Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

SecuriteInfo.com.Win32.PWSX-gen.11526.16693.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

initial sample

Details

Filetype:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	7.85836503042733
Filename:	SecuriteInfo.com.Win32.PWSX-gen.11526.16693.exe
Filesize:	718344
MD5:	426e109b0b6192c42ce6b9746006bc92
SHA1:	870b442fd71f37b4f68e0d72cb0ac7211b0a27d5
SHA256:	5a2666c6e1d72ae675ade0ecbc29228224b3c631151019891e6f07ec7f5aefe8
SHA512:	cd029dd6cda8cfaa2ba791db22032b4b4477f38b9d0a6dbde6f6e711515bff52faeb96334c03898129c7ed677f781a25088354ea107e68875f6e26ce0b989f36
SSDEEP:	12288:R4LK1kcsw5+xVbTkWoV5wthfXMoj7XnK4nGZFNSvTIxhAGpCi1ycMtJGUDNkR:yikcsw5cV/8wPp/XK4O/J0GAi23GaQ
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f..............0..@...`......vQ... ...`....@.. ... ....................... ........@................................

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Malicious sample detected (through community Yara rule)	System Summary
Multi AV Scanner detection for submitted file	AV Detection
.NET source code contains method to dynamically call methods (often used by packers)	Data Obfuscation
.NET source code contains potential unpacker	Data Obfuscation	Software Packing
Contains functionality to log keystrokes (.Net Source)	Key, Mouse, Clipboard, Microphone and Screen Capturing
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion
Installs a global keyboard hook	Key, Mouse, Clipboard, Microphone and Screen Capturing	Input Capture
Machine Learning detection for sample	AV Detection
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)	Malware Analysis System Evasion	Security Software Discovery
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)	Stealing of Sensitive Information	Credentials in Registry
Tries to harvest and steal browser information (history, passwords, etc)	Stealing of Sensitive Information	OS Credential Dumping Data from Local System
Tries to steal Mail credentials (via file / registry access)	Stealing of Sensitive Information	Email Collection
Allocates memory with a write watch (potentially for evading sandboxes)	Malware Analysis System Evasion
Contains long sleeps (>= 3 min)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a window with clipboard capturing capabilities	Key, Mouse, Clipboard, Microphone and Screen Capturing	Clipboard Data
Detected potential crypto function	System Summary	Archive Collected Data Encrypted Channel
Enables debug privileges	Anti Debugging
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)	Malware Analysis System Evasion
May sleep (evasive loops) to hinder dynamic analysis	Malware Analysis System Evasion
PE / OLE file has an invalid certificate	System Summary
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)	Malware Analysis System Evasion
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection
Sample file is different than original file name gathered from version info	System Summary
Tries to load missing DLLs	System Summary	DLL Side-Loading
Uses 32bit PE files	Compliance, System Summary	Masquerading
Uses code obfuscation techniques (call, push, ret)	Data Obfuscation	Obfuscated Files or Information
Yara signature match	System Summary
Binary may include packed or encrypted code	Data Obfuscation
PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3)	System Summary
.NET source code contains calls to encryption/decryption functions	System Summary	Disable or Modify Tools Deobfuscate/Decode Files or Information
.NET source code contains many API calls related to security	System Summary	Disable or Modify Tools
.NET source code contains many randomly named methods	Data Obfuscation	Disable or Modify Tools
.NET source code contains methods with suspicious names	System Summary	Disable or Modify Tools
Contains medium sleeps (>= 30s)	Malware Analysis System Evasion
Creates files inside the user directory	System Summary	Masquerading
Creates guard pages, often used to prevent reverse engineering and debugging	Anti Debugging	Disable or Modify Tools
Creates mutexes	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Queries a list of all running processes	Malware Analysis System Evasion	Process Discovery
Queries process information (via WMI, Win32_Process)	System Summary	Windows Management Instrumentation System Information Discovery
Queries the cryptographic machine GUID	Language, Device and Operating System Detection
Reads ini files	System Summary	File and Directory Discovery
Reads software policies	System Summary
Sample is known by Antivirus	System Summary
URLs found in memory or binary data	Networking
Uses an in-process (OLE) Automation server	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
Checks if Microsoft Office is installed	System Summary
PE file contains a COM descriptor data directory	System Summary
Uses Microsoft Silverlight	System Summary

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.PWSX-gen.11526.16693.exe.log

ASCII text, with CRLF line terminators

dropped

Details

File:	C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.PWSX-gen.11526.16693.exe.log
Category:	dropped
Dump:	SecuriteInfo.com.Win32.PWSX-gen.11526.16693.exe.log.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11526.16693.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	5.34331486778365
Encrypted:	false
Ssdeep:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
Size:	1216
Whitelisted:	false
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
PE / OLE file has an invalid certificate	System Summary
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3)	System Summary	Software Packing
Creates files inside the user directory	System Summary	Masquerading
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
URLs found in memory or binary data	Networking
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11526.16693.exe

"C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11526.16693.exe"

Details

Is windows:	false
Is dropped:	false
PID:	4280
Target ID:	0
Parent PID:	1028
Name:	SecuriteInfo.com.Win32.PWSX-gen.11526.16693.exe
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11526.16693.exe
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11526.16693.exe"
Size:	718344
MD5:	426E109B0B6192C42CE6B9746006BC92
Time:	05:20:58
Date:	29/03/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xe40000
Modulesize:	704512
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Yara detected AgentTesla	Stealing of Sensitive Information, Remote Access Functionality
Yara detected AntiVM3	Malware Analysis System Evasion
Yara detected PureLog Stealer	Stealing of Sensitive Information, Remote Access Functionality
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Installs a global keyboard hook	Key, Mouse, Clipboard, Microphone and Screen Capturing	Input Capture
Machine Learning detection for sample	AV Detection
Yara detected Generic Downloader	Networking
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
PE / OLE file has an invalid certificate	System Summary
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Sigma detected: Suspicious Outbound SMTP Connections	System Summary
Uses 32bit PE files	Compliance, System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3)	System Summary	Software Packing
Creates files inside the user directory	System Summary	Masquerading
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
Spawns processes	System Summary	Process Injection
URLs found in memory or binary data	Networking
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11526.16693.exe

"C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11526.16693.exe"

Details

Is windows:	false
Is dropped:	false
PID:	3480
Target ID:	3
Parent PID:	4280
Name:	SecuriteInfo.com.Win32.PWSX-gen.11526.16693.exe
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11526.16693.exe
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11526.16693.exe"
Size:	718344
MD5:	426E109B0B6192C42CE6B9746006BC92
Time:	05:21:00
Date:	29/03/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x440000
Modulesize:	704512
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Yara detected AgentTesla	Stealing of Sensitive Information, Remote Access Functionality
Yara detected AntiVM3	Malware Analysis System Evasion
Yara detected PureLog Stealer	Stealing of Sensitive Information, Remote Access Functionality
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Installs a global keyboard hook	Key, Mouse, Clipboard, Microphone and Screen Capturing	Input Capture
Machine Learning detection for sample	AV Detection
Yara detected Generic Downloader	Networking
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
PE / OLE file has an invalid certificate	System Summary
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Sigma detected: Suspicious Outbound SMTP Connections	System Summary
Uses 32bit PE files	Compliance, System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3)	System Summary	Software Packing
Creates files inside the user directory	System Summary	Masquerading
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
Spawns processes	System Summary	Process Injection
URLs found in memory or binary data	Networking
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11526.16693.exe

"C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11526.16693.exe"

Details

Is windows:	false
Is dropped:	false
PID:	6360
Target ID:	4
Parent PID:	4280
Name:	SecuriteInfo.com.Win32.PWSX-gen.11526.16693.exe
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11526.16693.exe
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11526.16693.exe"
Size:	718344
MD5:	426E109B0B6192C42CE6B9746006BC92
Time:	05:21:00
Date:	29/03/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xcc0000
Modulesize:	704512
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Yara detected AgentTesla	Stealing of Sensitive Information, Remote Access Functionality
Yara detected AntiVM3	Malware Analysis System Evasion
Yara detected PureLog Stealer	Stealing of Sensitive Information, Remote Access Functionality
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Installs a global keyboard hook	Key, Mouse, Clipboard, Microphone and Screen Capturing	Input Capture
Machine Learning detection for sample	AV Detection
Yara detected Generic Downloader	Networking
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
PE / OLE file has an invalid certificate	System Summary
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Sigma detected: Suspicious Outbound SMTP Connections	System Summary
Uses 32bit PE files	Compliance, System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3)	System Summary	Software Packing
Creates files inside the user directory	System Summary	Masquerading
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
Spawns processes	System Summary	Process Injection
URLs found in memory or binary data	Networking
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

URLs

Name

Malicious

http://egyptian-international.com

unknown

Details

Name:	http://egyptian-international.com
TargetID:	4
From Memory:	true
Current Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11526.16693.exe
Source:	SecuriteInfo.com.Win32.PWSX-gen.11526.16693.exe, 00000004.00000002.4467601113.000000000324D000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11526.16693.exe, 00000004.00000002.4467601113.00000000030C4000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11526.16693.exe, 00000004.00000002.4467601113.0000000003156000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11526.16693.exe, 00000004.00000002.4467601113.000000000319D000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11526.16693.exe, 00000004.00000002.4467601113.000000000339B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11526.16693.exe, 00000004.00000002.4467601113.000000000341B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11526.16693.exe, 00000004.00000002.4467601113.0000000003306000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11526.16693.exe, 00000004.00000002.4467601113.000000000304F000.00000004.00000800.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

https://account.dyn.com/

unknown

Details

Name:	https://account.dyn.com/
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11526.16693.exe
Source:	SecuriteInfo.com.Win32.PWSX-gen.11526.16693.exe, 00000000.00000002.2027399991.00000000043BE000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11526.16693.exe, 00000004.00000002.4466314496.0000000000402000.00000040.00000400.00020000.00000000.sdmp
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

https://www.chiark.greenend.org.uk/~sgtatham/putty/0

unknown

http://mail.egyptian-international.com

unknown

Details

Name:	http://mail.egyptian-international.com
TargetID:	4
From Memory:	true
Current Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11526.16693.exe
Source:	SecuriteInfo.com.Win32.PWSX-gen.11526.16693.exe, 00000004.00000002.4467601113.000000000324D000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11526.16693.exe, 00000004.00000002.4467601113.00000000030C4000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11526.16693.exe, 00000004.00000002.4467601113.0000000003156000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11526.16693.exe, 00000004.00000002.4467601113.000000000319D000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11526.16693.exe, 00000004.00000002.4467601113.000000000339B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11526.16693.exe, 00000004.00000002.4467601113.000000000341B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11526.16693.exe, 00000004.00000002.4467601113.0000000003306000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11526.16693.exe, 00000004.00000002.4467601113.000000000304F000.00000004.00000800.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Domains

Name

Malicious

egyptian-international.com

174.136.29.143

Details

Name:	egyptian-international.com
IP:	174.136.29.143
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Snort IDS alert for network traffic	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Sigma detected: Suspicious Outbound SMTP Connections	System Summary
Uses SMTP (mail sending)	Networking	Application Layer Protocol
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

mail.egyptian-international.com

unknown

Details

Name:	mail.egyptian-international.com
TargetID:	-1

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

174.136.29.143

egyptian-international.com

United States

Details

IP:	174.136.29.143
TargetID:	4
Current Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11526.16693.exe
Country:	United States
Countrycode:	USA
ASN number:	33494
ASN name:	IHNETUS
Private:	false
Domain:	egyptian-international.com

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Sigma detected: Suspicious Outbound SMTP Connections	System Summary
Uses SMTP (mail sending)	Networking	Application Layer Protocol

Memdumps

Base Address

Regiontype

Protect

Malicious

2FE1000

trusted library allocation

page read and write

43BE000

trusted library allocation

page read and write

31E1000

trusted library allocation

page read and write

402000

remote allocation

page execute and read and write

5B00000

trusted library section

page read and write

34D6000

trusted library allocation

page read and write

15EE000

heap

page read and write

5940000

heap

page read and write

1646000

trusted library allocation

page execute and read and write

5598000

trusted library allocation

page read and write

5DE0000

trusted library allocation

page read and write

5524000

trusted library allocation

page read and write

56B0000

trusted library allocation

page read and write

5681000

trusted library allocation

page read and write

685E000

stack

page read and write

4285000

trusted library allocation

page read and write

30F0000

heap

page execute and read and write

5692000

trusted library allocation

page read and write

13E0000

heap

page read and write

15D7000

trusted library allocation

page execute and read and write

32B7000

trusted library allocation

page read and write

34FA000

trusted library allocation

page read and write

4088000

trusted library allocation

page read and write

16C0000

heap

page read and write

5660000

trusted library allocation

page read and write

2F80000

heap

page execute and read and write

15AD000

trusted library allocation

page execute and read and write

138B000

stack

page read and write

6A62000

heap

page read and write

4268000

trusted library allocation

page read and write

704A000

heap

page read and write

5B40000

heap

page read and write

5590000

trusted library allocation

page read and write

5560000

heap

page execute and read and write

6570000

trusted library allocation

page execute and read and write

161D000

trusted library allocation

page execute and read and write

54C0000

trusted library allocation

page read and write

5B30000

trusted library section

page read and write

13E8000

heap

page read and write

599B000

stack

page read and write

41E9000

trusted library allocation

page read and write

15C6000

trusted library allocation

page execute and read and write

4208000

trusted library allocation

page read and write

640D000

stack

page read and write

5DD0000

trusted library allocation

page execute and read and write

334C000

trusted library allocation

page read and write

5690000

trusted library allocation

page read and write

1620000

heap

page read and write

346A000

trusted library allocation

page read and write

596E000

stack

page read and write

324D000

trusted library allocation

page read and write

10F8000

stack

page read and write

43E000

remote allocation

page execute and read and write

351E000

trusted library allocation

page read and write

4188000

trusted library allocation

page read and write

DFA000

stack

page read and write

669E000

stack

page read and write

1420000

heap

page read and write

5B60000

heap

page read and write

15A0000

trusted library allocation

page read and write

3223000

trusted library allocation

page read and write

5686000

trusted library allocation

page read and write

2FCC000

stack

page read and write

4288000

trusted library allocation

page read and write

566B000

trusted library allocation

page read and write

15B3000

trusted library allocation

page read and write

1610000

trusted library allocation

page read and write

5AE0000

trusted library allocation

page execute and read and write

313E000

stack

page read and write

802E000

stack

page read and write

13B0000

trusted library allocation

page read and write

73F0000

trusted library allocation

page read and write

4128000

trusted library allocation

page read and write

1609000

heap

page read and write

6550000

trusted library allocation

page read and write

7F150000

trusted library allocation

page execute and read and write

567E000

trusted library allocation

page read and write

30C4000

trusted library allocation

page read and write

758E000

stack

page read and write

7EF0000

heap

page read and write

7440000

trusted library allocation

page execute and read and write

743E000

stack

page read and write

41E1000

trusted library allocation

page read and write

56C0000

trusted library allocation

page read and write

30EF000

stack

page read and write

1640000

trusted library allocation

page read and write

73F5000

trusted library allocation

page read and write

12F7000

stack

page read and write

5732000

trusted library allocation

page read and write

15BD000

trusted library allocation

page execute and read and write

812E000

stack

page read and write

FE0000

heap

page read and write

16BE000

stack

page read and write

748E000

stack

page read and write

3132000

trusted library allocation

page read and write

3156000

trusted library allocation

page read and write

56E0000

trusted library allocation

page read and write

54FE000

trusted library allocation

page read and write

5CD0000

heap

page read and write

6A98000

heap

page read and write

1683000

heap

page read and write

874E000

stack

page read and write

6EA0000

heap

page read and write

322B000

trusted library allocation

page read and write

1416000

heap

page read and write

168C000

heap

page read and write

324A000

trusted library allocation

page read and write

56B5000

trusted library allocation

page read and write

5833000

heap

page read and write

15E0000

heap

page read and write

5664000

trusted library allocation

page read and write

6E8C000

stack

page read and write

319D000

trusted library allocation

page read and write

550D000

trusted library allocation

page read and write

689C000

stack

page read and write

5B50000

trusted library allocation

page read and write

5B2B000

stack

page read and write

54EE000

trusted library allocation

page read and write

5512000

trusted library allocation

page read and write

5AD0000

trusted library allocation

page read and write

15D2000

trusted library allocation

page read and write

15B0000

trusted library allocation

page read and write

5B20000

trusted library allocation

page read and write

5B45000

heap

page read and write

1630000

trusted library allocation

page read and write

319B000

trusted library allocation

page read and write

5730000

trusted library allocation

page read and write

6B60000

heap

page read and write

42A8000

trusted library allocation

page read and write

55A4000

heap

page read and write

1613000

trusted library allocation

page execute and read and write

40C8000

trusted library allocation

page read and write

66A0000

trusted library allocation

page read and write

A7DE000

stack

page read and write

699C000

stack

page read and write

521B000

stack

page read and write

6D8C000

stack

page read and write

3255000

trusted library allocation

page read and write

41E8000

trusted library allocation

page read and write

6A38000

heap

page read and write

15A4000

trusted library allocation

page read and write

59C0000

heap

page execute and read and write

65BE000

stack

page read and write

345F000

trusted library allocation

page read and write

15DB000

trusted library allocation

page execute and read and write

348F000

trusted library allocation

page read and write

164A000

trusted library allocation

page execute and read and write

4148000

trusted library allocation

page read and write

69DC000

stack

page read and write

5AC0000

heap

page read and write

568D000

trusted library allocation

page read and write

140E000

stack

page read and write

54EB000

trusted library allocation

page read and write

79A2000

trusted library allocation

page read and write

55B0000

heap

page read and write

5950000

trusted library allocation

page read and write

6B50000

trusted library allocation

page read and write

66B0000

trusted library allocation

page execute and read and write

6B80000

trusted library allocation

page execute and read and write

130C000

stack

page read and write

1440000

heap

page read and write

6566000

trusted library allocation

page read and write

61C9000

heap

page read and write

59A0000

heap

page read and write

4009000

trusted library allocation

page read and write

42E8000

trusted library allocation

page read and write

32E2000

trusted library allocation

page read and write

5520000

trusted library allocation

page read and write

57F0000

trusted library allocation

page execute and read and write

6A20000

heap

page read and write

6110000

heap

page read and write

42C8000

trusted library allocation

page read and write

A8DF000

stack

page read and write

34AE000

trusted library allocation

page read and write

1413000

heap

page read and write

3259000

trusted library allocation

page read and write

134D000

stack

page read and write

3070000

trusted library allocation

page read and write

146B000

heap

page read and write

5501000

trusted library allocation

page read and write

5800000

trusted library allocation

page execute and read and write

4048000

trusted library allocation

page read and write

339B000

trusted library allocation

page read and write

59B0000

trusted library allocation

page read and write

54D0000

trusted library allocation

page read and write

5740000

heap

page read and write

1445000

heap

page read and write

31D0000

heap

page read and write

54E0000

trusted library allocation

page read and write

9147000

trusted library allocation

page read and write

167B000

heap

page read and write

F7A000

stack

page read and write

317D000

stack

page read and write

17F0000

trusted library allocation

page read and write

65C0000

trusted library allocation

page read and write

5930000

trusted library section

page readonly

E40000

unkown

page readonly

1600000

trusted library allocation

page read and write

6B40000

heap

page read and write

158E000

stack

page read and write

4068000

trusted library allocation

page read and write

654E000

stack

page read and write

183E000

stack

page read and write

5830000

heap

page read and write

2F6E000

stack

page read and write

6556000

trusted library allocation

page read and write

128E000

stack

page read and write

1627000

heap

page read and write

5506000

trusted library allocation

page read and write

4168000

trusted library allocation

page read and write

3199000

trusted library allocation

page read and write

5B81000

heap

page read and write

4FE8000

trusted library allocation

page read and write

6FAD000

stack

page read and write

517D000

stack

page read and write

1655000

trusted library allocation

page execute and read and write

5ACD000

stack

page read and write

15D0000

trusted library allocation

page read and write

1150000

heap

page read and write

16B0000

heap

page read and write

665E000

stack

page read and write

5ABC000

stack

page read and write

341B000

trusted library allocation

page read and write

15C0000

trusted library allocation

page read and write

1390000

trusted library allocation

page read and write

786F000

stack

page read and write

531C000

stack

page read and write

3107000

trusted library allocation

page read and write

4237000

trusted library allocation

page read and write

3306000

trusted library allocation

page read and write

41C8000

trusted library allocation

page read and write

55A0000

heap

page read and write

1847000

heap

page read and write

6560000

trusted library allocation

page read and write

7F50000

heap

page read and write

54F2000

trusted library allocation

page read and write

1469000

heap

page read and write

4248000

trusted library allocation

page read and write

165B000

trusted library allocation

page execute and read and write

15C2000

trusted library allocation

page read and write

1652000

trusted library allocation

page read and write

40F0000

trusted library allocation

page read and write

31C0000

trusted library allocation

page read and write

1409000

heap

page read and write

582C000

stack

page read and write

4228000

trusted library allocation

page read and write

146E000

heap

page read and write

617D000

heap

page read and write

13C0000

trusted library allocation

page read and write

864C000

stack

page read and write

1590000

trusted library allocation

page read and write

61C5000

heap

page read and write

E42000

unkown

page readonly

1623000

heap

page read and write

4108000

trusted library allocation

page read and write

5B50000

heap

page read and write

1670000

trusted library allocation

page read and write

163D000

trusted library allocation

page execute and read and write

15CA000

trusted library allocation

page execute and read and write

15A3000

trusted library allocation

page execute and read and write

5B5C000

trusted library allocation

page read and write

348A000

trusted library allocation

page read and write

2F70000

trusted library allocation

page execute and read and write

304F000

trusted library allocation

page read and write

1614000

trusted library allocation

page read and write

1240000

heap

page read and write

73A0000

trusted library allocation

page execute and read and write

31B0000

trusted library allocation

page read and write

7F60000

heap

page read and write

1621000

heap

page read and write

154E000

stack

page read and write

650D000

stack

page read and write

76F0000

trusted library section

page read and write

7F52000

heap

page read and write

592C000

stack

page read and write

40E8000

trusted library allocation

page read and write

145E000

heap

page read and write

1616000

heap

page read and write

41A8000

trusted library allocation

page read and write

2FD0000

heap

page read and write

5530000

trusted library allocation

page read and write

16C7000

heap

page read and write

42D3000

trusted library allocation

page read and write

1840000

heap

page read and write

7DF0000

heap

page read and write

1650000

trusted library allocation

page read and write

884C000

stack

page read and write

1657000

trusted library allocation

page execute and read and write

17DF000

stack

page read and write

73E0000

trusted library allocation

page read and write

FD0000

heap

page read and write

40A8000

trusted library allocation

page read and write

5720000

heap

page read and write

1642000

trusted library allocation

page read and write

15DC000

stack

page read and write

7050000

trusted library allocation

page read and write

3270000

trusted library allocation

page read and write

5A6E000

stack

page read and write

3FE1000

trusted library allocation

page read and write

1230000

heap

page read and write

400000

remote allocation

page execute and read and write

7040000

heap

page read and write

3377000

trusted library allocation

page read and write

12CE000

stack

page read and write

31A0000

trusted library allocation

page execute and read and write

56A0000

trusted library allocation

page read and write

There are 296 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
SecuriteInfo.com.Win32.PWSX-gen.11526.16693.exe

Files

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportSecuriteInfo.com.Win32.PWSX-gen.11526.16693.exe

Files

Processes

URLs

Domains

IPs

Memdumps

IOC Report
SecuriteInfo.com.Win32.PWSX-gen.11526.16693.exe