Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\main.exe

"C:\Users\user\Desktop\main.exe"

Details

Is windows:	false
Is dropped:	false
PID:	2912
Target ID:	0
Parent PID:	2580
Name:	main.exe
Path:	C:\Users\user\Desktop\main.exe
Commandline:	"C:\Users\user\Desktop\main.exe"
Size:	9881600
MD5:	832443320B0884EDC3DAA5CC0DF55B3E
Time:	13:16:05
Date:	15/01/2025
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xe00000
Modulesize:	10235904
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
PE file contains more sections than normal	System Summary
PE file contains sections with non-standard names	Data Obfuscation
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011)	System Summary	Software Packing
PE file has an executable .text section and no other executable section	System Summary
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
Spawns processes	System Summary	Process Injection
URLs found in memory or binary data	Networking
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file has a big raw section	System Summary
PE file has a big code size	System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	5824
Target ID:	1
Parent PID:	2912
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	13:16:05
Date:	15/01/2025
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7699e0000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://discord.com/api/v9/oauth2/applications

unknown

https://discord.com/api/v9//voice/

unknown

https://status.discord.com/api/v2/scheduled-maintenances/upcoming.json

unknown

https://cdn.discordapp.com/icons/

unknown

https://discord.com/api/v9/09Az~~kernel32.dllREQUEST_METHODiphlpapi.dllB

unknown

https://cdn.discordapp.com/banners/

unknown

https://discord.com/api/v9/gateway

162.159.137.232

https://cdn.discordapp.com/guilds/

unknown

https://discord.com/api/v9/oauth2/

unknown

https://discord.com/api/v9/applications

unknown

https://discord.com/api/v9/gateway/bot

unknown

https://status.discord.com/api/v2/scheduled-maintenances/7

unknown

https://discord.com/api/v9/channels/

unknown

https://discord.com/api/v9/guilds/

unknown

https://cdn.discordapp.com/splashes/

unknown

https://discord.com/MESSAGE_REACTION_ADDTHREAD_MEMBER_UPDATEunmarshall

unknown

https://cdn.discordapp.com/channel-icons/

unknown

https://github.com/bwmarrin/discordgo

unknown

https://cdn.discordapp.com/role-icons/

unknown

https://discord.com/api/v9/

unknown

https://discord.com/api/v9/users/

unknown

https://status.discord.com/api/v2/scheduled-maintenances/

unknown

https://cdn.discordapp.com/attachments/

unknown

https://status.discord.com/api/v2/scheduled-maintenances/active.json

unknown

https://discord.com/api/v9/guilds

unknown

https://status.discord.com/api/v2/scheduled-maintenances/active.jsonhttps://status.discord.com/api/v

unknown

https://discord.com/api/v9/stickers/

unknown

https://discord.com/api/v9/webhooks/

unknown

https://cdn.discordapp.com/avatars/

unknown

https://discord.com/api/v9/guilds/https://discord.com/api/v9/channels/https://discord.com/api/v9/use

unknown

https://discord.com/api/v9/stage-instances

unknown

https://discord.com/api/v9//sticker-packs

unknown

https://gateway.discord.gg/?v=9&encoding=json

162.159.136.234

https://discord.com/api/v9//voice/regions

unknown

There are 24 hidden URLs, click here to show them.

Domains

Name

Malicious

discord.com

162.159.137.232

Details

Name:	discord.com
IP:	162.159.137.232
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

gateway.discord.gg

162.159.136.234

Details

Name:	gateway.discord.gg
IP:	162.159.136.234
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

162.159.136.234

gateway.discord.gg

United States

162.159.137.232

discord.com

United States

Registry

Path

Value

Malicious

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8

Blob

Details

TargetID:	0
Path:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Value name:	Blob
Value data:	04 00 00 00 01 00 00 00 10 00 00 00 0A 0A 18 29 36 E6 C3 DF 7F A3 4D 0F FD 41 5E 22 14 00 00 00 01 00 00 00 14 00 00 00 BB 3B 3F AA 10 70 C8 55 F7 24 E9 3B FD 32 19 F4 F6 11 6B 3A 03 00 00 00 01 00 00 00 14 00 00 00 3F 72 8A 35 DE 52 B2 C8 99 4A 4F B1 01 A0 3B 95 E8 7B 06 C8 0F 00 00 00 01 00 00 00 14 00 00 00 71 75 75 34 54 C2 98 2E 84 ED 48 F5 B4 EE 52 48 7F 4A 37 CD 19 00 00 00 01 00 00 00 10 00 00 00 49 50 8B 6C BE 29 D8 39 31 16 93 FA 24 E5 8D 98 20 00 00 00 01 00 00 00 FD 05 00 00 30 82 05 F9 30 82 03 E1 A0 03 02 01 02 02 09 00 D2 1E F1 F6 E3 4F 6B B8 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30 81 92 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 0C 0A 43 61 6C 69 66 6F 72 6E 69 61 31 16 30 14 06 03 55 04 07 0C 0D 53 61 6E 20 46 72 61 6E 63 69 73 63 6F 31 2A 30 28 06 03 55 04 0A 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 31 2A 30 28 06 03 55 04 03 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 30 1E 17 0D 31 35 30 33 31 37 31 34 31 36 33 38 5A 17 0D 34 35 30 33 30 39 31 34 31 36 33 38 5A 30 81 92 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 0C 0A 43 61 6C 69 66 6F 72 6E 69 61 31 16 30 14 06 03 55 04 07 0C 0D 53 61 6E 20 46 72 61 6E 63 69 73 63 6F 31 2A 30 28 06 03 55 04 0A 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 31 2A 30 28 06 03 55 04 03 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 30 82 02 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 02 0F 00 30 82 02 0A 02 82 02 01 00 AE 85 81 A8 AB 4F 18 6F B8 FF D9 66 4D B0 3F E7 A3 06 9B 8D 6E 32 30 46 84 32 00 D0 A2 58 15 E3 83 1A 98 23 89 66 FA DC CF E9 B3 3F 7A 15 85 38 42 6D A3 6A 64 14 CB 41 56 ED FE 59 95 38 F1 FA AB E9 4B 06 52 B7 83 58 97 69 5A 3D 75 98 98 9F CE ED 1D 79 20 30 90 20 F1 57 23 2F 00 62 F2 FE BD 48 D8 62 D9 25 72 A2 12 C8 7A 04 2F A5 E3 74 75 DD 7A 1C 60 40 6B 37 C3 D8 4F 7D C1 E7 68 97 5E 36 08 A8 1C 35 78 81 AF A7 4E B4 88 D0 AB 10 74 03 CB 8C 9B AC 63 27 B9 DC 75 E6 6B 5D 32 18 95 0B FD 03 C5 66 DF C6 57 65 56 E9 77 31 59 42 23 46 2D 2A 03 7B 32 C5 3B AB C6 6A 2F B5 48 7F 9E 7A 61 60 40 DA AA 16 B4 38 26 8D B3 71 4A 6D 28 4A 21 0E 26 DA D0 30 B3 FA 74 3E CF EF 28 24 47 39 B8 EE 10 06 5A 65 67 F2 37 66 D9 57 26 A4 2A 9B DF A0 37 5D C0 ED 65 59 F9 E9 E6 F8 8E A7 AE 3A F4 72 E5 F8 62 BB B5 97 A7 A0 1C 32 5B 35 14 43 53 6B C4 C9 E8 3E 21 61 8C 3C 3F CE 4A 14 8B DA 41 39 D1 C5 E3 34 A3 C4 44 0C 5D BB 0D 78 E8 31 BE 4A A9 CF B3 D5 12 21 AE 6D 28 4C 86 98 E4 0A 99 81 BF 98 11 99 86 28 AB EB 15 EF A9 50 B9 43 AE B1 03 69 06 63 6D 11 93 D9 C0 FB 97 FE 0A F5 CD 4F 10 90 9E 19 FB 6F 66 44 0C 50 20 B1 A3 A7 27 45 15 FA C9 45 20 EA B9 DF CE C6 E4 61 4F 08 09 FA 5D 13 8F 03 FB DA 95 85 E0 5C BC 2D A9 CC 8E BA 76 B9 6A 80 2E 69 74 62 19 28 02 EC 60 11 A6 0F 64 C2 FF 9B 5E 7D 0F F1 D4 6B 4D FD 99 BB C1 3D 05 DE 6E F2 B2 CE 1F 51 A5 E3 43 D1 E7 24 76 36 2F 9A 02 0D DA 34 A6 2D E0 1D 22 14 C5 7E FD B7 0F 31 B1 4A D0 AA A7 73 57 C5 C2 63 D8 C3 2F 37 39 12 BF C0 91 F7 AC A6 AB 48 ED 82 4B C7 4D 30 06 EA 6C A7 C2 B1 A1 09 02 96 6A 3D 02 03 01 00 01 A3 50 30 4E 30 1D 06 03 55 1D 0E 04 16 04 14 BB 3B 3F AA 10 70 C8 55 F7 24 E9 3B FD 32 19 F4 F6 11 6B 3A 30 1F 06 03 55 1D 23 04 18 30 16 80 14 BB 3B 3F AA 10 70 C8 55 F7 24 E9 3B FD 32 19 F4 F6 11 6B 3A 30 0C 06 03 55 1D 13 04 05 30 03 01 01 FF 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 82 02 01 00 48 3C 18 2B 72 E4 57 52 A8 95 35 C6 A1 73 71 20 85 20 94 FF 55 E7 1B 02 9C 05 C8 31 F8 85 B2 79 BE B2 47 55 74 E0 55 70 6B 17 24 9F 0B 6A 92 FE 41 04 22 4F 25 F4 5C DA 25 EF A9 32 CD CC 57 AD 88 5B 56 14 5F 7A 38 02 D3 18 23 8D A5 D8 FB 9F 43 A3 1A 68 2E 42 06 72 26 01 A2 EB DB AF 70 2E 57 12 35 7C B2 A1 EF AB 12 E0 81 55 84 37 C8 FD 95 AE DE 58 60 40 52 A1 C7 75 18 A1 2F 92 5A C0 AB C9 1B A7 17 19 4E 4D D8 53 FB C6 C3 7C 33 53 51 5B 3A 64 31 60 A4 B3 07 72 D7 39 1A F9 8A A2 70 E4 B4 D6 BF 6A AD 24 76 74 CE C7 EA 87 3E 28 6C EF 08 09 4F 79 FB CF 77 FF FA F8 77 04 4A 30 90 5B 27 11 5C 79 60 60 64 1A CB 6E 2C 5E 1C B0 53 AC 28 4A 8B 8B DF AE 01 41 D2 12 3F 7B 22 54 D2 8E 3C C4 A1 FF 4A 6C D3 1B EB 1D 35 94 14 F5 79 44 BE C2 E6 93 9B BA 4D D0 81 94 E9 25 BE 43 FC 2C 92 E5 CA DC 5D 9D CF CA 8B CF 0C E0 3D 29 21 44 4A C0 19 F4 F3 D5 7E F5 74 35 2B FC DF A3 F7 3C C5 D6 7A 7A 0B B6 2B C7 BF F9 8F 6E B5 56 44 0F A9 45 80 9F 88 21 82 99 2C DC 85 DA 25 65 55 ED D3 1C 36 4E D6 63 46 68 AF 6C 87 5C C5 F6 89 C2 E1 70 F4 87 0F F1 DE F0 8E 72 E4 CA CB 83 2B CD B1 7A 54 41 AF 97 38 DF F7 EA 8C 7A B2 D1 1B E9 E9 D3 BF 41 0F 21 F0 AA 8D 95 B6 CD 91 90 DF 71 E7 72 96 9D 3F 18 B9 98 8C CE 15 45 99 83 FB BD 61 4E AD 63 36 71 86 5D BD A3 17 61 6F 31 57 A4 25 3D ED 24 6A 9E 94 E0 D8 67 F0 17 12 86 B7 4E 65 93 A6 BD 8A 2A 06 6B EC 0F DE E0 B5 9C A0 AF D5 A4 32 A2 70 75 A1 02 A9 7F 85 D9 39 38 80 BB 41 A6 0F A3 8D 1F F1 66 E0 04 B3 A2 88 03 8B A7 AF E1 A1 60 95 F6 CB 76 12 C8 51 83 1E 14 E2 0B B5 6C F1 4B 96 21 F9 DE AA B2 CD 71 B8 63

Signature Hits	Behavior Group	Mitre Attack
Installs new ROOT certificates	Persistence and Installation Behavior	Install Root Certificate
Stores large binary data to the registry	Hooking and other Techniques for Hiding and Protection	Modify Registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8

Blob

Details

TargetID:	0
Path:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Value name:	Blob
Value data:	5C 00 00 00 01 00 00 00 04 00 00 00 00 10 00 00 19 00 00 00 01 00 00 00 10 00 00 00 49 50 8B 6C BE 29 D8 39 31 16 93 FA 24 E5 8D 98 0F 00 00 00 01 00 00 00 14 00 00 00 71 75 75 34 54 C2 98 2E 84 ED 48 F5 B4 EE 52 48 7F 4A 37 CD 03 00 00 00 01 00 00 00 14 00 00 00 3F 72 8A 35 DE 52 B2 C8 99 4A 4F B1 01 A0 3B 95 E8 7B 06 C8 14 00 00 00 01 00 00 00 14 00 00 00 BB 3B 3F AA 10 70 C8 55 F7 24 E9 3B FD 32 19 F4 F6 11 6B 3A 04 00 00 00 01 00 00 00 10 00 00 00 0A 0A 18 29 36 E6 C3 DF 7F A3 4D 0F FD 41 5E 22 20 00 00 00 01 00 00 00 FD 05 00 00 30 82 05 F9 30 82 03 E1 A0 03 02 01 02 02 09 00 D2 1E F1 F6 E3 4F 6B B8 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30 81 92 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 0C 0A 43 61 6C 69 66 6F 72 6E 69 61 31 16 30 14 06 03 55 04 07 0C 0D 53 61 6E 20 46 72 61 6E 63 69 73 63 6F 31 2A 30 28 06 03 55 04 0A 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 31 2A 30 28 06 03 55 04 03 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 30 1E 17 0D 31 35 30 33 31 37 31 34 31 36 33 38 5A 17 0D 34 35 30 33 30 39 31 34 31 36 33 38 5A 30 81 92 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 0C 0A 43 61 6C 69 66 6F 72 6E 69 61 31 16 30 14 06 03 55 04 07 0C 0D 53 61 6E 20 46 72 61 6E 63 69 73 63 6F 31 2A 30 28 06 03 55 04 0A 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 31 2A 30 28 06 03 55 04 03 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 30 82 02 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 02 0F 00 30 82 02 0A 02 82 02 01 00 AE 85 81 A8 AB 4F 18 6F B8 FF D9 66 4D B0 3F E7 A3 06 9B 8D 6E 32 30 46 84 32 00 D0 A2 58 15 E3 83 1A 98 23 89 66 FA DC CF E9 B3 3F 7A 15 85 38 42 6D A3 6A 64 14 CB 41 56 ED FE 59 95 38 F1 FA AB E9 4B 06 52 B7 83 58 97 69 5A 3D 75 98 98 9F CE ED 1D 79 20 30 90 20 F1 57 23 2F 00 62 F2 FE BD 48 D8 62 D9 25 72 A2 12 C8 7A 04 2F A5 E3 74 75 DD 7A 1C 60 40 6B 37 C3 D8 4F 7D C1 E7 68 97 5E 36 08 A8 1C 35 78 81 AF A7 4E B4 88 D0 AB 10 74 03 CB 8C 9B AC 63 27 B9 DC 75 E6 6B 5D 32 18 95 0B FD 03 C5 66 DF C6 57 65 56 E9 77 31 59 42 23 46 2D 2A 03 7B 32 C5 3B AB C6 6A 2F B5 48 7F 9E 7A 61 60 40 DA AA 16 B4 38 26 8D B3 71 4A 6D 28 4A 21 0E 26 DA D0 30 B3 FA 74 3E CF EF 28 24 47 39 B8 EE 10 06 5A 65 67 F2 37 66 D9 57 26 A4 2A 9B DF A0 37 5D C0 ED 65 59 F9 E9 E6 F8 8E A7 AE 3A F4 72 E5 F8 62 BB B5 97 A7 A0 1C 32 5B 35 14 43 53 6B C4 C9 E8 3E 21 61 8C 3C 3F CE 4A 14 8B DA 41 39 D1 C5 E3 34 A3 C4 44 0C 5D BB 0D 78 E8 31 BE 4A A9 CF B3 D5 12 21 AE 6D 28 4C 86 98 E4 0A 99 81 BF 98 11 99 86 28 AB EB 15 EF A9 50 B9 43 AE B1 03 69 06 63 6D 11 93 D9 C0 FB 97 FE 0A F5 CD 4F 10 90 9E 19 FB 6F 66 44 0C 50 20 B1 A3 A7 27 45 15 FA C9 45 20 EA B9 DF CE C6 E4 61 4F 08 09 FA 5D 13 8F 03 FB DA 95 85 E0 5C BC 2D A9 CC 8E BA 76 B9 6A 80 2E 69 74 62 19 28 02 EC 60 11 A6 0F 64 C2 FF 9B 5E 7D 0F F1 D4 6B 4D FD 99 BB C1 3D 05 DE 6E F2 B2 CE 1F 51 A5 E3 43 D1 E7 24 76 36 2F 9A 02 0D DA 34 A6 2D E0 1D 22 14 C5 7E FD B7 0F 31 B1 4A D0 AA A7 73 57 C5 C2 63 D8 C3 2F 37 39 12 BF C0 91 F7 AC A6 AB 48 ED 82 4B C7 4D 30 06 EA 6C A7 C2 B1 A1 09 02 96 6A 3D 02 03 01 00 01 A3 50 30 4E 30 1D 06 03 55 1D 0E 04 16 04 14 BB 3B 3F AA 10 70 C8 55 F7 24 E9 3B FD 32 19 F4 F6 11 6B 3A 30 1F 06 03 55 1D 23 04 18 30 16 80 14 BB 3B 3F AA 10 70 C8 55 F7 24 E9 3B FD 32 19 F4 F6 11 6B 3A 30 0C 06 03 55 1D 13 04 05 30 03 01 01 FF 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 82 02 01 00 48 3C 18 2B 72 E4 57 52 A8 95 35 C6 A1 73 71 20 85 20 94 FF 55 E7 1B 02 9C 05 C8 31 F8 85 B2 79 BE B2 47 55 74 E0 55 70 6B 17 24 9F 0B 6A 92 FE 41 04 22 4F 25 F4 5C DA 25 EF A9 32 CD CC 57 AD 88 5B 56 14 5F 7A 38 02 D3 18 23 8D A5 D8 FB 9F 43 A3 1A 68 2E 42 06 72 26 01 A2 EB DB AF 70 2E 57 12 35 7C B2 A1 EF AB 12 E0 81 55 84 37 C8 FD 95 AE DE 58 60 40 52 A1 C7 75 18 A1 2F 92 5A C0 AB C9 1B A7 17 19 4E 4D D8 53 FB C6 C3 7C 33 53 51 5B 3A 64 31 60 A4 B3 07 72 D7 39 1A F9 8A A2 70 E4 B4 D6 BF 6A AD 24 76 74 CE C7 EA 87 3E 28 6C EF 08 09 4F 79 FB CF 77 FF FA F8 77 04 4A 30 90 5B 27 11 5C 79 60 60 64 1A CB 6E 2C 5E 1C B0 53 AC 28 4A 8B 8B DF AE 01 41 D2 12 3F 7B 22 54 D2 8E 3C C4 A1 FF 4A 6C D3 1B EB 1D 35 94 14 F5 79 44 BE C2 E6 93 9B BA 4D D0 81 94 E9 25 BE 43 FC 2C 92 E5 CA DC 5D 9D CF CA 8B CF 0C E0 3D 29 21 44 4A C0 19 F4 F3 D5 7E F5 74 35 2B FC DF A3 F7 3C C5 D6 7A 7A 0B B6 2B C7 BF F9 8F 6E B5 56 44 0F A9 45 80 9F 88 21 82 99 2C DC 85 DA 25 65 55 ED D3 1C 36 4E D6 63 46 68 AF 6C 87 5C C5 F6 89 C2 E1 70 F4 87 0F F1 DE F0 8E 72 E4 CA CB 83 2B CD B1 7A 54 41 AF 97 38 DF F7 EA 8C 7A B2 D1 1B E9 E9 D3 BF 41 0F 21 F0 AA 8D 95 B6 CD 91 90 DF 71 E7 72 96 9D 3F 18 B9 98 8C CE 15 45 99 83 FB BD 61 4E AD 63 36 71 86 5D BD A3 17 61 6F 31 57 A4 25 3D ED 24 6A 9E 94 E0 D8 67 F0 17 12 86 B7 4E 65 93 A6 BD 8A 2A 06 6B EC 0F DE E0 B5 9C A0 AF D5 A4 32 A2 70 75 A1 02 A9 7F 85 D9 39 38 80 BB 41 A6 0F A3 8D 1F F1 66 E0 04 B3 A2 88 03 8B A7 AF E1 A1 60 95 F6 CB 76 12 C8 51 83 1E 14 E2 0B B5 6C F1 4B 96 21 F9 DE AA B2 CD 71 B8 63

Signature Hits	Behavior Group	Mitre Attack
Installs new ROOT certificates	Persistence and Installation Behavior	Install Root Certificate
Stores large binary data to the registry	Hooking and other Techniques for Hiding and Protection	Modify Registry

Memdumps

Base Address

Regiontype

Protect

Malicious

C0001EC000

direct allocation

page read and write

10F0000

unkown

page readonly

C000284000

direct allocation

page read and write

C00011D000

direct allocation

page read and write

1F02C2A0000

heap

page read and write

14A3000

unkown

page readonly

C000024000

direct allocation

page read and write

E00000

unkown

page readonly

140A000

unkown

page write copy

C0001D2000

direct allocation

page read and write

C000064000

direct allocation

page read and write

1737000

unkown

page write copy

C0001EE000

direct allocation

page read and write

C00014C000

direct allocation

page read and write

C00004F000

direct allocation

page read and write

C0000AA000

direct allocation

page read and write

E01000

unkown

page execute read

C000028000

direct allocation

page read and write

C000098000

direct allocation

page read and write

C000136000

direct allocation

page read and write

144C000

unkown

page write copy

C00017C000

direct allocation

page read and write

C00005D000

direct allocation

page read and write

C000122000

direct allocation

page read and write

1556000

unkown

page readonly

C0000B0000

direct allocation

page read and write

CF987FE000

stack

page read and write

C000174000

direct allocation

page read and write

144F000

unkown

page read and write

C0001A2000

direct allocation

page read and write

1F02C349000

heap

page read and write

C0000A2000

direct allocation

page read and write

C0001D6000

direct allocation

page read and write

C0001D0000

direct allocation

page read and write

1738000

unkown

page readonly

C00018E000

direct allocation

page read and write

E01000

unkown

page execute read

C0001B2000

direct allocation

page read and write

140D000

unkown

page read and write

C00016E000

direct allocation

page read and write

C00010E000

direct allocation

page read and write

C0001C2000

direct allocation

page read and write

C00028C000

direct allocation

page read and write

1F02C2D0000

heap

page read and write

C0000A4000

direct allocation

page read and write

CF97BFE000

stack

page read and write

C00008E000

direct allocation

page read and write

C000194000

direct allocation

page read and write

C000190000

direct allocation

page read and write

C000008000

direct allocation

page read and write

C000054000

direct allocation

page read and write

C000020000

direct allocation

page read and write

1F02C2DC000

heap

page read and write

1408000

unkown

page read and write

C00017A000

direct allocation

page read and write

C000100000

direct allocation

page read and write

1F02C327000

heap

page read and write

1F02C325000

heap

page read and write

1737000

unkown

page write copy

C00020C000

direct allocation

page read and write

140B000

unkown

page read and write

C000196000

direct allocation

page read and write

C0001BE000

direct allocation

page read and write

1F071650000

direct allocation

page read and write

C0001AA000

direct allocation

page read and write

C000202000

direct allocation

page read and write

C00018A000

direct allocation

page read and write

C000096000

direct allocation

page read and write

1F0715D9000

direct allocation

page read and write

C00004D000

direct allocation

page read and write

146E000

unkown

page read and write

C0000A0000

direct allocation

page read and write

140C000

unkown

page write copy

C0000A8000

direct allocation

page read and write

C00000A000

direct allocation

page read and write

C0001A6000

direct allocation

page read and write

C0001BC000

direct allocation

page read and write

C000030000

direct allocation

page read and write

1F02C224000

direct allocation

page read and write

C000176000

direct allocation

page read and write

C000004000

direct allocation

page read and write

C0001EA000

direct allocation

page read and write

C000155000

direct allocation

page read and write

C00001A000

direct allocation

page read and write

1452000

unkown

page read and write

CF979FC000

stack

page read and write

C00002C000

direct allocation

page read and write

C000038000

direct allocation

page read and write

C0001DC000

direct allocation

page read and write

C00001E000

direct allocation

page read and write

C0001CE000

direct allocation

page read and write

1556000

unkown

page readonly

CF983FE000

stack

page read and write

C0001FA000

direct allocation

page read and write

CF985FC000

stack

page read and write

C00008C000

direct allocation

page read and write

C000052000

direct allocation

page read and write

C0001B0000

direct allocation

page read and write

C0001FE000

direct allocation

page read and write

1457000

unkown

page read and write

C0001D8000

direct allocation

page read and write

1411000

unkown

page write copy

C00020E000

direct allocation

page read and write

1F02C280000

direct allocation

page read and write

C00003C000

direct allocation

page read and write

C000112000

direct allocation

page read and write

C0001A4000

direct allocation

page read and write

1F071655000

direct allocation

page read and write

C00009A000

direct allocation

page read and write

C000192000

direct allocation

page read and write

1408000

unkown

page write copy

C000002000

direct allocation

page read and write

C00011A000

direct allocation

page read and write

C000198000

direct allocation

page read and write

C00016C000

direct allocation

page read and write

143D000

unkown

page write copy

C00013A000

direct allocation

page read and write

C0000A6000

direct allocation

page read and write

10F0000

unkown

page readonly

1F02C130000

heap

page read and write

C000108000

direct allocation

page read and write

C000006000

direct allocation

page read and write

C000092000

direct allocation

page read and write

C000200000

direct allocation

page read and write

C00003F000

direct allocation

page read and write

C000172000

direct allocation

page read and write

C00003A000

direct allocation

page read and write

140E000

unkown

page write copy

CF97DFF000

stack

page read and write

C00005B000

direct allocation

page read and write

C000157000

direct allocation

page read and write

C00005F000

direct allocation

page read and write

1F02C22A000

direct allocation

page read and write

1474000

unkown

page read and write

C000094000

direct allocation

page read and write

C0001AC000

direct allocation

page read and write

C000214000

direct allocation

page read and write

149C000

unkown

page read and write

C0000B2000

direct allocation

page read and write

C00008A000

direct allocation

page read and write

C000180000

direct allocation

page read and write

1F071610000

direct allocation

page read and write

1F02C228000

direct allocation

page read and write

C000068000

direct allocation

page read and write

C00018C000

direct allocation

page read and write

C0001C8000

direct allocation

page read and write

C00009C000

direct allocation

page read and write

C0001E6000

direct allocation

page read and write

C000026000

direct allocation

page read and write

14A3000

unkown

page readonly

CF97FFE000

stack

page read and write

C00001C000

direct allocation

page read and write

C000080000

direct allocation

page read and write

CF981FC000

stack

page read and write

1410000

unkown

page read and write

C00012E000

direct allocation

page read and write

C000048000

direct allocation

page read and write

1F071870000

heap

page read and write

C000104000

direct allocation

page read and write

C000132000

direct allocation

page read and write

C0001CA000

direct allocation

page read and write

1F071690000

heap

page read and write

C000212000

direct allocation

page read and write

C000142000

direct allocation

page read and write

C00000C000

direct allocation

page read and write

C00007E000

direct allocation

page read and write

C000110000

direct allocation

page read and write

C0001F8000

direct allocation

page read and write

C000070000

direct allocation

page read and write

E00000

unkown

page readonly

C000062000

direct allocation

page read and write

143E000

unkown

page read and write

C0001C0000

direct allocation

page read and write

1F0715D1000

direct allocation

page read and write

C000188000

direct allocation

page read and write

1738000

unkown

page readonly

C0000B4000

direct allocation

page read and write

1451000

unkown

page write copy

C000130000

direct allocation

page read and write

C00015D000

direct allocation

page read and write

C00016A000

direct allocation

page read and write

C000000000

direct allocation

page read and write

1F071875000

heap

page read and write

C0000AC000

direct allocation

page read and write

1F02C220000

direct allocation

page read and write

C0001D4000

direct allocation

page read and write

C000128000

direct allocation

page read and write

C00006C000

direct allocation

page read and write

143A000

unkown

page read and write

C00020A000

direct allocation

page read and write

C0000B6000

direct allocation

page read and write

C00013C000

direct allocation

page read and write

There are 182 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
main.exe

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportmain.exe

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
main.exe