Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

initial sample

Details

Filetype:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	7.964847684361756
Filename:	SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe
Filesize:	680448
MD5:	f4babeed860c7952cb00bae31c4bfa54
SHA1:	c818efd3d709df2baa44767b1332bb2df045f7a8
SHA256:	ef171f71804fe96bf375379c691e1f93b3fe38a3535b24f8f19d104e5eecf7aa
SHA512:	d5f5ab36fc76b4c4bb59acf32c6dc5affaf53062168a74f5695d6e29e901e0f96d3826d819c90f03e7b70cab0d33a4d4f3686a8b5a4749b7545fded848fd3a8b
SSDEEP:	12288:ejIBUOFFIJJzbCU6WQjXgoCxXU7pKa+aGzPPH44FZVEJJM3NrYK:2I1vsJPF6jC5U7pn+VJ5CJAX
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Q f.................>...".......\... ........@.. ....................................@................................

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Malicious sample detected (through community Yara rule)	System Summary
Multi AV Scanner detection for submitted file	AV Detection
.NET source code contains potential unpacker	Data Obfuscation
.NET source code contains very large array initializations	System Summary	Disable or Modify Tools
Contains functionality to log keystrokes (.Net Source)	Key, Mouse, Clipboard, Microphone and Screen Capturing	Input Capture
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion
Machine Learning detection for sample	AV Detection
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)	Malware Analysis System Evasion	Windows Management Instrumentation Virtualization/Sandbox Evasion Security Software Discovery
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)	Stealing of Sensitive Information	Credentials in Registry
Tries to harvest and steal browser information (history, passwords, etc)	Stealing of Sensitive Information	OS Credential Dumping Data from Local System
Tries to steal Mail credentials (via file / registry access)	Stealing of Sensitive Information	Email Collection
Allocates memory with a write watch (potentially for evading sandboxes)	Malware Analysis System Evasion
Contains long sleeps (>= 3 min)	Malware Analysis System Evasion
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion
Detected potential crypto function	System Summary	Archive Collected Data Encrypted Channel
Enables debug privileges	Anti Debugging
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)	Malware Analysis System Evasion
Found inlined nop instructions (likely shell or obfuscated code)	Software Vulnerabilities
May sleep (evasive loops) to hinder dynamic analysis	Malware Analysis System Evasion
Monitors certain registry keys / values for changes (often done to protect autostart functionality)	Hooking and other Techniques for Hiding and Protection	Query Registry
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)	Malware Analysis System Evasion
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary	Masquerading
Uses code obfuscation techniques (call, push, ret)	Data Obfuscation	Obfuscated Files or Information
Yara signature match	System Summary
Binary may include packed or encrypted code	Data Obfuscation	Software Packing
PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3)	System Summary
.NET source code contains calls to encryption/decryption functions	System Summary	Disable or Modify Tools Deobfuscate/Decode Files or Information
.NET source code contains many API calls related to security	System Summary	Disable or Modify Tools
.NET source code contains many randomly named methods	Data Obfuscation	Disable or Modify Tools
Contains medium sleeps (>= 30s)	Malware Analysis System Evasion
Creates files inside the user directory	System Summary	Masquerading
Creates guard pages, often used to prevent reverse engineering and debugging	Anti Debugging	Disable or Modify Tools
Creates mutexes	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Queries a list of all running processes	Malware Analysis System Evasion	Process Discovery
Queries process information (via WMI, Win32_Process)	System Summary
Queries the cryptographic machine GUID	Language, Device and Operating System Detection
Reads ini files	System Summary	File and Directory Discovery
Reads software policies	System Summary
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
Tries to load missing DLLs	System Summary	DLL Side-Loading
URLs found in memory or binary data	Networking
Uses an in-process (OLE) Automation server	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
Checks if Microsoft Office is installed	System Summary	System Information Discovery
PE file contains a COM descriptor data directory	System Summary
Uses Microsoft Silverlight	System Summary

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.log

CSV text

dropped

Details

File:	C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.log
Category:	dropped
Dump:	SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.log.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe
Type:	CSV text
Entropy:	5.342567089024067
Encrypted:	false
Ssdeep:	48:MxHKlYHKh3ouHgJHreylEHMHKo/tHo6hAHKzeRHKx1qHKHxvj:iqlYqh3ou0aymsqwtI6eqzqqxwqRb
Size:	2056
Whitelisted:	false
Reputation:	moderate

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3)	System Summary	Software Packing
Creates files inside the user directory	System Summary	Masquerading
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe

"C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe"

Details

Is windows:	false
Is dropped:	false
PID:	5860
Target ID:	0
Parent PID:	1028
Name:	SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe"
Size:	680448
MD5:	F4BABEED860C7952CB00BAE31C4BFA54
Time:	03:33:56
Date:	18/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xb50000
Modulesize:	696320
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Yara detected AgentTesla	Stealing of Sensitive Information, Remote Access Functionality
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Machine Learning detection for sample	AV Detection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Sigma detected: Suspicious Outbound SMTP Connections	System Summary
Uses 32bit PE files	Compliance, System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3)	System Summary	Software Packing
Creates files inside the user directory	System Summary	Masquerading
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
Spawns processes	System Summary	Process Injection
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe

"C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe"

Details

Is windows:	false
Is dropped:	false
PID:	2136
Target ID:	3
Parent PID:	5860
Name:	SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe"
Size:	680448
MD5:	F4BABEED860C7952CB00BAE31C4BFA54
Time:	03:33:59
Date:	18/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x980000
Modulesize:	696320
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Yara detected AgentTesla	Stealing of Sensitive Information, Remote Access Functionality
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Machine Learning detection for sample	AV Detection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Sigma detected: Suspicious Outbound SMTP Connections	System Summary
Uses 32bit PE files	Compliance, System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3)	System Summary	Software Packing
Creates files inside the user directory	System Summary	Masquerading
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
Spawns processes	System Summary	Process Injection
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

URLs

Name

Malicious

https://api.ipify.org/

104.26.13.205

http://mail.alkuwaiti.com

unknown

http://r3.o.lencr.org0

unknown

https://api.ipify.org

unknown

https://account.dyn.com/

unknown

https://api.ipify.org/t

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

unknown

http://x1.c.lencr.org/0

unknown

http://x1.i.lencr.org/0

unknown

http://r3.i.lencr.org/0

unknown

Domains

Name

Malicious

mail.alkuwaiti.com

50.87.219.149

Details

Name:	mail.alkuwaiti.com
IP:	50.87.219.149
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Sigma detected: Suspicious Outbound SMTP Connections	System Summary
Uses SMTP (mail sending)	Networking	Application Layer Protocol
URLs found in memory or binary data	Networking

api.ipify.org

104.26.13.205

Details

Name:	api.ipify.org
IP:	104.26.13.205
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
May check the online IP address of the machine	Networking	System Network Configuration Discovery
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

IPs

Domain

Country

Malicious

50.87.219.149

mail.alkuwaiti.com

United States

Details

IP:	50.87.219.149
TargetID:	3
Current Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe
Country:	United States
Countrycode:	USA
ASN number:	46606
ASN name:	UNIFIEDLAYER-AS-1US
Private:	false
Domain:	mail.alkuwaiti.com

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Sigma detected: Suspicious Outbound SMTP Connections	System Summary
Uses SMTP (mail sending)	Networking	Application Layer Protocol

104.26.13.205

api.ipify.org

United States

Details

IP:	104.26.13.205
TargetID:	3
Current Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	api.ipify.org

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

Registry

Path

Value

Malicious

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASAPI32

EnableFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASAPI32

EnableAutoFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASAPI32

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASAPI32

FileTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASAPI32

ConsoleTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASAPI32

MaxFileSize

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASAPI32

FileDirectory

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASMANCS

EnableFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASMANCS

EnableAutoFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASMANCS

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASMANCS

FileTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASMANCS

ConsoleTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASMANCS

MaxFileSize

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASMANCS

FileDirectory

There are 5 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

4E04000

trusted library allocation

page read and write

2DC1000

trusted library allocation

page read and write

2DF4000

trusted library allocation

page read and write

402000

remote allocation

page execute and read and write

2DEC000

trusted library allocation

page read and write

4AA6000

trusted library allocation

page read and write

746E000

stack

page read and write

69E0000

trusted library allocation

page execute and read and write

67B1000

heap

page read and write

65AF000

stack

page read and write

56D0000

trusted library section

page read and write

30B0000

heap

page read and write

5233000

heap

page read and write

1000000

heap

page read and write

6970000

trusted library allocation

page read and write

55EA000

heap

page read and write

E9CE000

stack

page read and write

2D60000

heap

page read and write

115F000

heap

page read and write

5B20000

trusted library allocation

page read and write

5950000

heap

page read and write

5D50000

heap

page read and write

3D99000

trusted library allocation

page read and write

6E50000

trusted library allocation

page read and write

E88E000

stack

page read and write

F6D000

trusted library allocation

page execute and read and write

5940000

trusted library section

page readonly

10F0000

trusted library allocation

page read and write

78A5000

trusted library allocation

page read and write

5C70000

trusted library allocation

page read and write

575E000

stack

page read and write

108A000

trusted library allocation

page execute and read and write

51F0000

trusted library allocation

page read and write

1097000

trusted library allocation

page execute and read and write

1390000

trusted library allocation

page execute and read and write

FE2000

heap

page read and write

1115000

trusted library allocation

page execute and read and write

7410000

trusted library allocation

page read and write

51B6000

trusted library allocation

page read and write

1710000

trusted library allocation

page read and write

6A8F000

stack

page read and write

5678000

heap

page read and write

EE4F000

stack

page read and write

3DD6000

trusted library allocation

page read and write

3090000

trusted library allocation

page read and write

6980000

trusted library allocation

page read and write

10E0000

trusted library allocation

page read and write

B5D0000

trusted library section

page read and write

78C0000

trusted library allocation

page execute and read and write

51BE000

trusted library allocation

page read and write

58A4000

trusted library allocation

page read and write

308B000

stack

page read and write

58AB000

trusted library allocation

page read and write

58BE000

trusted library allocation

page read and write

3D71000

trusted library allocation

page read and write

1450000

heap

page read and write

40C1000

trusted library allocation

page read and write

51D6000

trusted library allocation

page read and write

5CB0000

trusted library allocation

page read and write

1070000

trusted library allocation

page read and write

E65000

heap

page read and write

1147000

heap

page read and write

1100000

trusted library allocation

page read and write

5B85000

heap

page read and write

FA8000

heap

page read and write

6EB0000

trusted library allocation

page execute and read and write

5657000

heap

page read and write

F60000

trusted library allocation

page read and write

EE8D000

stack

page read and write

1390000

trusted library allocation

page execute and read and write

2E06000

trusted library allocation

page read and write

108E000

stack

page read and write

10E4000

trusted library allocation

page read and write

6AE0000

trusted library allocation

page read and write

5970000

trusted library allocation

page execute and read and write

58D2000

trusted library allocation

page read and write

5B1D000

stack

page read and write

1120000

heap

page read and write

5B60000

heap

page read and write

64AD000

stack

page read and write

1095000

trusted library allocation

page execute and read and write

109B000

trusted library allocation

page execute and read and write

E60000

heap

page read and write

2DE6000

trusted library allocation

page read and write

1102000

trusted library allocation

page read and write

51CA000

trusted library allocation

page read and write

40C9000

trusted library allocation

page read and write

107D000

trusted library allocation

page execute and read and write

102B000

heap

page read and write

1340000

trusted library allocation

page read and write

55A5000

trusted library allocation

page read and write

58D0000

trusted library allocation

page read and write

14BF000

stack

page read and write

585E000

stack

page read and write

51B0000

trusted library allocation

page read and write

40CD000

trusted library allocation

page read and write

1300000

trusted library allocation

page read and write

6EA0000

heap

page read and write

4DC7000

trusted library allocation

page read and write

5FEE000

stack

page read and write

5380000

heap

page execute and read and write

EC0D000

stack

page read and write

112E000

heap

page read and write

622D000

stack

page read and write

F64000

trusted library allocation

page read and write

646E000

stack

page read and write

7A02000

trusted library allocation

page read and write

2DFF000

trusted library allocation

page read and write

561E000

stack

page read and write

400000

remote allocation

page execute and read and write

1090000

trusted library allocation

page read and write

4E6E000

stack

page read and write

2CFE000

stack

page read and write

11F5000

heap

page read and write

694F000

stack

page read and write

102F000

heap

page read and write

EC10000

heap

page read and write

EF8E000

stack

page read and write

111B000

trusted library allocation

page execute and read and write

6960000

trusted library allocation

page read and write

5790000

heap

page execute and read and write

66EE000

stack

page read and write

10B0000

heap

page read and write

1747000

heap

page read and write

FA5000

heap

page read and write

559E000

stack

page read and write

5200000

trusted library allocation

page read and write

55A0000

trusted library allocation

page read and write

13B8000

trusted library allocation

page read and write

B50000

unkown

page readonly

5240000

heap

page read and write

740B000

trusted library allocation

page read and write

33E8000

trusted library allocation

page read and write

1720000

heap

page read and write

2EF8000

trusted library allocation

page read and write

7400000

trusted library allocation

page read and write

2D3C000

stack

page read and write

69D0000

heap

page read and write

58A0000

trusted library allocation

page read and write

1005000

heap

page read and write

2DE8000

trusted library allocation

page read and write

30C1000

trusted library allocation

page read and write

F50000

trusted library allocation

page read and write

5CA0000

trusted library section

page read and write

69CE000

stack

page read and write

1039000

heap

page read and write

E68E000

stack

page read and write

51D1000

trusted library allocation

page read and write

49BB000

trusted library allocation

page read and write

138C000

stack

page read and write

1740000

heap

page read and write

5C50000

trusted library section

page read and write

ABA000

stack

page read and write

1110000

trusted library allocation

page read and write

571E000

stack

page read and write

5230000

heap

page read and write

51BB000

trusted library allocation

page read and write

55C0000

heap

page read and write

31C3000

trusted library allocation

page read and write

756F000

stack

page read and write

E6CE000

stack

page read and write

EACE000

stack

page read and write

5780000

trusted library allocation

page read and write

F63000

trusted library allocation

page execute and read and write

2DB1000

trusted library allocation

page read and write

1086000

trusted library allocation

page execute and read and write

7F6B0000

trusted library allocation

page execute and read and write

78A0000

trusted library allocation

page read and write

2D50000

trusted library allocation

page read and write

102D000

heap

page read and write

58CD000

trusted library allocation

page read and write

65EE000

stack

page read and write

51CE000

trusted library allocation

page read and write

55CC000

stack

page read and write

6AE7000

trusted library allocation

page read and write

FF0000

heap

page read and write

55D7000

heap

page read and write

5CC0000

heap

page read and write

10FD000

trusted library allocation

page execute and read and write

EB0D000

stack

page read and write

33E6000

trusted library allocation

page read and write

7420000

trusted library allocation

page execute and read and write

104E000

stack

page read and write

110A000

trusted library allocation

page execute and read and write

5B50000

heap

page read and write

10F6000

trusted library allocation

page read and write

10A0000

heap

page read and write

F8E000

heap

page read and write

1730000

heap

page execute and read and write

5960000

heap

page read and write

5654000

heap

page read and write

334F000

trusted library allocation

page read and write

636D000

stack

page read and write

13B0000

heap

page read and write

E20000

heap

page read and write

55D0000

heap

page read and write

F78000

heap

page read and write

7FB30000

trusted library allocation

page execute and read and write

30A0000

trusted library allocation

page read and write

6710000

heap

page read and write

BB8000

stack

page read and write

562F000

heap

page read and write

58E0000

trusted library allocation

page read and write

632E000

stack

page read and write

51C2000

trusted library allocation

page read and write

1092000

trusted library allocation

page read and write

E30000

heap

page read and write

1112000

trusted library allocation

page read and write

6AD0000

trusted library allocation

page read and write

F9A000

heap

page read and write

58C6000

trusted library allocation

page read and write

55B0000

trusted library allocation

page read and write

ED4E000

stack

page read and write

537C000

stack

page read and write

6752000

heap

page read and write

10E3000

trusted library allocation

page execute and read and write

6E90000

heap

page read and write

5C90000

trusted library section

page read and write

15BE000

stack

page read and write

16C0000

trusted library allocation

page read and write

5D5E000

heap

page read and write

138E000

stack

page read and write

134E000

stack

page read and write

13A0000

heap

page execute and read and write

10ED000

trusted library allocation

page execute and read and write

6789000

heap

page read and write

5669000

heap

page read and write

1161000

heap

page read and write

6E60000

trusted library allocation

page read and write

1457000

heap

page read and write

2DAF000

trusted library allocation

page read and write

55FE000

heap

page read and write

2DEA000

trusted library allocation

page read and write

697D000

trusted library allocation

page read and write

2DA7000

trusted library allocation

page read and write

1106000

trusted library allocation

page execute and read and write

51E2000

trusted library allocation

page read and write

589E000

stack

page read and write

E98E000

stack

page read and write

5CC5000

heap

page read and write

1117000

trusted library allocation

page execute and read and write

5672000

heap

page read and write

1082000

trusted library allocation

page read and write

6968000

trusted library allocation

page read and write

55C4000

heap

page read and write

1080000

trusted library allocation

page read and write

E8A000

stack

page read and write

51DD000

trusted library allocation

page read and write

5B40000

heap

page read and write

13A0000

trusted library allocation

page read and write

69F0000

trusted library allocation

page execute and read and write

496D000

trusted library allocation

page read and write

2D71000

trusted library allocation

page read and write

684E000

stack

page read and write

6714000

heap

page read and write

5770000

trusted library allocation

page execute and read and write

6987000

trusted library allocation

page read and write

F70000

heap

page read and write

B52000

unkown

page readonly

16BE000

stack

page read and write

589E000

stack

page read and write

2DBD000

trusted library allocation

page read and write

58C1000

trusted library allocation

page read and write

593B000

stack

page read and write

5930000

heap

page read and write

F86000

stack

page read and write

491F000

trusted library allocation

page read and write

10D0000

trusted library allocation

page read and write

2D40000

trusted library allocation

page read and write

5616000

heap

page read and write

There are 260 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportSecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe