Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\main old source new token.exe

"C:\Users\user\Desktop\main old source new token.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7324
Target ID:	0
Parent PID:	2580
Name:	main old source new token.exe
Path:	C:\Users\user\Desktop\main old source new token.exe
Commandline:	"C:\Users\user\Desktop\main old source new token.exe"
Size:	9882112
MD5:	F108805655F831FA251D38BF72379A15
Time:	13:18:07
Date:	15/01/2025
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x1d0000
Modulesize:	10235904
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
PE file contains more sections than normal	System Summary
PE file contains sections with non-standard names	Data Obfuscation
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011)	System Summary	Software Packing
PE file has an executable .text section and no other executable section	System Summary
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
Spawns processes	System Summary	Process Injection
URLs found in memory or binary data	Networking
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file has a big raw section	System Summary
PE file has a big code size	System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	7332
Target ID:	1
Parent PID:	7324
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	13:18:07
Date:	15/01/2025
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7699e0000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://discord.com/api/v9/oauth2/applications

unknown

https://discord.com/api/v9//voice/

unknown

https://status.discord.com/api/v2/scheduled-maintenances/upcoming.json

unknown

https://cdn.discordapp.com/icons/

unknown

https://cdn.discordapp.com/banners/

unknown

https://discord.com/api/v9/gateway

162.159.128.233

https://cdn.discordapp.com/guilds/

unknown

https://discord.com/api/v9/oauth2/

unknown

https://discord.com/api/v9/applications

unknown

https://discord.com/api/v9/gateway/bot

unknown

https://discord.com/api/v9/channels/

unknown

https://discord.com/api/v9/guilds/

unknown

https://cdn.discordapp.com/splashes/

unknown

https://discord.com/MESSAGE_REACTION_ADDTHREAD_MEMBER_UPDATEunmarshall

unknown

https://cdn.discordapp.com/channel-icons/

unknown

https://github.com/bwmarrin/discordgo

unknown

https://cdn.discordapp.com/role-icons/

unknown

https://discord.com/api/v9/

unknown

https://discord.com/api/v9/users/

unknown

https://cdn.discordapp.com/attachments/

unknown

https://status.discord.com/api/v2/scheduled-maintenances/active.json

unknown

https://discord.com/api/v9/09Az~~kernel32.dllREQUEST_METHODiphlpapi.dll

unknown

https://discord.com/api/v9/guilds

unknown

https://status.discord.com/api/v2/scheduled-maintenances/active.jsonhttps://status.discord.com/api/v

unknown

https://discord.com/api/v9/stickers/

unknown

https://discord.com/api/v9/webhooks/

unknown

https://cdn.discordapp.com/avatars/

unknown

https://discord.com/api/v9/guilds/https://discord.com/api/v9/channels/https://discord.com/api/v9/use

unknown

https://discord.com/api/v9/stage-instances

unknown

https://discord.com/api/v9//sticker-packs

unknown

https://gateway.discord.gg/?v=9&encoding=json

162.159.133.234

https://discord.com/api/v9//voice/regions

unknown

There are 22 hidden URLs, click here to show them.

Domains

Name

Malicious

discord.com

162.159.128.233

Details

Name:	discord.com
IP:	162.159.128.233
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

gateway.discord.gg

162.159.133.234

Details

Name:	gateway.discord.gg
IP:	162.159.133.234
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

162.159.128.233

discord.com

United States

162.159.133.234

gateway.discord.gg

United States

Registry

Path

Value

Malicious

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8

Blob

Details

TargetID:	0
Path:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Value name:	Blob
Value data:	04 00 00 00 01 00 00 00 10 00 00 00 0A 0A 18 29 36 E6 C3 DF 7F A3 4D 0F FD 41 5E 22 14 00 00 00 01 00 00 00 14 00 00 00 BB 3B 3F AA 10 70 C8 55 F7 24 E9 3B FD 32 19 F4 F6 11 6B 3A 03 00 00 00 01 00 00 00 14 00 00 00 3F 72 8A 35 DE 52 B2 C8 99 4A 4F B1 01 A0 3B 95 E8 7B 06 C8 0F 00 00 00 01 00 00 00 14 00 00 00 71 75 75 34 54 C2 98 2E 84 ED 48 F5 B4 EE 52 48 7F 4A 37 CD 19 00 00 00 01 00 00 00 10 00 00 00 49 50 8B 6C BE 29 D8 39 31 16 93 FA 24 E5 8D 98 20 00 00 00 01 00 00 00 FD 05 00 00 30 82 05 F9 30 82 03 E1 A0 03 02 01 02 02 09 00 D2 1E F1 F6 E3 4F 6B B8 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30 81 92 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 0C 0A 43 61 6C 69 66 6F 72 6E 69 61 31 16 30 14 06 03 55 04 07 0C 0D 53 61 6E 20 46 72 61 6E 63 69 73 63 6F 31 2A 30 28 06 03 55 04 0A 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 31 2A 30 28 06 03 55 04 03 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 30 1E 17 0D 31 35 30 33 31 37 31 34 31 36 33 38 5A 17 0D 34 35 30 33 30 39 31 34 31 36 33 38 5A 30 81 92 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 0C 0A 43 61 6C 69 66 6F 72 6E 69 61 31 16 30 14 06 03 55 04 07 0C 0D 53 61 6E 20 46 72 61 6E 63 69 73 63 6F 31 2A 30 28 06 03 55 04 0A 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 31 2A 30 28 06 03 55 04 03 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 30 82 02 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 02 0F 00 30 82 02 0A 02 82 02 01 00 AE 85 81 A8 AB 4F 18 6F B8 FF D9 66 4D B0 3F E7 A3 06 9B 8D 6E 32 30 46 84 32 00 D0 A2 58 15 E3 83 1A 98 23 89 66 FA DC CF E9 B3 3F 7A 15 85 38 42 6D A3 6A 64 14 CB 41 56 ED FE 59 95 38 F1 FA AB E9 4B 06 52 B7 83 58 97 69 5A 3D 75 98 98 9F CE ED 1D 79 20 30 90 20 F1 57 23 2F 00 62 F2 FE BD 48 D8 62 D9 25 72 A2 12 C8 7A 04 2F A5 E3 74 75 DD 7A 1C 60 40 6B 37 C3 D8 4F 7D C1 E7 68 97 5E 36 08 A8 1C 35 78 81 AF A7 4E B4 88 D0 AB 10 74 03 CB 8C 9B AC 63 27 B9 DC 75 E6 6B 5D 32 18 95 0B FD 03 C5 66 DF C6 57 65 56 E9 77 31 59 42 23 46 2D 2A 03 7B 32 C5 3B AB C6 6A 2F B5 48 7F 9E 7A 61 60 40 DA AA 16 B4 38 26 8D B3 71 4A 6D 28 4A 21 0E 26 DA D0 30 B3 FA 74 3E CF EF 28 24 47 39 B8 EE 10 06 5A 65 67 F2 37 66 D9 57 26 A4 2A 9B DF A0 37 5D C0 ED 65 59 F9 E9 E6 F8 8E A7 AE 3A F4 72 E5 F8 62 BB B5 97 A7 A0 1C 32 5B 35 14 43 53 6B C4 C9 E8 3E 21 61 8C 3C 3F CE 4A 14 8B DA 41 39 D1 C5 E3 34 A3 C4 44 0C 5D BB 0D 78 E8 31 BE 4A A9 CF B3 D5 12 21 AE 6D 28 4C 86 98 E4 0A 99 81 BF 98 11 99 86 28 AB EB 15 EF A9 50 B9 43 AE B1 03 69 06 63 6D 11 93 D9 C0 FB 97 FE 0A F5 CD 4F 10 90 9E 19 FB 6F 66 44 0C 50 20 B1 A3 A7 27 45 15 FA C9 45 20 EA B9 DF CE C6 E4 61 4F 08 09 FA 5D 13 8F 03 FB DA 95 85 E0 5C BC 2D A9 CC 8E BA 76 B9 6A 80 2E 69 74 62 19 28 02 EC 60 11 A6 0F 64 C2 FF 9B 5E 7D 0F F1 D4 6B 4D FD 99 BB C1 3D 05 DE 6E F2 B2 CE 1F 51 A5 E3 43 D1 E7 24 76 36 2F 9A 02 0D DA 34 A6 2D E0 1D 22 14 C5 7E FD B7 0F 31 B1 4A D0 AA A7 73 57 C5 C2 63 D8 C3 2F 37 39 12 BF C0 91 F7 AC A6 AB 48 ED 82 4B C7 4D 30 06 EA 6C A7 C2 B1 A1 09 02 96 6A 3D 02 03 01 00 01 A3 50 30 4E 30 1D 06 03 55 1D 0E 04 16 04 14 BB 3B 3F AA 10 70 C8 55 F7 24 E9 3B FD 32 19 F4 F6 11 6B 3A 30 1F 06 03 55 1D 23 04 18 30 16 80 14 BB 3B 3F AA 10 70 C8 55 F7 24 E9 3B FD 32 19 F4 F6 11 6B 3A 30 0C 06 03 55 1D 13 04 05 30 03 01 01 FF 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 82 02 01 00 48 3C 18 2B 72 E4 57 52 A8 95 35 C6 A1 73 71 20 85 20 94 FF 55 E7 1B 02 9C 05 C8 31 F8 85 B2 79 BE B2 47 55 74 E0 55 70 6B 17 24 9F 0B 6A 92 FE 41 04 22 4F 25 F4 5C DA 25 EF A9 32 CD CC 57 AD 88 5B 56 14 5F 7A 38 02 D3 18 23 8D A5 D8 FB 9F 43 A3 1A 68 2E 42 06 72 26 01 A2 EB DB AF 70 2E 57 12 35 7C B2 A1 EF AB 12 E0 81 55 84 37 C8 FD 95 AE DE 58 60 40 52 A1 C7 75 18 A1 2F 92 5A C0 AB C9 1B A7 17 19 4E 4D D8 53 FB C6 C3 7C 33 53 51 5B 3A 64 31 60 A4 B3 07 72 D7 39 1A F9 8A A2 70 E4 B4 D6 BF 6A AD 24 76 74 CE C7 EA 87 3E 28 6C EF 08 09 4F 79 FB CF 77 FF FA F8 77 04 4A 30 90 5B 27 11 5C 79 60 60 64 1A CB 6E 2C 5E 1C B0 53 AC 28 4A 8B 8B DF AE 01 41 D2 12 3F 7B 22 54 D2 8E 3C C4 A1 FF 4A 6C D3 1B EB 1D 35 94 14 F5 79 44 BE C2 E6 93 9B BA 4D D0 81 94 E9 25 BE 43 FC 2C 92 E5 CA DC 5D 9D CF CA 8B CF 0C E0 3D 29 21 44 4A C0 19 F4 F3 D5 7E F5 74 35 2B FC DF A3 F7 3C C5 D6 7A 7A 0B B6 2B C7 BF F9 8F 6E B5 56 44 0F A9 45 80 9F 88 21 82 99 2C DC 85 DA 25 65 55 ED D3 1C 36 4E D6 63 46 68 AF 6C 87 5C C5 F6 89 C2 E1 70 F4 87 0F F1 DE F0 8E 72 E4 CA CB 83 2B CD B1 7A 54 41 AF 97 38 DF F7 EA 8C 7A B2 D1 1B E9 E9 D3 BF 41 0F 21 F0 AA 8D 95 B6 CD 91 90 DF 71 E7 72 96 9D 3F 18 B9 98 8C CE 15 45 99 83 FB BD 61 4E AD 63 36 71 86 5D BD A3 17 61 6F 31 57 A4 25 3D ED 24 6A 9E 94 E0 D8 67 F0 17 12 86 B7 4E 65 93 A6 BD 8A 2A 06 6B EC 0F DE E0 B5 9C A0 AF D5 A4 32 A2 70 75 A1 02 A9 7F 85 D9 39 38 80 BB 41 A6 0F A3 8D 1F F1 66 E0 04 B3 A2 88 03 8B A7 AF E1 A1 60 95 F6 CB 76 12 C8 51 83 1E 14 E2 0B B5 6C F1 4B 96 21 F9 DE AA B2 CD 71 B8 63

Signature Hits	Behavior Group	Mitre Attack
Installs new ROOT certificates	Persistence and Installation Behavior	Install Root Certificate
Stores large binary data to the registry	Hooking and other Techniques for Hiding and Protection	Modify Registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8

Blob

Details

TargetID:	0
Path:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Value name:	Blob
Value data:	5C 00 00 00 01 00 00 00 04 00 00 00 00 10 00 00 19 00 00 00 01 00 00 00 10 00 00 00 49 50 8B 6C BE 29 D8 39 31 16 93 FA 24 E5 8D 98 0F 00 00 00 01 00 00 00 14 00 00 00 71 75 75 34 54 C2 98 2E 84 ED 48 F5 B4 EE 52 48 7F 4A 37 CD 03 00 00 00 01 00 00 00 14 00 00 00 3F 72 8A 35 DE 52 B2 C8 99 4A 4F B1 01 A0 3B 95 E8 7B 06 C8 14 00 00 00 01 00 00 00 14 00 00 00 BB 3B 3F AA 10 70 C8 55 F7 24 E9 3B FD 32 19 F4 F6 11 6B 3A 04 00 00 00 01 00 00 00 10 00 00 00 0A 0A 18 29 36 E6 C3 DF 7F A3 4D 0F FD 41 5E 22 20 00 00 00 01 00 00 00 FD 05 00 00 30 82 05 F9 30 82 03 E1 A0 03 02 01 02 02 09 00 D2 1E F1 F6 E3 4F 6B B8 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30 81 92 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 0C 0A 43 61 6C 69 66 6F 72 6E 69 61 31 16 30 14 06 03 55 04 07 0C 0D 53 61 6E 20 46 72 61 6E 63 69 73 63 6F 31 2A 30 28 06 03 55 04 0A 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 31 2A 30 28 06 03 55 04 03 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 30 1E 17 0D 31 35 30 33 31 37 31 34 31 36 33 38 5A 17 0D 34 35 30 33 30 39 31 34 31 36 33 38 5A 30 81 92 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 0C 0A 43 61 6C 69 66 6F 72 6E 69 61 31 16 30 14 06 03 55 04 07 0C 0D 53 61 6E 20 46 72 61 6E 63 69 73 63 6F 31 2A 30 28 06 03 55 04 0A 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 31 2A 30 28 06 03 55 04 03 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 30 82 02 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 02 0F 00 30 82 02 0A 02 82 02 01 00 AE 85 81 A8 AB 4F 18 6F B8 FF D9 66 4D B0 3F E7 A3 06 9B 8D 6E 32 30 46 84 32 00 D0 A2 58 15 E3 83 1A 98 23 89 66 FA DC CF E9 B3 3F 7A 15 85 38 42 6D A3 6A 64 14 CB 41 56 ED FE 59 95 38 F1 FA AB E9 4B 06 52 B7 83 58 97 69 5A 3D 75 98 98 9F CE ED 1D 79 20 30 90 20 F1 57 23 2F 00 62 F2 FE BD 48 D8 62 D9 25 72 A2 12 C8 7A 04 2F A5 E3 74 75 DD 7A 1C 60 40 6B 37 C3 D8 4F 7D C1 E7 68 97 5E 36 08 A8 1C 35 78 81 AF A7 4E B4 88 D0 AB 10 74 03 CB 8C 9B AC 63 27 B9 DC 75 E6 6B 5D 32 18 95 0B FD 03 C5 66 DF C6 57 65 56 E9 77 31 59 42 23 46 2D 2A 03 7B 32 C5 3B AB C6 6A 2F B5 48 7F 9E 7A 61 60 40 DA AA 16 B4 38 26 8D B3 71 4A 6D 28 4A 21 0E 26 DA D0 30 B3 FA 74 3E CF EF 28 24 47 39 B8 EE 10 06 5A 65 67 F2 37 66 D9 57 26 A4 2A 9B DF A0 37 5D C0 ED 65 59 F9 E9 E6 F8 8E A7 AE 3A F4 72 E5 F8 62 BB B5 97 A7 A0 1C 32 5B 35 14 43 53 6B C4 C9 E8 3E 21 61 8C 3C 3F CE 4A 14 8B DA 41 39 D1 C5 E3 34 A3 C4 44 0C 5D BB 0D 78 E8 31 BE 4A A9 CF B3 D5 12 21 AE 6D 28 4C 86 98 E4 0A 99 81 BF 98 11 99 86 28 AB EB 15 EF A9 50 B9 43 AE B1 03 69 06 63 6D 11 93 D9 C0 FB 97 FE 0A F5 CD 4F 10 90 9E 19 FB 6F 66 44 0C 50 20 B1 A3 A7 27 45 15 FA C9 45 20 EA B9 DF CE C6 E4 61 4F 08 09 FA 5D 13 8F 03 FB DA 95 85 E0 5C BC 2D A9 CC 8E BA 76 B9 6A 80 2E 69 74 62 19 28 02 EC 60 11 A6 0F 64 C2 FF 9B 5E 7D 0F F1 D4 6B 4D FD 99 BB C1 3D 05 DE 6E F2 B2 CE 1F 51 A5 E3 43 D1 E7 24 76 36 2F 9A 02 0D DA 34 A6 2D E0 1D 22 14 C5 7E FD B7 0F 31 B1 4A D0 AA A7 73 57 C5 C2 63 D8 C3 2F 37 39 12 BF C0 91 F7 AC A6 AB 48 ED 82 4B C7 4D 30 06 EA 6C A7 C2 B1 A1 09 02 96 6A 3D 02 03 01 00 01 A3 50 30 4E 30 1D 06 03 55 1D 0E 04 16 04 14 BB 3B 3F AA 10 70 C8 55 F7 24 E9 3B FD 32 19 F4 F6 11 6B 3A 30 1F 06 03 55 1D 23 04 18 30 16 80 14 BB 3B 3F AA 10 70 C8 55 F7 24 E9 3B FD 32 19 F4 F6 11 6B 3A 30 0C 06 03 55 1D 13 04 05 30 03 01 01 FF 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 82 02 01 00 48 3C 18 2B 72 E4 57 52 A8 95 35 C6 A1 73 71 20 85 20 94 FF 55 E7 1B 02 9C 05 C8 31 F8 85 B2 79 BE B2 47 55 74 E0 55 70 6B 17 24 9F 0B 6A 92 FE 41 04 22 4F 25 F4 5C DA 25 EF A9 32 CD CC 57 AD 88 5B 56 14 5F 7A 38 02 D3 18 23 8D A5 D8 FB 9F 43 A3 1A 68 2E 42 06 72 26 01 A2 EB DB AF 70 2E 57 12 35 7C B2 A1 EF AB 12 E0 81 55 84 37 C8 FD 95 AE DE 58 60 40 52 A1 C7 75 18 A1 2F 92 5A C0 AB C9 1B A7 17 19 4E 4D D8 53 FB C6 C3 7C 33 53 51 5B 3A 64 31 60 A4 B3 07 72 D7 39 1A F9 8A A2 70 E4 B4 D6 BF 6A AD 24 76 74 CE C7 EA 87 3E 28 6C EF 08 09 4F 79 FB CF 77 FF FA F8 77 04 4A 30 90 5B 27 11 5C 79 60 60 64 1A CB 6E 2C 5E 1C B0 53 AC 28 4A 8B 8B DF AE 01 41 D2 12 3F 7B 22 54 D2 8E 3C C4 A1 FF 4A 6C D3 1B EB 1D 35 94 14 F5 79 44 BE C2 E6 93 9B BA 4D D0 81 94 E9 25 BE 43 FC 2C 92 E5 CA DC 5D 9D CF CA 8B CF 0C E0 3D 29 21 44 4A C0 19 F4 F3 D5 7E F5 74 35 2B FC DF A3 F7 3C C5 D6 7A 7A 0B B6 2B C7 BF F9 8F 6E B5 56 44 0F A9 45 80 9F 88 21 82 99 2C DC 85 DA 25 65 55 ED D3 1C 36 4E D6 63 46 68 AF 6C 87 5C C5 F6 89 C2 E1 70 F4 87 0F F1 DE F0 8E 72 E4 CA CB 83 2B CD B1 7A 54 41 AF 97 38 DF F7 EA 8C 7A B2 D1 1B E9 E9 D3 BF 41 0F 21 F0 AA 8D 95 B6 CD 91 90 DF 71 E7 72 96 9D 3F 18 B9 98 8C CE 15 45 99 83 FB BD 61 4E AD 63 36 71 86 5D BD A3 17 61 6F 31 57 A4 25 3D ED 24 6A 9E 94 E0 D8 67 F0 17 12 86 B7 4E 65 93 A6 BD 8A 2A 06 6B EC 0F DE E0 B5 9C A0 AF D5 A4 32 A2 70 75 A1 02 A9 7F 85 D9 39 38 80 BB 41 A6 0F A3 8D 1F F1 66 E0 04 B3 A2 88 03 8B A7 AF E1 A1 60 95 F6 CB 76 12 C8 51 83 1E 14 E2 0B B5 6C F1 4B 96 21 F9 DE AA B2 CD 71 B8 63

Signature Hits	Behavior Group	Mitre Attack
Installs new ROOT certificates	Persistence and Installation Behavior	Install Root Certificate
Stores large binary data to the registry	Hooking and other Techniques for Hiding and Protection	Modify Registry

Memdumps

Base Address

Regiontype

Protect

Malicious

81C000

unkown

page write copy

7DB000

unkown

page read and write

C000004000

direct allocation

page read and write

7DD000

unkown

page read and write

F2D7FC000

stack

page read and write

C00003F000

direct allocation

page read and write

C0000B8000

direct allocation

page read and write

C0001A1000

direct allocation

page read and write

C00013C000

direct allocation

page read and write

C0000C6000

direct allocation

page read and write

C0001E6000

direct allocation

page read and write

C0000CE000

direct allocation

page read and write

C000008000

direct allocation

page read and write

1D0000

unkown

page readonly

C000088000

direct allocation

page read and write

C000026000

direct allocation

page read and write

C0001D0000

direct allocation

page read and write

86C000

unkown

page read and write

C000028000

direct allocation

page read and write

C000122000

direct allocation

page read and write

F2D3FF000

stack

page read and write

C000048000

direct allocation

page read and write

C0001CC000

direct allocation

page read and write

1EBC1930000

heap

page read and write

7E0000

unkown

page read and write

C0000B2000

direct allocation

page read and write

C000140000

direct allocation

page read and write

827000

unkown

page read and write

926000

unkown

page readonly

F2D1FF000

stack

page read and write

1EBE6CC1000

direct allocation

page read and write

C00007E000

direct allocation

page read and write

C0000D8000

direct allocation

page read and write

1EBE6C80000

direct allocation

page read and write

C0001C4000

direct allocation

page read and write

C000158000

direct allocation

page read and write

80A000

unkown

page read and write

7DC000

unkown

page write copy

C000148000

direct allocation

page read and write

C000146000

direct allocation

page read and write

1D1000

unkown

page execute read

C000070000

direct allocation

page read and write

C000192000

direct allocation

page read and write

B07000

unkown

page write copy

C00000A000

direct allocation

page read and write

C0001F6000

direct allocation

page read and write

873000

unkown

page readonly

C0001A8000

direct allocation

page read and write

1EBE6E50000

heap

page read and write

81F000

unkown

page read and write

1D1000

unkown

page execute read

C000180000

direct allocation

page read and write

C00016A000

direct allocation

page read and write

C00005F000

direct allocation

page read and write

C0000B6000

direct allocation

page read and write

C0000D4000

direct allocation

page read and write

C0000C8000

direct allocation

page read and write

1D0000

unkown

page readonly

C000064000

direct allocation

page read and write

F2D9FD000

stack

page read and write

7E1000

unkown

page write copy

C0000F6000

direct allocation

page read and write

C0001BE000

direct allocation

page read and write

1EBC1879000

heap

page read and write

C0000B4000

direct allocation

page read and write

C0000EB000

direct allocation

page read and write

C0001C2000

direct allocation

page read and write

C00012A000

direct allocation

page read and write

C0000ED000

direct allocation

page read and write

83E000

unkown

page read and write

B07000

unkown

page write copy

C00014C000

direct allocation

page read and write

873000

unkown

page readonly

C000024000

direct allocation

page read and write

C00012C000

direct allocation

page read and write

C000196000

direct allocation

page read and write

C00014E000

direct allocation

page read and write

C0000AA000

direct allocation

page read and write

C0001E8000

direct allocation

page read and write

C0001BA000

direct allocation

page read and write

C00008A000

direct allocation

page read and write

C00009E000

direct allocation

page read and write

C000198000

direct allocation

page read and write

C00004F000

direct allocation

page read and write

C00004D000

direct allocation

page read and write

1D1000

unkown

page execute read

C000190000

direct allocation

page read and write

C000080000

direct allocation

page read and write

C0000CC000

direct allocation

page read and write

C000090000

direct allocation

page read and write

C00001A000

direct allocation

page read and write

1EBC1A24000

direct allocation

page read and write

4C0000

unkown

page readonly

C000098000

direct allocation

page read and write

C000188000

direct allocation

page read and write

C00008E000

direct allocation

page read and write

C00015C000

direct allocation

page read and write

1EBC182C000

heap

page read and write

C000126000

direct allocation

page read and write

C0000E9000

direct allocation

page read and write

C000068000

direct allocation

page read and write

C00001E000

direct allocation

page read and write

C0000EF000

direct allocation

page read and write

7DA000

unkown

page write copy

C000000000

direct allocation

page read and write

C0001F4000

direct allocation

page read and write

C000194000

direct allocation

page read and write

F2DDFF000

stack

page read and write

C000086000

direct allocation

page read and write

F2DBFC000

stack

page read and write

C00008C000

direct allocation

page read and write

C0001EA000

direct allocation

page read and write

1EBC189D000

heap

page read and write

F2D5FF000

stack

page read and write

1EBC187B000

heap

page read and write

C000094000

direct allocation

page read and write

C000104000

direct allocation

page read and write

4C0000

unkown

page readonly

C000096000

direct allocation

page read and write

C0001B6000

direct allocation

page read and write

C00018E000

direct allocation

page read and write

C00012E000

direct allocation

page read and write

7D8000

unkown

page read and write

C000184000

direct allocation

page read and write

1EBE6E55000

heap

page read and write

C000144000

direct allocation

page read and write

1EBC1A20000

direct allocation

page read and write

C000132000

direct allocation

page read and write

C00015A000

direct allocation

page read and write

C00003C000

direct allocation

page read and write

C00006C000

direct allocation

page read and write

C000164000

direct allocation

page read and write

1EBC1A2A000

direct allocation

page read and write

C0000B0000

direct allocation

page read and write

926000

unkown

page readonly

C000054000

direct allocation

page read and write

C0001C6000

direct allocation

page read and write

C000172000

direct allocation

page read and write

1EBE6D40000

direct allocation

page read and write

C000062000

direct allocation

page read and write

C00001C000

direct allocation

page read and write

C00009C000

direct allocation

page read and write

1EBC1829000

heap

page read and write

C0000BA000

direct allocation

page read and write

C0000BE000

direct allocation

page read and write

C0001D2000

direct allocation

page read and write

7DE000

unkown

page write copy

C0001CE000

direct allocation

page read and write

1EBE6D80000

heap

page read and write

7D8000

unkown

page write copy

822000

unkown

page read and write

C00003A000

direct allocation

page read and write

C0001A6000

direct allocation

page read and write

1EBE6CA0000

heap

page read and write

844000

unkown

page read and write

C000092000

direct allocation

page read and write

821000

unkown

page write copy

C0000E4000

direct allocation

page read and write

1EBE6D00000

direct allocation

page read and write

C000186000

direct allocation

page read and write

C0001EC000

direct allocation

page read and write

C000100000

direct allocation

page read and write

B08000

unkown

page readonly

C000038000

direct allocation

page read and write

C000128000

direct allocation

page read and write

C0000A4000

direct allocation

page read and write

C0001E2000

direct allocation

page read and write

1EBC1A28000

direct allocation

page read and write

C000030000

direct allocation

page read and write

C00011A000

direct allocation

page read and write

C00006A000

direct allocation

page read and write

C0001B8000

direct allocation

page read and write

C00013E000

direct allocation

page read and write

C00005B000

direct allocation

page read and write

F2CFFC000

stack

page read and write

C000112000

direct allocation

page read and write

C0001CA000

direct allocation

page read and write

C0001F2000

direct allocation

page read and write

C00000C000

direct allocation

page read and write

C000006000

direct allocation

page read and write

C000002000

direct allocation

page read and write

1EBC1820000

heap

page read and write

C00011D000

direct allocation

page read and write

C0000AE000

direct allocation

page read and write

C0001D4000

direct allocation

page read and write

C0001D8000

direct allocation

page read and write

C0001AC000

direct allocation

page read and write

C0001AA000

direct allocation

page read and write

B08000

unkown

page readonly

C00002C000

direct allocation

page read and write

There are 180 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
main old source new token.exe

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportmain old source new token.exe

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
main old source new token.exe