Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

1239840531439025921.js

ASCII text, with very long lines (3027), with CRLF line terminators

initial sample

Details

Filetype:	ASCII text, with very long lines (3027), with CRLF line terminators
Entropy:	5.7782767634703776
Filename:	1239840531439025921.js
Filesize:	318926
MD5:	f06bb1a7df51df32d783b34f92d9b66a
SHA1:	b687119329ce2407964f5230baf368d76073a8e1
SHA256:	84e1edd28a73544499787540829363608648e12c3f3f2955ab2fb3b1af1d1e05
SHA512:	a43a1c6b1ef84e1a833dc065d787d8482dfb8539a504752de71386aadf788e936943e1a4d37ad24c8ef1a57791aaf99e252928c1bb7c32cc41836af419286003
SSDEEP:	6144:eBHEsQEhu1bTtA/ZilnqbLJGpjEmWjuFnrPU+r:e99dSbTIiY/JGGuPt
Preview:	/* flyutopianobedient..set flyutopianobedientadditionamusednation=q..set flyutopianobedientbeliefstageleft=m..set flyutopianobedientchubbyabackcrash=c..set flyutopianobedientgruesomegrandfatherpossible=j..set flyutopianobedientrainbasketexist=x..set flyut

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Java / VBScript file with very long strings (likely obfuscated code)	System Summary	Obfuscated Files or Information
Sample is known by Antivirus	System Summary

C:\Users\user\mindtrembleopen.bat

ASCII text, with very long lines (3027), with CRLF line terminators

dropped

Details

File:	C:\Users\user\mindtrembleopen.bat
Category:	dropped
Dump:	mindtrembleopen.bat.1.dr
ID:	dr_1
Target ID:	1
Process:	C:\Windows\System32\cmd.exe
Type:	ASCII text, with very long lines (3027), with CRLF line terminators
Entropy:	5.7782767634703776
Encrypted:	false
Ssdeep:	6144:eBHEsQEhu1bTtA/ZilnqbLJGpjEmWjuFnrPU+r:e99dSbTIiY/JGGuPt
Size:	318926
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Yara detected EXE embedded in BAT file	Data Obfuscation
Creates files inside the user directory	System Summary	Masquerading

C:\Users\user\muddledfreedesert.ico

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

Details

File:	C:\Users\user\muddledfreedesert.ico
Category:	dropped
Dump:	muddledfreedesert.ico.6.dr
ID:	dr_3
Target ID:	6
Process:	C:\Windows\System32\certutil.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	7.117967343876302
Encrypted:	false
Ssdeep:	3072:Eq+5FU/HC+Y7zpLD2vV127JED676p2uUJTsYz+TPp/8WfAsz1jUB:Eq+5FUKRpv2H27J7HuuTs8+rGWAM1UB
Size:	217854
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the user root directory	Boot Survival	Masquerading
Drops PE files	Persistence and Installation Behavior
Drops PE files to the user directory	Persistence and Installation Behavior	Masquerading
Drops files with a non-matching file extension (content does not match file extension)	Persistence and Installation Behavior	Masquerading

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

data

dropped

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Category:	dropped
Dump:	StartupProfileData-NonInteractive.7.dr
ID:	dr_6
Target ID:	7
Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Type:	data
Entropy:	0.7307872139132228
Encrypted:	false
Ssdeep:	3:Nlllul4/X:NllU4/
Size:	64
Whitelisted:	false
Reputation:	low

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lnffw4rs.104.psm1

ASCII text, with no line terminators

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lnffw4rs.104.psm1
Category:	dropped
Dump:	__PSScriptPolicyTest_lnffw4rs.104.psm1.7.dr
ID:	dr_5
Target ID:	7
Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Type:	ASCII text, with no line terminators
Entropy:	4.038920595031593
Encrypted:	false
Ssdeep:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
Size:	60
Whitelisted:	false
Reputation:	high

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qjllnkuc.i0s.ps1

ASCII text, with no line terminators

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qjllnkuc.i0s.ps1
Category:	dropped
Dump:	__PSScriptPolicyTest_qjllnkuc.i0s.ps1.7.dr
ID:	dr_4
Target ID:	7
Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Type:	ASCII text, with no line terminators
Entropy:	4.038920595031593
Encrypted:	false
Ssdeep:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
Size:	60
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Creates temporary files	System Summary

C:\Users\user\astonishinglewdselective

ASCII text, with very long lines (3027), with CRLF line terminators

modified

Details

File:	C:\Users\user\astonishinglewdselective
Category:	modified
Dump:	astonishinglewdselective.1.dr
ID:	dr_2
Target ID:	1
Process:	C:\Windows\System32\cmd.exe
Type:	ASCII text, with very long lines (3027), with CRLF line terminators
Entropy:	5.637755217120682
Encrypted:	false
Ssdeep:	6144:zBHEsQEhu1bTtA/ZilnqbLJGpjEmWjuFx:z99dSbTIiY/JGGC
Size:	290664
Whitelisted:	false
Reputation:	timeout

C:\Users\user\mindtrembleopen.bat:Zone.Identifier

ASCII text, with CRLF line terminators

modified

Details

File:	C:\Users\user\mindtrembleopen.bat:Zone.Identifier
Category:	modified
Dump:	mindtrembleopen.bat_Zone.Identifier.1.dr
ID:	dr_0
Target ID:	1
Process:	C:\Windows\System32\cmd.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	3.95006375643621
Encrypted:	false
Ssdeep:	3:ggPYV:rPYV
Size:	26
Whitelisted:	false
Reputation:	timeout

Processes

Path

Cmdline

Malicious

C:\Windows\System32\wscript.exe

C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\1239840531439025921.js"

Details

Is windows:	true
Is dropped:	false
PID:	6560
Target ID:	0
Parent PID:	2580
Name:	wscript.exe
Class:	wscript
Path:	C:\Windows\System32\wscript.exe
Commandline:	C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\1239840531439025921.js"
Size:	170496
MD5:	A47CBE969EA935BDD3AB568BB126BC80
Time:	14:25:22
Date:	28/03/2024
Reason:	newprocess
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x7ff67d5b0000
Modulesize:	184320
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: WScript or CScript Dropper	System Summary
Sigma detected: Suspicious Copy From or To System Directory	System Summary
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript	System Summary
Spawns processes	System Summary	Process Injection

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k copy "C:\Users\user\Desktop\1239840531439025921.js" "C:\Users\user\\mindtrembleopen.bat" && "C:\Users\user\\mindtrembleopen.bat"

Details

Is windows:	true
Is dropped:	false
PID:	6684
Target ID:	1
Parent PID:	6560
Name:	cmd.exe
Class:	cmd
Path:	C:\Windows\System32\cmd.exe
Commandline:	"C:\Windows\System32\cmd.exe" /k copy "C:\Users\user\Desktop\1239840531439025921.js" "C:\Users\user\\mindtrembleopen.bat" && "C:\Users\user\\mindtrembleopen.bat"
Size:	289792
MD5:	8A2122E8162DBEF04694B9C3E0B6CDEE
Time:	14:25:23
Date:	28/03/2024
Reason:	newprocess
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x7ff6312d0000
Modulesize:	421888
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Powershell launch regsvr32	HIPS / PFW / Operating System Protection Evasion
Wscript starts Powershell (via cmd or directly)	System Summary	PowerShell Scripting
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Sigma detected: Suspicious Copy From or To System Directory	System Summary
Executes batch files	System Summary	Scripting
Sigma detected: Non Interactive PowerShell Process Spawned	System Summary
Spawns processes	System Summary	Process Injection

C:\Windows\System32\certutil.exe

certutil -f -decode astonishinglewdselective muddledfreedesert.ico

Details

Is windows:	true
Is dropped:	false
PID:	4416
Target ID:	6
Parent PID:	6684
Name:	certutil.exe
Class:	system-tools
Path:	C:\Windows\System32\certutil.exe
Commandline:	certutil -f -decode astonishinglewdselective muddledfreedesert.ico
Size:	1651712
MD5:	F17616EC0522FC5633151F7CAA278CAA
Time:	14:25:23
Date:	28/03/2024
Reason:	newprocess
Reputation:	moderate
Is admin:	false
Is elevated:	false
Modulebase:	0x7ff6e04c0000
Modulesize:	1683456
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell regsvr32 muddledfreedesert.ico

Details

Is windows:	true
Is dropped:	false
PID:	6680
Target ID:	7
Parent PID:	6684
Name:	powershell.exe
Class:	powershell
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Commandline:	powershell regsvr32 muddledfreedesert.ico
Size:	452608
MD5:	04029E121A0CFA5991749937DD22A1D9
Time:	14:25:24
Date:	28/03/2024
Reason:	newprocess
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x7ff788560000
Modulesize:	462848
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Powershell launch regsvr32	HIPS / PFW / Operating System Protection Evasion
Sigma detected: Potentially Suspicious PowerShell Child Processes	System Summary
Suspicious execution chain found	Software Vulnerabilities	Exploitation for Client Execution
Wscript starts Powershell (via cmd or directly)	System Summary	PowerShell Scripting
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Sigma detected: Scripting/CommandLine Process Spawned Regsvr32	System Summary
Sigma detected: Non Interactive PowerShell Process Spawned	System Summary
Spawns processes	System Summary	Process Injection

C:\Windows\System32\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" muddledfreedesert.ico

Details

Is windows:	true
Is dropped:	false
PID:	6372
Target ID:	8
Parent PID:	6680
Name:	regsvr32.exe
Class:	system-tools
Path:	C:\Windows\System32\regsvr32.exe
Commandline:	"C:\Windows\system32\regsvr32.exe" muddledfreedesert.ico
Size:	25088
MD5:	B0C2FA35D14A9FAD919E99D9D75E1B9E
Time:	14:25:25
Date:	28/03/2024
Reason:	newprocess
Reputation:	moderate
Is admin:	false
Is elevated:	false
Modulebase:	0x7ff60bfa0000
Modulesize:	45056
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Yara detected Strela Stealer	Stealing of Sensitive Information, Remote Access Functionality
Sigma detected: Potentially Suspicious PowerShell Child Processes	System Summary
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Sigma detected: Scripting/CommandLine Process Spawned Regsvr32	System Summary
Spawns processes	System Summary	Process Injection

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	6712
Target ID:	2
Parent PID:	6684
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	14:25:23
Date:	28/03/2024
Reason:	newprocess
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x7ff7699e0000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\System32\wbem\WMIC.exe

wmic path win32_operatingsystem get oslanguage

Details

Is windows:	true
Is dropped:	false
PID:	3808
Target ID:	3
Parent PID:	6684
Name:	WMIC.exe
Class:	system-tools
Path:	C:\Windows\System32\wbem\WMIC.exe
Commandline:	wmic path win32_operatingsystem get oslanguage
Size:	576000
MD5:	C37F2F4F4B3CD128BDABCAEB2266A785
Time:	14:25:23
Date:	28/03/2024
Reason:	newprocess
Reputation:	moderate
Is admin:	false
Is elevated:	false
Modulebase:	0x7ff782fb0000
Modulesize:	598016
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection

C:\Windows\System32\find.exe

find /i "1033"

Details

Is windows:	true
Is dropped:	false
PID:	6368
Target ID:	4
Parent PID:	6684
Name:	find.exe
Path:	C:\Windows\System32\find.exe
Commandline:	find /i "1033"
Size:	17920
MD5:	4BF76A28D31FC73AA9FC970B22D056AF
Time:	14:25:23
Date:	28/03/2024
Reason:	newprocess
Reputation:	moderate
Is admin:	false
Is elevated:	false
Modulebase:	0x7ff6022c0000
Modulesize:	36864
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection

C:\Windows\System32\findstr.exe

findstr /V flyutopianobedient ""C:\Users\user\\mindtrembleopen.bat""

Details

Is windows:	true
Is dropped:	false
PID:	5076
Target ID:	5
Parent PID:	6684
Name:	findstr.exe
Class:	system-tools
Path:	C:\Windows\System32\findstr.exe
Commandline:	findstr /V flyutopianobedient ""C:\Users\user\\mindtrembleopen.bat""
Size:	36352
MD5:	804A6AE28E88689E0CF1946A6CB3FEE5
Time:	14:25:23
Date:	28/03/2024
Reason:	newprocess
Reputation:	moderate
Is admin:	false
Is elevated:	false
Modulebase:	0x7ff795c50000
Modulesize:	94208
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

45.9.74.12/server.php

Details

Name:	45.9.74.12/server.php
TargetID:	0
From Memory:	false
Current Path:	C:\Windows\System32\wscript.exe
Source:	config extractor
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol

Registry

Path

Value

Malicious

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\wscript.exe

JScriptSetScriptStateStarted

Memdumps

Base Address

Regiontype

Protect

Malicious

7FFE1023E000

unkown

page read and write

2481000

direct allocation

page execute and read and write

15975565000

heap

page read and write

159736F8000

heap

page read and write

28FE2920000

heap

page read and write

15973B64000

heap

page read and write

15973CE1000

heap

page read and write

1B4DD950000

heap

page read and write

28FE48D4000

heap

page read and write

94D000

heap

page read and write

28FE4722000

heap

page read and write

6D13FF000

stack

page read and write

1597367C000

heap

page read and write

159735C0000

heap

page read and write

159736FD000

heap

page read and write

28FE294B000

heap

page read and write

159736FF000

heap

page read and write

1597371D000

heap

page read and write

1D24E9E0000

heap

page read and write

28FE48C3000

heap

page read and write

28FE4745000

heap

page read and write

7FFE1025D000

unkown

page readonly

28FE4724000

heap

page read and write

92C000

heap

page read and write

28FE4820000

heap

page read and write

28FE4725000

heap

page read and write

159736DA000

heap

page read and write

15975550000

heap

page read and write

15973600000

trusted library allocation

page read and write

C1A8CFE000

stack

page read and write

C1A86FE000

stack

page read and write

7FFE10230000

unkown

page readonly

159736B9000

heap

page read and write

28FE4A0C000

heap

page read and write

28FE2890000

heap

page read and write

15973CBC000

heap

page read and write

15973704000

heap

page read and write

7FFE1026A000

unkown

page readonly

15973B67000

heap

page read and write

15973CE1000

heap

page read and write

15973B50000

heap

page read and write

28FE4720000

heap

page read and write

1B4DD9A0000

heap

page read and write

1D24EA0C000

heap

page read and write

15973707000

heap

page read and write

15973704000

heap

page read and write

900000

heap

page read and write

28FE475E000

heap

page read and write

1B4DDAF3000

heap

page read and write

1D24EA00000

heap

page read and write

15973CBE000

heap

page read and write

C1A8AFE000

stack

page read and write

15973CC4000

heap

page read and write

15973701000

heap

page read and write

28FE4745000

heap

page read and write

7FFE1023D000

unkown

page write copy

C1A8BFE000

stack

page read and write

28FE48BB000

heap

page read and write

7FFE1025B000

unkown

page readonly

95C000

heap

page read and write

956000

heap

page read and write

96F000

heap

page read and write

15973630000

heap

page read and write

1597555F000

heap

page read and write

1597555E000

heap

page read and write

159736F4000

heap

page read and write

15973CDB000

heap

page read and write

28FE4821000

heap

page read and write

15973CDD000

heap

page read and write

28FE4736000

heap

page read and write

159736A9000

heap

page read and write

28FE4804000

heap

page read and write

6D1277000

stack

page read and write

28FE4742000

heap

page read and write

28FE4729000

heap

page read and write

28FE2CC0000

heap

page read and write

28FE2962000

heap

page read and write

15975565000

heap

page read and write

22BE000

stack

page read and write

15973B67000

heap

page read and write

1B4DD7E0000

heap

page read and write

28FE28B0000

heap

page read and write

15973CB8000

heap

page read and write

28FE472D000

heap

page read and write

1597371D000

heap

page read and write

6D137F000

stack

page read and write

28FE4723000

heap

page read and write

1B4DD9A9000

heap

page read and write

15973704000

heap

page read and write

1597370A000

heap

page read and write

159736B9000

heap

page read and write

28FE48FA000

heap

page read and write

904000

heap

page read and write

15973CC0000

heap

page read and write

28FE4724000

heap

page read and write

159736F8000

heap

page read and write

1597370A000

heap

page read and write

28FE475E000

heap

page read and write

1D24EA07000

heap

page read and write

8D0000

heap

page read and write

15973704000

heap

page read and write

28FE475E000

heap

page read and write

28FE2CC5000

heap

page read and write

15973670000

heap

page read and write

2360000

heap

page read and write

28FE48FB000

heap

page read and write

C1A8FFB000

stack

page read and write

15973CE4000

heap

page read and write

28FE294C000

heap

page read and write

15973674000

heap

page read and write

159736F0000

heap

page read and write

2320000

heap

page read and write

15973CD8000

heap

page read and write

1597555F000

heap

page read and write

28FE4722000

heap

page read and write

15973704000

heap

page read and write

28FE4726000

heap

page read and write

28FE2A16000

heap

page read and write

96D000

heap

page read and write

1D24EC94000

heap

page read and write

15973712000

heap

page read and write

95C000

heap

page read and write

30C067C000

stack

page read and write

28FE48D4000

heap

page read and write

579000

stack

page read and write

28FE4921000

heap

page read and write

28FE2A0C000

heap

page read and write

28FE43D0000

heap

page read and write

15973707000

heap

page read and write

28FE29FD000

heap

page read and write

28FE474A000

heap

page read and write

7FD1D2F000

stack

page read and write

15973B60000

heap

page read and write

249F000

direct allocation

page execute and read and write

15973B6A000

heap

page read and write

159736F4000

heap

page read and write

15973600000

trusted library allocation

page read and write

1597555F000

heap

page read and write

7FD1CAC000

stack

page read and write

15973CD8000

heap

page read and write

15973B63000

heap

page read and write

15973600000

trusted library allocation

page read and write

28FE2A1A000

heap

page read and write

28FE4A0C000

heap

page read and write

28FE4745000

heap

page read and write

28FE29FD000

heap

page read and write

15973CC1000

heap

page read and write

15973715000

heap

page read and write

15973707000

heap

page read and write

7FFE10266000

unkown

page readonly

30C06FF000

stack

page read and write

2363000

heap

page read and write

15973B6A000

heap

page read and write

15975565000

heap

page read and write

96D000

heap

page read and write

15973B6E000

heap

page read and write

159735E0000

heap

page read and write

15973718000

heap

page read and write

15973CC7000

heap

page read and write

5C0000

heap

page read and write

28FE4731000

heap

page read and write

15975555000

heap

page read and write

5D0000

heap

page read and write

1597370A000

heap

page read and write

1B4DDB70000

heap

page read and write

15973B6B000

heap

page read and write

15975553000

heap

page read and write

1D24EC90000

heap

page read and write

1D24E900000

heap

page read and write

15973B6A000

heap

page read and write

15973CB7000

heap

page read and write

6D14FF000

stack

page read and write

1B4DDB74000

heap

page read and write

956000

heap

page read and write

159736F8000

heap

page read and write

1B4DF710000

heap

page read and write

C1A87FD000

stack

page read and write

15973CD8000

heap

page read and write

28FE4729000

heap

page read and write

15973712000

heap

page read and write

15973CBC000

heap

page read and write

15973CE1000

heap

page read and write

28FE2A14000

heap

page read and write

15973CB0000

heap

page read and write

15973716000

heap

page read and write

C1A84FA000

stack

page read and write

7FFE10261000

unkown

page read and write

15975554000

heap

page read and write

C1A8DFE000

stack

page read and write

159736F4000

heap

page read and write

28FE2880000

heap

page read and write

28FE4920000

heap

page read and write

7FFE10264000

unkown

page readonly

28FE2A1B000

heap

page read and write

28FE475A000

heap

page read and write

28FE2A0C000

heap

page read and write

1597555F000

heap

page read and write

15973705000

heap

page read and write

972000

heap

page read and write

28FE475E000

heap

page read and write

C1A89FF000

stack

page read and write

159736A0000

heap

page read and write

15975557000

heap

page read and write

159736D7000

heap

page read and write

1597370C000

heap

page read and write

15973CD9000

heap

page read and write

159736B4000

heap

page read and write

920000

heap

page read and write

7FFE10231000

unkown

page execute read

94D000

heap

page read and write

15975551000

heap

page read and write

159736F8000

heap

page read and write

15975565000

heap

page read and write

1597370F000

heap

page read and write

1B4DDAF0000

heap

page read and write

6D147F000

stack

page read and write

1B4DD8F0000

heap

page read and write

952000

heap

page read and write

28FE48C4000

heap

page read and write

159736D6000

heap

page read and write

15975566000

heap

page read and write

6D12FF000

stack

page read and write

1D24EB00000

heap

page read and write

15973600000

trusted library allocation

page read and write

159736F8000

heap

page read and write

15973709000

heap

page read and write

95D000

heap

page read and write

15973B6E000

heap

page read and write

28FE48D4000

heap

page read and write

15973B65000

heap

page read and write

C1A85FE000

stack

page read and write

159734E0000

heap

page read and write

28FE4803000

heap

page read and write

28FE475E000

heap

page read and write

28FE4724000

heap

page read and write

1B4DD8C0000

heap

page read and write

223E000

stack

page read and write

15973B62000

heap

page read and write

28FE4805000

heap

page read and write

28FE4724000

heap

page read and write

15973CE9000

heap

page read and write

30C077D000

stack

page read and write

97A000

heap

page read and write

28FE2A0C000

heap

page read and write

159736F4000

heap

page read and write

15973712000

heap

page read and write

7FD1DAF000

stack

page read and write

15973CD8000

heap

page read and write

7FFE1023C000

unkown

page read and write

15973704000

heap

page read and write

159736D8000

heap

page read and write

15973CC4000

heap

page read and write

There are 242 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
1239840531439025921.js

Files

Processes

URLs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report1239840531439025921.js

Files

Processes

URLs

Registry

Memdumps

IOC Report
1239840531439025921.js