Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\file.exe

"C:\Users\user\Desktop\file.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7616
Target ID:	3
Parent PID:	4056
Name:	file.exe
Path:	C:\Users\user\Desktop\file.exe
Commandline:	"C:\Users\user\Desktop\file.exe"
Size:	1846784
MD5:	1959840F03733001022C3AA78866B3E0
Time:	06:58:15
Date:	25/11/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x980000
Modulesize:	4820992
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Detected unpacking (changes PE section rights)	Data Obfuscation	Software Packing
Machine Learning detection for sample	AV Detection
PE file contains section with special chars	System Summary
PE file contains an invalid checksum	Data Obfuscation
PE file contains sections with non-standard names	Data Obfuscation
Uses 32bit PE files	Compliance, System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011)	System Summary	Software Packing
PE file has a high occurrence of arithmetic instructions at the PE entrypoint (possbibily packed)	System Summary	Obfuscated Files or Information
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
Sample reads its own file content	System Summary
PE file has a big raw section	System Summary
Submission file is bigger than most known malware samples	System Summary

URLs

Name

Malicious

https://frogs-severz.sbs/W

unknown

Details

Name:	https://frogs-severz.sbs/W
TargetID:	3
From Memory:	true
Current Path:	C:\Users\user\Desktop\file.exe
Source:	file.exe, 00000003.00000003.1330974839.000000000152D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.1338310030.000000000152D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.1331307685.000000000152D000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

http://crl.micro

unknown

Details

Name:	http://crl.micro
TargetID:	3
From Memory:	true
Current Path:	C:\Users\user\Desktop\file.exe
Source:	file.exe, 00000003.00000003.1331160862.0000000001524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.1330974839.0000000001517000.00000004.00000020.00020000.00000000.sdmp
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

https://frogs-severz.sbs/

unknown

Details

Name:	https://frogs-severz.sbs/
TargetID:	3
From Memory:	true
Current Path:	C:\Users\user\Desktop\file.exe
Source:	file.exe, 00000003.00000003.1330974839.000000000152D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.1338310030.000000000152D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.1331307685.000000000152D000.00000004.00000020.00020000.00000000.sdmp
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

https://frogs-severz.sbs//

unknown

Details

Name:	https://frogs-severz.sbs//
TargetID:	3
From Memory:	true
Current Path:	C:\Users\user\Desktop\file.exe
Source:	file.exe, 00000003.00000003.1330974839.000000000152D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.1338310030.000000000152D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.1331307685.000000000152D000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

https://frogs-severz.sbs/api(wWdtP

unknown

https://frogs-severz.sbs/apiC

unknown

Details

Name:	https://frogs-severz.sbs/apiC
TargetID:	3
From Memory:	true
Current Path:	C:\Users\user\Desktop\file.exe
Source:	file.exe, 00000003.00000003.1330974839.000000000152D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.1338310030.000000000152D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.1331307685.000000000152D000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

https://frogs-severz.sbs/api

104.21.88.250

Details

Name:	https://frogs-severz.sbs/api
IP:	104.21.88.250
TargetID:	3
From Memory:	false
Current Path:	C:\Users\user\Desktop\file.exe
Source:	network
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
IP address seen in connection with other malware	Networking
Suricata IDS alerts with low severity for network traffic	Networking
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

https://frogs-severz.sbs/api(wl

unknown

https://frogs-severz.sbs/apiR

unknown

Details

Name:	https://frogs-severz.sbs/apiR
TargetID:	3
From Memory:	true
Current Path:	C:\Users\user\Desktop\file.exe
Source:	file.exe, 00000003.00000003.1330974839.000000000152D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.1338310030.000000000152D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.1331307685.000000000152D000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Domains

Name

Malicious

frogs-severz.sbs

104.21.88.250

Details

Name:	frogs-severz.sbs
IP:	104.21.88.250
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Suricata IDS alerts with low severity for network traffic	Networking
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

property-imper.sbs

unknown

IPs

Domain

Country

Malicious

104.21.88.250

frogs-severz.sbs

United States

Details

IP:	104.21.88.250
TargetID:	3
Current Path:	C:\Users\user\Desktop\file.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	frogs-severz.sbs

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Suricata IDS alerts with low severity for network traffic	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

14A8000

heap

page read and write

52E0000

direct allocation

page execute and read and write

1450000

direct allocation

page read and write

4CC0000

heap

page read and write

4DC0000

trusted library allocation

page read and write

4CC1000

heap

page read and write

52E0000

direct allocation

page execute and read and write

529F000

stack

page read and write

1533000

heap

page read and write

1497000

heap

page read and write

4BBE000

stack

page read and write

38FE000

stack

page read and write

B68000

unkown

page execute and read and write

597E000

stack

page read and write

13ED000

heap

page read and write

4CC1000

heap

page read and write

5CCF000

stack

page read and write

551D000

stack

page read and write

4CC1000

heap

page read and write

363F000

stack

page read and write

4CC1000

heap

page read and write

1527000

heap

page read and write

1360000

heap

page read and write

48FF000

stack

page read and write

149F000

heap

page read and write

580E000

stack

page read and write

569E000

stack

page read and write

443E000

stack

page read and write

1450000

direct allocation

page read and write

13E7000

heap

page read and write

532E000

trusted library allocation

page read and write

3C7F000

stack

page read and write

981000

unkown

page execute and read and write

353E000

stack

page read and write

73D16000

unkown

page readonly

2FFF000

stack

page read and write

14E0000

heap

page read and write

4CC1000

heap

page read and write

152D000

heap

page read and write

1365000

heap

page read and write

1450000

direct allocation

page read and write

C3B000

unkown

page execute and read and write

467F000

stack

page read and write

C67000

unkown

page execute and read and write

514D000

stack

page read and write

555E000

stack

page read and write

579F000

stack

page read and write

52B0000

direct allocation

page execute and read and write

4CC1000

heap

page read and write

4A3F000

stack

page read and write

57C0000

remote allocation

page read and write

980000

unkown

page read and write

4CC1000

heap

page read and write

3B3F000

stack

page read and write

33FE000

stack

page read and write

1460000

heap

page read and write

1210000

heap

page read and write

57C0000

remote allocation

page read and write

153F000

heap

page read and write

4CC1000

heap

page read and write

4CC1000

heap

page read and write

39FF000

stack

page read and write

1524000

heap

page read and write

1430000

heap

page read and write

E15000

unkown

page execute and read and write

52C0000

direct allocation

page execute and read and write

3CBE000

stack

page read and write

1537000

heap

page read and write

367E000

stack

page read and write

14C7000

heap

page read and write

37BE000

stack

page read and write

73D00000

unkown

page readonly

C6D000

unkown

page execute and read and write

5ADE000

stack

page read and write

4CC1000

heap

page read and write

165E000

stack

page read and write

5160000

direct allocation

page read and write

1450000

direct allocation

page read and write

32BE000

stack

page read and write

565E000

stack

page read and write

12F0000

heap

page read and write

1450000

direct allocation

page read and write

453F000

stack

page read and write

1537000

heap

page read and write

4A7E000

stack

page read and write

1497000

heap

page read and write

13AE000

stack

page read and write

3F3E000

stack

page read and write

5150000

direct allocation

page read and write

981000

unkown

page execute and write copy

175F000

stack

page read and write

1450000

direct allocation

page read and write

153F000

heap

page read and write

4CC1000

heap

page read and write

4CC1000

heap

page read and write

5A7F000

stack

page read and write

519C000

stack

page read and write

FAB000

stack

page read and write

1450000

direct allocation

page read and write

13E0000

heap

page read and write

303B000

stack

page read and write

152D000

heap

page read and write

4CC1000

heap

page read and write

3DFE000

stack

page read and write

73D1D000

unkown

page read and write

417F000

stack

page read and write

13D0000

heap

page read and write

46BE000

stack

page read and write

14B1000

heap

page read and write

9D9000

unkown

page execute and read and write

C7D000

unkown

page execute and write copy

1450000

direct allocation

page read and write

57C0000

remote allocation

page read and write

3DBF000

stack

page read and write

3B7E000

stack

page read and write

EAB000

stack

page read and write

1537000

heap

page read and write

52E0000

direct allocation

page execute and read and write

407E000

stack

page read and write

14DA000

heap

page read and write

38BF000

stack

page read and write

4CC1000

heap

page read and write

1517000

heap

page read and write

51A4000

direct allocation

page read and write

9D7000

unkown

page read and write

4CBF000

stack

page read and write

317E000

stack

page read and write

3A3E000

stack

page read and write

52D0000

direct allocation

page execute and read and write

5150000

direct allocation

page read and write

4B7F000

stack

page read and write

541E000

stack

page read and write

153F000

heap

page read and write

52E0000

direct allocation

page execute and read and write

73D1F000

unkown

page readonly

3EFF000

stack

page read and write

14A4000

heap

page read and write

52E0000

direct allocation

page execute and read and write

5300000

direct allocation

page execute and read and write

4CC1000

heap

page read and write

457E000

stack

page read and write

152D000

heap

page read and write

42BF000

stack

page read and write

403F000

stack

page read and write

149F000

heap

page read and write

4CC1000

heap

page read and write

152D000

heap

page read and write

135E000

stack

page read and write

5150000

direct allocation

page read and write

4CC1000

heap

page read and write

146A000

heap

page read and write

4CD0000

heap

page read and write

41BE000

stack

page read and write

52F0000

direct allocation

page execute and read and write

9C5000

unkown

page execute and read and write

1517000

heap

page read and write

14B1000

heap

page read and write

980000

unkown

page readonly

1450000

direct allocation

page read and write

14DA000

heap

page read and write

493E000

stack

page read and write

4CC1000

heap

page read and write

9D7000

unkown

page write copy

14E0000

heap

page read and write

5BC0000

heap

page read and write

73D01000

unkown

page execute read

327F000

stack

page read and write

33BF000

stack

page read and write

4CC1000

heap

page read and write

C7C000

unkown

page execute and write copy

43FF000

stack

page read and write

52E0000

direct allocation

page execute and read and write

1493000

heap

page read and write

C7C000

unkown

page execute and read and write

1537000

heap

page read and write

146E000

heap

page read and write

4CC1000

heap

page read and write

52EE000

stack

page read and write

5310000

direct allocation

page execute and read and write

1450000

direct allocation

page read and write

1450000

direct allocation

page read and write

47FE000

stack

page read and write

377F000

stack

page read and write

153F000

heap

page read and write

14C7000

heap

page read and write

14A8000

heap

page read and write

1450000

direct allocation

page read and write

47BF000

stack

page read and write

142E000

stack

page read and write

313F000

stack

page read and write

14A4000

heap

page read and write

1539000

heap

page read and write

153B000

heap

page read and write

42FE000

stack

page read and write

34FF000

stack

page read and write

4CC1000

heap

page read and write

4CC1000

heap

page read and write

1450000

direct allocation

page read and write

1450000

direct allocation

page read and write

4CC1000

heap

page read and write

590E000

stack

page read and write

E16000

unkown

page execute and write copy

There are 192 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
file.exe

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportfile.exe

Processes

URLs

Domains

IPs

Memdumps

IOC Report
file.exe