Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\unpacked_1648556.bin.exe

"C:\Users\user\Desktop\unpacked_1648556.bin.exe"

Details

Is windows:	false
Is dropped:	false
PID:	420
Target ID:	0
Parent PID:	4004
Name:	unpacked_1648556.bin.exe
Path:	C:\Users\user\Desktop\unpacked_1648556.bin.exe
Commandline:	"C:\Users\user\Desktop\unpacked_1648556.bin.exe"
Size:	13102
MD5:	95E35564ED41B3EEB4DB220BAEC91C41
Time:	17:16:48
Date:	28/03/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	20480
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Yara detected IcedID	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Machine Learning detection for sample	AV Detection
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary

URLs

Name

Malicious

https://cowspidzu.pro/

unknown

https://muratinue.com/photo.png?id=01B677C698EC38846700FF0000000000000000

unknown

https://muratinue.com/photo.png?id=01B677C698EC38846700FF0000000000000000%

unknown

https://bladisuka.red/photo.png?id=01B677C698EC38846700FF0000000000000000

unknown

https://certifacto.com/R

unknown

https://cowspidzu.pro/photo.png?id=01B677C698EC38846700FF0000000000000000l

unknown

https://certifacto.com/

unknown

https://cowspidzu.pro/photo.png?id=01B677C698EC38846700FF0000000000000000&

unknown

https://bladisuka.red/R

unknown

https://bladisuka.red/photo.png?id=01B677C698EC38846700FF0000000000000000%

unknown

https://certifacto.com/photo.png?id=01B677C698EC38846700FF0000000000000000XHM

unknown

https://muratinue.com/R

unknown

https://certifacto.com/photo.png?id=01B677C698EC38846700FF0000000000000000

unknown

https://muratinue.com/photo.png?id=01B677C698EC38846700FF000000000000000044U3h

unknown

https://bladisuka.red/photo.png?id=01B677C698EC38846700FF0000000000000000=

unknown

https://muratinue.com/

unknown

https://muratinue.com/photo.png?id=01B677C698EC38846700FF0000000000000000xGM

unknown

https://bladisuka.red/

unknown

https://cowspidzu.pro/photo.png?id=01B677C698EC38846700FF0000000000000000

unknown

There are 9 hidden URLs, click here to show them.

Domains

Name

Malicious

certifacto.com

unknown

Details

Name:	certifacto.com
TargetID:	-1

Signature Hits	Behavior Group	Mitre Attack
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)	Networking
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

muratinue.com

unknown

cowspidzu.pro

unknown

bladisuka.red

unknown

Memdumps

Base Address

Regiontype

Protect

Malicious

401000

unkown

page execute read

401000

unkown

page execute read

400000

unkown

page readonly

4E3000

heap

page read and write

4F4000

heap

page read and write

28B0000

remote allocation

page read and write

289F000

stack

page read and write

4DE000

heap

page read and write

4DE000

heap

page read and write

4F4000

heap

page read and write

4B8000

heap

page read and write

4B8000

heap

page read and write

4CA000

heap

page read and write

4F7000

heap

page read and write

4B2000

heap

page read and write

402000

unkown

page readonly

480000

heap

page read and write

28FE000

stack

page read and write

4E3000

heap

page read and write

28B0000

remote allocation

page read and write

4CC000

heap

page read and write

4CA000

heap

page read and write

4E3000

heap

page read and write

4DE000

heap

page read and write

4CC000

heap

page read and write

48A000

heap

page read and write

4F4000

heap

page read and write

48E000

heap

page read and write

4DE000

heap

page read and write

4F7000

heap

page read and write

19D000

stack

page read and write

4DE000

heap

page read and write

4CD000

heap

page read and write

279E000

stack

page read and write

4F5000

heap

page read and write

251E000

stack

page read and write

4F7000

heap

page read and write

4BE000

heap

page read and write

4F5000

heap

page read and write

265E000

stack

page read and write

9DD000

stack

page read and write

4BE000

heap

page read and write

29FE000

stack

page read and write

420000

heap

page read and write

8DE000

stack

page read and write

4CA000

heap

page read and write

261E000

stack

page read and write

4E3000

heap

page read and write

9F0000

heap

page read and write

4F4000

heap

page read and write

1F0000

heap

page read and write

404000

unkown

page readonly

28B0000

remote allocation

page read and write

4CA000

heap

page read and write

4DE000

heap

page read and write

403000

unkown

page read and write

4DE000

heap

page read and write

404000

unkown

page readonly

4E3000

heap

page read and write

4E3000

heap

page read and write

4F5000

heap

page read and write

4E3000

heap

page read and write

4B2000

heap

page read and write

4B8000

heap

page read and write

4B2000

heap

page read and write

4F4000

heap

page read and write

275F000

stack

page read and write

402000

unkown

page readonly

403000

unkown

page write copy

410000

heap

page read and write

4CA000

heap

page read and write

9C000

stack

page read and write

400000

unkown

page readonly

There are 63 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
unpacked_1648556.bin.exe

Processes

URLs

Domains

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportunpacked_1648556.bin.exe

Processes

URLs

Domains

Memdumps

IOC Report
unpacked_1648556.bin.exe