Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\cjB7bj6Fb4.exe

"C:\Users\user\Desktop\cjB7bj6Fb4.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7464
Target ID:	0
Parent PID:	4056
Name:	cjB7bj6Fb4.exe
Path:	C:\Users\user\Desktop\cjB7bj6Fb4.exe
Commandline:	"C:\Users\user\Desktop\cjB7bj6Fb4.exe"
Size:	29696
MD5:	EB6A1705873B7A3A9BEA8074F4E4D69A
Time:	07:15:07
Date:	16/01/2025
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x740000
Modulesize:	49152
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
URLs found in memory or binary data	Networking
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

URLs

Name

Malicious

http://160.22.121.182/STATO/Ohcbxyza.datM

unknown

http://160.22.121.182/STATO/Ohcbxyza.dat

160.22.121.182

Details

Name:	http://160.22.121.182/STATO/Ohcbxyza.dat
IP:	160.22.121.182
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\cjB7bj6Fb4.exe
Source:	network

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts with low severity for network traffic	Networking
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Tries to download or post to a non-existing HTTP route (HTTP/1.1 404 Not Found / 503 Service Unavailable / 403 Forbidden)	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
URLs found in memory or binary data	Networking

http://160.22.121.182

unknown

http://160.22.121.182D

unknown

Details

Name:	http://160.22.121.182D
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\cjB7bj6Fb4.exe
Source:	cjB7bj6Fb4.exe, 00000000.00000002.3760756074.0000000002B25000.00000004.00000800.00020000.00000000.sdmp, cjB7bj6Fb4.exe, 00000000.00000002.3760756074.0000000002E91000.00000004.00000800.00020000.00000000.sdmp, cjB7bj6Fb4.exe, 00000000.00000002.3760756074.0000000002E59000.00000004.00000800.00020000.00000000.sdmp, cjB7bj6Fb4.exe, 00000000.00000002.3760756074.0000000002DC8000.00000004.00000800.00020000.00000000.sdmp, cjB7bj6Fb4.exe, 00000000.00000002.3760756074.0000000002EC7000.00000004.00000800.00020000.00000000.sdmp, cjB7bj6Fb4.exe, 00000000.00000002.3760756074.0000000002F2D000.00000004.00000800.00020000.00000000.sdmp, cjB7bj6Fb4.exe, 00000000.00000002.3760756074.0000000002D34000.00000004.00000800.00020000.00000000.sdmp, cjB7bj6Fb4.exe, 00000000.00000002.3760756074.0000000002EF3000.00000004.00000800.00020000.00000000.sdmp, cjB7bj6Fb4.exe, 00000000.00000002.3760756074.0000000002F15000.00000004.00000800.00020000.00000000.sdmp, cjB7bj6Fb4.exe, 00000000.00000002.3760756074.0000000002CD8000.00000004.00000800.00020000.00000000.sdmp, cjB7bj6Fb4.exe, 00000000.00000002.3760756074.0000000002E49000.00000004.00000800.00020000.00000000.sdmp, cjB7bj6Fb4.exe, 00000000.00000002.3760756074.0000000002E6D000.00000004.00000800.00020000.00000000.sdmp, cjB7bj6Fb4.exe, 00000000.00000002.3760756074.0000000002DD3000.00000004.00000800.00020000.00000000.sdmp, cjB7bj6Fb4.exe, 00000000.00000002.3760756074.0000000002EA3000.00000004.00000800.00020000.00000000.sdmp, cjB7bj6Fb4.exe, 00000000.00000002.3760756074.0000000002EE1000.00000004.00000800.00020000.00000000.sdmp, cjB7bj6Fb4.exe, 00000000.00000002.3760756074.0000000002F47000.00000004.00000800.00020000.00000000.sdmp, cjB7bj6Fb4.exe, 00000000.00000002.3760756074.0000000002EB1000.00000004.00000800.00020000.00000000.sdmp, cjB7bj6Fb4.exe, 00000000.00000002.3760756074.0000000002EF7000.00000004.00000800.00020000.00000000.sdmp, cjB7bj6Fb4.exe, 00000000.00000002.3760756074.0000000002F4D000.00000004.00000800.00020000.00000000.sdmp, cjB7bj6Fb4.exe, 00000000.00000002.3760756074.0000000002CA0000.00000004.00000800.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

unknown

Details

Name:	http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\cjB7bj6Fb4.exe
Source:	cjB7bj6Fb4.exe, 00000000.00000002.3760756074.0000000002A61000.00000004.00000800.00020000.00000000.sdmp
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

http://160.22.121.182/STATO/Ohcbxyza.datP

unknown

Details

Name:	http://160.22.121.182/STATO/Ohcbxyza.datP
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\cjB7bj6Fb4.exe
Source:	cjB7bj6Fb4.exe, 00000000.00000002.3760756074.0000000002B25000.00000004.00000800.00020000.00000000.sdmp, cjB7bj6Fb4.exe, 00000000.00000002.3760756074.0000000002E91000.00000004.00000800.00020000.00000000.sdmp, cjB7bj6Fb4.exe, 00000000.00000002.3760756074.0000000002E59000.00000004.00000800.00020000.00000000.sdmp, cjB7bj6Fb4.exe, 00000000.00000002.3760756074.0000000002DC8000.00000004.00000800.00020000.00000000.sdmp, cjB7bj6Fb4.exe, 00000000.00000002.3760756074.0000000002EC7000.00000004.00000800.00020000.00000000.sdmp, cjB7bj6Fb4.exe, 00000000.00000002.3760756074.0000000002F2D000.00000004.00000800.00020000.00000000.sdmp, cjB7bj6Fb4.exe, 00000000.00000002.3760756074.0000000002E8D000.00000004.00000800.00020000.00000000.sdmp, cjB7bj6Fb4.exe, 00000000.00000002.3760756074.0000000002D34000.00000004.00000800.00020000.00000000.sdmp, cjB7bj6Fb4.exe, 00000000.00000002.3760756074.0000000002F15000.00000004.00000800.00020000.00000000.sdmp, cjB7bj6Fb4.exe, 00000000.00000002.3760756074.0000000002CD8000.00000004.00000800.00020000.00000000.sdmp, cjB7bj6Fb4.exe, 00000000.00000002.3760756074.0000000002E49000.00000004.00000800.00020000.00000000.sdmp, cjB7bj6Fb4.exe, 00000000.00000002.3760756074.0000000002E6D000.00000004.00000800.00020000.00000000.sdmp, cjB7bj6Fb4.exe, 00000000.00000002.3760756074.0000000002DD3000.00000004.00000800.00020000.00000000.sdmp, cjB7bj6Fb4.exe, 00000000.00000002.3760756074.0000000002EA3000.00000004.00000800.00020000.00000000.sdmp, cjB7bj6Fb4.exe, 00000000.00000002.3760756074.0000000002EEC000.00000004.00000800.00020000.00000000.sdmp, cjB7bj6Fb4.exe, 00000000.00000002.3760756074.0000000002EE1000.00000004.00000800.00020000.00000000.sdmp, cjB7bj6Fb4.exe, 00000000.00000002.3760756074.0000000002F47000.00000004.00000800.00020000.00000000.sdmp, cjB7bj6Fb4.exe, 00000000.00000002.3760756074.0000000002EB1000.00000004.00000800.00020000.00000000.sdmp, cjB7bj6Fb4.exe, 00000000.00000002.3760756074.0000000002EF7000.00000004.00000800.00020000.00000000.sdmp, cjB7bj6Fb4.exe, 00000000.00000002.3760756074.0000000002F27000.00000004.00000800.00020000.00000000.sdmp, cjB7bj6Fb4.exe, 00000000.00000002.3760756074.0000000002F4D000.00000004.00000800.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Domains

Name

Malicious

198.187.3.20.in-addr.arpa

unknown

Details

Name:	198.187.3.20.in-addr.arpa
TargetID:	-1
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)	Networking
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

160.22.121.182

unknown

Details

IP:	160.22.121.182
TargetID:	0
Current Path:	C:\Users\user\Desktop\cjB7bj6Fb4.exe
ASN number:	45194
ASN name:	SIPL-ASSysconInfowayPvtLtdIN
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts with low severity for network traffic	Networking
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Tries to download or post to a non-existing HTTP route (HTTP/1.1 404 Not Found / 503 Service Unavailable / 403 Forbidden)	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
URLs found in memory or binary data	Networking

Registry

Path

Value

Malicious

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\cjB7bj6Fb4_RASAPI32

EnableFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\cjB7bj6Fb4_RASAPI32

EnableAutoFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\cjB7bj6Fb4_RASAPI32

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\cjB7bj6Fb4_RASAPI32

FileTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\cjB7bj6Fb4_RASAPI32

ConsoleTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\cjB7bj6Fb4_RASAPI32

MaxFileSize

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\cjB7bj6Fb4_RASAPI32

FileDirectory

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\cjB7bj6Fb4_RASMANCS

EnableFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\cjB7bj6Fb4_RASMANCS

EnableAutoFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\cjB7bj6Fb4_RASMANCS

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\cjB7bj6Fb4_RASMANCS

FileTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\cjB7bj6Fb4_RASMANCS

ConsoleTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\cjB7bj6Fb4_RASMANCS

MaxFileSize

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\cjB7bj6Fb4_RASMANCS

FileDirectory

There are 5 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

2A50000

heap

page read and write

1020000

trusted library allocation

page read and write

5C1E000

stack

page read and write

740000

unkown

page readonly

2B25000

trusted library allocation

page read and write

10E0000

heap

page execute and read and write

E49000

heap

page read and write

2E91000

trusted library allocation

page read and write

2A4D000

stack

page read and write

B9D000

stack

page read and write

2C8A000

trusted library allocation

page read and write

5D1E000

stack

page read and write

5FFD000

stack

page read and write

2E59000

trusted library allocation

page read and write

53BD000

stack

page read and write

2A0E000

stack

page read and write

105A000

trusted library allocation

page execute and read and write

1167000

heap

page read and write

2DC8000

trusted library allocation

page read and write

10D0000

trusted library allocation

page execute and read and write

2EC7000

trusted library allocation

page read and write

6110000

heap

page read and write

5120000

trusted library allocation

page read and write

4BFD000

stack

page read and write

54BE000

stack

page read and write

2F2D000

trusted library allocation

page read and write

B40000

heap

page read and write

2E8D000

trusted library allocation

page read and write

2D34000

trusted library allocation

page read and write

6100000

heap

page read and write

5130000

heap

page execute and read and write

FBD000

stack

page read and write

2F5C000

trusted library allocation

page read and write

2EF3000

trusted library allocation

page read and write

DB4000

heap

page read and write

3A61000

trusted library allocation

page read and write

E2F000

heap

page read and write

1050000

trusted library allocation

page read and write

5A1C000

stack

page read and write

B50000

heap

page read and write

503D000

stack

page read and write

2F15000

trusted library allocation

page read and write

50BE000

stack

page read and write

1067000

trusted library allocation

page execute and read and write

5A9E000

stack

page read and write

507D000

stack

page read and write

2CD8000

trusted library allocation

page read and write

2E49000

trusted library allocation

page read and write

EBD000

stack

page read and write

2E6D000

trusted library allocation

page read and write

1040000

trusted library allocation

page read and write

103D000

trusted library allocation

page execute and read and write

2AA7000

trusted library allocation

page read and write

106B000

trusted library allocation

page execute and read and write

1080000

trusted library allocation

page read and write

2ADA000

trusted library allocation

page read and write

FE7000

heap

page read and write

FE0000

heap

page read and write

BA0000

heap

page read and write

2DD3000

trusted library allocation

page read and write

1150000

trusted library allocation

page read and write

DFD000

heap

page read and write

4A60000

trusted library allocation

page read and write

2C4C000

trusted library allocation

page read and write

D80000

heap

page read and write

742000

unkown

page readonly

7DC000

stack

page read and write

D7C000

stack

page read and write

2C64000

trusted library allocation

page read and write

1057000

trusted library allocation

page execute and read and write

5BDD000

stack

page read and write

112C000

stack

page read and write

1033000

trusted library allocation

page execute and read and write

2A61000

trusted library allocation

page read and write

2C91000

trusted library allocation

page read and write

AF8000

stack

page read and write

D8E000

heap

page read and write

2EA3000

trusted library allocation

page read and write

1160000

heap

page read and write

2C73000

trusted library allocation

page read and write

BA5000

heap

page read and write

2C7E000

trusted library allocation

page read and write

60FC000

stack

page read and write

2EEC000

trusted library allocation

page read and write

2EE1000

trusted library allocation

page read and write

E36000

heap

page read and write

2AB8000

trusted library allocation

page read and write

1034000

trusted library allocation

page read and write

E66000

heap

page read and write

5A5E000

stack

page read and write

2C7C000

trusted library allocation

page read and write

2A92000

trusted library allocation

page read and write

2F47000

trusted library allocation

page read and write

2F5F000

trusted library allocation

page read and write

2EB1000

trusted library allocation

page read and write

FF0000

heap

page read and write

5ADD000

stack

page read and write

2EF7000

trusted library allocation

page read and write

2C68000

trusted library allocation

page read and write

591D000

stack

page read and write

1062000

trusted library allocation

page read and write

1060000

trusted library allocation

page read and write

2F27000

trusted library allocation

page read and write

D8A000

heap

page read and write

4A68000

trusted library allocation

page read and write

2A9E000

trusted library allocation

page read and write

50FE000

stack

page read and write

1130000

trusted library allocation

page read and write

2F4D000

trusted library allocation

page read and write

10CE000

stack

page read and write

1030000

trusted library allocation

page read and write

2CA0000

trusted library allocation

page read and write

2C6B000

trusted library allocation

page read and write

523D000

stack

page read and write

2EC5000

trusted library allocation

page read and write

There are 105 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
cjB7bj6Fb4.exe

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportcjB7bj6Fb4.exe

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
cjB7bj6Fb4.exe