Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

file.js

ASCII text, with very long lines (3189), with CRLF line terminators

initial sample

Details

Filetype:	ASCII text, with very long lines (3189), with CRLF line terminators
Entropy:	5.79551228137475
Filename:	file.js
Filesize:	321034
MD5:	2ecfb5962169fd0cd5481a5bdfa56bba
SHA1:	9e97ed9944bc0442554b423009f1b4950811a4fc
SHA256:	b50491831cb3674fcdb34933ad61d233ac2cc275ac396d00f7257f9bc0328a97
SHA512:	4ff559da10ff93d72f0207178f2da7804aff4a8470652630c43c106283280140329fcd14a567ec11482aa248e3f7ceb775de762fbff1b2c1fe368bd5bab7fddf
SSDEEP:	6144:4MJG53b6/eR6+9RtBBg6G/MsfYrxdmQuPrPU+7:4M053bvRDDBBg6NCPF
Preview:	/* joyousintroducebreezy..set joyousintroducebreezyadmirekindheartediron=r..set joyousintroducebreezyold-fashionedfewuse=c..set joyousintroducebreezyairportfascinatedaddicted=e..set joyousintroducebreezyphobicbalancehappy=w..set joyousintroducebreezyfeebl

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Java / VBScript file with very long strings (likely obfuscated code)	System Summary
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery
Sample is known by Antivirus	System Summary

C:\Users\user\childlikeclearintroduce.ico

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

Details

File:	C:\Users\user\childlikeclearintroduce.ico
Category:	dropped
Dump:	childlikeclearintroduce.ico.6.dr
ID:	dr_3
Target ID:	6
Process:	C:\Windows\System32\certutil.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	7.137051421026175
Encrypted:	false
Ssdeep:	3072:GYT7l9iCrI+6+I3S79OqjdDRMgMHT3QyHN5VPTsLc5nwS0tgeAxEvS09Mb3XXz7C:GYuZlc9dBhi7sLc5n50tgruv/CjXX/UB
Size:	217854
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files to the user root directory	Boot Survival	Masquerading
Drops PE files	Persistence and Installation Behavior
Drops PE files to the user directory	Persistence and Installation Behavior	Masquerading
Drops files with a non-matching file extension (content does not match file extension)	Persistence and Installation Behavior	Masquerading

C:\Users\user\stiffrelievedawesome.bat

ASCII text, with very long lines (3189), with CRLF line terminators

dropped

Details

File:	C:\Users\user\stiffrelievedawesome.bat
Category:	dropped
Dump:	stiffrelievedawesome.bat.1.dr
ID:	dr_1
Target ID:	1
Process:	C:\Windows\System32\cmd.exe
Type:	ASCII text, with very long lines (3189), with CRLF line terminators
Entropy:	5.79551228137475
Encrypted:	false
Ssdeep:	6144:4MJG53b6/eR6+9RtBBg6G/MsfYrxdmQuPrPU+7:4M053bvRDDBBg6NCPF
Size:	321034
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Yara detected EXE embedded in BAT file	Data Obfuscation
Creates files inside the user directory	System Summary	Masquerading

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

data

dropped

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Category:	dropped
Dump:	StartupProfileData-NonInteractive.7.dr
ID:	dr_6
Target ID:	7
Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Type:	data
Entropy:	0.7307872139132228
Encrypted:	false
Ssdeep:	3:NlllulF/lll:NllUF/ll
Size:	64
Whitelisted:	false
Reputation:	low

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gw4xkmxd.b3h.ps1

ASCII text, with no line terminators

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gw4xkmxd.b3h.ps1
Category:	dropped
Dump:	__PSScriptPolicyTest_gw4xkmxd.b3h.ps1.7.dr
ID:	dr_4
Target ID:	7
Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Type:	ASCII text, with no line terminators
Entropy:	4.038920595031593
Encrypted:	false
Ssdeep:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
Size:	60
Whitelisted:	false
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Creates temporary files	System Summary

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jyezsyz1.ev4.psm1

ASCII text, with no line terminators

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jyezsyz1.ev4.psm1
Category:	dropped
Dump:	__PSScriptPolicyTest_jyezsyz1.ev4.psm1.7.dr
ID:	dr_5
Target ID:	7
Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Type:	ASCII text, with no line terminators
Entropy:	4.038920595031593
Encrypted:	false
Ssdeep:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
Size:	60
Whitelisted:	false
Reputation:	timeout

C:\Users\user\deepdidacticfour

ASCII text, with very long lines (3189), with CRLF line terminators

modified

Details

File:	C:\Users\user\deepdidacticfour
Category:	modified
Dump:	deepdidacticfour.1.dr
ID:	dr_2
Target ID:	1
Process:	C:\Windows\System32\cmd.exe
Type:	ASCII text, with very long lines (3189), with CRLF line terminators
Entropy:	5.650621834731874
Encrypted:	false
Ssdeep:	6144:pMJG53b6/eR6+9RtBBg6G/MsfYrxdmQuU:pM053bvRDDBBg6N/
Size:	290656
Whitelisted:	false
Reputation:	timeout

C:\Users\user\stiffrelievedawesome.bat:Zone.Identifier

ASCII text, with CRLF line terminators

modified

Details

File:	C:\Users\user\stiffrelievedawesome.bat:Zone.Identifier
Category:	modified
Dump:	stiffrelievedawesome.bat_Zone.Identifier.1.dr
ID:	dr_0
Target ID:	1
Process:	C:\Windows\System32\cmd.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	3.95006375643621
Encrypted:	false
Ssdeep:	3:ggPYV:rPYV
Size:	26
Whitelisted:	false
Reputation:	timeout

Processes

Path

Cmdline

Malicious

C:\Windows\System32\wscript.exe

C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\file.js"

Details

Is windows:	true
Is dropped:	false
PID:	6736
Target ID:	0
Parent PID:	2580
Name:	wscript.exe
Class:	wscript
Path:	C:\Windows\System32\wscript.exe
Commandline:	C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\file.js"
Size:	170496
MD5:	A47CBE969EA935BDD3AB568BB126BC80
Time:	17:39:55
Date:	28/03/2024
Reason:	newprocess
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x7ff70e8b0000
Modulesize:	184320
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: WScript or CScript Dropper	System Summary
Sigma detected: Suspicious Copy From or To System Directory	System Summary
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript	System Summary
Spawns processes	System Summary	Process Injection

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k copy "C:\Users\user\Desktop\file.js" "C:\Users\user\\stiffrelievedawesome.bat" && "C:\Users\user\\stiffrelievedawesome.bat"

Details

Is windows:	true
Is dropped:	false
PID:	6908
Target ID:	1
Parent PID:	6736
Name:	cmd.exe
Class:	cmd
Path:	C:\Windows\System32\cmd.exe
Commandline:	"C:\Windows\System32\cmd.exe" /k copy "C:\Users\user\Desktop\file.js" "C:\Users\user\\stiffrelievedawesome.bat" && "C:\Users\user\\stiffrelievedawesome.bat"
Size:	289792
MD5:	8A2122E8162DBEF04694B9C3E0B6CDEE
Time:	17:39:56
Date:	28/03/2024
Reason:	newprocess
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x7ff686460000
Modulesize:	421888
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Powershell launch regsvr32	HIPS / PFW / Operating System Protection Evasion
Wscript starts Powershell (via cmd or directly)	System Summary	PowerShell Scripting
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Sigma detected: Suspicious Copy From or To System Directory	System Summary
Executes batch files	System Summary	Scripting
Sigma detected: Non Interactive PowerShell Process Spawned	System Summary
Spawns processes	System Summary	Process Injection

C:\Windows\System32\certutil.exe

certutil -f -decode deepdidacticfour childlikeclearintroduce.ico

Details

Is windows:	true
Is dropped:	false
PID:	6180
Target ID:	6
Parent PID:	6908
Name:	certutil.exe
Class:	system-tools
Path:	C:\Windows\System32\certutil.exe
Commandline:	certutil -f -decode deepdidacticfour childlikeclearintroduce.ico
Size:	1651712
MD5:	F17616EC0522FC5633151F7CAA278CAA
Time:	17:39:57
Date:	28/03/2024
Reason:	newprocess
Reputation:	moderate
Is admin:	false
Is elevated:	false
Modulebase:	0x7ff6010d0000
Modulesize:	1683456
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell regsvr32 childlikeclearintroduce.ico

Details

Is windows:	true
Is dropped:	false
PID:	5500
Target ID:	7
Parent PID:	6908
Name:	powershell.exe
Class:	powershell
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Commandline:	powershell regsvr32 childlikeclearintroduce.ico
Size:	452608
MD5:	04029E121A0CFA5991749937DD22A1D9
Time:	17:39:57
Date:	28/03/2024
Reason:	newprocess
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x7ff788560000
Modulesize:	462848
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Powershell launch regsvr32	HIPS / PFW / Operating System Protection Evasion
Sigma detected: Potentially Suspicious PowerShell Child Processes	System Summary
Suspicious execution chain found	Software Vulnerabilities	Exploitation for Client Execution
Wscript starts Powershell (via cmd or directly)	System Summary	PowerShell Scripting
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Sigma detected: Scripting/CommandLine Process Spawned Regsvr32	System Summary
Sigma detected: Non Interactive PowerShell Process Spawned	System Summary
Spawns processes	System Summary	Process Injection

C:\Windows\System32\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" childlikeclearintroduce.ico

Details

Is windows:	true
Is dropped:	false
PID:	5460
Target ID:	8
Parent PID:	5500
Name:	regsvr32.exe
Class:	system-tools
Path:	C:\Windows\System32\regsvr32.exe
Commandline:	"C:\Windows\system32\regsvr32.exe" childlikeclearintroduce.ico
Size:	25088
MD5:	B0C2FA35D14A9FAD919E99D9D75E1B9E
Time:	17:39:58
Date:	28/03/2024
Reason:	newprocess
Reputation:	moderate
Is admin:	false
Is elevated:	false
Modulebase:	0x7ff7e9710000
Modulesize:	45056
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Yara detected Strela Stealer	Stealing of Sensitive Information, Remote Access Functionality
Sigma detected: Potentially Suspicious PowerShell Child Processes	System Summary
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Sigma detected: Scripting/CommandLine Process Spawned Regsvr32	System Summary
Spawns processes	System Summary	Process Injection

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	6924
Target ID:	2
Parent PID:	6908
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	17:39:56
Date:	28/03/2024
Reason:	newprocess
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x7ff7699e0000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\System32\wbem\WMIC.exe

wmic path win32_operatingsystem get oslanguage

Details

Is windows:	true
Is dropped:	false
PID:	7080
Target ID:	3
Parent PID:	6908
Name:	WMIC.exe
Class:	system-tools
Path:	C:\Windows\System32\wbem\WMIC.exe
Commandline:	wmic path win32_operatingsystem get oslanguage
Size:	576000
MD5:	C37F2F4F4B3CD128BDABCAEB2266A785
Time:	17:39:56
Date:	28/03/2024
Reason:	newprocess
Reputation:	moderate
Is admin:	false
Is elevated:	false
Modulebase:	0x7ff662070000
Modulesize:	598016
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection

C:\Windows\System32\find.exe

find /i "1033"

Details

Is windows:	true
Is dropped:	false
PID:	7084
Target ID:	4
Parent PID:	6908
Name:	find.exe
Path:	C:\Windows\System32\find.exe
Commandline:	find /i "1033"
Size:	17920
MD5:	4BF76A28D31FC73AA9FC970B22D056AF
Time:	17:39:56
Date:	28/03/2024
Reason:	newprocess
Reputation:	moderate
Is admin:	false
Is elevated:	false
Modulebase:	0x7ff777b90000
Modulesize:	36864
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection

C:\Windows\System32\findstr.exe

findstr /V joyousintroducebreezy ""C:\Users\user\\stiffrelievedawesome.bat""

Details

Is windows:	true
Is dropped:	false
PID:	7156
Target ID:	5
Parent PID:	6908
Name:	findstr.exe
Class:	system-tools
Path:	C:\Windows\System32\findstr.exe
Commandline:	findstr /V joyousintroducebreezy ""C:\Users\user\\stiffrelievedawesome.bat""
Size:	36352
MD5:	804A6AE28E88689E0CF1946A6CB3FEE5
Time:	17:39:57
Date:	28/03/2024
Reason:	newprocess
Reputation:	moderate
Is admin:	false
Is elevated:	false
Modulebase:	0x7ff7a05d0000
Modulesize:	94208
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

45.9.74.12/server.php

Details

Name:	45.9.74.12/server.php
TargetID:	0
From Memory:	false
Current Path:	C:\Windows\System32\wscript.exe
Source:	config extractor
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol

Registry

Path

Value

Malicious

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\wscript.exe

JScriptSetScriptStateStarted

Memdumps

Base Address

Regiontype

Protect

Malicious

7FFE1023E000

unkown

page read and write

2B81000

direct allocation

page execute and read and write

1AC17110000

heap

page read and write

20D2AA6A000

heap

page read and write

81E517E000

stack

page read and write

2360B934000

heap

page read and write

20D2AA76000

heap

page read and write

20D2A2E5000

heap

page read and write

7A283FF000

stack

page read and write

116C000

heap

page read and write

20D2A328000

heap

page read and write

23609B30000

heap

page read and write

2360B932000

heap

page read and write

7AAE6FE000

stack

page read and write

B46A97E000

stack

page read and write

20D2C2EE000

heap

page read and write

20D2A280000

heap

page read and write

10D0000

heap

page read and write

2360B95A000

heap

page read and write

20D2AA3A000

heap

page read and write

B46A87D000

stack

page read and write

7AAE9FE000

stack

page read and write

D79000

stack

page read and write

20D2C2F5000

heap

page read and write

7AAECFF000

stack

page read and write

7FFE10266000

unkown

page readonly

2360B96E000

heap

page read and write

20D2AA5D000

heap

page read and write

20D2A260000

heap

page read and write

20D2AA54000

heap

page read and write

2360B946000

heap

page read and write

2B9F000

direct allocation

page execute and read and write

20D2C2EE000

heap

page read and write

20D2AA69000

heap

page read and write

20D2AA3E000

heap

page read and write

1F228617000

heap

page read and write

20D2A34C000

heap

page read and write

2360BA31000

heap

page read and write

1F22861D000

heap

page read and write

20D2A2D0000

heap

page read and write

7AAEBFE000

stack

page read and write

20D2AA79000

heap

page read and write

20D2AA6C000

heap

page read and write

2360B952000

heap

page read and write

7AAE36A000

stack

page read and write

20D2AA4E000

heap

page read and write

20D2C2EE000

heap

page read and write

20D2A34B000

heap

page read and write

20D2A328000

heap

page read and write

1AC170F0000

heap

page read and write

1F22A340000

heap

page read and write

7FFE10231000

unkown

page execute read

1F228648000

heap

page read and write

81E50FE000

stack

page read and write

20D2A308000

heap

page read and write

23609C92000

heap

page read and write

1AC170E0000

heap

page read and write

1AC1717C000

heap

page read and write

B46A9FF000

stack

page read and write

1F22A680000

heap

page read and write

20D2AA72000

heap

page read and write

20D2AA30000

heap

page read and write

B46A5C7000

stack

page read and write

23609C7D000

heap

page read and write

1F22A4F0000

heap

page read and write

1160000

heap

page read and write

20D2A510000

heap

page read and write

11BB000

heap

page read and write

20D2A33B000

heap

page read and write

2360BADD000

heap

page read and write

12F0000

heap

page read and write

20D2A2EA000

heap

page read and write

7AAEAFE000

stack

page read and write

20D2A33D000

heap

page read and write

2360B955000

heap

page read and write

20D2AA48000

heap

page read and write

20D2A306000

heap

page read and write

20D2AA4C000

heap

page read and write

7FFE1026A000

unkown

page readonly

20D2A347000

heap

page read and write

20D2A33F000

heap

page read and write

81E507C000

stack

page read and write

20D2AA3E000

heap

page read and write

20D2A2A0000

trusted library allocation

page read and write

20D2A328000

heap

page read and write

20D2A328000

heap

page read and write

23609D50000

heap

page read and write

20D2A51C000

heap

page read and write

20D2C2EE000

heap

page read and write

1AC17170000

heap

page read and write

2360BAE5000

heap

page read and write

20D2A2EA000

heap

page read and write

1F228820000

heap

page read and write

20D2AA73000

heap

page read and write

119E000

heap

page read and write

20D2AA5D000

heap

page read and write

23609CE0000

heap

page read and write

20D2AA58000

heap

page read and write

20D2A314000

heap

page read and write

2360BC1E000

heap

page read and write

B46AA7F000

stack

page read and write

20D2A32F000

heap

page read and write

2B73000

heap

page read and write

1AC173D0000

heap

page read and write

20D2C2E7000

heap

page read and write

11AC000

heap

page read and write

119C000

heap

page read and write

20D2A325000

heap

page read and write

20D2A328000

heap

page read and write

20D2A4A0000

heap

page read and write

20D2AA69000

heap

page read and write

23609C98000

heap

page read and write

20D2A328000

heap

page read and write

20D2A347000

heap

page read and write

20D2A347000

heap

page read and write

DC0000

heap

page read and write

2360BADD000

heap

page read and write

20D2AA37000

heap

page read and write

118E000

heap

page read and write

1AC17178000

heap

page read and write

23609BC9000

heap

page read and write

119C000

heap

page read and write

2360BADF000

heap

page read and write

2360BACC000

heap

page read and write

2360B934000

heap

page read and write

20D2C2E0000

heap

page read and write

20D2A4A0000

trusted library allocation

page read and write

20D2A514000

heap

page read and write

7AAF0FB000

stack

page read and write

81E51FD000

stack

page read and write

20D2A323000

heap

page read and write

20D2A346000

heap

page read and write

23609BC8000

heap

page read and write

2360BB30000

heap

page read and write

20D2AA5D000

heap

page read and write

11AC000

heap

page read and write

7FFE1023D000

unkown

page write copy

20D2A321000

heap

page read and write

7FFE10261000

unkown

page read and write

20D2A343000

heap

page read and write

20D2AA69000

heap

page read and write

DD0000

heap

page read and write

20D2AA40000

heap

page read and write

20D2C2F5000

heap

page read and write

23609C7D000

heap

page read and write

20D2AA3B000

heap

page read and write

20D2A33B000

heap

page read and write

2360B939000

heap

page read and write

23609A50000

heap

page read and write

20D2A34A000

heap

page read and write

2360BA30000

heap

page read and write

20D2AA47000

heap

page read and write

23609BA0000

heap

page read and write

2B70000

heap

page read and write

20D2A325000

heap

page read and write

7FFE1025D000

unkown

page readonly

2360B939000

heap

page read and write

20D2A325000

heap

page read and write

20D2A351000

heap

page read and write

2360B96A000

heap

page read and write

20D2AA32000

heap

page read and write

7A286FF000

stack

page read and write

20D2A330000

heap

page read and write

20D2AA69000

heap

page read and write

2360B93D000

heap

page read and write

2360B941000

heap

page read and write

20D2A325000

heap

page read and write

1196000

heap

page read and write

20D2A2E1000

heap

page read and write

7A2867F000

stack

page read and write

20D2C2E1000

heap

page read and write

7AAE7FF000

stack

page read and write

1314000

heap

page read and write

20D2AA5D000

heap

page read and write

20D2AA35000

heap

page read and write

20D2A4A0000

trusted library allocation

page read and write

20D2A33E000

heap

page read and write

20D2AA3A000

heap

page read and write

1310000

heap

page read and write

1F22868E000

heap

page read and write

20D2AA69000

heap

page read and write

20D2A33E000

heap

page read and write

11BB000

heap

page read and write

20D2AA76000

heap

page read and write

20D2AA33000

heap

page read and write

2360B933000

heap

page read and write

20D2A347000

heap

page read and write

20D2AA51000

heap

page read and write

20D2A343000

heap

page read and write

2360B96E000

heap

page read and write

20D2AA5D000

heap

page read and write

7A2837C000

stack

page read and write

1F22A4F3000

heap

page read and write

20D2A351000

heap

page read and write

1F228610000

heap

page read and write

20D2A2D8000

heap

page read and write

1196000

heap

page read and write

2360BB31000

heap

page read and write

1AC173D4000

heap

page read and write

7FFE1023C000

unkown

page read and write

20D2AA5D000

heap

page read and write

11AE000

heap

page read and write

1F2287E0000

heap

page read and write

2360B96E000

heap

page read and write

23609B50000

heap

page read and write

20D2C2F5000

heap

page read and write

23609BE1000

heap

page read and write

2360BB0C000

heap

page read and write

12DE000

stack

page read and write

20D2A250000

heap

page read and write

20D2A343000

heap

page read and write

20D2A320000

heap

page read and write

7AAEEFD000

stack

page read and write

2360B96E000

heap

page read and write

2360BADF000

heap

page read and write

11BB000

heap

page read and write

20D2AA37000

heap

page read and write

1F2285D0000

heap

page read and write

20D2AA10000

heap

page read and write

2360B930000

heap

page read and write

20D2AA50000

heap

page read and write

20D2AA73000

heap

page read and write

2360BB0D000

heap

page read and write

7FFE1025B000

unkown

page readonly

20D2AA55000

heap

page read and write

2360BAE5000

heap

page read and write

20D2AA69000

heap

page read and write

2360B96E000

heap

page read and write

20D2C2E5000

heap

page read and write

20D2AA4C000

heap

page read and write

23609C95000

heap

page read and write

23609C99000

heap

page read and write

2360B955000

heap

page read and write

1F228824000

heap

page read and write

20D2A30A000

heap

page read and write

118E000

heap

page read and write

20D2A307000

heap

page read and write

20D2AA52000

heap

page read and write

B46A8FE000

stack

page read and write

20D2AA54000

heap

page read and write

20D2AA34000

heap

page read and write

23609BA8000

heap

page read and write

7AAEDFE000

stack

page read and write

20D2A325000

heap

page read and write

7FFE10264000

unkown

page readonly

23609D55000

heap

page read and write

20D2A325000

heap

page read and write

11BA000

heap

page read and write

20D2AA3A000

heap

page read and write

7FFE10230000

unkown

page readonly

2B3F000

stack

page read and write

20D2AA72000

heap

page read and write

20D2C2E3000

heap

page read and write

20D2A2A0000

trusted library allocation

page read and write

2360BC1E000

heap

page read and write

11B3000

heap

page read and write

20D2A313000

heap

page read and write

1F2285E0000

heap

page read and write

2360B955000

heap

page read and write

There are 249 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
file.js

Files

Processes

URLs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportfile.js

Files

Processes

URLs

Registry

Memdumps

IOC Report
file.js