Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

58208 Teklif.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

initial sample

Details

Filetype:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	7.284534608814056
Filename:	58208 Teklif.exe
Filesize:	846344
MD5:	dc59e080bc0be8cee52ec9e79ccc7e82
SHA1:	22d8e9aab959c584acc896bfeed170ffa672f1cb
SHA256:	95e4dd6cc5a341f4440a113e0a832175aa2f5baafd9c7483255a18088e1c2764
SHA512:	7b836760ab575de13b95878a075ff8998e57433d0a7f5b2efb2bc4e3d7c4459e06af9cd71ca19f36913afde5c2b265667658542d892a61ea7f5b17f19d2484e0
SSDEEP:	12288:6rLz6X60UHRoVNDWX4gpBRkZf0E5Vav8V7DcRIqlrTwimh0ndFJkTtlXkR:r67HRi4XLy90E5IUFgIqlrtnzQPC
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f..............0..$...........B... ...`....@.. ....................... ............@................................

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Multi AV Scanner detection for submitted file	AV Detection
.NET source code contains potential unpacker	Data Obfuscation
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Machine Learning detection for sample	AV Detection
Tries to harvest and steal browser information (history, passwords, etc)	Stealing of Sensitive Information	OS Credential Dumping Data from Local System
Tries to steal Mail credentials (via file / registry access)	Stealing of Sensitive Information	Email Collection
Allocates memory with a write watch (potentially for evading sandboxes)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)	Anti Debugging
Contains long sleeps (>= 3 min)	Malware Analysis System Evasion
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion
Detected potential crypto function	System Summary	Archive Collected Data Encrypted Channel
Enables debug privileges	Anti Debugging
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)	Malware Analysis System Evasion
Found inlined nop instructions (likely shell or obfuscated code)	Software Vulnerabilities
May sleep (evasive loops) to hinder dynamic analysis	Malware Analysis System Evasion
PE / OLE file has an invalid certificate	System Summary
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection
Sample file is different than original file name gathered from version info	System Summary
Tries to load missing DLLs	System Summary	DLL Side-Loading
Uses 32bit PE files	Compliance, System Summary	Masquerading
Uses code obfuscation techniques (call, push, ret)	Data Obfuscation
Yara signature match	System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3)	System Summary
.NET source code contains calls to encryption/decryption functions	System Summary	Disable or Modify Tools Deobfuscate/Decode Files or Information
.NET source code contains many API calls related to security	System Summary	Disable or Modify Tools
.NET source code contains many randomly named methods	Data Obfuscation	Disable or Modify Tools
.NET source code contains methods with suspicious names	System Summary	Disable or Modify Tools
Contains medium sleeps (>= 30s)	Malware Analysis System Evasion
Creates files inside the user directory	System Summary	Masquerading
Creates guard pages, often used to prevent reverse engineering and debugging	Anti Debugging	Disable or Modify Tools
Creates mutexes	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Queries a list of all running processes	Malware Analysis System Evasion	Process Discovery
Queries the cryptographic machine GUID	Language, Device and Operating System Detection
Reads software policies	System Summary
SQL strings found in memory and binary data	System Summary
Sample is known by Antivirus	System Summary
URLs found in memory or binary data	Networking
Uses an in-process (OLE) Automation server	System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
Checks if Microsoft Office is installed	System Summary	System Information Discovery
PE file contains a COM descriptor data directory	System Summary
Uses Microsoft Silverlight	System Summary

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\58208 Teklif.exe.log

ASCII text, with CRLF line terminators

dropped

Details

File:	C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\58208 Teklif.exe.log
Category:	dropped
Dump:	58208 Teklif.exe.log.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\58208 Teklif.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	5.34331486778365
Encrypted:	false
Ssdeep:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
Size:	1216
Whitelisted:	false
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
PE / OLE file has an invalid certificate	System Summary
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3)	System Summary	Software Packing
Creates files inside the user directory	System Summary	Masquerading
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
URLs found in memory or binary data	Networking
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\58208 Teklif.exe

"C:\Users\user\Desktop\58208 Teklif.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7436
Target ID:	0
Parent PID:	2592
Name:	58208 Teklif.exe
Path:	C:\Users\user\Desktop\58208 Teklif.exe
Commandline:	"C:\Users\user\Desktop\58208 Teklif.exe"
Size:	846344
MD5:	DC59E080BC0BE8CEE52EC9E79CCC7E82
Time:	13:01:46
Date:	08/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xd40000
Modulesize:	860160
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Yara detected AntiVM3	Malware Analysis System Evasion
Yara detected Snake Keylogger	Stealing of Sensitive Information, Remote Access Functionality
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Machine Learning detection for sample	AV Detection
Yara detected Generic Downloader	Networking
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
PE / OLE file has an invalid certificate	System Summary
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3)	System Summary	Software Packing
Creates files inside the user directory	System Summary	Masquerading
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
Spawns processes	System Summary	Process Injection
URLs found in memory or binary data	Networking
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

C:\Users\user\Desktop\58208 Teklif.exe

"C:\Users\user\Desktop\58208 Teklif.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7580
Target ID:	3
Parent PID:	7436
Name:	58208 Teklif.exe
Path:	C:\Users\user\Desktop\58208 Teklif.exe
Commandline:	"C:\Users\user\Desktop\58208 Teklif.exe"
Size:	846344
MD5:	DC59E080BC0BE8CEE52EC9E79CCC7E82
Time:	13:01:47
Date:	08/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xb40000
Modulesize:	860160
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Yara detected AntiVM3	Malware Analysis System Evasion
Yara detected Snake Keylogger	Stealing of Sensitive Information, Remote Access Functionality
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Machine Learning detection for sample	AV Detection
Yara detected Generic Downloader	Networking
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
PE / OLE file has an invalid certificate	System Summary
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3)	System Summary	Software Packing
Creates files inside the user directory	System Summary	Masquerading
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
Spawns processes	System Summary	Process Injection
URLs found in memory or binary data	Networking
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

URLs

Name

Malicious

https://scratchdreams.tk

unknown

http://checkip.dyndns.org/

193.122.130.0

http://tempuri.org/DataSet1.xsdCEscolha

unknown

http://checkip.dyndns.org/q

unknown

http://reallyfreegeoip.org

unknown

https://reallyfreegeoip.org

unknown

https://scratchdreams.tk/_send_.php?TS

172.67.169.18

http://checkip.dyndns.org

unknown

http://checkip.dyndns.com

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

unknown

https://www.chiark.greenend.org.uk/~sgtatham/putty/0

unknown

https://reallyfreegeoip.org/xml/102.129.152.231$

unknown

http://scratchdreams.tk

unknown

https://reallyfreegeoip.org/xml/102.129.152.231

104.21.67.152

https://reallyfreegeoip.org/xml/

unknown

There are 5 hidden URLs, click here to show them.

Domains

Name

Malicious

scratchdreams.tk

172.67.169.18

Details

Name:	scratchdreams.tk
IP:	172.67.169.18
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
HTTP GET or POST without a user agent	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

checkip.dyndns.org

unknown

Details

Name:	checkip.dyndns.org
TargetID:	-1

Signature Hits	Behavior Group	Mitre Attack
May check the online IP address of the machine	Networking	System Network Configuration Discovery
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

reallyfreegeoip.org

104.21.67.152

Details

Name:	reallyfreegeoip.org
IP:	104.21.67.152
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
HTTP GET or POST without a user agent	Networking
Uses insecure TLS / SSL version for HTTPS connection	Compliance, Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
URLs found in memory or binary data	Networking

checkip.dyndns.com

193.122.130.0

IPs

Domain

Country

Malicious

172.67.169.18

scratchdreams.tk

United States

Details

IP:	172.67.169.18
TargetID:	3
Current Path:	C:\Users\user\Desktop\58208 Teklif.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	scratchdreams.tk

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

104.21.67.152

reallyfreegeoip.org

United States

Details

IP:	104.21.67.152
TargetID:	3
Current Path:	C:\Users\user\Desktop\58208 Teklif.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	reallyfreegeoip.org

Signature Hits	Behavior Group	Mitre Attack
Uses insecure TLS / SSL version for HTTPS connection	Compliance, Networking

193.122.130.0

checkip.dyndns.com

United States

Registry

Path

Value

Malicious

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\58208 Teklif_RASAPI32

EnableFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\58208 Teklif_RASAPI32

EnableAutoFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\58208 Teklif_RASAPI32

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\58208 Teklif_RASAPI32

FileTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\58208 Teklif_RASAPI32

ConsoleTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\58208 Teklif_RASAPI32

MaxFileSize

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\58208 Teklif_RASAPI32

FileDirectory

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\58208 Teklif_RASMANCS

EnableFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\58208 Teklif_RASMANCS

EnableAutoFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\58208 Teklif_RASMANCS

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\58208 Teklif_RASMANCS

FileTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\58208 Teklif_RASMANCS

ConsoleTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\58208 Teklif_RASMANCS

MaxFileSize

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\58208 Teklif_RASMANCS

FileDirectory

There are 5 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

438E000

trusted library allocation

page read and write

2EE1000

trusted library allocation

page read and write

402000

remote allocation

page execute and read and write

187E000

stack

page read and write

5770000

heap

page read and write

5A80000

trusted library allocation

page read and write

2FAA000

trusted library allocation

page read and write

EAA000

stack

page read and write

31B1000

trusted library allocation

page read and write

674F000

stack

page read and write

1527000

trusted library allocation

page execute and read and write

3035000

trusted library allocation

page read and write

1895000

trusted library allocation

page read and write

5AD0000

trusted library section

page read and write

400000

remote allocation

page execute and read and write

113A000

heap

page read and write

6C30000

trusted library allocation

page read and write

58C0000

trusted library section

page readonly

58F0000

trusted library allocation

page execute and read and write

183F000

trusted library allocation

page read and write

320C000

trusted library allocation

page read and write

688D000

stack

page read and write

11FE000

heap

page read and write

5B20000

heap

page read and write

1100000

trusted library allocation

page read and write

1306000

heap

page read and write

18C0000

heap

page read and write

54EE000

stack

page read and write

2FD6000

trusted library allocation

page read and write

30A2000

trusted library allocation

page read and write

3F4C000

trusted library allocation

page read and write

6BEB000

trusted library allocation

page read and write

2E7E000

trusted library allocation

page read and write

321B000

trusted library allocation

page read and write

314C000

trusted library allocation

page read and write

12D0000

heap

page read and write

A3CE000

stack

page read and write

14FD000

trusted library allocation

page execute and read and write

17D0000

trusted library allocation

page read and write

13EB000

trusted library allocation

page execute and read and write

31EE000

trusted library allocation

page read and write

5830000

trusted library allocation

page read and write

5630000

trusted library allocation

page read and write

13E7000

trusted library allocation

page execute and read and write

10D0000

trusted library allocation

page read and write

41B9000

trusted library allocation

page read and write

2FC3000

trusted library allocation

page read and write

5D10000

trusted library allocation

page read and write

CA9000

stack

page read and write

58BB000

stack

page read and write

58E0000

heap

page read and write

742E000

stack

page read and write

1085000

heap

page read and write

2E8D000

trusted library allocation

page read and write

1520000

trusted library allocation

page read and write

3059000

trusted library allocation

page read and write

10E3000

trusted library allocation

page execute and read and write

10FD000

trusted library allocation

page execute and read and write

4FDE000

stack

page read and write

3F67000

trusted library allocation

page read and write

3025000

trusted library allocation

page read and write

2FED000

trusted library allocation

page read and write

1830000

trusted library allocation

page read and write

2FE5000

trusted library allocation

page read and write

115F000

heap

page read and write

6CE0000

trusted library allocation

page execute and read and write

4255000

trusted library allocation

page read and write

30CC000

trusted library allocation

page read and write

13E5000

trusted library allocation

page execute and read and write

1210000

heap

page read and write

17C0000

trusted library allocation

page read and write

6A0E000

stack

page read and write

5B00000

heap

page read and write

1420000

heap

page read and write

78F2000

trusted library allocation

page read and write

53E0000

heap

page read and write

6C3B000

trusted library allocation

page read and write

5A70000

trusted library allocation

page read and write

3021000

trusted library allocation

page read and write

7430000

heap

page read and write

1102000

trusted library allocation

page read and write

5A87000

trusted library allocation

page read and write

D40000

unkown

page readonly

D42000

unkown

page readonly

3090000

trusted library allocation

page read and write

1522000

trusted library allocation

page read and write

6C20000

trusted library allocation

page read and write

5925000

heap

page read and write

4207000

trusted library allocation

page read and write

DA7000

stack

page read and write

5656000

trusted library allocation

page read and write

14F4000

trusted library allocation

page read and write

732E000

stack

page read and write

690E000

stack

page read and write

5783000

heap

page read and write

316E000

stack

page read and write

A5CE000

stack

page read and write

136B000

heap

page read and write

5D30000

trusted library allocation

page read and write

2F98000

trusted library allocation

page read and write

41B1000

trusted library allocation

page read and write

1550000

trusted library allocation

page execute and read and write

2ED0000

heap

page execute and read and write

6BD0000

trusted library allocation

page execute and read and write

10E4000

trusted library allocation

page read and write

6C00000

trusted library allocation

page execute and read and write

30B0000

trusted library allocation

page read and write

5780000

heap

page read and write

1230000

heap

page read and write

1540000

trusted library allocation

page read and write

5A89000

trusted library allocation

page read and write

1890000

trusted library allocation

page read and write

3029000

trusted library allocation

page read and write

14E0000

trusted library allocation

page read and write

301D000

trusted library allocation

page read and write

1503000

trusted library allocation

page read and write

177E000

stack

page read and write

318A000

trusted library allocation

page read and write

1080000

heap

page read and write

53E3000

heap

page read and write

5820000

heap

page execute and read and write

3EE1000

trusted library allocation

page read and write

2D5E000

stack

page read and write

150D000

trusted library allocation

page execute and read and write

A7CE000

stack

page read and write

17E0000

heap

page read and write

5836000

trusted library allocation

page read and write

315B000

trusted library allocation

page read and write

52EC000

stack

page read and write

DC6000

unkown

page readonly

303D000

trusted library allocation

page read and write

15FE000

stack

page read and write

12F9000

heap

page read and write

17BE000

stack

page read and write

2EB0000

trusted library allocation

page read and write

592E000

stack

page read and write

5840000

trusted library allocation

page execute and read and write

2E6E000

trusted library allocation

page read and write

67B0000

heap

page read and write

14A0000

heap

page read and write

1118000

heap

page read and write

3F09000

trusted library allocation

page read and write

1389000

heap

page read and write

6C40000

trusted library allocation

page read and write

304B000

trusted library allocation

page read and write

6BCF000

stack

page read and write

5930000

trusted library allocation

page read and write

105E000

stack

page read and write

1600000

heap

page read and write

1311000

heap

page read and write

3188000

trusted library allocation

page read and write

5590000

heap

page read and write

A6CE000

stack

page read and write

5320000

trusted library allocation

page read and write

315F000

trusted library allocation

page read and write

5A4E000

stack

page read and write

3138000

trusted library allocation

page read and write

14F3000

trusted library allocation

page execute and read and write

13E2000

trusted library allocation

page read and write

2E7A000

trusted library allocation

page read and write

3156000

trusted library allocation

page read and write

31A0000

heap

page execute and read and write

5C1E000

heap

page read and write

1010000

heap

page read and write

2FD8000

trusted library allocation

page read and write

2F95000

trusted library allocation

page read and write

77DE000

stack

page read and write

1510000

trusted library allocation

page read and write

42A3000

trusted library allocation

page read and write

3232000

trusted library allocation

page read and write

302D000

trusted library allocation

page read and write

1500000

trusted library allocation

page read and write

DCA000

unkown

page readonly

3074000

trusted library allocation

page read and write

10ED000

trusted library allocation

page execute and read and write

18A0000

trusted library allocation

page read and write

10E0000

trusted library allocation

page read and write

6BF0000

trusted library allocation

page execute and read and write

1313000

heap

page read and write

664E000

stack

page read and write

904E000

stack

page read and write

3F70000

trusted library allocation

page read and write

313D000

trusted library allocation

page read and write

3195000

trusted library allocation

page read and write

3039000

trusted library allocation

page read and write

2F90000

trusted library allocation

page read and write

5832000

trusted library allocation

page read and write

3170000

trusted library allocation

page read and write

2D70000

heap

page read and write

2E60000

trusted library allocation

page read and write

2FE9000

trusted library allocation

page read and write

7790000

trusted library allocation

page execute and read and write

3182000

trusted library allocation

page read and write

30CE000

trusted library allocation

page read and write

67CD000

heap

page read and write

2EA4000

trusted library allocation

page read and write

31C5000

trusted library allocation

page read and write

3143000

trusted library allocation

page read and write

3031000

trusted library allocation

page read and write

7150000

heap

page read and write

58D0000

heap

page read and write

7442000

heap

page read and write

7D40000

trusted library section

page read and write

1560000

trusted library allocation

page read and write

68CE000

stack

page read and write

1570000

heap

page read and write

10A0000

heap

page read and write

2E6B000

trusted library allocation

page read and write

5A8C000

trusted library allocation

page read and write

6BE0000

trusted library allocation

page read and write

51EC000

stack

page read and write

5651000

trusted library allocation

page read and write

167F000

stack

page read and write

5920000

heap

page read and write

110A000

trusted library allocation

page execute and read and write

1400000

trusted library allocation

page read and write

12DE000

heap

page read and write

1516000

trusted library allocation

page execute and read and write

2EA0000

trusted library allocation

page read and write

5910000

trusted library section

page read and write

12DA000

heap

page read and write

5B40000

heap

page read and write

2D1E000

stack

page read and write

318F000

trusted library allocation

page read and write

565D000

trusted library allocation

page read and write

13E0000

trusted library allocation

page read and write

1835000

trusted library allocation

page read and write

538D000

stack

page read and write

127E000

stack

page read and write

1220000

heap

page read and write

182E000

stack

page read and write

3F7D000

trusted library allocation

page read and write

5850000

trusted library allocation

page read and write

5940000

heap

page execute and read and write

12BD000

stack

page read and write

6C10000

trusted library allocation

page read and write

6C70000

heap

page read and write

2FA8000

trusted library allocation

page read and write

1410000

trusted library allocation

page execute and read and write

2E72000

trusted library allocation

page read and write

1106000

trusted library allocation

page execute and read and write

2D60000

trusted library allocation

page read and write

11CC000

heap

page read and write

8DC7000

trusted library allocation

page read and write

1146000

heap

page read and write

5A90000

trusted library allocation

page execute and read and write

2E81000

trusted library allocation

page read and write

152B000

trusted library allocation

page execute and read and write

3093000

trusted library allocation

page read and write

5AE0000

trusted library allocation

page read and write

563B000

trusted library allocation

page read and write

2FE1000

trusted library allocation

page read and write

131E000

stack

page read and write

FA7000

stack

page read and write

10F0000

trusted library allocation

page read and write

1225000

heap

page read and write

1060000

heap

page read and write

5C10000

heap

page read and write

2E66000

trusted library allocation

page read and write

6ACE000

stack

page read and write

6750000

heap

page read and write

5B10000

heap

page read and write

1110000

heap

page read and write

6C2E000

trusted library allocation

page read and write

5AF0000

trusted library allocation

page execute and read and write

18C7000

heap

page read and write

3066000

trusted library allocation

page read and write

67BB000

heap

page read and write

564E000

trusted library allocation

page read and write

151A000

trusted library allocation

page execute and read and write

2E86000

trusted library allocation

page read and write

135E000

stack

page read and write

14F0000

trusted library allocation

page read and write

There are 263 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
58208 Teklif.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report58208 Teklif.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
58208 Teklif.exe