Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

initial sample

Details

Filetype:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	7.972761501742185
Filename:	SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe
Filesize:	640512
MD5:	4a57aaabbc130e2ff9f78a1231680e14
SHA1:	a372c732016750f03ecf5465a4b71ee170a0ae52
SHA256:	5ef8f6039eee8fa8cb4a3ae505f4f17d4a98570ec25c3279a89ee829aa6f0431
SHA512:	894ad53dea2d423b9566a43019dbd4c60178e9ebfa90a87206d65903dc4d865a2e8e18734a0e26842410613de5b9d4dccfc2a58f92466ccd300001ffbf509083
SSDEEP:	12288:sYWBpJjfXqCGvEosj5/bESJH60M17KbTrhSXVRt5NlooKUNOUij:sY+fXq/vsj5zxHLM17K27vlooKUBi
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....\e..............0..d...`........... ........@.. ....................... ............@................................

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Tries to steal Mail credentials (via file / registry access)	Stealing of Sensitive Information	Email Collection
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)	Stealing of Sensitive Information	Credentials in Registry
Contains functionality to log keystrokes (.Net Source)	Key, Mouse, Clipboard, Microphone and Screen Capturing	Input Capture
Machine Learning detection for sample	AV Detection
.NET source code contains potential unpacker	Data Obfuscation
.NET source code contains very large array initializations	System Summary	Disable or Modify Tools
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)	Malware Analysis System Evasion	Windows Management Instrumentation Virtualization/Sandbox Evasion Security Software Discovery
Sample uses string decryption to hide its real strings	AV Detection
Tries to harvest and steal browser information (history, passwords, etc)	Stealing of Sensitive Information	OS Credential Dumping Data from Local System
Uses 32bit PE files	Compliance, System Summary	Masquerading
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection
May sleep (evasive loops) to hinder dynamic analysis	Malware Analysis System Evasion
Uses code obfuscation techniques (call, push, ret)	Data Obfuscation
Detected potential crypto function	System Summary	Archive Collected Data Encrypted Channel
Contains long sleeps (>= 3 min)	Malware Analysis System Evasion
Enables debug privileges	Anti Debugging
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)	Malware Analysis System Evasion
Sample file is different than original file name gathered from version info	System Summary
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)	Malware Analysis System Evasion
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)	Malware Analysis System Evasion
PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3)	System Summary
Queries a list of all running processes	Malware Analysis System Evasion	Process Discovery
Sample is known by Antivirus	System Summary
PE file has an executable .text section and no other executable section	System Summary
Reads software policies	System Summary
Queries the cryptographic machine GUID	Language, Device and Operating System Detection
Uses an in-process (OLE) Automation server	System Summary
Queries process information (via WMI, Win32_Process)	System Summary
Contains medium sleeps (>= 30s)	Malware Analysis System Evasion
Creates files inside the user directory	System Summary	Masquerading
.NET source code contains many randomly named methods	Data Obfuscation	Disable or Modify Tools
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Reads ini files	System Summary	File and Directory Discovery
Creates guard pages, often used to prevent reverse usering and debugging	Anti Debugging	Disable or Modify Tools
.NET source code contains many API calls related to security	System Summary	Disable or Modify Tools
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
URLs found in memory or binary data	Networking
.NET source code contains calls to encryption/decryption functions	System Summary	Disable or Modify Tools Deobfuscate/Decode Files or Information
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
Checks if Microsoft Office is installed	System Summary	System Information Discovery
PE file contains a COM descriptor data directory	System Summary
Uses Microsoft Silverlight	System Summary

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.log

ASCII text, with CRLF line terminators

dropped

Details

File:	C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.log
Category:	dropped
Dump:	SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.log.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	5.34331486778365
Encrypted:	false
Ssdeep:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
Size:	1216
Whitelisted:	false
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3)	System Summary	Software Packing
Creates files inside the user directory	System Summary	Masquerading
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe

Details

Is windows:	false
Is dropped:	false
PID:	1936
Target ID:	0
Parent PID:	4004
Name:	SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe
Commandline:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe
Size:	640512
MD5:	4A57AAABBC130E2FF9F78A1231680E14
Time:	04:17:50
Date:	21/11/2023
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xa90000
Modulesize:	663552
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Yara detected AgentTesla	Stealing of Sensitive Information, Remote Access Functionality
Yara detected AgentTesla	Stealing of Sensitive Information, Remote Access Functionality
Yara detected AntiVM3	Malware Analysis System Evasion
Machine Learning detection for sample	AV Detection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3)	System Summary	Software Packing
Creates files inside the user directory	System Summary	Masquerading
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe

Details

Is windows:	false
Is dropped:	false
PID:	6448
Target ID:	3
Parent PID:	1936
Name:	SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe
Commandline:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe
Size:	640512
MD5:	4A57AAABBC130E2FF9F78A1231680E14
Time:	04:17:51
Date:	21/11/2023
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x900000
Modulesize:	663552
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Yara detected AgentTesla	Stealing of Sensitive Information, Remote Access Functionality
Yara detected AgentTesla	Stealing of Sensitive Information, Remote Access Functionality
Yara detected AntiVM3	Malware Analysis System Evasion
Machine Learning detection for sample	AV Detection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3)	System Summary	Software Packing
Creates files inside the user directory	System Summary	Masquerading
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

URLs

Name

Malicious

http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#

unknown

Details

Name:	http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#
TargetID:	3
From Memory:	true
Current Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe
Source:	SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe, 00000003.00000002.3324006845.0000000002FC7000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe, 00000003.00000002.3322598459.0000000000F10000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe, 00000003.00000002.3327151487.00000000066F2000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

http://ocsp.sectigo.com0A

unknown

Details

Name:	http://ocsp.sectigo.com0A
TargetID:	3
From Memory:	true
Current Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe
Source:	SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe, 00000003.00000002.3324006845.0000000002FC7000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe, 00000003.00000002.3322598459.0000000000F10000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe, 00000003.00000002.3327151487.00000000066F2000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

https://sectigo.com/CPS0

unknown

Details

Name:	https://sectigo.com/CPS0
TargetID:	3
From Memory:	true
Current Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe
Source:	SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe, 00000003.00000002.3324006845.0000000002FC7000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe, 00000003.00000002.3322598459.0000000000F10000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe, 00000003.00000002.3327151487.00000000066F2000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

http://us2.smtp.mailhostbox.com

unknown

Details

Name:	http://us2.smtp.mailhostbox.com
TargetID:	3
From Memory:	true
Current Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe
Source:	SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe, 00000003.00000002.3324006845.0000000002FC7000.00000004.00000800.00020000.00000000.sdmp
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Domains

Name

Malicious

us2.smtp.mailhostbox.com

208.91.198.143

Details

Name:	us2.smtp.mailhostbox.com
IP:	208.91.198.143
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Sample uses string decryption to hide its real strings	AV Detection
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Uses SMTP (mail sending)	Networking	Application Layer Protocol
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

208.91.198.143

us2.smtp.mailhostbox.com

United States

Details

IP:	208.91.198.143
TargetID:	3
Current Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe
Country:	United States
Countrycode:	USA
ASN number:	394695
ASN name:	PUBLIC-DOMAIN-REGISTRYUS
Private:	false
Domain:	us2.smtp.mailhostbox.com

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Uses SMTP (mail sending)	Networking	Application Layer Protocol

Memdumps

Base Address

Regiontype

Protect

Malicious

2F71000

trusted library allocation

page read and write

3FFE000

trusted library allocation

page read and write

1914000

trusted library allocation

page read and write

E25000

heap

page read and write

5940000

trusted library allocation

page read and write

F20000

heap

page read and write

2FC3000

trusted library allocation

page read and write

E95000

heap

page read and write

18BD000

stack

page read and write

2FF9000

trusted library allocation

page read and write

7750000

heap

page read and write

A2DF000

stack

page read and write

D39000

stack

page read and write

FED000

trusted library allocation

page execute and read and write

FE0000

trusted library allocation

page read and write

12BE000

stack

page read and write

1770000

heap

page read and write

1902000

trusted library allocation

page read and write

2DCE000

stack

page read and write

1170000

trusted library allocation

page read and write

1095000

heap

page read and write

1367000

heap

page read and write

7650000

trusted library section

page read and write

1380000

trusted library allocation

page read and write

3E29000

trusted library allocation

page read and write

5304000

trusted library allocation

page read and write

53D0000

trusted library section

page readonly

57D0000

trusted library section

page read and write

C39000

stack

page read and write

A1DF000

stack

page read and write

1200000

heap

page read and write

59DD000

trusted library allocation

page read and write

E88000

heap

page read and write

5F80000

heap

page read and write

43E000

remote allocation

page execute and read and write

1330000

trusted library allocation

page read and write

F07000

heap

page read and write

57DE000

stack

page read and write

6200000

trusted library allocation

page execute and read and write

569E000

stack

page read and write

1920000

trusted library allocation

page read and write

57F5000

heap

page read and write

1024000

heap

page read and write

2E10000

heap

page execute and read and write

57E0000

trusted library allocation

page read and write

FD0000

trusted library allocation

page read and write

1031000

heap

page read and write

5300000

trusted library allocation

page read and write

8AF7000

trusted library allocation

page read and write

1340000

trusted library allocation

page execute and read and write

102F000

heap

page read and write

581D000

stack

page read and write

53B0000

trusted library allocation

page read and write

117D000

trusted library allocation

page execute and read and write

7070000

heap

page read and write

770E000

stack

page read and write

E60000

heap

page read and write

53AA000

trusted library allocation

page read and write

5450000

heap

page read and write

FFB000

heap

page read and write

18DE000

trusted library allocation

page read and write

3F13000

trusted library allocation

page read and write

59A0000

trusted library allocation

page execute and read and write

5360000

heap

page read and write

E53000

trusted library allocation

page execute and read and write

F0E000

heap

page read and write

18FD000

trusted library allocation

page read and write

624D000

stack

page read and write

59A0000

trusted library allocation

page read and write

5600000

heap

page execute and read and write

43C000

remote allocation

page execute and read and write

794F000

stack

page read and write

1306000

trusted library allocation

page execute and read and write

17BC000

stack

page read and write

61D0000

trusted library allocation

page read and write

2E0B000

stack

page read and write

1180000

trusted library allocation

page read and write

59E7000

trusted library allocation

page read and write

EF8000

stack

page read and write

A92000

unkown

page readonly

1910000

trusted library allocation

page read and write

18F6000

trusted library allocation

page read and write

53A0000

trusted library allocation

page read and write

E40000

trusted library allocation

page read and write

16B8000

trusted library allocation

page read and write

2FF1000

trusted library allocation

page read and write

1390000

trusted library allocation

page read and write

56DE000

stack

page read and write

FF0000

heap

page read and write

1385000

trusted library allocation

page read and write

130A000

trusted library allocation

page execute and read and write

7754000

heap

page read and write

7F920000

trusted library allocation

page execute and read and write

59D0000

trusted library allocation

page read and write

F30000

heap

page read and write

53E0000

heap

page read and write

5FA0000

heap

page read and write

DA0000

heap

page read and write

2FC7000

trusted library allocation

page read and write

5321000

trusted library allocation

page read and write

59E0000

trusted library allocation

page read and write

169F000

stack

page read and write

18EE000

trusted library allocation

page read and write

2EAB000

trusted library allocation

page read and write

1195000

trusted library allocation

page execute and read and write

5A07000

trusted library allocation

page read and write

599E000

stack

page read and write

3F71000

trusted library allocation

page read and write

1190000

trusted library allocation

page read and write

5A00000

trusted library allocation

page read and write

13A0000

heap

page read and write

59A8000

trusted library allocation

page read and write

1186000

trusted library allocation

page execute and read and write

2FED000

trusted library allocation

page read and write

1750000

trusted library allocation

page execute and read and write

591E000

stack

page read and write

F10000

heap

page read and write

E5D000

trusted library allocation

page execute and read and write

FDD000

trusted library allocation

page execute and read and write

57F0000

heap

page read and write

59F0000

trusted library allocation

page read and write

106D000

heap

page read and write

532D000

trusted library allocation

page read and write

6340000

heap

page read and write

18D0000

trusted library allocation

page read and write

594E000

trusted library allocation

page read and write

106E000

stack

page read and write

64ED000

stack

page read and write

7752000

heap

page read and write

3EC5000

trusted library allocation

page read and write

118A000

trusted library allocation

page execute and read and write

1370000

trusted library allocation

page read and write

18D6000

trusted library allocation

page read and write

3FD4000

trusted library allocation

page read and write

2FDF000

trusted library allocation

page read and write

10BC000

heap

page read and write

BCA000

stack

page read and write

531E000

trusted library allocation

page read and write

131B000

trusted library allocation

page execute and read and write

D90000

heap

page read and write

2E8D000

trusted library allocation

page read and write

7A4E000

stack

page read and write

559E000

stack

page read and write

FBE000

stack

page read and write

18DB000

trusted library allocation

page read and write

61E0000

trusted library allocation

page read and write

FD3000

trusted library allocation

page execute and read and write

1317000

trusted library allocation

page execute and read and write

5900000

trusted library allocation

page read and write

1182000

trusted library allocation

page read and write

18E2000

trusted library allocation

page read and write

18F1000

trusted library allocation

page read and write

66C8000

heap

page read and write

4FBB000

stack

page read and write

E50000

trusted library allocation

page read and write

5370000

trusted library allocation

page execute and read and write

55E0000

heap

page read and write

F70000

heap

page read and write

3E21000

trusted library allocation

page read and write

2C80000

heap

page read and write

1960000

heap

page read and write

A90000

unkown

page readonly

1300000

trusted library allocation

page read and write

1312000

trusted library allocation

page read and write

18EA000

trusted library allocation

page read and write

DB0000

heap

page read and write

1760000

trusted library allocation

page read and write

5F70000

heap

page read and write

6A50000

trusted library allocation

page execute and read and write

1350000

trusted library allocation

page read and write

53F0000

heap

page read and write

7760000

heap

page read and write

1192000

trusted library allocation

page read and write

109F000

heap

page read and write

FE3000

trusted library allocation

page read and write

FC0000

trusted library allocation

page read and write

E54000

trusted library allocation

page read and write

A0DE000

stack

page read and write

11FE000

stack

page read and write

E68000

heap

page read and write

1310000

trusted library allocation

page read and write

2C60000

trusted library allocation

page read and write

FFE000

heap

page read and write

EFB000

heap

page read and write

3E77000

trusted library allocation

page read and write

5400000

heap

page read and write

555C000

stack

page read and write

61C0000

trusted library allocation

page execute and read and write

4E9E000

stack

page read and write

137F000

trusted library allocation

page read and write

5403000

heap

page read and write

5326000

trusted library allocation

page read and write

116E000

unkown

page read and write

12FE000

stack

page read and write

57C0000

trusted library section

page read and write

5950000

trusted library allocation

page execute and read and write

14AE000

stack

page read and write

632D000

stack

page read and write

1197000

trusted library allocation

page execute and read and write

2E63000

trusted library allocation

page read and write

5453000

heap

page read and write

58FD000

stack

page read and write

B40000

unclassified section

page readonly

B2A000

unkown

page readonly

BF0000

unclassified section

page readonly

692E000

stack

page read and write

11B0000

trusted library allocation

page read and write

400000

remote allocation

page execute and read and write

55DB000

stack

page read and write

530B000

trusted library allocation

page read and write

18C0000

trusted library allocation

page read and write

16A0000

heap

page execute and read and write

62EE000

stack

page read and write

E20000

heap

page read and write

E92000

heap

page read and write

542C000

stack

page read and write

119B000

trusted library allocation

page execute and read and write

7272000

trusted library allocation

page read and write

1950000

heap

page execute and read and write

FD4000

trusted library allocation

page read and write

5690000

trusted library section

page read and write

2E5C000

trusted library allocation

page read and write

4E5E000

stack

page read and write

6A2F000

stack

page read and write

2CCE000

stack

page read and write

3F99000

trusted library allocation

page read and write

66B0000

heap

page read and write

5380000

trusted library allocation

page read and write

2E21000

trusted library allocation

page read and write

774E000

stack

page read and write

66F2000

heap

page read and write

1360000

heap

page read and write

2C50000

trusted library allocation

page read and write

61F0000

heap

page read and write

66F5000

heap

page read and write

There are 225 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe

Files

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportSecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe

Files

Processes

URLs

Domains

IPs

Memdumps

IOC Report
SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe