Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

Order Details.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

initial sample

Details

Filetype:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	7.202602340768788
Filename:	Order Details.exe
Filesize:	591360
MD5:	06c48ef3e45a7dafedbd596368918830
SHA1:	6ec2e82db6d702ddc0f4b302a4d8f02fd4c36c36
SHA256:	1e2333cb4fb3ecca06d22bb3b6255e5ac62b7ba43c3bceb8c17252657f34ba1e
SHA512:	075339ded9d2831723318812cc50ed50978548a1df7df82a57fb2cdab97a788e8ca220131fbdb24c1d5f456c089237a6561f05a01c71075352db060eec792088
SSDEEP:	12288:ZbRKjP7ne23gAcdtfD19UK/IBW+hb9LiRPXPgm:DKjP7e23gAcvfD1sW+Vo
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0.................. ... ....@.. .......................`............@................................

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Malicious sample detected (through community Yara rule)	System Summary
Multi AV Scanner detection for submitted file	AV Detection
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Machine Learning detection for sample	AV Detection
Tries to harvest and steal browser information (history, passwords, etc)	Stealing of Sensitive Information	OS Credential Dumping Data from Local System
Tries to steal Mail credentials (via file / registry access)	Stealing of Sensitive Information	Email Collection
Allocates memory with a write watch (potentially for evading sandboxes)	Malware Analysis System Evasion
Binary contains a suspicious time stamp	Data Obfuscation	Timestomp
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)	Anti Debugging
Contains long sleeps (>= 3 min)	Malware Analysis System Evasion
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion
Detected potential crypto function	System Summary	Archive Collected Data Encrypted Channel
Enables debug privileges	Anti Debugging
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)	Malware Analysis System Evasion
Found inlined nop instructions (likely shell or obfuscated code)	Software Vulnerabilities
May sleep (evasive loops) to hinder dynamic analysis	Malware Analysis System Evasion
Monitors certain registry keys / values for changes (often done to protect autostart functionality)	Hooking and other Techniques for Hiding and Protection	Query Registry
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary	Masquerading
Uses code obfuscation techniques (call, push, ret)	Data Obfuscation
Yara signature match	System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
Contains medium sleeps (>= 30s)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Creates files inside the user directory	System Summary	Masquerading
Creates guard pages, often used to prevent reverse engineering and debugging	Anti Debugging	Disable or Modify Tools
Creates mutexes	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Queries a list of all running processes	Malware Analysis System Evasion	Process Discovery
Queries the cryptographic machine GUID	Language, Device and Operating System Detection
Reads software policies	System Summary
SQL strings found in memory and binary data	System Summary
Sample is known by Antivirus	System Summary
Tries to load missing DLLs	System Summary	DLL Side-Loading
URLs found in memory or binary data	Networking
Uses an in-process (OLE) Automation server	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
Checks if Microsoft Office is installed	System Summary	System Information Discovery
PE file contains a COM descriptor data directory	System Summary
Uses Microsoft Silverlight	System Summary

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Order Details.exe.log

ASCII text, with CRLF line terminators

dropped

Details

File:	C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Order Details.exe.log
Category:	dropped
Dump:	Order Details.exe.log.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\Order Details.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	5.349842958726647
Encrypted:	false
Ssdeep:	12:Q3La/hhkvoDLI4MWuCqDLI4MWuPTAq1KDLI4M9XKbbDLI4MWuPJKAVKhat92n4M6:MLUE4K5E4KH1qE4qXKDE4KhKiKhg84j
Size:	706
Whitelisted:	false
Reputation:	moderate

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
Binary contains a suspicious time stamp	Data Obfuscation	Timestomp
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
Creates files inside the user directory	System Summary	Masquerading
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\Order Details.exe

"C:\Users\user\Desktop\Order Details.exe"

Details

Is windows:	false
Is dropped:	false
PID:	2032
Target ID:	0
Parent PID:	2580
Name:	Order Details.exe
Path:	C:\Users\user\Desktop\Order Details.exe
Commandline:	"C:\Users\user\Desktop\Order Details.exe"
Size:	591360
MD5:	06C48EF3E45A7DAFEDBD596368918830
Time:	20:23:58
Date:	15/01/2025
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x590000
Modulesize:	614400
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Yara detected AntiVM3	Malware Analysis System Evasion
Yara detected Snake Keylogger	Stealing of Sensitive Information, Remote Access Functionality
Initial sample is a PE file and has a suspicious name	System Summary
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Machine Learning detection for sample	AV Detection
Yara detected Generic Downloader	Networking
Binary contains a suspicious time stamp	Data Obfuscation	Timestomp
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
Creates files inside the user directory	System Summary	Masquerading
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

C:\Users\user\Desktop\Order Details.exe

"C:\Users\user\Desktop\Order Details.exe"

Details

Is windows:	false
Is dropped:	false
PID:	908
Target ID:	1
Parent PID:	2032
Name:	Order Details.exe
Path:	C:\Users\user\Desktop\Order Details.exe
Commandline:	"C:\Users\user\Desktop\Order Details.exe"
Size:	591360
MD5:	06C48EF3E45A7DAFEDBD596368918830
Time:	20:23:58
Date:	15/01/2025
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xf50000
Modulesize:	614400
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Yara detected AntiVM3	Malware Analysis System Evasion
Yara detected Snake Keylogger	Stealing of Sensitive Information, Remote Access Functionality
Initial sample is a PE file and has a suspicious name	System Summary
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Machine Learning detection for sample	AV Detection
Yara detected Generic Downloader	Networking
Binary contains a suspicious time stamp	Data Obfuscation	Timestomp
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
Creates files inside the user directory	System Summary	Masquerading
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

URLs

Name

Malicious

https://reallyfreegeoip.org

unknown

http://checkip.dyndns.org

unknown

http://checkip.dyndns.org/

193.122.6.168

https://reallyfreegeoip.org/xml/8.46.123.189

104.21.32.1

http://checkip.dyndns.com

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

unknown

http://checkip.dyndns.org/q

unknown

https://reallyfreegeoip.org/xml/8.46.123.189$

unknown

http://reallyfreegeoip.org

unknown

https://reallyfreegeoip.org/xml/

unknown

Domains

Name

Malicious

reallyfreegeoip.org

104.21.32.1

Details

Name:	reallyfreegeoip.org
IP:	104.21.32.1
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Tries to detect the country of the analysis system (by using the IP)	Location Tracking
HTTP GET or POST without a user agent	Networking
May check the online IP address of the machine	Networking	System Network Configuration Discovery
Suricata IDS alerts with low severity for network traffic	Networking
Uses insecure TLS / SSL version for HTTPS connection	Compliance, Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

checkip.dyndns.com

193.122.6.168

checkip.dyndns.org

unknown

Details

Name:	checkip.dyndns.org
TargetID:	-1
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
May check the online IP address of the machine	Networking	System Network Configuration Discovery
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

104.21.32.1

reallyfreegeoip.org

United States

Details

IP:	104.21.32.1
TargetID:	1
Current Path:	C:\Users\user\Desktop\Order Details.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	reallyfreegeoip.org

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts with low severity for network traffic	Networking
Uses insecure TLS / SSL version for HTTPS connection	Compliance, Networking

193.122.6.168

checkip.dyndns.com

United States

Details

IP:	193.122.6.168
TargetID:	1
Current Path:	C:\Users\user\Desktop\Order Details.exe
Country:	United States
Countrycode:	USA
ASN number:	31898
ASN name:	ORACLE-BMC-31898US
Private:	false
Domain:	checkip.dyndns.com

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts with low severity for network traffic	Networking

Registry

Path

Value

Malicious

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Order Details_RASAPI32

EnableFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Order Details_RASAPI32

EnableAutoFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Order Details_RASAPI32

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Order Details_RASAPI32

FileTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Order Details_RASAPI32

ConsoleTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Order Details_RASAPI32

MaxFileSize

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Order Details_RASAPI32

FileDirectory

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Order Details_RASMANCS

EnableFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Order Details_RASMANCS

EnableAutoFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Order Details_RASMANCS

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Order Details_RASMANCS

FileTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Order Details_RASMANCS

ConsoleTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Order Details_RASMANCS

MaxFileSize

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Order Details_RASMANCS

FileDirectory

There are 5 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

402000

remote allocation

page execute and read and write

3351000

trusted library allocation

page read and write

3986000

trusted library allocation

page read and write

351C000

trusted library allocation

page read and write

3240000

heap

page read and write

54FF000

stack

page read and write

334E000

stack

page read and write

70B0000

trusted library allocation

page execute and read and write

579B000

trusted library allocation

page read and write

7060000

trusted library allocation

page read and write

16E0000

trusted library allocation

page read and write

13E0000

heap

page read and write

5EC0000

trusted library allocation

page read and write

5E9F000

stack

page read and write

5AF0000

heap

page execute and read and write

400000

remote allocation

page execute and read and write

17DF000

heap

page read and write

6F90000

trusted library allocation

page read and write

57BD000

trusted library allocation

page read and write

4E30000

trusted library allocation

page read and write

6E0E000

stack

page read and write

6F9E000

trusted library allocation

page read and write

3495000

trusted library allocation

page read and write

34E0000

trusted library allocation

page read and write

43D3000

trusted library allocation

page read and write

D92000

heap

page read and write

CF0000

trusted library allocation

page read and write

D78000

heap

page read and write

3234000

trusted library allocation

page read and write

A20000

heap

page read and write

F4F000

stack

page read and write

4A7E000

stack

page read and write

3591000

trusted library allocation

page read and write

6FC3000

trusted library allocation

page read and write

7000000

trusted library allocation

page read and write

16BD000

trusted library allocation

page execute and read and write

6E8E000

stack

page read and write

5044000

trusted library allocation

page read and write

2790000

heap

page read and write

5D3F000

stack

page read and write

5796000

trusted library allocation

page read and write

6FCA000

trusted library allocation

page read and write

16E5000

trusted library allocation

page execute and read and write

38E5000

trusted library allocation

page read and write

6E4E000

stack

page read and write

5920000

heap

page read and write

344D000

trusted library allocation

page read and write

35D7000

trusted library allocation

page read and write

27C0000

trusted library allocation

page read and write

195E000

stack

page read and write

B5D000

stack

page read and write

50D0000

trusted library section

page read and write

DF1000

heap

page read and write

6B56000

heap

page read and write

127A000

stack

page read and write

6C4D000

stack

page read and write

169E000

stack

page read and write

34A9000

trusted library allocation

page read and write

4FF0000

trusted library section

page read and write

CE0000

trusted library allocation

page read and write

3416000

trusted library allocation

page read and write

3443000

trusted library allocation

page read and write

16B0000

trusted library allocation

page read and write

3984000

trusted library allocation

page read and write

16D0000

trusted library allocation

page read and write

6FE0000

trusted library allocation

page execute and read and write

6F8E000

stack

page read and write

16E7000

trusted library allocation

page execute and read and write

19A0000

trusted library allocation

page execute and read and write

5D9E000

stack

page read and write

3401000

trusted library allocation

page read and write

1726000

heap

page read and write

5790000

trusted library allocation

page read and write

E30000

heap

page read and write

350E000

trusted library allocation

page read and write

579E000

trusted library allocation

page read and write

28E1000

trusted library allocation

page read and write

D2A000

trusted library allocation

page execute and read and write

4351000

trusted library allocation

page read and write

6A0E000

stack

page read and write

7B7000

stack

page read and write

3445000

trusted library allocation

page read and write

D00000

trusted library allocation

page read and write

57B1000

trusted library allocation

page read and write

6BB000

stack

page read and write

5ED0000

trusted library allocation

page execute and read and write

35A4000

trusted library allocation

page read and write

43B8000

trusted library allocation

page read and write

6FC0000

trusted library allocation

page read and write

D50000

heap

page read and write

34FF000

trusted library allocation

page read and write

35A8000

trusted library allocation

page read and write

34FB000

trusted library allocation

page read and write

277D000

stack

page read and write

27B0000

trusted library allocation

page execute and read and write

342E000

trusted library allocation

page read and write

5080000

trusted library allocation

page read and write

16B3000

trusted library allocation

page execute and read and write

16EB000

trusted library allocation

page execute and read and write

16E2000

trusted library allocation

page read and write

4E90000

trusted library allocation

page read and write

16F0000

heap

page read and write

34B6000

trusted library allocation

page read and write

3451000

trusted library allocation

page read and write

14C0000

heap

page read and write

50C0000

trusted library allocation

page read and write

6FAB000

trusted library allocation

page read and write

CF3000

trusted library allocation

page execute and read and write

26F0000

trusted library allocation

page read and write

19B0000

trusted library allocation

page read and write

D37000

trusted library allocation

page execute and read and write

1910000

heap

page execute and read and write

509E000

trusted library allocation

page read and write

4EA0000

trusted library allocation

page read and write

6C8E000

stack

page read and write

6CCE000

stack

page read and write

3491000

trusted library allocation

page read and write

153E000

stack

page read and write

5066000

trusted library allocation

page read and write

51FE000

stack

page read and write

5090000

trusted library allocation

page read and write

504B000

trusted library allocation

page read and write

524E000

stack

page read and write

34A5000

trusted library allocation

page read and write

170E000

heap

page read and write

553E000

stack

page read and write

50C5000

trusted library allocation

page read and write

1773000

heap

page read and write

3459000

trusted library allocation

page read and write

3407000

trusted library allocation

page read and write

16A0000

trusted library allocation

page read and write

38E1000

trusted library allocation

page read and write

1900000

trusted library allocation

page read and write

57AE000

trusted library allocation

page read and write

43E9000

trusted library allocation

page read and write

16B4000

trusted library allocation

page read and write

5061000

trusted library allocation

page read and write

35E2000

trusted library allocation

page read and write

505E000

trusted library allocation

page read and write

1719000

heap

page read and write

4379000

trusted library allocation

page read and write

5040000

trusted library allocation

page read and write

D10000

heap

page read and write

4E8E000

stack

page read and write

3499000

trusted library allocation

page read and write

585D000

stack

page read and write

B10000

heap

page read and write

165F000

stack

page read and write

33F6000

trusted library allocation

page read and write

4FCA000

trusted library allocation

page read and write

340A000

trusted library allocation

page read and write

4FC0000

trusted library allocation

page read and write

57AA000

trusted library allocation

page read and write

4EA8000

trusted library allocation

page read and write

57B6000

trusted library allocation

page read and write

592000

unkown

page readonly

D7B000

heap

page read and write

6FA0000

trusted library allocation

page read and write

B00000

heap

page read and write

6B10000

heap

page read and write

5930000

heap

page read and write

6FA6000

trusted library allocation

page read and write

7590000

heap

page read and write

BD5000

heap

page read and write

4FC5000

trusted library allocation

page read and write

57F0000

trusted library allocation

page read and write

D04000

trusted library allocation

page read and write

5094000

trusted library allocation

page read and write

5075000

trusted library allocation

page read and write

349D000

trusted library allocation

page read and write

27D0000

heap

page read and write

4FE0000

heap

page execute and read and write

6FD0000

trusted library allocation

page execute and read and write

D5E000

heap

page read and write

33FE000

trusted library allocation

page read and write

BD0000

heap

page read and write

CF4000

trusted library allocation

page read and write

B9E000

stack

page read and write

348D000

trusted library allocation

page read and write

4EB0000

heap

page read and write

4E97000

trusted library allocation

page read and write

CFD000

trusted library allocation

page execute and read and write

34C4000

trusted library allocation

page read and write

6FCF000

trusted library allocation

page read and write

5923000

heap

page read and write

43DD000

trusted library allocation

page read and write

16DA000

trusted library allocation

page execute and read and write

D3B000

trusted library allocation

page execute and read and write

6FA8000

trusted library allocation

page read and write

5042000

trusted library allocation

page read and write

6FB0000

trusted library allocation

page execute and read and write

511D000

stack

page read and write

4FBE000

stack

page read and write

16D6000

trusted library allocation

page execute and read and write

43E0000

trusted library allocation

page read and write

3230000

trusted library allocation

page read and write

1377000

stack

page read and write

50A0000

trusted library allocation

page read and write

5300000

heap

page read and write

3455000

trusted library allocation

page read and write

19C0000

heap

page read and write

14F5000

heap

page read and write

6DCF000

stack

page read and write

33F9000

trusted library allocation

page read and write

57C5000

trusted library allocation

page read and write

530D000

heap

page read and write

16C0000

trusted library allocation

page read and write

273E000

stack

page read and write

199E000

stack

page read and write

D5A000

heap

page read and write

6FF0000

trusted library allocation

page read and write

590000

unkown

page readonly

2780000

heap

page execute and read and write

7090000

heap

page read and write

4FCD000

trusted library allocation

page read and write

544E000

stack

page read and write

358A000

trusted library allocation

page read and write

14F0000

heap

page read and write

5C9F000

stack

page read and write

1550000

heap

page read and write

3586000

trusted library allocation

page read and write

35AD000

trusted library allocation

page read and write

D26000

trusted library allocation

page execute and read and write

CDF000

stack

page read and write

16D2000

trusted library allocation

page read and write

16CD000

trusted library allocation

page execute and read and write

6B0E000

stack

page read and write

57C2000

trusted library allocation

page read and write

28DF000

stack

page read and write

4FD0000

trusted library allocation

page read and write

5099000

trusted library allocation

page read and write

35D0000

trusted library allocation

page read and write

34D2000

trusted library allocation

page read and write

16F8000

heap

page read and write

D85000

heap

page read and write

6B75000

heap

page read and write

34A1000

trusted library allocation

page read and write

57D0000

trusted library allocation

page read and write

35DC000

trusted library allocation

page read and write

3414000

trusted library allocation

page read and write

18EE000

stack

page read and write

3210000

heap

page read and write

359A000

trusted library allocation

page read and write

There are 233 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
Order Details.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportOrder Details.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
Order Details.exe