execute and read and write

141B000

stack

page read and write

1137000

unkown

page execute and read and write

E30000

unkown

page read and write

5A4D000

stack

page read and write

1019000

unkown

page execute and read and write

1494000

heap

page read and write

12D9000

unkown

page execute and write copy

418E000

stack

page read and write

1759000

heap

page read and write

464F000

stack

page read and write

73D00000

unkown

page readonly

4F11000

heap

page read and write

5500000

direct allocation

page execute and read and write

4F11000

heap

page read and write

10F3000

unkown

page execute and read and write

468E000

stack

page read and write

1650000

heap

page read and write

1494000

heap

page read and write

1680000

heap

page read and write

4B4F000

stack

page read and write

16C8000

heap

page read and write

1660000

direct allocation

page read and write

5E1F000

stack

page read and write

16E6000

heap

page read and write

1758000

heap

page read and write

5D1E000

stack

page read and write

4CCE000

stack

page read and write

360F000

stack

page read and write

16B7000

heap

page read and write

1494000

heap

page read and write

5BBE000

stack

page read and write

48CF000

stack

page read and write

5500000

direct allocation

page execute and read and write

325C000

stack

page read and write

15EE000

stack

page read and write

175A000

heap

page read and write

1494000

heap

page read and write

1494000

heap

page read and write

577D000

stack

page read and write

5010000

trusted library allocation

page read and write

131B000

stack

page read and write

There are 194 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
file.exe

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportfile.exe

Processes

URLs

Domains

IPs

Memdumps

IOC Report
file.exe