Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\7xRIr23y7v.exe

"C:\Users\user\Desktop\7xRIr23y7v.exe"

Details

Is windows:	false
Is dropped:	false
PID:	6160
Target ID:	0
Parent PID:	2580
Name:	7xRIr23y7v.exe
Path:	C:\Users\user\Desktop\7xRIr23y7v.exe
Commandline:	"C:\Users\user\Desktop\7xRIr23y7v.exe"
Size:	1087488
MD5:	50C9F9B4FE6C26BE872AFF095E05A981
Time:	07:06:55
Date:	17/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7e0000
Modulesize:	1462272
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Yara detected CobaltStrike	Remote Access Functionality
Yara detected CobaltStrike	Remote Access Functionality
Yara detected CobaltStrike	Remote Access Functionality
Yara detected CobaltStrike	Remote Access Functionality
Yara detected Powershell download and execute	HIPS / PFW / Operating System Protection Evasion
Machine Learning detection for sample	AV Detection
PE file contains sections with non-standard names	Data Obfuscation
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
Submission file is bigger than most known malware samples	System Summary

URLs

Name

Malicious

http://139.196.73.80:9902/WNwA

139.196.73.80

Details

Name:	http://139.196.73.80:9902/WNwA
IP:	139.196.73.80
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\7xRIr23y7v.exe
Source:	network

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
URLs found in memory or binary data	Networking

http://139.196.73.80:9902/dpixel

139.196.73.80

Details

Name:	http://139.196.73.80:9902/dpixel
IP:	139.196.73.80
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\7xRIr23y7v.exe
Source:	network

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
URLs found in memory or binary data	Networking

http://139.196.73.80:9902/WNwAf

unknown

http://127.0.0.1:%u/

unknown

Details

Name:	http://127.0.0.1:%u/
TargetID:	0
From Memory:	true
Current Path:	C:\Users\user\Desktop\7xRIr23y7v.exe
Source:	7xRIr23y7v.exe, 00000000.00000002.2893583367.0000017DEA720000.00000040.00001000.00020000.00000000.sdmp
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

http://139.196.73.80:9902/dpixelp

unknown

IPs

Domain

Country

Malicious

139.196.73.80

unknown

China

Details

IP:	139.196.73.80
TargetID:	0
Current Path:	C:\Users\user\Desktop\7xRIr23y7v.exe
Country:	China
Countrycode:	CHN
ASN number:	37963
ASN name:	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
URLs found in memory or binary data	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

17DEA320000

direct allocation

page execute and read and write

17DEA9A0000

direct allocation

page execute read

17DEA720000

direct allocation

page execute and read and write

17DE2BE0000

direct allocation

page execute and read and write

C0000D4000

direct allocation

page read and write

C00003A000

direct allocation

page read and write

17DE2B60000

direct allocation

page read and write

17DE9EF0000

direct allocation

page read and write

C0000B0000

direct allocation

page read and write

17DE2A6F000

heap

page read and write

C000035000

direct allocation

page read and write

941000

unkown

page readonly

C0000C6000

direct allocation

page read and write

8D5000

unkown

page read and write

17DE2A2C000

heap

page read and write

329B9FE000

stack

page read and write

7E0000

unkown

page readonly

17DE2B80000

direct allocation

page read and write

17DE2AAC000

heap

page read and write

17DEA761000

direct allocation

page execute and read and write

17DE2AC9000

heap

page read and write

940000

unkown

page write copy

C000006000

direct allocation

page read and write

C000016000

direct allocation

page read and write

C0000A8000

direct allocation

page read and write

17DE2B20000

direct allocation

page read and write

940000

unkown

page write copy

C000010000

direct allocation

page read and write

C000090000

direct allocation

page read and write

329B5FF000

stack

page read and write

8E7000

unkown

page read and write

329AFFA000

stack

page read and write

17DE2B29000

direct allocation

page read and write

17DEA76B000

direct allocation

page execute and read and write

329BBFE000

stack

page read and write

17DE2ACA000

heap

page read and write

8DB000

unkown

page write copy

17DE2B62000

direct allocation

page read and write

853000

unkown

page readonly

C000025000

direct allocation

page read and write

17DE2AC6000

heap

page read and write

C000002000

direct allocation

page read and write

8D9000

unkown

page write copy

C00009F000

direct allocation

page read and write

329C7FE000

stack

page read and write

17DE2AC4000

heap

page read and write

17DEA9A1000

direct allocation

page execute and read and write

329C5FF000

stack

page read and write

329B7FF000

stack

page read and write

C000037000

direct allocation

page read and write

8D5000

unkown

page write copy

C00008A000

direct allocation

page read and write

C000030000

direct allocation

page read and write

C0000A2000

direct allocation

page read and write

C000084000

direct allocation

page read and write

C000088000

direct allocation

page read and write

93C000

unkown

page read and write

17DE29C0000

heap

page read and write

C000022000

direct allocation

page read and write

17DEA764000

direct allocation

page execute and read and write

17DE2A71000

heap

page read and write

90E000

unkown

page read and write

853000

unkown

page readonly

329C3F8000

stack

page read and write

C00000C000

direct allocation

page read and write

17DE2AB6000

heap

page read and write

C000012000

direct allocation

page read and write

C0000CB000

direct allocation

page read and write

329C1FD000

stack

page read and write

C000004000

direct allocation

page read and write

17DE29E0000

heap

page read and write

17DE2BA0000

direct allocation

page read and write

C0000D0000

direct allocation

page read and write

17DE2ACE000

heap

page read and write

7E1000

unkown

page execute read

17DE2BF5000

heap

page read and write

941000

unkown

page readonly

17DEA767000

direct allocation

page execute and read and write

C000096000

direct allocation

page read and write

C00001A000

direct allocation

page read and write

17DE2B24000

direct allocation

page read and write

17DE28E0000

heap

page read and write

914000

unkown

page read and write

7E1000

unkown

page execute read

8DA000

unkown

page read and write

C000018000

direct allocation

page read and write

C0000C0000

direct allocation

page read and write

17DE2B2B000

direct allocation

page read and write

7E0000

unkown

page readonly

C000014000

direct allocation

page read and write

17DE2A84000

heap

page read and write

17DEA76D000

direct allocation

page execute and read and write

17DE2A20000

heap

page read and write

C000045000

direct allocation

page read and write

C0000D6000

direct allocation

page read and write

C000027000

direct allocation

page read and write

17DE2BF0000

heap

page read and write

329BDFF000

stack

page read and write

C0000A4000

direct allocation

page read and write

17DE2AC9000

heap

page read and write

C000092000

direct allocation

page read and write

C0000AC000

direct allocation

page read and write

17DE2B70000

direct allocation

page read and write

17DE2ACB000

heap

page read and write

C0000BE000

direct allocation

page read and write

17DEA35E000

direct allocation

page execute and read and write

There are 96 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
7xRIr23y7v.exe

Processes

URLs

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report7xRIr23y7v.exe

Processes

URLs

IPs

Memdumps

IOC Report
7xRIr23y7v.exe