Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

Quotation - HDPE Fittings.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

initial sample

Details

Filetype:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	7.958887611753827
Filename:	Quotation - HDPE Fittings.exe
Filesize:	683520
MD5:	10f4c53cf6490bcf1f1cf0f3a88250de
SHA1:	4e9d7fd3c9651c205f72a6c696c656e7ae84a9d8
SHA256:	af83c0d8ccb38c430dce3b0c4a18eeda3c91832ae8bb432a9614619fd5727e7b
SHA512:	24b71b5339000c364858c137a7955cd7b464466da658ccb44c3659bedc55dcab89c185ceeb2bc5debd42d0e34ffd01f0f81d761c6a22e11dbc70bdd7786f30d5
SSDEEP:	12288:JBLK1sKjd9+wrOGCZ8SBvAxi/MgUd7YN0hMJqGcIlHI16CDYWEVy4Zw13vHruup:JBisKjdTOGu8SVIsmqaM7lHw6COtw1fr
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f..............0..d............... ........@.. ....................................@................................

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Malicious sample detected (through community Yara rule)	System Summary
Multi AV Scanner detection for submitted file	AV Detection
.NET source code contains method to dynamically call methods (often used by packers)	Data Obfuscation
.NET source code contains potential unpacker	Data Obfuscation
Contains functionality to log keystrokes (.Net Source)	Key, Mouse, Clipboard, Microphone and Screen Capturing	Input Capture
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion
Machine Learning detection for sample	AV Detection
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)	Malware Analysis System Evasion	Windows Management Instrumentation Virtualization/Sandbox Evasion Security Software Discovery
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)	Stealing of Sensitive Information	Credentials in Registry
Tries to harvest and steal browser information (history, passwords, etc)	Stealing of Sensitive Information	OS Credential Dumping Data from Local System
Tries to steal Mail credentials (via file / registry access)	Stealing of Sensitive Information	Email Collection
Allocates memory with a write watch (potentially for evading sandboxes)	Malware Analysis System Evasion
Contains long sleeps (>= 3 min)	Malware Analysis System Evasion
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion
Detected potential crypto function	System Summary	Encrypted Channel
Enables debug privileges	Anti Debugging
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)	Malware Analysis System Evasion
May sleep (evasive loops) to hinder dynamic analysis	Malware Analysis System Evasion
Monitors certain registry keys / values for changes (often done to protect autostart functionality)	Hooking and other Techniques for Hiding and Protection	Query Registry
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)	Malware Analysis System Evasion
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection
Sample file is different than original file name gathered from version info	System Summary
Tries to load missing DLLs	System Summary	DLL Side-Loading
Uses 32bit PE files	Compliance, System Summary	Masquerading
Yara signature match	System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3)	System Summary
.NET source code contains calls to encryption/decryption functions	System Summary	Disable or Modify Tools Deobfuscate/Decode Files or Information Archive Collected Data
.NET source code contains many API calls related to security	System Summary	Disable or Modify Tools
.NET source code contains many randomly named methods	Data Obfuscation	Disable or Modify Tools
.NET source code contains methods with suspicious names	System Summary	Disable or Modify Tools
Contains medium sleeps (>= 30s)	Malware Analysis System Evasion
Creates files inside the user directory	System Summary	Masquerading
Creates guard pages, often used to prevent reverse engineering and debugging	Anti Debugging	Disable or Modify Tools
Creates mutexes	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Queries a list of all running processes	Malware Analysis System Evasion	Process Discovery
Queries process information (via WMI, Win32_Process)	System Summary
Queries the cryptographic machine GUID	Language, Device and Operating System Detection
Reads ini files	System Summary	File and Directory Discovery
Reads software policies	System Summary
Sample is known by Antivirus	System Summary
URLs found in memory or binary data	Networking
Uses an in-process (OLE) Automation server	System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
Checks if Microsoft Office is installed	System Summary	System Information Discovery
PE file contains a COM descriptor data directory	System Summary
Uses Microsoft Silverlight	System Summary

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Quotation - HDPE Fittings.exe.log

ASCII text, with CRLF line terminators

dropped

Details

File:	C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Quotation - HDPE Fittings.exe.log
Category:	dropped
Dump:	Quotation - HDPE Fittings.exe.log.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\Quotation - HDPE Fittings.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	5.34331486778365
Encrypted:	false
Ssdeep:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
Size:	1216
Whitelisted:	false
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3)	System Summary	Software Packing
Creates files inside the user directory	System Summary	Masquerading
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\Quotation - HDPE Fittings.exe

"C:\Users\user\Desktop\Quotation - HDPE Fittings.exe"

Details

Is windows:	false
Is dropped:	false
PID:	4080
Target ID:	0
Parent PID:	1028
Name:	Quotation - HDPE Fittings.exe
Path:	C:\Users\user\Desktop\Quotation - HDPE Fittings.exe
Commandline:	"C:\Users\user\Desktop\Quotation - HDPE Fittings.exe"
Size:	683520
MD5:	10F4C53CF6490BCF1F1CF0F3A88250DE
Time:	15:01:55
Date:	29/03/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xea0000
Modulesize:	712704
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Yara detected AgentTesla	Stealing of Sensitive Information, Remote Access Functionality
Yara detected AntiVM3	Malware Analysis System Evasion
Yara detected PureLog Stealer	Stealing of Sensitive Information, Remote Access Functionality
Initial sample is a PE file and has a suspicious name	System Summary
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Machine Learning detection for sample	AV Detection
Yara detected Generic Downloader	Networking
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Sigma detected: Suspicious Outbound SMTP Connections	System Summary
Uses 32bit PE files	Compliance, System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3)	System Summary	Software Packing
Creates files inside the user directory	System Summary	Masquerading
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

C:\Users\user\Desktop\Quotation - HDPE Fittings.exe

"C:\Users\user\Desktop\Quotation - HDPE Fittings.exe"

Details

Is windows:	false
Is dropped:	false
PID:	5440
Target ID:	3
Parent PID:	4080
Name:	Quotation - HDPE Fittings.exe
Path:	C:\Users\user\Desktop\Quotation - HDPE Fittings.exe
Commandline:	"C:\Users\user\Desktop\Quotation - HDPE Fittings.exe"
Size:	683520
MD5:	10F4C53CF6490BCF1F1CF0F3A88250DE
Time:	15:01:56
Date:	29/03/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x9e0000
Modulesize:	712704
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Yara detected AgentTesla	Stealing of Sensitive Information, Remote Access Functionality
Yara detected AntiVM3	Malware Analysis System Evasion
Yara detected PureLog Stealer	Stealing of Sensitive Information, Remote Access Functionality
Initial sample is a PE file and has a suspicious name	System Summary
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Machine Learning detection for sample	AV Detection
Yara detected Generic Downloader	Networking
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Sigma detected: Suspicious Outbound SMTP Connections	System Summary
Uses 32bit PE files	Compliance, System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3)	System Summary	Software Packing
Creates files inside the user directory	System Summary	Masquerading
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

URLs

Name

Malicious

http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#

unknown

Details

Name:	http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#
TargetID:	3
From Memory:	true
Current Path:	C:\Users\user\Desktop\Quotation - HDPE Fittings.exe
Source:	Quotation - HDPE Fittings.exe, 00000003.00000002.3229813317.0000000002D16000.00000004.00000800.00020000.00000000.sdmp, Quotation - HDPE Fittings.exe, 00000003.00000002.3233170604.00000000067B2000.00000004.00000020.00020000.00000000.sdmp, Quotation - HDPE Fittings.exe, 00000003.00000002.3228840094.00000000010C0000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

http://ocsp.sectigo.com0A

unknown

Details

Name:	http://ocsp.sectigo.com0A
TargetID:	3
From Memory:	true
Current Path:	C:\Users\user\Desktop\Quotation - HDPE Fittings.exe
Source:	Quotation - HDPE Fittings.exe, 00000003.00000002.3229813317.0000000002D16000.00000004.00000800.00020000.00000000.sdmp, Quotation - HDPE Fittings.exe, 00000003.00000002.3233170604.00000000067B2000.00000004.00000020.00020000.00000000.sdmp, Quotation - HDPE Fittings.exe, 00000003.00000002.3228840094.00000000010C0000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

https://sectigo.com/CPS0

unknown

Details

Name:	https://sectigo.com/CPS0
TargetID:	3
From Memory:	true
Current Path:	C:\Users\user\Desktop\Quotation - HDPE Fittings.exe
Source:	Quotation - HDPE Fittings.exe, 00000003.00000002.3229813317.0000000002D16000.00000004.00000800.00020000.00000000.sdmp, Quotation - HDPE Fittings.exe, 00000003.00000002.3233170604.00000000067B2000.00000004.00000020.00020000.00000000.sdmp, Quotation - HDPE Fittings.exe, 00000003.00000002.3228840094.00000000010C0000.00000004.00000020.00020000.00000000.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

https://account.dyn.com/

unknown

Details

Name:	https://account.dyn.com/
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\Quotation - HDPE Fittings.exe
Source:	Quotation - HDPE Fittings.exe, 00000000.00000002.1993283962.000000000447E000.00000004.00000800.00020000.00000000.sdmp, Quotation - HDPE Fittings.exe, 00000003.00000002.3228561843.0000000000402000.00000040.00000400.00020000.00000000.sdmp
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

http://us2.smtp.mailhostbox.com

unknown

Details

Name:	http://us2.smtp.mailhostbox.com
TargetID:	3
From Memory:	true
Current Path:	C:\Users\user\Desktop\Quotation - HDPE Fittings.exe
Source:	Quotation - HDPE Fittings.exe, 00000003.00000002.3229813317.0000000002D16000.00000004.00000800.00020000.00000000.sdmp
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Domains

Name

Malicious

us2.smtp.mailhostbox.com

208.91.199.225

Details

Name:	us2.smtp.mailhostbox.com
IP:	208.91.199.225
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Sigma detected: Suspicious Outbound SMTP Connections	System Summary
Uses SMTP (mail sending)	Networking	Application Layer Protocol
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

208.91.199.225

us2.smtp.mailhostbox.com

United States

Details

IP:	208.91.199.225
TargetID:	3
Current Path:	C:\Users\user\Desktop\Quotation - HDPE Fittings.exe
Country:	United States
Countrycode:	USA
ASN number:	394695
ASN name:	PUBLIC-DOMAIN-REGISTRYUS
Private:	false
Domain:	us2.smtp.mailhostbox.com

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Sigma detected: Suspicious Outbound SMTP Connections	System Summary
Uses SMTP (mail sending)	Networking	Application Layer Protocol

Memdumps

Base Address

Regiontype

Protect

Malicious

2CC1000

trusted library allocation

page read and write

2D0E000

trusted library allocation

page read and write

402000

remote allocation

page execute and read and write

447E000

trusted library allocation

page read and write

32A1000

trusted library allocation

page read and write

2D39000

trusted library allocation

page read and write

7450000

trusted library section

page read and write

3100000

trusted library allocation

page read and write

67B8000

heap

page read and write

7350000

heap

page read and write

56CE000

stack

page read and write

1A10000

trusted library allocation

page read and write

2D16000

trusted library allocation

page read and write

63F7000

trusted library allocation

page read and write

5750000

trusted library allocation

page read and write

60AE000

stack

page read and write

5710000

trusted library allocation

page read and write

63F0000

trusted library allocation

page read and write

4D9C000

stack

page read and write

5950000

trusted library allocation

page read and write

76CF000

stack

page read and write

69AE000

stack

page read and write

5236000

trusted library allocation

page read and write

318B000

stack

page read and write

5940000

trusted library allocation

page execute and read and write

1340000

heap

page read and write

1028000

heap

page read and write

1150000

trusted library allocation

page read and write

5925000

heap

page read and write

13D2000

heap

page read and write

329F000

stack

page read and write

138B000

trusted library allocation

page execute and read and write

3190000

heap

page execute and read and write

5930000

heap

page read and write

6778000

heap

page read and write

63ED000

stack

page read and write

1057000

heap

page read and write

4CC8000

trusted library allocation

page read and write

56FE000

trusted library allocation

page read and write

5900000

trusted library section

page readonly

5262000

trusted library allocation

page read and write

BA0000

heap

page read and write

7E30000

trusted library allocation

page execute and read and write

1461000

heap

page read and write

62C0000

trusted library allocation

page execute and read and write

68AE000

stack

page read and write

57C0000

trusted library allocation

page execute and read and write

56EB000

trusted library allocation

page read and write

30FA000

trusted library allocation

page read and write

5701000

trusted library allocation

page read and write

5230000

trusted library allocation

page read and write

5200000

trusted library allocation

page execute and read and write

524E000

trusted library allocation

page read and write

63AE000

stack

page read and write

30F0000

trusted library allocation

page read and write

A75E000

stack

page read and write

5210000

trusted library allocation

page read and write

114D000

trusted library allocation

page execute and read and write

3310000

trusted library allocation

page read and write

57E0000

heap

page read and write

13B0000

heap

page read and write

A45E000

stack

page read and write

A85E000

stack

page read and write

5270000

trusted library allocation

page read and write

5220000

trusted library allocation

page read and write

7470000

trusted library allocation

page execute and read and write

19EA000

trusted library allocation

page execute and read and write

7F450000

trusted library allocation

page execute and read and write

5428000

trusted library allocation

page read and write

62B6000

trusted library allocation

page read and write

570D000

trusted library allocation

page read and write

2CAF000

stack

page read and write

568C000

stack

page read and write

1143000

trusted library allocation

page execute and read and write

1385000

trusted library allocation

page execute and read and write

5256000

trusted library allocation

page read and write

42A9000

trusted library allocation

page read and write

5430000

trusted library allocation

page read and write

67B2000

heap

page read and write

139E000

heap

page read and write

5706000

trusted library allocation

page read and write

541C000

stack

page read and write

2D0C000

trusted library allocation

page read and write

6B30000

trusted library allocation

page execute and read and write

52D3000

heap

page read and write

BA5000

heap

page read and write

1370000

heap

page read and write

1099000

heap

page read and write

16DE000

stack

page read and write

13C0000

heap

page read and write

5740000

trusted library allocation

page read and write

1160000

trusted library allocation

page read and write

5251000

trusted library allocation

page read and write

7490000

heap

page read and write

1350000

heap

page read and write

5280000

trusted library allocation

page read and write

5B8D000

stack

page read and write

5B90000

heap

page read and write

100E000

stack

page read and write

78B0000

trusted library section

page read and write

5234000

trusted library allocation

page read and write

13D5000

heap

page read and write

62B0000

trusted library allocation

page read and write

5970000

heap

page execute and read and write

104A000

heap

page read and write

7480000

trusted library allocation

page read and write

4393000

trusted library allocation

page read and write

65AD000

stack

page read and write

314E000

stack

page read and write

EF9000

stack

page read and write

5A80000

heap

page read and write

543C000

trusted library allocation

page read and write

5730000

trusted library allocation

page read and write

52D0000

heap

page read and write

1387000

trusted library allocation

page execute and read and write

1170000

heap

page read and write

B90000

heap

page read and write

139A000

heap

page read and write

5745000

trusted library allocation

page read and write

307E000

stack

page read and write

594E000

stack

page read and write

590E000

stack

page read and write

523B000

trusted library allocation

page read and write

56E0000

trusted library allocation

page read and write

159E000

stack

page read and write

1140000

trusted library allocation

page read and write

57E3000

heap

page read and write

10B0000

heap

page read and write

6B20000

heap

page read and write

67CB000

heap

page read and write

2D42000

trusted library allocation

page read and write

58A0000

trusted library allocation

page read and write

57D0000

trusted library allocation

page read and write

6310000

trusted library allocation

page execute and read and write

19DD000

trusted library allocation

page execute and read and write

3315000

trusted library allocation

page read and write

1144000

trusted library allocation

page read and write

58FB000

stack

page read and write

52E0000

heap

page read and write

2D35000

trusted library allocation

page read and write

103F000

heap

page read and write

525D000

trusted library allocation

page read and write

332D000

trusted library allocation

page read and write

169F000

stack

page read and write

2BAE000

stack

page read and write

523E000

trusted library allocation

page read and write

400000

remote allocation

page execute and read and write

13A0000

trusted library allocation

page read and write

1166000

trusted library allocation

page execute and read and write

1724000

trusted library allocation

page read and write

B80000

heap

page read and write

580E000

stack

page read and write

1110000

heap

page read and write

F4A000

unkown

page readonly

13B8000

heap

page read and write

2CB0000

heap

page execute and read and write

3307000

trusted library allocation

page read and write

1710000

trusted library allocation

page read and write

6AF0000

trusted library allocation

page read and write

1115000

heap

page read and write

5242000

trusted library allocation

page read and write

13C5000

heap

page read and write

116A000

trusted library allocation

page execute and read and write

FD9000

stack

page read and write

5910000

heap

page read and write

A65E000

stack

page read and write

127E000

stack

page read and write

630D000

stack

page read and write

524A000

trusted library allocation

page read and write

51E0000

heap

page read and write

3CC1000

trusted library allocation

page read and write

5BA0000

heap

page read and write

7820000

trusted library allocation

page read and write

1390000

heap

page read and write

19F2000

trusted library allocation

page read and write

10AD000

heap

page read and write

19D3000

trusted library allocation

page read and write

19F7000

trusted library allocation

page execute and read and write

19E0000

trusted library allocation

page read and write

5720000

trusted library allocation

page read and write

1720000

trusted library allocation

page read and write

56E4000

trusted library allocation

page read and write

6CE0000

heap

page read and write

A99E000

stack

page read and write

30A0000

heap

page read and write

1A27000

heap

page read and write

5440000

heap

page execute and read and write

1130000

trusted library allocation

page read and write

5D80000

trusted library allocation

page execute and read and write

19E6000

trusted library allocation

page execute and read and write

6400000

trusted library allocation

page read and write

1A20000

heap

page read and write

19E2000

trusted library allocation

page read and write

1380000

trusted library allocation

page read and write

32E8000

trusted library allocation

page read and write

5920000

heap

page read and write

30EE000

stack

page read and write

5770000

trusted library allocation

page read and write

12F7000

stack

page read and write

19D0000

trusted library allocation

page read and write

1054000

heap

page read and write

172D000

trusted library allocation

page execute and read and write

3CE9000

trusted library allocation

page read and write

57CE000

stack

page read and write

3090000

trusted library allocation

page read and write

EA2000

unkown

page readonly

1382000

trusted library allocation

page read and write

59F0000

trusted library allocation

page read and write

B19000

stack

page read and write

5D90000

trusted library section

page read and write

57B0000

heap

page read and write

5420000

trusted library allocation

page read and write

1730000

heap

page read and write

42A1000

trusted library allocation

page read and write

183F000

stack

page read and write

5BC0000

heap

page read and write

16E0000

heap

page read and write

90DF000

stack

page read and write

3D2A000

trusted library allocation

page read and write

1723000

trusted library allocation

page execute and read and write

8E56000

trusted library allocation

page read and write

5274000

trusted library allocation

page read and write

19FB000

trusted library allocation

page execute and read and write

75CE000

stack

page read and write

5960000

trusted library allocation

page read and write

5712000

trusted library allocation

page read and write

1162000

trusted library allocation

page read and write

7A52000

trusted library allocation

page read and write

148E000

heap

page read and write

19F0000

trusted library allocation

page read and write

2D28000

trusted library allocation

page read and write

A49E000

stack

page read and write

6770000

heap

page read and write

EA0000

unkown

page readonly

A89E000

stack

page read and write

10C0000

heap

page read and write

1020000

heap

page read and write

42F7000

trusted library allocation

page read and write

1375000

heap

page read and write

4345000

trusted library allocation

page read and write

3080000

trusted library allocation

page execute and read and write

4E9E000

stack

page read and write

539C000

stack

page read and write

115D000

trusted library allocation

page execute and read and write

There are 234 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
Quotation - HDPE Fittings.exe

Files

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportQuotation - HDPE Fittings.exe

Files

Processes

URLs

Domains

IPs

Memdumps

IOC Report
Quotation - HDPE Fittings.exe