Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\main.exe

"C:\Users\user\Desktop\main.exe"

Details

Is windows:	false
Is dropped:	false
PID:	1440
Target ID:	0
Parent PID:	1028
Name:	main.exe
Path:	C:\Users\user\Desktop\main.exe
Commandline:	"C:\Users\user\Desktop\main.exe"
Size:	9889280
MD5:	95FB45D8FF76D0401499E4938AEFF5E3
Time:	13:40:06
Date:	15/01/2025
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x380000
Modulesize:	10235904
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
PE file contains more sections than normal	System Summary
PE file contains sections with non-standard names	Data Obfuscation
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011)	System Summary	Software Packing
PE file has an executable .text section and no other executable section	System Summary
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
Spawns processes	System Summary	Process Injection
URLs found in memory or binary data	Networking
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file has a big raw section	System Summary
PE file has a big code size	System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	432
Target ID:	1
Parent PID:	1440
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	13:40:06
Date:	15/01/2025
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff6d64d0000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://discord.com/api/v9/oauth2/applications

unknown

https://discord.com/api/v9//voice/

unknown

https://status.discord.com/api/v2/scheduled-maintenances/upcoming.json

unknown

https://cdn.discordapp.com/icons/

unknown

https://status.discord.com/api/v2/scheduled-maintenances/D

unknown

https://cdn.discordapp.com/banners/

unknown

https://discord.com/api/v9/gateway

162.159.135.232

https://cdn.discordapp.com/guilds/

unknown

https://discord.com/api/v9/oauth2/

unknown

https://discord.com/api/v9/applications

unknown

https://discord.com/api/v9/gateway/bot

unknown

https://discord.com/api/v9/channels/

unknown

https://discord.com/api/v9/guilds/

unknown

https://cdn.discordapp.com/splashes/

unknown

https://discord.com/MESSAGE_REACTION_ADDTHREAD_MEMBER_UPDATEunmarshall

unknown

https://cdn.discordapp.com/channel-icons/

unknown

https://github.com/bwmarrin/discordgo

unknown

https://cdn.discordapp.com/role-icons/

unknown

https://discord.com/api/v9/

unknown

https://discord.com/api/v9/users/

unknown

https://status.discord.com/api/v2/scheduled-maintenances/

unknown

https://cdn.discordapp.com/attachments/

unknown

https://status.discord.com/api/v2/scheduled-maintenances/active.json

unknown

https://discord.com/api/v9/09Az~~kernel32.dllREQUEST_METHODiphlpapi.dll

unknown

https://discord.com/api/v9/guilds

unknown

https://status.discord.com/api/v2/scheduled-maintenances/active.jsonhttps://status.discord.com/api/v

unknown

https://discord.com/api/v9/stickers/

unknown

https://discord.com/api/v9/webhooks/

unknown

https://cdn.discordapp.com/avatars/

unknown

https://discord.com/api/v9/guilds/https://discord.com/api/v9/channels/https://discord.com/api/v9/use

unknown

https://discord.com/api/v9/stage-instances

unknown

https://discord.com/api/v9//sticker-packs

unknown

https://gateway.discord.gg/?v=9&encoding=json

162.159.133.234

https://discord.com/api/v9//voice/regions

unknown

There are 24 hidden URLs, click here to show them.

Domains

Name

Malicious

discord.com

162.159.135.232

Details

Name:	discord.com
IP:	162.159.135.232
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

gateway.discord.gg

162.159.133.234

Details

Name:	gateway.discord.gg
IP:	162.159.133.234
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

162.159.133.234

gateway.discord.gg

United States

162.159.135.232

discord.com

United States

Registry

Path

Value

Malicious

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8

Blob

Details

TargetID:	0
Path:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Value name:	Blob
Value data:	04 00 00 00 01 00 00 00 10 00 00 00 0A 0A 18 29 36 E6 C3 DF 7F A3 4D 0F FD 41 5E 22 14 00 00 00 01 00 00 00 14 00 00 00 BB 3B 3F AA 10 70 C8 55 F7 24 E9 3B FD 32 19 F4 F6 11 6B 3A 03 00 00 00 01 00 00 00 14 00 00 00 3F 72 8A 35 DE 52 B2 C8 99 4A 4F B1 01 A0 3B 95 E8 7B 06 C8 0F 00 00 00 01 00 00 00 14 00 00 00 71 75 75 34 54 C2 98 2E 84 ED 48 F5 B4 EE 52 48 7F 4A 37 CD 19 00 00 00 01 00 00 00 10 00 00 00 49 50 8B 6C BE 29 D8 39 31 16 93 FA 24 E5 8D 98 20 00 00 00 01 00 00 00 FD 05 00 00 30 82 05 F9 30 82 03 E1 A0 03 02 01 02 02 09 00 D2 1E F1 F6 E3 4F 6B B8 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30 81 92 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 0C 0A 43 61 6C 69 66 6F 72 6E 69 61 31 16 30 14 06 03 55 04 07 0C 0D 53 61 6E 20 46 72 61 6E 63 69 73 63 6F 31 2A 30 28 06 03 55 04 0A 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 31 2A 30 28 06 03 55 04 03 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 30 1E 17 0D 31 35 30 33 31 37 31 34 31 36 33 38 5A 17 0D 34 35 30 33 30 39 31 34 31 36 33 38 5A 30 81 92 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 0C 0A 43 61 6C 69 66 6F 72 6E 69 61 31 16 30 14 06 03 55 04 07 0C 0D 53 61 6E 20 46 72 61 6E 63 69 73 63 6F 31 2A 30 28 06 03 55 04 0A 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 31 2A 30 28 06 03 55 04 03 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 30 82 02 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 02 0F 00 30 82 02 0A 02 82 02 01 00 AE 85 81 A8 AB 4F 18 6F B8 FF D9 66 4D B0 3F E7 A3 06 9B 8D 6E 32 30 46 84 32 00 D0 A2 58 15 E3 83 1A 98 23 89 66 FA DC CF E9 B3 3F 7A 15 85 38 42 6D A3 6A 64 14 CB 41 56 ED FE 59 95 38 F1 FA AB E9 4B 06 52 B7 83 58 97 69 5A 3D 75 98 98 9F CE ED 1D 79 20 30 90 20 F1 57 23 2F 00 62 F2 FE BD 48 D8 62 D9 25 72 A2 12 C8 7A 04 2F A5 E3 74 75 DD 7A 1C 60 40 6B 37 C3 D8 4F 7D C1 E7 68 97 5E 36 08 A8 1C 35 78 81 AF A7 4E B4 88 D0 AB 10 74 03 CB 8C 9B AC 63 27 B9 DC 75 E6 6B 5D 32 18 95 0B FD 03 C5 66 DF C6 57 65 56 E9 77 31 59 42 23 46 2D 2A 03 7B 32 C5 3B AB C6 6A 2F B5 48 7F 9E 7A 61 60 40 DA AA 16 B4 38 26 8D B3 71 4A 6D 28 4A 21 0E 26 DA D0 30 B3 FA 74 3E CF EF 28 24 47 39 B8 EE 10 06 5A 65 67 F2 37 66 D9 57 26 A4 2A 9B DF A0 37 5D C0 ED 65 59 F9 E9 E6 F8 8E A7 AE 3A F4 72 E5 F8 62 BB B5 97 A7 A0 1C 32 5B 35 14 43 53 6B C4 C9 E8 3E 21 61 8C 3C 3F CE 4A 14 8B DA 41 39 D1 C5 E3 34 A3 C4 44 0C 5D BB 0D 78 E8 31 BE 4A A9 CF B3 D5 12 21 AE 6D 28 4C 86 98 E4 0A 99 81 BF 98 11 99 86 28 AB EB 15 EF A9 50 B9 43 AE B1 03 69 06 63 6D 11 93 D9 C0 FB 97 FE 0A F5 CD 4F 10 90 9E 19 FB 6F 66 44 0C 50 20 B1 A3 A7 27 45 15 FA C9 45 20 EA B9 DF CE C6 E4 61 4F 08 09 FA 5D 13 8F 03 FB DA 95 85 E0 5C BC 2D A9 CC 8E BA 76 B9 6A 80 2E 69 74 62 19 28 02 EC 60 11 A6 0F 64 C2 FF 9B 5E 7D 0F F1 D4 6B 4D FD 99 BB C1 3D 05 DE 6E F2 B2 CE 1F 51 A5 E3 43 D1 E7 24 76 36 2F 9A 02 0D DA 34 A6 2D E0 1D 22 14 C5 7E FD B7 0F 31 B1 4A D0 AA A7 73 57 C5 C2 63 D8 C3 2F 37 39 12 BF C0 91 F7 AC A6 AB 48 ED 82 4B C7 4D 30 06 EA 6C A7 C2 B1 A1 09 02 96 6A 3D 02 03 01 00 01 A3 50 30 4E 30 1D 06 03 55 1D 0E 04 16 04 14 BB 3B 3F AA 10 70 C8 55 F7 24 E9 3B FD 32 19 F4 F6 11 6B 3A 30 1F 06 03 55 1D 23 04 18 30 16 80 14 BB 3B 3F AA 10 70 C8 55 F7 24 E9 3B FD 32 19 F4 F6 11 6B 3A 30 0C 06 03 55 1D 13 04 05 30 03 01 01 FF 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 82 02 01 00 48 3C 18 2B 72 E4 57 52 A8 95 35 C6 A1 73 71 20 85 20 94 FF 55 E7 1B 02 9C 05 C8 31 F8 85 B2 79 BE B2 47 55 74 E0 55 70 6B 17 24 9F 0B 6A 92 FE 41 04 22 4F 25 F4 5C DA 25 EF A9 32 CD CC 57 AD 88 5B 56 14 5F 7A 38 02 D3 18 23 8D A5 D8 FB 9F 43 A3 1A 68 2E 42 06 72 26 01 A2 EB DB AF 70 2E 57 12 35 7C B2 A1 EF AB 12 E0 81 55 84 37 C8 FD 95 AE DE 58 60 40 52 A1 C7 75 18 A1 2F 92 5A C0 AB C9 1B A7 17 19 4E 4D D8 53 FB C6 C3 7C 33 53 51 5B 3A 64 31 60 A4 B3 07 72 D7 39 1A F9 8A A2 70 E4 B4 D6 BF 6A AD 24 76 74 CE C7 EA 87 3E 28 6C EF 08 09 4F 79 FB CF 77 FF FA F8 77 04 4A 30 90 5B 27 11 5C 79 60 60 64 1A CB 6E 2C 5E 1C B0 53 AC 28 4A 8B 8B DF AE 01 41 D2 12 3F 7B 22 54 D2 8E 3C C4 A1 FF 4A 6C D3 1B EB 1D 35 94 14 F5 79 44 BE C2 E6 93 9B BA 4D D0 81 94 E9 25 BE 43 FC 2C 92 E5 CA DC 5D 9D CF CA 8B CF 0C E0 3D 29 21 44 4A C0 19 F4 F3 D5 7E F5 74 35 2B FC DF A3 F7 3C C5 D6 7A 7A 0B B6 2B C7 BF F9 8F 6E B5 56 44 0F A9 45 80 9F 88 21 82 99 2C DC 85 DA 25 65 55 ED D3 1C 36 4E D6 63 46 68 AF 6C 87 5C C5 F6 89 C2 E1 70 F4 87 0F F1 DE F0 8E 72 E4 CA CB 83 2B CD B1 7A 54 41 AF 97 38 DF F7 EA 8C 7A B2 D1 1B E9 E9 D3 BF 41 0F 21 F0 AA 8D 95 B6 CD 91 90 DF 71 E7 72 96 9D 3F 18 B9 98 8C CE 15 45 99 83 FB BD 61 4E AD 63 36 71 86 5D BD A3 17 61 6F 31 57 A4 25 3D ED 24 6A 9E 94 E0 D8 67 F0 17 12 86 B7 4E 65 93 A6 BD 8A 2A 06 6B EC 0F DE E0 B5 9C A0 AF D5 A4 32 A2 70 75 A1 02 A9 7F 85 D9 39 38 80 BB 41 A6 0F A3 8D 1F F1 66 E0 04 B3 A2 88 03 8B A7 AF E1 A1 60 95 F6 CB 76 12 C8 51 83 1E 14 E2 0B B5 6C F1 4B 96 21 F9 DE AA B2 CD 71 B8 63

Signature Hits	Behavior Group	Mitre Attack
Installs new ROOT certificates	Persistence and Installation Behavior	Install Root Certificate
Stores large binary data to the registry	Hooking and other Techniques for Hiding and Protection	Modify Registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8

Blob

Details

TargetID:	0
Path:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Value name:	Blob
Value data:	5C 00 00 00 01 00 00 00 04 00 00 00 00 10 00 00 19 00 00 00 01 00 00 00 10 00 00 00 49 50 8B 6C BE 29 D8 39 31 16 93 FA 24 E5 8D 98 0F 00 00 00 01 00 00 00 14 00 00 00 71 75 75 34 54 C2 98 2E 84 ED 48 F5 B4 EE 52 48 7F 4A 37 CD 03 00 00 00 01 00 00 00 14 00 00 00 3F 72 8A 35 DE 52 B2 C8 99 4A 4F B1 01 A0 3B 95 E8 7B 06 C8 14 00 00 00 01 00 00 00 14 00 00 00 BB 3B 3F AA 10 70 C8 55 F7 24 E9 3B FD 32 19 F4 F6 11 6B 3A 04 00 00 00 01 00 00 00 10 00 00 00 0A 0A 18 29 36 E6 C3 DF 7F A3 4D 0F FD 41 5E 22 20 00 00 00 01 00 00 00 FD 05 00 00 30 82 05 F9 30 82 03 E1 A0 03 02 01 02 02 09 00 D2 1E F1 F6 E3 4F 6B B8 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30 81 92 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 0C 0A 43 61 6C 69 66 6F 72 6E 69 61 31 16 30 14 06 03 55 04 07 0C 0D 53 61 6E 20 46 72 61 6E 63 69 73 63 6F 31 2A 30 28 06 03 55 04 0A 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 31 2A 30 28 06 03 55 04 03 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 30 1E 17 0D 31 35 30 33 31 37 31 34 31 36 33 38 5A 17 0D 34 35 30 33 30 39 31 34 31 36 33 38 5A 30 81 92 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 0C 0A 43 61 6C 69 66 6F 72 6E 69 61 31 16 30 14 06 03 55 04 07 0C 0D 53 61 6E 20 46 72 61 6E 63 69 73 63 6F 31 2A 30 28 06 03 55 04 0A 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 31 2A 30 28 06 03 55 04 03 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 30 82 02 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 02 0F 00 30 82 02 0A 02 82 02 01 00 AE 85 81 A8 AB 4F 18 6F B8 FF D9 66 4D B0 3F E7 A3 06 9B 8D 6E 32 30 46 84 32 00 D0 A2 58 15 E3 83 1A 98 23 89 66 FA DC CF E9 B3 3F 7A 15 85 38 42 6D A3 6A 64 14 CB 41 56 ED FE 59 95 38 F1 FA AB E9 4B 06 52 B7 83 58 97 69 5A 3D 75 98 98 9F CE ED 1D 79 20 30 90 20 F1 57 23 2F 00 62 F2 FE BD 48 D8 62 D9 25 72 A2 12 C8 7A 04 2F A5 E3 74 75 DD 7A 1C 60 40 6B 37 C3 D8 4F 7D C1 E7 68 97 5E 36 08 A8 1C 35 78 81 AF A7 4E B4 88 D0 AB 10 74 03 CB 8C 9B AC 63 27 B9 DC 75 E6 6B 5D 32 18 95 0B FD 03 C5 66 DF C6 57 65 56 E9 77 31 59 42 23 46 2D 2A 03 7B 32 C5 3B AB C6 6A 2F B5 48 7F 9E 7A 61 60 40 DA AA 16 B4 38 26 8D B3 71 4A 6D 28 4A 21 0E 26 DA D0 30 B3 FA 74 3E CF EF 28 24 47 39 B8 EE 10 06 5A 65 67 F2 37 66 D9 57 26 A4 2A 9B DF A0 37 5D C0 ED 65 59 F9 E9 E6 F8 8E A7 AE 3A F4 72 E5 F8 62 BB B5 97 A7 A0 1C 32 5B 35 14 43 53 6B C4 C9 E8 3E 21 61 8C 3C 3F CE 4A 14 8B DA 41 39 D1 C5 E3 34 A3 C4 44 0C 5D BB 0D 78 E8 31 BE 4A A9 CF B3 D5 12 21 AE 6D 28 4C 86 98 E4 0A 99 81 BF 98 11 99 86 28 AB EB 15 EF A9 50 B9 43 AE B1 03 69 06 63 6D 11 93 D9 C0 FB 97 FE 0A F5 CD 4F 10 90 9E 19 FB 6F 66 44 0C 50 20 B1 A3 A7 27 45 15 FA C9 45 20 EA B9 DF CE C6 E4 61 4F 08 09 FA 5D 13 8F 03 FB DA 95 85 E0 5C BC 2D A9 CC 8E BA 76 B9 6A 80 2E 69 74 62 19 28 02 EC 60 11 A6 0F 64 C2 FF 9B 5E 7D 0F F1 D4 6B 4D FD 99 BB C1 3D 05 DE 6E F2 B2 CE 1F 51 A5 E3 43 D1 E7 24 76 36 2F 9A 02 0D DA 34 A6 2D E0 1D 22 14 C5 7E FD B7 0F 31 B1 4A D0 AA A7 73 57 C5 C2 63 D8 C3 2F 37 39 12 BF C0 91 F7 AC A6 AB 48 ED 82 4B C7 4D 30 06 EA 6C A7 C2 B1 A1 09 02 96 6A 3D 02 03 01 00 01 A3 50 30 4E 30 1D 06 03 55 1D 0E 04 16 04 14 BB 3B 3F AA 10 70 C8 55 F7 24 E9 3B FD 32 19 F4 F6 11 6B 3A 30 1F 06 03 55 1D 23 04 18 30 16 80 14 BB 3B 3F AA 10 70 C8 55 F7 24 E9 3B FD 32 19 F4 F6 11 6B 3A 30 0C 06 03 55 1D 13 04 05 30 03 01 01 FF 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 82 02 01 00 48 3C 18 2B 72 E4 57 52 A8 95 35 C6 A1 73 71 20 85 20 94 FF 55 E7 1B 02 9C 05 C8 31 F8 85 B2 79 BE B2 47 55 74 E0 55 70 6B 17 24 9F 0B 6A 92 FE 41 04 22 4F 25 F4 5C DA 25 EF A9 32 CD CC 57 AD 88 5B 56 14 5F 7A 38 02 D3 18 23 8D A5 D8 FB 9F 43 A3 1A 68 2E 42 06 72 26 01 A2 EB DB AF 70 2E 57 12 35 7C B2 A1 EF AB 12 E0 81 55 84 37 C8 FD 95 AE DE 58 60 40 52 A1 C7 75 18 A1 2F 92 5A C0 AB C9 1B A7 17 19 4E 4D D8 53 FB C6 C3 7C 33 53 51 5B 3A 64 31 60 A4 B3 07 72 D7 39 1A F9 8A A2 70 E4 B4 D6 BF 6A AD 24 76 74 CE C7 EA 87 3E 28 6C EF 08 09 4F 79 FB CF 77 FF FA F8 77 04 4A 30 90 5B 27 11 5C 79 60 60 64 1A CB 6E 2C 5E 1C B0 53 AC 28 4A 8B 8B DF AE 01 41 D2 12 3F 7B 22 54 D2 8E 3C C4 A1 FF 4A 6C D3 1B EB 1D 35 94 14 F5 79 44 BE C2 E6 93 9B BA 4D D0 81 94 E9 25 BE 43 FC 2C 92 E5 CA DC 5D 9D CF CA 8B CF 0C E0 3D 29 21 44 4A C0 19 F4 F3 D5 7E F5 74 35 2B FC DF A3 F7 3C C5 D6 7A 7A 0B B6 2B C7 BF F9 8F 6E B5 56 44 0F A9 45 80 9F 88 21 82 99 2C DC 85 DA 25 65 55 ED D3 1C 36 4E D6 63 46 68 AF 6C 87 5C C5 F6 89 C2 E1 70 F4 87 0F F1 DE F0 8E 72 E4 CA CB 83 2B CD B1 7A 54 41 AF 97 38 DF F7 EA 8C 7A B2 D1 1B E9 E9 D3 BF 41 0F 21 F0 AA 8D 95 B6 CD 91 90 DF 71 E7 72 96 9D 3F 18 B9 98 8C CE 15 45 99 83 FB BD 61 4E AD 63 36 71 86 5D BD A3 17 61 6F 31 57 A4 25 3D ED 24 6A 9E 94 E0 D8 67 F0 17 12 86 B7 4E 65 93 A6 BD 8A 2A 06 6B EC 0F DE E0 B5 9C A0 AF D5 A4 32 A2 70 75 A1 02 A9 7F 85 D9 39 38 80 BB 41 A6 0F A3 8D 1F F1 66 E0 04 B3 A2 88 03 8B A7 AF E1 A1 60 95 F6 CB 76 12 C8 51 83 1E 14 E2 0B B5 6C F1 4B 96 21 F9 DE AA B2 CD 71 B8 63

Signature Hits	Behavior Group	Mitre Attack
Installs new ROOT certificates	Persistence and Installation Behavior	Install Root Certificate
Stores large binary data to the registry	Hooking and other Techniques for Hiding and Protection	Modify Registry

Memdumps

Base Address

Regiontype

Protect

Malicious

C0001C8000

direct allocation

page read and write

C000200000

direct allocation

page read and write

C0000D0000

direct allocation

page read and write

C00022A000

direct allocation

page read and write

C0000A2000

direct allocation

page read and write

A1C000

unkown

page read and write

C000100000

direct allocation

page read and write

C00019C000

direct allocation

page read and write

C0000A4000

direct allocation

page read and write

C000080000

direct allocation

page read and write

15D7AF50000

direct allocation

page read and write

9D1000

unkown

page write copy

15D75C48000

direct allocation

page read and write

C0000D4000

direct allocation

page read and write

988000

unkown

page write copy

C0000EE000

direct allocation

page read and write

C000022000

direct allocation

page read and write

A23000

unkown

page readonly

C0000DA000

direct allocation

page read and write

AD6000

unkown

page readonly

C0000F0000

direct allocation

page read and write

C0000FC000

direct allocation

page read and write

C00008C000

direct allocation

page read and write

15D7AF90000

heap

page read and write

C0000AC000

direct allocation

page read and write

C0000B8000

direct allocation

page read and write

C0000C2000

direct allocation

page read and write

988000

unkown

page read and write

C0000B6000

direct allocation

page read and write

C000008000

direct allocation

page read and write

CB7000

unkown

page write copy

C0001FE000

direct allocation

page read and write

9BE000

unkown

page read and write

C0000F4000

direct allocation

page read and write

C000090000

direct allocation

page read and write

380000

unkown

page readonly

C00020A000

direct allocation

page read and write

15D7AF10000

direct allocation

page read and write

C0000FE000

direct allocation

page read and write

C0001EB000

direct allocation

page read and write

C000194000

direct allocation

page read and write

15D7AF52000

direct allocation

page read and write

1D1F9FC000

stack

page read and write

C0001B4000

direct allocation

page read and write

C0000BE000

direct allocation

page read and write

C000070000

direct allocation

page read and write

15D75A7C000

heap

page read and write

C000002000

direct allocation

page read and write

C0000C6000

direct allocation

page read and write

C000190000

direct allocation

page read and write

C0001B0000

direct allocation

page read and write

15D75C40000

direct allocation

page read and write

C000212000

direct allocation

page read and write

C00001A000

direct allocation

page read and write

9BD000

unkown

page write copy

C000104000

direct allocation

page read and write

990000

unkown

page read and write

C0000B4000

direct allocation

page read and write

C000096000

direct allocation

page read and write

C00018C000

direct allocation

page read and write

15D7AF54000

direct allocation

page read and write

C00011D000

direct allocation

page read and write

9EE000

unkown

page read and write

98E000

unkown

page write copy

C00022C000

direct allocation

page read and write

C0001C2000

direct allocation

page read and write

1D1F3FF000

stack

page read and write

C0000DC000

direct allocation

page read and write

C000094000

direct allocation

page read and write

C0000D2000

direct allocation

page read and write

C0001F0000

direct allocation

page read and write

C000182000

direct allocation

page read and write

381000

unkown

page execute read

C0000E2000

direct allocation

page read and write

C000030000

direct allocation

page read and write

CB8000

unkown

page readonly

1D1F7FE000

stack

page read and write

C000228000

direct allocation

page read and write

C00006E000

direct allocation

page read and write

C000028000

direct allocation

page read and write

C0001D0000

direct allocation

page read and write

C0001AC000

direct allocation

page read and write

C0001B8000

direct allocation

page read and write

C00021E000

direct allocation

page read and write

C0001BA000

direct allocation

page read and write

C0001E9000

direct allocation

page read and write

15D75C44000

direct allocation

page read and write

CB8000

unkown

page readonly

C000188000

direct allocation

page read and write

C0000A0000

direct allocation

page read and write

C00002A000

direct allocation

page read and write

AD6000

unkown

page readonly

C0000BA000

direct allocation

page read and write

C000180000

direct allocation

page read and write

15D7B0F0000

heap

page read and write

C0000B2000

direct allocation

page read and write

9F4000

unkown

page read and write

C0001AE000

direct allocation

page read and write

C000184000

direct allocation

page read and write

9D2000

unkown

page read and write

C0000A6000

direct allocation

page read and write

15D75AEC000

heap

page read and write

380000

unkown

page readonly

C00001C000

direct allocation

page read and write

15D75AEA000

heap

page read and write

15D7AEB0000

heap

page read and write

98C000

unkown

page write copy

C000026000

direct allocation

page read and write

C0001D8000

direct allocation

page read and write

C000220000

direct allocation

page read and write

C00018E000

direct allocation

page read and write

C00001E000

direct allocation

page read and write

CB7000

unkown

page write copy

C0001F2000

direct allocation

page read and write

C00005F000

direct allocation

page read and write

C0001C6000

direct allocation

page read and write

15D75A60000

direct allocation

page read and write

98A000

unkown

page write copy

C00003C000

direct allocation

page read and write

C00007E000

direct allocation

page read and write

15D7AED1000

direct allocation

page read and write

98B000

unkown

page read and write

C000048000

direct allocation

page read and write

C0000E4000

direct allocation

page read and write

C000082000

direct allocation

page read and write

9BA000

unkown

page read and write

C00003A000

direct allocation

page read and write

C00009E000

direct allocation

page read and write

C00006A000

direct allocation

page read and write

C00020E000

direct allocation

page read and write

C000086000

direct allocation

page read and write

C0001A4000

direct allocation

page read and write

C0001A2000

direct allocation

page read and write

C00021C000

direct allocation

page read and write

A23000

unkown

page readonly

1D1FBFE000

stack

page read and write

C000004000

direct allocation

page read and write

1D1F1FC000

stack

page read and write

C000196000

direct allocation

page read and write

C00000A000

direct allocation

page read and write

C000006000

direct allocation

page read and write

C00004F000

direct allocation

page read and write

C0000C0000

direct allocation

page read and write

9CF000

unkown

page read and write

C000068000

direct allocation

page read and write

C000210000

direct allocation

page read and write

9D7000

unkown

page read and write

C000216000

direct allocation

page read and write

9CC000

unkown

page write copy

670000

unkown

page readonly

C000112000

direct allocation

page read and write

C0001E0000

direct allocation

page read and write

C0001BE000

direct allocation

page read and write

C000054000

direct allocation

page read and write

1D1FFFF000

stack

page read and write

15D75C4A000

direct allocation

page read and write

C00009A000

direct allocation

page read and write

C000020000

direct allocation

page read and write

1D1F5FE000

stack

page read and write

C0000AA000

direct allocation

page read and write

C00022E000

direct allocation

page read and write

C0001DE000

direct allocation

page read and write

C0000E0000

direct allocation

page read and write

C0001CE000

direct allocation

page read and write

15D75A70000

heap

page read and write

C000218000

direct allocation

page read and write

C000024000

direct allocation

page read and write

C00000C000

direct allocation

page read and write

991000

unkown

page write copy

C000092000

direct allocation

page read and write

C0001C0000

direct allocation

page read and write

15D7B0F5000

heap

page read and write

C00028E000

direct allocation

page read and write

C000098000

direct allocation

page read and write

C0000F2000

direct allocation

page read and write

C00004D000

direct allocation

page read and write

C00011A000

direct allocation

page read and write

1D1FDFD000

stack

page read and write

C0001F9000

direct allocation

page read and write

15D75A40000

heap

page read and write

C0001A6000

direct allocation

page read and write

C000286000

direct allocation

page read and write

C00008E000

direct allocation

page read and write

C0001AA000

direct allocation

page read and write

C00005B000

direct allocation

page read and write

670000

unkown

page readonly

C000038000

direct allocation

page read and write

15D75C4C000

direct allocation

page read and write

C0000D8000

direct allocation

page read and write

C0001DC000

direct allocation

page read and write

98D000

unkown

page read and write

C0000AE000

direct allocation

page read and write

381000

unkown

page execute read

C0001D2000

direct allocation

page read and write

C000088000

direct allocation

page read and write

There are 185 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
main.exe

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportmain.exe

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
main.exe