Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

SecuriteInfo.com.Win64.MalwareX-gen.26783.2877.exe

PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows

initial sample

Details

Filetype:	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.020202241266955
Filename:	SecuriteInfo.com.Win64.MalwareX-gen.26783.2877.exe
Filesize:	1075712
MD5:	04c989d29336fb35d0acf623b8bcf64c
SHA1:	67c95f5de71452deb7843c9ac2880340c50e4a28
SHA256:	ad132be05b5588ba7a292e3ae2faab0401f5380bbd4796483d45df99dc1500e9
SHA512:	74127d593af83f76ee9242bc7b277bb87ec94218a2ad53cb78084cdfbc8b6953680589bd7c73fac97c6990a659097cac997db068c0a758fec893092eabda8152
SSDEEP:	24576:czCJ3x7Bjk38WuBcAbwoA/BkjSHXP36RMG:0CJ3JCSA/Bkj0
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...M=............"...0..b............... .....@..... ....................................`...@......@............... .....

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
.NET source code contains potential unpacker	Data Obfuscation	Software Packing
Contains functionality to log keystrokes (.Net Source)	Key, Mouse, Clipboard, Microphone and Screen Capturing
Installs Task Scheduler Managed Wrapper	Boot Survival	Scheduled Task/Job
Machine Learning detection for sample	AV Detection
Allocates memory with a write watch (potentially for evading sandboxes)	Malware Analysis System Evasion
Binary contains a suspicious time stamp	Data Obfuscation	Timestomp
Contains long sleeps (>= 3 min)	Malware Analysis System Evasion
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
May sleep (evasive loops) to hinder dynamic analysis	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection
Sample file is different than original file name gathered from version info	System Summary
Tries to load missing DLLs	System Summary	DLL Side-Loading
.NET source code contains functionality to register a task	System Summary	Disable or Modify Tools
.NET source code contains many API calls related to security	System Summary	Disable or Modify Tools
Contains medium sleeps (>= 30s)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Creates files inside the user directory	System Summary	Masquerading
Creates guard pages, often used to prevent reverse usering and debugging	Anti Debugging	Disable or Modify Tools
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Reads ini files	System Summary	File and Directory Discovery
Reads software policies	System Summary
Sample is known by Antivirus	System Summary
Sample might require command line arguments	System Summary
Sample reads its own file content	System Summary
URLs found in memory or binary data	Networking
Uses an in-process (OLE) Automation server	System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file has a big raw section	System Summary
PE file contains a COM descriptor data directory	System Summary
PE file has a big code size	System Summary
PE file has a high image base, often used for DLLs	System Summary
Submission file is bigger than most known malware samples	System Summary
Uses Microsoft Silverlight	System Summary

C:\Users\user\AppData\Roaming\Local\.microsoft\Microsoft.Win32.TaskScheduler.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Roaming\Local\.microsoft\Microsoft.Win32.TaskScheduler.dll
Category:	dropped
Dump:	Microsoft.Win32.TaskScheduler.dll.0.dr
ID:	dr_2
Target ID:	0
Process:	C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.26783.2877.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.105576145657233
Encrypted:	false
Ssdeep:	3072:o1sSJApTSnQU/x0ImhuDzHfs4zbYOjujDRfygDgKQINXLLHIaKlay8weCycJ5Dfm:o1sSmRIt/xhtsOju1DH5NXnIKAc
Size:	333824
Whitelisted:	false
Reputation:	moderate

Signature Hits	Behavior Group	Mitre Attack
Installs Task Scheduler Managed Wrapper	Boot Survival	Scheduled Task/Job
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

C:\Users\user\AppData\Roaming\Local\.microsoft\Newtonsoft.Json.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Roaming\Local\.microsoft\Newtonsoft.Json.dll
Category:	dropped
Dump:	Newtonsoft.Json.dll.0.dr
ID:	dr_3
Target ID:	0
Process:	C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.26783.2877.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	5.967185619483575
Encrypted:	false
Ssdeep:	12288:GBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUO:GBjk38WuBcAbwoA/BkjSHXP36RMG/
Size:	711952
Whitelisted:	false
Reputation:	moderate

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

C:\Users\user\AppData\Roaming\Local\.microsoft\RuntimeBroker.exe

PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Roaming\Local\.microsoft\RuntimeBroker.exe
Category:	dropped
Dump:	RuntimeBroker.exe.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.26783.2877.exe
Type:	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.020202241266955
Encrypted:	false
Ssdeep:	24576:czCJ3x7Bjk38WuBcAbwoA/BkjSHXP36RMG:0CJ3JCSA/Bkj0
Size:	1075712
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Installs a global keyboard hook	Key, Mouse, Clipboard, Microphone and Screen Capturing	Input Capture
Machine Learning detection for dropped file	AV Detection
Sigma detected: Files With System Process Name In Unsuspected Locations	System Summary
Sigma detected: System File Execution Location Anomaly	System Summary
Allocates memory with a write watch (potentially for evading sandboxes)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Creates COM task schedule object (often to register a task for autostart)	Spreading	Scheduled Task/Job
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Detected potential crypto function	System Summary	Encrypted Channel Archive Collected Data
Drops PE files	Persistence and Installation Behavior
Enables debug privileges	Anti Debugging
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Tries to load missing DLLs	System Summary	DLL Side-Loading
Uses code obfuscation techniques (call, push, ret)	Data Obfuscation	Obfuscated Files or Information
Creates mutexes	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Queries the cryptographic machine GUID	Language, Device and Operating System Detection	System Information Discovery
Spawns processes	System Summary	Process Injection

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\SecuriteInfo.com.Win64.MalwareX-gen.26783.2877.exe.log

CSV text

modified

Details

File:	C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\SecuriteInfo.com.Win64.MalwareX-gen.26783.2877.exe.log
Category:	modified
Dump:	SecuriteInfo.com.Win64.MalwareX-gen.26783.2877.exe.log.0.dr
ID:	dr_4
Target ID:	0
Process:	C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.26783.2877.exe
Type:	CSV text
Entropy:	5.357964438493834
Encrypted:	false
Ssdeep:	12:Q3La/KDLI4MWuPXcp1OKbbDLI4MWuPOKfSSI6Khav:ML9E4KQwKDE4KGKZI6Khk
Size:	425
Whitelisted:	false
Reputation:	moderate

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
Binary contains a suspicious time stamp	Data Obfuscation	Timestomp
PE file does not import any functions	System Summary
Sample file is different than original file name gathered from version info	System Summary
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file has a big raw section	System Summary
PE file contains a COM descriptor data directory	System Summary
PE file has a big code size	System Summary
PE file has a high image base, often used for DLLs	System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Users\user\AppData\Roaming\Local\.microsoft\RuntimeBroker.exe:Zone.Identifier

ASCII text, with CRLF line terminators

dropped

Details

File:	C:\Users\user\AppData\Roaming\Local\.microsoft\RuntimeBroker.exe:Zone.Identifier
Category:	dropped
Dump:	RuntimeBroker.exe_Zone.Identifier.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.26783.2877.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	3.95006375643621
Encrypted:	false
Ssdeep:	3:ggPYV:rPYV
Size:	26
Whitelisted:	false
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Installs a global keyboard hook	Key, Mouse, Clipboard, Microphone and Screen Capturing	Input Capture
Machine Learning detection for dropped file	AV Detection
Allocates memory with a write watch (potentially for evading sandboxes)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Creates COM task schedule object (often to register a task for autostart)	Spreading	Scheduled Task/Job
Detected potential crypto function	System Summary	Encrypted Channel Archive Collected Data
Enables debug privileges	Anti Debugging
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Tries to load missing DLLs	System Summary	DLL Side-Loading
Uses code obfuscation techniques (call, push, ret)	Data Obfuscation	Obfuscated Files or Information
Creates mutexes	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Queries the cryptographic machine GUID	Language, Device and Operating System Detection	System Information Discovery

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.26783.2877.exe

"C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.26783.2877.exe"

Details

Is windows:	false
Is dropped:	false
PID:	6784
Target ID:	0
Parent PID:	4004
Name:	SecuriteInfo.com.Win64.MalwareX-gen.26783.2877.exe
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.26783.2877.exe
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.26783.2877.exe"
Size:	1075712
MD5:	04C989D29336FB35D0ACF623B8BCF64C
Time:	11:38:03
Date:	29/03/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x20c26da0000
Modulesize:	1097728
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
Sigma detected: Files With System Process Name In Unsuspected Locations	System Summary
Sigma detected: System File Execution Location Anomaly	System Summary
Binary contains a suspicious time stamp	Data Obfuscation	Timestomp
PE file does not import any functions	System Summary
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
Sample reads its own file content	System Summary
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file has a big raw section	System Summary
PE file contains a COM descriptor data directory	System Summary
PE file has a big code size	System Summary
PE file has a high image base, often used for DLLs	System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Users\user\AppData\Roaming\Local\.microsoft\RuntimeBroker.exe

"C:\Users\user\AppData\Roaming\Local\.microsoft\RuntimeBroker.exe"

Details

Is windows:	false
Is dropped:	true
PID:	4508
Target ID:	2
Parent PID:	6784
Name:	RuntimeBroker.exe
Path:	C:\Users\user\AppData\Roaming\Local\.microsoft\RuntimeBroker.exe
Commandline:	"C:\Users\user\AppData\Roaming\Local\.microsoft\RuntimeBroker.exe"
Size:	1075712
MD5:	04C989D29336FB35D0ACF623B8BCF64C
Time:	11:38:03
Date:	29/03/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x1cb279f0000
Modulesize:	1097728
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Installs a global keyboard hook	Key, Mouse, Clipboard, Microphone and Screen Capturing	Input Capture
Sigma detected: Files With System Process Name In Unsuspected Locations	System Summary
Sigma detected: System File Execution Location Anomaly	System Summary
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Drops PE files	Persistence and Installation Behavior
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Users\user\AppData\Roaming\Local\.microsoft\RuntimeBroker.exe

Details

Is windows:	false
Is dropped:	true
PID:	4200
Target ID:	3
Parent PID:	1064
Name:	RuntimeBroker.exe
Path:	C:\Users\user\AppData\Roaming\Local\.microsoft\RuntimeBroker.exe
Commandline:	C:\Users\user\AppData\Roaming\Local\.microsoft\RuntimeBroker.exe
Size:	1075712
MD5:	04C989D29336FB35D0ACF623B8BCF64C
Time:	11:38:05
Date:	29/03/2024
Reason:	newprocess
Reputation:	low
Is admin:	false
Is elevated:	false
Modulebase:	0x224a9780000
Modulesize:	1097728
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Installs a global keyboard hook	Key, Mouse, Clipboard, Microphone and Screen Capturing	Input Capture
Sigma detected: Files With System Process Name In Unsuspected Locations	System Summary
Sigma detected: System File Execution Location Anomaly	System Summary
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Drops PE files	Persistence and Installation Behavior
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

URLs

Name

Malicious

https://www.newtonsoft.com/json

unknown

https://www.nuget.org/packages/Newtonsoft.Json.Bson

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

unknown

Details

Name:	http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
TargetID:	2
From Memory:	true
Current Path:	C:\Users\user\AppData\Roaming\Local\.microsoft\RuntimeBroker.exe
Source:	RuntimeBroker.exe, 00000002.00000002.3327883889.000001CB299A1000.00000004.00000800.00020000.00000000.sdmp
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

http://james.newtonking.com/projects/json

unknown

https://www.newtonsoft.com/jsonschema

unknown

Details

Name:	https://www.newtonsoft.com/jsonschema
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.26783.2877.exe
Source:	Newtonsoft.Json.dll.0.dr
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

https://github.com/JamesNK/Newtonsoft.Json

unknown

https://github.com/dahall/taskscheduler

unknown

Domains

Name

Malicious

xn--80aa3a1a9c.online

77.38.200.133

Details

Name:	xn--80aa3a1a9c.online
IP:	77.38.200.133
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

77.38.200.133

xn--80aa3a1a9c.online

Latvia

Details

IP:	77.38.200.133
TargetID:	2
Current Path:	C:\Users\user\AppData\Roaming\Local\.microsoft\RuntimeBroker.exe
Country:	Latvia
Countrycode:	LVA
ASN number:	20910
ASN name:	BALTKOM-ASLV
Private:	false
Domain:	xn--80aa3a1a9c.online

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

Memdumps

Base Address

Regiontype

Protect

Malicious

9C6FBFF000

stack

page read and write

224A9A2C000

heap

page read and write

224C5002000

heap

page read and write

224AB631000

trusted library allocation

page read and write

7FFD34886000

trusted library allocation

page execute and read and write

7FFD34890000

trusted library allocation

page execute and read and write

20C27020000

heap

page read and write

7FFD34856000

trusted library allocation

page execute and read and write

224BB68D000

trusted library allocation

page read and write

224AB620000

heap

page execute and read and write

224A9E02000

heap

page read and write

224A98F0000

heap

page read and write

7FFD34830000

trusted library allocation

page read and write

20C27040000

heap

page read and write

DFF35FE000

stack

page read and write

1CB41F2C000

heap

page read and write

224A9A50000

heap

page read and write

224A9AE3000

heap

page read and write

224A9ACC000

heap

page read and write

224A9DF0000

trusted library allocation

page read and write

1CB27ED0000

trusted library allocation

page read and write

7FFD347CB000

trusted library allocation

page execute and read and write

1CB27BA0000

heap

page read and write

224A9A13000

heap

page read and write

1CB41F1F000

heap

page read and write

20C27160000

heap

page read and write

1CB43702000

heap

page read and write

1CB29A17000

trusted library allocation

page read and write

224A9C00000

heap

page read and write

7FFD34940000

trusted library allocation

page read and write

1CB27B90000

heap

page read and write

7FFD347AD000

trusted library allocation

page execute and read and write

20C38B59000

trusted library allocation

page read and write

7FFD347FC000

trusted library allocation

page execute and read and write

224C3E02000

heap

page execute and read and write

1CB27CD9000

heap

page read and write

224A9B05000

heap

page read and write

7FFD34774000

trusted library allocation

page read and write

DFF15F4000

stack

page read and write

7FFD34930000

trusted library allocation

page read and write

224C3DA0000

heap

page read and write

224A9DD0000

trusted library allocation

page read and write

1CB399A1000

trusted library allocation

page read and write

DFF19FE000

stack

page read and write

7FFD347A3000

trusted library allocation

page execute and read and write

20C27101000

heap

page read and write

1CB27B80000

heap

page read and write

20C27000000

heap

page read and write

9C707FE000

stack

page read and write

224A9A3A000

heap

page read and write

7FFD347AB000

trusted library allocation

page execute and read and write

224A99F0000

heap

page read and write

224C3CF0000

trusted library allocation

page read and write

20C270AB000

heap

page read and write

7FFD34784000

trusted library allocation

page read and write

224C3CF3000

trusted library allocation

page read and write

1CB27C13000

heap

page read and write

1CB41DB0000

heap

page read and write

20C271D0000

heap

page execute and read and write

1CB43613000

heap

page read and write

67107FD000

stack

page read and write

7FFD3485C000

trusted library allocation

page execute and read and write

1CB299E8000

trusted library allocation

page read and write

DFF25FF000

stack

page read and write

7FFD34940000

trusted library allocation

page read and write

20C38B53000

trusted library allocation

page read and write

7FFD3478D000

trusted library allocation

page execute and read and write

20C26F20000

heap

page read and write

1CB27CCA000

heap

page read and write

7FFD34780000

trusted library allocation

page read and write

DFF31FE000

stack

page read and write

20C26DA0000

unkown

page readonly

7FFD3479D000

trusted library allocation

page execute and read and write

7FFD34783000

trusted library allocation

page execute and read and write

7FFD347C0000

trusted library allocation

page read and write

1CB399AC000

trusted library allocation

page read and write

7FFD347BD000

trusted library allocation

page execute and read and write

20C2706A000

heap

page read and write

224A9A42000

heap

page read and write

1CB27C28000

heap

page read and write

67117F4000

stack

page read and write

1CB41F00000

heap

page read and write

7FFD348C0000

trusted library allocation

page execute and read and write

1CB27F03000

trusted library allocation

page read and write

DFF3DFE000

stack

page read and write

7FFD34950000

trusted library allocation

page read and write

20C27215000

heap

page read and write

20C28B40000

heap

page read and write

20C2706E000

heap

page read and write

1CB27FD4000

unkown

page readonly

7FFD347A4000

trusted library allocation

page read and write

20C41419000

heap

page read and write

7FFD347A0000

trusted library allocation

page read and write

224BB68B000

trusted library allocation

page read and write

1CB27C46000

heap

page read and write

7FFD34797000

trusted library allocation

page read and write

1CB28002000

heap

page read and write

20C270AD000

heap

page read and write

7FFD34830000

trusted library allocation

page execute and read and write

7FFD34950000

trusted library allocation

page read and write

9C717F4000

stack

page read and write

224C3F13000

heap

page read and write

20C27155000

heap

page read and write

7FFD34866000

trusted library allocation

page execute and read and write

1CB27CAD000

heap

page read and write

DFF41FE000

stack

page read and write

DFF21FE000

stack

page read and write

7FFD347CD000

trusted library allocation

page execute and read and write

224A9A24000

heap

page read and write

7FFD347B0000

trusted library allocation

page read and write

224AB670000

trusted library allocation

page read and write

67103FF000

stack

page read and write

1CB28102000

heap

page read and write

DFF45FB000

stack

page read and write

1CB299A1000

trusted library allocation

page read and write

20C26DA2000

unkown

page readonly

1CB27C3E000

heap

page read and write

1CB419D0000

trusted library allocation

page read and write

20C271C0000

trusted library allocation

page read and write

7FFD34820000

trusted library allocation

page read and write

1CB27F80000

unkown

page readonly

9C713FF000

stack

page read and write

7FFD34920000

trusted library allocation

page read and write

224AB610000

heap

page read and write

670F7F4000

stack

page read and write

20C28B51000

trusted library allocation

page read and write

1CB27C00000

heap

page read and write

7FFD3477D000

trusted library allocation

page execute and read and write

224A9AB3000

heap

page read and write

1CB27F00000

trusted library allocation

page read and write

1CB27CD7000

heap

page read and write

1CB41F13000

heap

page read and write

224A9A36000

heap

page read and write

670FBFF000

stack

page read and write

20C27210000

heap

page read and write

1CB27EF0000

heap

page execute and read and write

7FFD34780000

trusted library allocation

page read and write

20C41424000

heap

page read and write

7FFD3478D000

trusted library allocation

page execute and read and write

67113FF000

stack

page read and write

1CB41E02000

heap

page execute and read and write

20C41410000

heap

page read and write

1CB27CF5000

heap

page read and write

1CB27C51000

heap

page read and write

7FFD347AD000

trusted library allocation

page execute and read and write

20C38B57000

trusted library allocation

page read and write

1CB27C78000

heap

page read and write

7FFD347CC000

trusted library allocation

page execute and read and write

7FFD347B7000

trusted library allocation

page read and write

224A9A98000

heap

page read and write

7FFD34790000

trusted library allocation

page read and write

224A9AC5000

heap

page read and write

224A9F02000

heap

page read and write

7FFD34860000

trusted library allocation

page execute and read and write

1CB27F82000

unkown

page readonly

1CB28013000

heap

page read and write

1CB27EE0000

heap

page read and write

1CB27D02000

heap

page read and write

1CB41DA0000

heap

page read and write

224C3D10000

heap

page execute and read and write

7FFD34850000

trusted library allocation

page read and write

1CB27C92000

heap

page read and write

20C41400000

heap

page execute and read and write

20C271A0000

trusted library allocation

page read and write

9C703FE000

stack

page read and write

20C27046000

heap

page read and write

20C27074000

heap

page read and write

7FFD34787000

trusted library allocation

page read and write

224A9910000

heap

page read and write

7FFD347DC000

trusted library allocation

page execute and read and write

20C27150000

heap

page read and write

224A9A00000

heap

page read and write

6710FFE000

stack

page read and write

20C26EAA000

unkown

page readonly

20C27082000

heap

page read and write

20C270B6000

heap

page read and write

20C41330000

heap

page read and write

DFF29FC000

stack

page read and write

224BB631000

trusted library allocation

page read and write

7FFD348A0000

trusted library allocation

page execute and read and write

224A9B02000

heap

page read and write

1CB27B60000

heap

page read and write

1CB27C4B000

heap

page read and write

7FFD34836000

trusted library allocation

page read and write

9C6F7F4000

stack

page read and write

DFF39FE000

stack

page read and write

1CB43602000

heap

page read and write

7FF446E50000

trusted library allocation

page execute and read and write

224C3660000

trusted library allocation

page read and write

7FFD34840000

trusted library allocation

page execute and read and write

20C2707F000

heap

page read and write

1CB27C2D000

heap

page read and write

7FFD34910000

trusted library allocation

page read and write

7FFD34790000

trusted library allocation

page read and write

1CB41F21000

heap

page read and write

20C2704C000

heap

page read and write

224A9A46000

heap

page read and write

7FFD34773000

trusted library allocation

page execute and read and write

20C38B51000

trusted library allocation

page read and write

1CB41F02000

heap

page read and write

224C3F02000

heap

page read and write

224A9AF7000

heap

page read and write

1CB27BE0000

trusted library allocation

page read and write

1CB27C48000

heap

page read and write

1CB27F30000

heap

page execute and read and write

1CB27C40000

heap

page read and write

7FFD34856000

trusted library allocation

page read and write

DFF1DFE000

stack

page read and write

224A9A76000

heap

page read and write

224A9AD5000

heap

page read and write

224A9A3C000

heap

page read and write

20C27070000

heap

page read and write

7FFD3483C000

trusted library allocation

page execute and read and write

224C3D90000

heap

page read and write

There are 204 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
SecuriteInfo.com.Win64.MalwareX-gen.26783.2877.exe

Files

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportSecuriteInfo.com.Win64.MalwareX-gen.26783.2877.exe

Files

Processes

URLs

Domains

IPs

Memdumps

IOC Report
SecuriteInfo.com.Win64.MalwareX-gen.26783.2877.exe