Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

order6566546663.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

initial sample

Details

Filetype:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	7.202178662583017
Filename:	order6566546663.exe
Filesize:	591360
MD5:	71bd2f038e92ae0e3b95a7567511458e
SHA1:	816293b2472e394288fc9c91bdff206ab8ef52e2
SHA256:	13ba4ee3d7accddd8dbce8e4bc4a623e0b7bf30350fe9d58f1c269cd744bb835
SHA512:	6504c277444190aff4ec14dfc0a9a47c84a61eaaa772088cd003cb93589334e8bd8e79928578b4f5fd61783f97c6317c22d75777db5bba53058c21ab797b40b6
SSDEEP:	12288:ZbRKjP7ne23gAcdtfD1IWPUK/IBW+hb9LiMPXPgm:DKjP7e23gAcvfD1IhW+VR
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0.................. ... ....@.. .......................`............@................................

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Malicious sample detected (through community Yara rule)	System Summary
Multi AV Scanner detection for submitted file	AV Detection
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Machine Learning detection for sample	AV Detection
Tries to harvest and steal browser information (history, passwords, etc)	Stealing of Sensitive Information	OS Credential Dumping Data from Local System
Tries to steal Mail credentials (via file / registry access)	Stealing of Sensitive Information	Email Collection
Abnormal high CPU Usage	System Summary	Process Injection
Allocates memory with a write watch (potentially for evading sandboxes)	Malware Analysis System Evasion
Binary contains a suspicious time stamp	Data Obfuscation	Timestomp
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)	Anti Debugging
Contains long sleeps (>= 3 min)	Malware Analysis System Evasion
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion
Detected potential crypto function	System Summary	Archive Collected Data Encrypted Channel
Enables debug privileges	Anti Debugging
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)	Malware Analysis System Evasion
Found inlined nop instructions (likely shell or obfuscated code)	Software Vulnerabilities	Obfuscated Files or Information
May sleep (evasive loops) to hinder dynamic analysis	Malware Analysis System Evasion
Monitors certain registry keys / values for changes (often done to protect autostart functionality)	Hooking and other Techniques for Hiding and Protection	Query Registry
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary	Masquerading
Uses code obfuscation techniques (call, push, ret)	Data Obfuscation
Yara signature match	System Summary
Binary may include packed or encrypted code	Data Obfuscation	Software Packing
Contains medium sleeps (>= 30s)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Creates files inside the user directory	System Summary	Masquerading
Creates guard pages, often used to prevent reverse engineering and debugging	Anti Debugging	Disable or Modify Tools
Creates mutexes	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Queries a list of all running processes	Malware Analysis System Evasion	Process Discovery
Queries the cryptographic machine GUID	Language, Device and Operating System Detection	System Information Discovery
Reads software policies	System Summary
SQL strings found in memory and binary data	System Summary
Sample is known by Antivirus	System Summary
Tries to load missing DLLs	System Summary	DLL Side-Loading
URLs found in memory or binary data	Networking
Uses an in-process (OLE) Automation server	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
Checks if Microsoft Office is installed	System Summary
PE file contains a COM descriptor data directory	System Summary
Uses Microsoft Silverlight	System Summary

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\order6566546663.exe.log

ASCII text, with CRLF line terminators

dropped

Details

File:	C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\order6566546663.exe.log
Category:	dropped
Dump:	order6566546663.exe.log.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\order6566546663.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	5.349842958726647
Encrypted:	false
Ssdeep:	12:Q3La/hhkvoDLI4MWuCqDLI4MWuPTAq1KDLI4M9XKbbDLI4MWuPJKAVKhat92n4M6:MLUE4K5E4KH1qE4qXKDE4KhKiKhg84j
Size:	706
Whitelisted:	false
Reputation:	moderate

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
Binary contains a suspicious time stamp	Data Obfuscation	Timestomp
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
Creates files inside the user directory	System Summary	Masquerading
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\order6566546663.exe

"C:\Users\user\Desktop\order6566546663.exe"

Details

Is windows:	false
Is dropped:	false
PID:	4512
Target ID:	0
Parent PID:	1028
Name:	order6566546663.exe
Path:	C:\Users\user\Desktop\order6566546663.exe
Commandline:	"C:\Users\user\Desktop\order6566546663.exe"
Size:	591360
MD5:	71BD2F038E92AE0E3B95A7567511458E
Time:	20:24:55
Date:	15/01/2025
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x420000
Modulesize:	614400
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Yara detected AntiVM3	Malware Analysis System Evasion
Yara detected Snake Keylogger	Stealing of Sensitive Information, Remote Access Functionality
Initial sample is a PE file and has a suspicious name	System Summary
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Machine Learning detection for sample	AV Detection
Yara detected Generic Downloader	Networking
Binary contains a suspicious time stamp	Data Obfuscation	Timestomp
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
Creates files inside the user directory	System Summary	Masquerading
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

C:\Users\user\Desktop\order6566546663.exe

"C:\Users\user\Desktop\order6566546663.exe"

Details

Is windows:	false
Is dropped:	false
PID:	6976
Target ID:	1
Parent PID:	4512
Name:	order6566546663.exe
Path:	C:\Users\user\Desktop\order6566546663.exe
Commandline:	"C:\Users\user\Desktop\order6566546663.exe"
Size:	591360
MD5:	71BD2F038E92AE0E3B95A7567511458E
Time:	20:24:55
Date:	15/01/2025
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xab0000
Modulesize:	614400
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Yara detected AntiVM3	Malware Analysis System Evasion
Yara detected Snake Keylogger	Stealing of Sensitive Information, Remote Access Functionality
Initial sample is a PE file and has a suspicious name	System Summary
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Machine Learning detection for sample	AV Detection
Yara detected Generic Downloader	Networking
Binary contains a suspicious time stamp	Data Obfuscation	Timestomp
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
Creates files inside the user directory	System Summary	Masquerading
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

URLs

Name

Malicious

https://reallyfreegeoip.org

unknown

http://checkip.dyndns.org

unknown

http://checkip.dyndns.org/

132.226.247.73

https://reallyfreegeoip.org/xml/8.46.123.189

104.21.48.1

http://checkip.dyndns.com

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

unknown

http://checkip.dyndns.org/q

unknown

https://reallyfreegeoip.org/xml/8.46.123.189$

unknown

http://reallyfreegeoip.org

unknown

https://reallyfreegeoip.org/xml/

unknown

Domains

Name

Malicious

reallyfreegeoip.org

104.21.48.1

Details

Name:	reallyfreegeoip.org
IP:	104.21.48.1
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Tries to detect the country of the analysis system (by using the IP)	Location Tracking
HTTP GET or POST without a user agent	Networking
May check the online IP address of the machine	Networking	System Network Configuration Discovery
Suricata IDS alerts with low severity for network traffic	Networking
Uses insecure TLS / SSL version for HTTPS connection	Compliance, Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

checkip.dyndns.com

132.226.247.73

checkip.dyndns.org

unknown

Details

Name:	checkip.dyndns.org
TargetID:	-1
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
May check the online IP address of the machine	Networking	System Network Configuration Discovery
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

104.21.48.1

reallyfreegeoip.org

United States

Details

IP:	104.21.48.1
TargetID:	1
Current Path:	C:\Users\user\Desktop\order6566546663.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	reallyfreegeoip.org

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts with low severity for network traffic	Networking
Uses insecure TLS / SSL version for HTTPS connection	Compliance, Networking

104.21.16.1

unknown

United States

Details

IP:	104.21.16.1
TargetID:	1
Current Path:	C:\Users\user\Desktop\order6566546663.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts with low severity for network traffic	Networking

132.226.247.73

checkip.dyndns.com

United States

Details

IP:	132.226.247.73
TargetID:	1
Current Path:	C:\Users\user\Desktop\order6566546663.exe
Country:	United States
Countrycode:	USA
ASN number:	16989
ASN name:	UTMEMUS
Private:	false
Domain:	checkip.dyndns.com

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts with low severity for network traffic	Networking

Registry

Path

Value

Malicious

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\order6566546663_RASAPI32

EnableFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\order6566546663_RASAPI32

EnableAutoFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\order6566546663_RASAPI32

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\order6566546663_RASAPI32

FileTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\order6566546663_RASAPI32

ConsoleTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\order6566546663_RASAPI32

MaxFileSize

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\order6566546663_RASAPI32

FileDirectory

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\order6566546663_RASMANCS

EnableFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\order6566546663_RASMANCS

EnableAutoFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\order6566546663_RASMANCS

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\order6566546663_RASMANCS

FileTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\order6566546663_RASMANCS

ConsoleTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\order6566546663_RASMANCS

MaxFileSize

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\order6566546663_RASMANCS

FileDirectory

There are 5 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

2E41000

trusted library allocation

page read and write

2FFA000

trusted library allocation

page read and write

402000

remote allocation

page execute and read and write

38A6000

trusted library allocation

page read and write

50CE000

stack

page read and write

2E3E000

stack

page read and write

B9D000

trusted library allocation

page execute and read and write

2CA0000

trusted library allocation

page read and write

2F00000

trusted library allocation

page read and write

10E0000

heap

page read and write

6B60000

trusted library allocation

page read and write

F40000

trusted library allocation

page read and write

6B20000

trusted library allocation

page read and write

3079000

trusted library allocation

page read and write

EB0000

heap

page read and write

F8E000

stack

page read and write

3EA6000

trusted library allocation

page read and write

111E000

heap

page read and write

4F60000

trusted library section

page read and write

145A000

trusted library allocation

page execute and read and write

2FEC000

trusted library allocation

page read and write

1340000

heap

page read and write

6B40000

trusted library allocation

page execute and read and write

F40000

heap

page read and write

2CB0000

heap

page read and write

4F30000

trusted library allocation

page read and write

AA4000

heap

page read and write

6C10000

trusted library allocation

page execute and read and write

4F2E000

trusted library allocation

page read and write

56AE000

stack

page read and write

A9A000

heap

page read and write

A6E000

stack

page read and write

144E000

stack

page read and write

6630000

heap

page read and write

1456000

trusted library allocation

page execute and read and write

4F24000

trusted library allocation

page read and write

306E000

trusted library allocation

page read and write

3083000

trusted library allocation

page read and write

E20000

trusted library allocation

page read and write

6B30000

trusted library allocation

page execute and read and write

1100000

heap

page read and write

EFE000

stack

page read and write

2F8E000

trusted library allocation

page read and write

2F82000

trusted library allocation

page read and write

3ECB000

trusted library allocation

page read and write

6693000

heap

page read and write

5346000

trusted library allocation

page read and write

B93000

trusted library allocation

page execute and read and write

FF0000

heap

page read and write

A97000

heap

page read and write

132D000

trusted library allocation

page execute and read and write

6AE0000

trusted library allocation

page execute and read and write

E7E000

stack

page read and write

4ED0000

trusted library allocation

page read and write

2CFE000

stack

page read and write

2F7A000

trusted library allocation

page read and write

4EC0000

heap

page read and write

5403000

heap

page read and write

532E000

trusted library allocation

page read and write

E00000

trusted library allocation

page execute and read and write

2F3A000

trusted library allocation

page read and write

30C5000

trusted library allocation

page read and write

2F86000

trusted library allocation

page read and write

4F55000

trusted library allocation

page read and write

2EE3000

trusted library allocation

page read and write

FDE000

stack

page read and write

6B23000

trusted library allocation

page read and write

5341000

trusted library allocation

page read and write

5352000

trusted library allocation

page read and write

38A4000

trusted library allocation

page read and write

5C30000

heap

page read and write

BB6000

trusted library allocation

page execute and read and write

2C17000

trusted library allocation

page execute and read and write

3801000

trusted library allocation

page read and write

4F20000

trusted library allocation

page read and write

2C10000

trusted library allocation

page read and write

133D000

trusted library allocation

page execute and read and write

6AFE000

trusted library allocation

page read and write

30B8000

trusted library allocation

page read and write

2EF4000

trusted library allocation

page read and write

694E000

stack

page read and write

4EEE000

trusted library allocation

page read and write

4ED4000

trusted library allocation

page read and write

B90000

trusted library allocation

page read and write

4F29000

trusted library allocation

page read and write

54B0000

heap

page read and write

6AD0000

trusted library allocation

page read and write

1108000

heap

page read and write

1330000

trusted library allocation

page read and write

113A000

heap

page read and write

6ACF000

stack

page read and write

A25000

heap

page read and write

662F000

stack

page read and write

400000

remote allocation

page execute and read and write

53CE000

stack

page read and write

5C0000

heap

page read and write

528E000

stack

page read and write

BC7000

trusted library allocation

page execute and read and write

F48000

trusted library allocation

page read and write

652E000

stack

page read and write

2F92000

trusted library allocation

page read and write

1452000

trusted library allocation

page read and write

4EF1000

trusted library allocation

page read and write

30CB000

trusted library allocation

page read and write

6688000

heap

page read and write

8F7000

stack

page read and write

6B2F000

trusted library allocation

page read and write

6B50000

trusted library allocation

page read and write

2F7E000

trusted library allocation

page read and write

1320000

trusted library allocation

page read and write

3091000

trusted library allocation

page read and write

DDE000

stack

page read and write

4EA0000

trusted library allocation

page read and write

2D30000

heap

page execute and read and write

4EA5000

trusted library allocation

page read and write

BBA000

trusted library allocation

page execute and read and write

2FCC000

trusted library allocation

page read and write

11BC000

heap

page read and write

2F03000

trusted library allocation

page read and write

3805000

trusted library allocation

page read and write

56B0000

heap

page execute and read and write

F3E000

stack

page read and write

DF0000

trusted library allocation

page read and write

4EB0000

trusted library allocation

page read and write

3E41000

trusted library allocation

page read and write

F50000

heap

page read and write

AB1000

heap

page read and write

5B0000

heap

page read and write

4FAD000

stack

page read and write

2CA4000

trusted library allocation

page read and write

2C80000

trusted library allocation

page execute and read and write

69CE000

stack

page read and write

A7A000

heap

page read and write

EA7000

trusted library allocation

page read and write

BCB000

trusted library allocation

page execute and read and write

5326000

trusted library allocation

page read and write

3073000

trusted library allocation

page read and write

6B00000

trusted library allocation

page read and write

4EF6000

trusted library allocation

page read and write

BD0000

heap

page read and write

698F000

stack

page read and write

1460000

heap

page read and write

E10000

trusted library allocation

page read and write

5320000

trusted library allocation

page read and write

B64000

heap

page read and write

4E50000

trusted library section

page read and write

4F05000

trusted library allocation

page read and write

BA4000

trusted library allocation

page read and write

690E000

stack

page read and write

2D00000

trusted library allocation

page read and write

2C90000

trusted library allocation

page read and write

2EEB000

trusted library allocation

page read and write

1129000

heap

page read and write

532B000

trusted library allocation

page read and write

422000

unkown

page readonly

4EDB000

trusted library allocation

page read and write

3EC1000

trusted library allocation

page read and write

680E000

stack

page read and write

2F42000

trusted library allocation

page read and write

2C15000

trusted library allocation

page execute and read and write

499E000

stack

page read and write

4E4E000

stack

page read and write

EA0000

trusted library allocation

page read and write

2F96000

trusted library allocation

page read and write

534D000

trusted library allocation

page read and write

677D000

stack

page read and write

2C1B000

trusted library allocation

page execute and read and write

CDE000

stack

page read and write

2FB1000

trusted library allocation

page read and write

5C2E000

stack

page read and write

4F10000

trusted library allocation

page read and write

54B000

stack

page read and write

6B06000

trusted library allocation

page read and write

4EAA000

trusted library allocation

page read and write

3095000

trusted library allocation

page read and write

FF5000

heap

page read and write

6B10000

trusted library allocation

page execute and read and write

4EAD000

trusted library allocation

page read and write

2F3E000

trusted library allocation

page read and write

70C0000

heap

page read and write

5E0000

heap

page read and write

67BE000

stack

page read and write

11F1000

heap

page read and write

1450000

trusted library allocation

page read and write

A7E000

heap

page read and write

6AF0000

trusted library allocation

page read and write

2FBE000

trusted library allocation

page read and write

53BD000

stack

page read and write

2EE8000

trusted library allocation

page read and write

2F8A000

trusted library allocation

page read and write

2FA3000

trusted library allocation

page read and write

A20000

heap

page read and write

2F1B000

trusted library allocation

page read and write

12FE000

stack

page read and write

3E69000

trusted library allocation

page read and write

4F51000

trusted library allocation

page read and write

2D20000

trusted library allocation

page read and write

B94000

trusted library allocation

page read and write

F90000

heap

page read and write

EF7000

stack

page read and write

2EF0000

trusted library allocation

page read and write

6BF0000

heap

page read and write

5400000

heap

page read and write

538F000

stack

page read and write

1310000

trusted library allocation

page read and write

6B0B000

trusted library allocation

page read and write

2F46000

trusted library allocation

page read and write

2C12000

trusted library allocation

page read and write

2801000

trusted library allocation

page read and write

30BF000

trusted library allocation

page read and write

1323000

trusted library allocation

page execute and read and write

2C30000

trusted library allocation

page read and write

5B2F000

stack

page read and write

6BC0000

trusted library allocation

page read and write

533E000

trusted library allocation

page read and write

2F32000

trusted library allocation

page read and write

30FC000

trusted library allocation

page read and write

A0E000

stack

page read and write

669B000

heap

page read and write

BA0000

trusted library allocation

page read and write

508E000

stack

page read and write

4FDE000

stack

page read and write

27FF000

stack

page read and write

2FE8000

trusted library allocation

page read and write

A70000

heap

page read and write

1324000

trusted library allocation

page read and write

308C000

trusted library allocation

page read and write

E30000

heap

page execute and read and write

4ED2000

trusted library allocation

page read and write

E90000

heap

page execute and read and write

420000

unkown

page readonly

AB5000

heap

page read and write

2F30000

trusted library allocation

page read and write

2C7E000

stack

page read and write

6B2A000

trusted library allocation

page read and write

B80000

trusted library allocation

page read and write

BD9000

stack

page read and write

3ED7000

trusted library allocation

page read and write

533A000

trusted library allocation

page read and write

6B08000

trusted library allocation

page read and write

There are 230 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
order6566546663.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportorder6566546663.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
order6566546663.exe