Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\file.exe

"C:\Users\user\Desktop\file.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7420
Target ID:	0
Parent PID:	2580
Name:	file.exe
Path:	C:\Users\user\Desktop\file.exe
Commandline:	"C:\Users\user\Desktop\file.exe"
Size:	1231984
MD5:	8C9287EF35644CC0B67A4B8000D38CE8
Time:	15:03:56
Date:	20/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xa50000
Modulesize:	1245184
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Yara detected RedLine Stealer	Stealing of Sensitive Information, Remote Access Functionality
Machine Learning detection for sample	AV Detection
PE / OLE file has an invalid certificate	System Summary
PE file contains an invalid checksum	Data Obfuscation
PE file contains sections with non-standard names	Data Obfuscation
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Spawns processes	System Summary	Process Injection
URLs found in memory or binary data	Networking
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a mix of data directories often seen in goodware	System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

Details

Is windows:	true
Is dropped:	false
PID:	7440
Target ID:	1
Parent PID:	7420
Name:	RegAsm.exe
Class:	system-tools
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Size:	65440
MD5:	0D5DF43AF2916F47D00C1573797C1A13
Time:	15:03:56
Date:	20/04/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x410000
Modulesize:	73728
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Yara detected RedLine Stealer	Stealing of Sensitive Information, Remote Access Functionality
Allocates memory in foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Yara detected Credential Stealer	Stealing of Sensitive Information
Spawns processes	System Summary	Process Injection

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

Details

Is windows:	true
Is dropped:	false
PID:	7448
Target ID:	2
Parent PID:	7420
Name:	RegAsm.exe
Class:	system-tools
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Size:	65440
MD5:	0D5DF43AF2916F47D00C1573797C1A13
Time:	15:03:56
Date:	20/04/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x740000
Modulesize:	73728
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Yara detected RedLine Stealer	Stealing of Sensitive Information, Remote Access Functionality
Allocates memory in foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Yara detected Credential Stealer	Stealing of Sensitive Information
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

5.42.65.50:33080

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text

unknown

http://schemas.xmlsoap.org/ws/2005/02/sc/sct

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk

unknown

http://tempuri.org/Entity/Id14ResponseD

unknown

http://tempuri.org/Entity/Id23ResponseD

unknown

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary

unknown

http://tempuri.org/Entity/Id12Response

unknown

http://tempuri.org/

unknown

http://tempuri.org/Entity/Id2Response

unknown

http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1

unknown

http://tempuri.org/Entity/Id21Response

unknown

http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap

unknown

http://tempuri.org/Entity/Id9

unknown

http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID

unknown

http://tempuri.org/Entity/Id8

unknown

http://tempuri.org/Entity/Id6ResponseD

unknown

http://tempuri.org/Entity/Id5

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare

unknown

http://tempuri.org/Entity/Id4

unknown

http://tempuri.org/Entity/Id7

unknown

http://tempuri.org/Entity/Id6

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret

unknown

http://tempuri.org/Entity/Id19Response

unknown

http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence

unknown

http://tempuri.org/Entity/Id13ResponseD

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/fault

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat

unknown

http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey

unknown

http://tempuri.org/Entity/Id15Response

unknown

http://tempuri.org/Entity/Id5ResponseD

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew

unknown

http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register

unknown

http://tempuri.org/Entity/Id6Response

unknown

http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey

unknown

https://api.ip.sb/ip

unknown

http://schemas.xmlsoap.org/ws/2004/04/sc

unknown

http://tempuri.org/Entity/Id1ResponseD

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel

unknown

http://tempuri.org/Entity/Id9Response

unknown

http://tempuri.org/Entity/Id20

unknown

http://tempuri.org/Entity/Id21

unknown

http://tempuri.org/Entity/Id22

unknown

http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1

unknown

http://tempuri.org/Entity/Id23

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1

unknown

http://tempuri.org/Entity/Id24

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue

unknown

http://tempuri.org/Entity/Id24Response

unknown

http://tempuri.org/Entity/Id1Response

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego

unknown

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey

unknown

http://tempuri.org/Entity/Id21ResponseD

unknown

http://schemas.xmlsoap.org/ws/2004/08/addressing

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue

unknown

http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion

unknown

http://schemas.xmlsoap.org/ws/2004/04/trust

unknown

http://tempuri.org/Entity/Id10

unknown

http://tempuri.org/Entity/Id11

unknown

http://tempuri.org/Entity/Id10ResponseD

unknown

http://tempuri.org/Entity/Id12

unknown

http://tempuri.org/Entity/Id16Response

unknown

http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel

unknown

http://tempuri.org/Entity/Id13

unknown

http://tempuri.org/Entity/Id14

unknown

http://tempuri.org/Entity/Id15

unknown

http://tempuri.org/Entity/Id16

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce

unknown

http://tempuri.org/Entity/Id17

unknown

http://tempuri.org/Entity/Id18

unknown

http://tempuri.org/Entity/Id5Response

unknown

http://tempuri.org/Entity/Id19

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns

unknown

http://tempuri.org/Entity/Id15ResponseD

unknown

http://tempuri.org/Entity/Id10Response

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/Renew

unknown

http://tempuri.org/Entity/Id11ResponseD

unknown

http://tempuri.org/Entity/Id8Response

unknown

http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey

unknown

http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0

unknown

http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID

unknown

http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT

unknown

http://schemas.xmlsoap.org/ws/2006/02/addressingidentity

unknown

http://tempuri.org/Entity/Id17ResponseD

unknown

http://schemas.xmlsoap.org/soap/envelope/

unknown

http://tempuri.org/Entity/Id8ResponseD

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey

unknown

http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1

unknown

http://schemas.xmlsoap.org/ws/2005/02/trust

unknown

There are 90 hidden URLs, click here to show them.

IPs

Domain

Country

Malicious

5.42.65.50

unknown

Russian Federation

Details

IP:	5.42.65.50
TargetID:	2
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Country:	Russian Federation
Countrycode:	RUS
ASN number:	39493
ASN name:	RU-KSTVKolomnaGroupofcompaniesGuarantee-tvRU
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Snort IDS alert for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Registry

Path

Value

Malicious

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064

Blob

Details

TargetID:	2
Path:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064
Value name:	Blob
Value data:	0B 00 00 00 01 00 00 00 48 00 00 00 54 00 69 00 74 00 61 00 6E 00 69 00 75 00 6D 00 20 00 52 00 6F 00 6F 00 74 00 20 00 43 00 65 00 72 00 74 00 69 00 66 00 69 00 63 00 61 00 74 00 65 00 20 00 41 00 75 00 74 00 68 00 6F 00 72 00 69 00 74 00 79 00 00 00 02 00 00 00 01 00 00 00 CC 00 00 00 1C 00 00 00 6C 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 7B 00 34 00 31 00 37 00 34 00 34 00 42 00 45 00 34 00 2D 00 31 00 31 00 43 00 35 00 2D 00 34 00 39 00 34 00 43 00 2D 00 41 00 32 00 31 00 33 00 2D 00 42 00 41 00 30 00 43 00 45 00 39 00 34 00 34 00 39 00 33 00 38 00 45 00 7D 00 00 00 00 00 4D 00 69 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 20 00 45 00 6E 00 68 00 61 00 6E 00 63 00 65 00 64 00 20 00 43 00 72 00 79 00 70 00 74 00 6F 00 67 00 72 00 61 00 70 00 68 00 69 00 63 00 20 00 50 00 72 00 6F 00 76 00 69 00 64 00 65 00 72 00 20 00 76 00 31 00 2E 00 30 00 00 00 00 00 03 00 00 00 01 00 00 00 14 00 00 00 F1 A5 78 C4 CB 5D E7 9A 37 08 93 98 3F D4 DA 8B 67 B2 B0 64 20 00 00 00 01 00 00 00 0A 03 00 00 30 82 03 06 30 82 01 EE A0 03 02 01 02 02 08 67 F7 BE B9 6A 4C 27 98 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00 30 2E 31 2C 30 2A 06 03 55 04 03 0C 23 54 69 74 61 6E 69 75 6D 20 52 6F 6F 74 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6F 72 69 74 79 30 1E 17 0D 32 33 30 33 31 34 31 30 33 35 32 30 5A 17 0D 32 36 30 36 31 37 31 30 33 35 32 30 5A 30 2E 31 2C 30 2A 06 03 55 04 03 0C 23 54 69 74 61 6E 69 75 6D 20 52 6F 6F 74 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6F 72 69 74 79 30 82 01 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 01 0F 00 30 82 01 0A 02 82 01 01 00 86 E4 57 7A 58 61 CE 81 91 77 D0 05 FA 51 D5 51 5A 93 6C 61 0C CF CB DE 53 32 CD 15 1D A6 47 EE 88 1A 24 5C 9B 02 83 3B 02 AF 3D 76 FE 20 BD 3B FA F7 A2 09 73 E7 2E BD 94 40 D0 9D 8C 3D 27 13 BD F0 D0 9F EB 95 32 AC D7 A4 2D A2 A9 52 DA A8 6A 2A 88 EE 42 7D 30 95 9D 90 BF BA 05 27 6A A0 29 98 A6 98 6F C0 13 06 62 9B 79 B8 40 5D 1F 1F A6 D9 A4 2F 82 7A FC 75 66 34 0D C2 DE 27 01 2B 94 BB 4A 27 B3 CB 1C 21 9A 3C B2 C1 42 03 F3 44 51 BD 62 65 20 ED D4 DB CC 41 4F 59 3F 2A CB C4 84 79 F7 14 3C BE 13 9C FD 12 9C 91 3E 53 03 DC 20 F9 4C 44 35 89 01 B6 9A 84 8D 7E A0 2E 30 8A 31 15 60 AC 00 AE 00 9A 29 10 9A EE D9 71 3D D8 91 9B 97 ED 59 80 58 E1 7F 07 26 C7 A0 20 F7 10 AB C0 62 91 DF AA F1 81 C6 BE 6A 76 C8 9C B6 8E B0 B0 EC 1C D9 5F 32 6C 7E 55 58 8B FD 76 C5 19 02 03 01 00 01 A3 28 30 26 30 13 06 03 55 1D 25 04 0C 30 0A 06 08 2B 06 01 05 05 07 03 01 30 0F 06 03 55 1D 13 01 01 FF 04 05 30 03 01 01 FF 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00 03 82 01 01 00 70 85 12 93 D7 57 E9 82 79 7D C5 F7 F2 7D A8 94 EF 0C DB 32 9F 06 A6 09 6E 0C F6 04 B0 E5 47 11 56 0E F4 0F 52 82 08 2E 21 0F 55 A3 DB 41 F3 12 54 8B 76 11 F5 F0 DA CE A3 C7 8B 13 F6 FC 24 3C 02 B1 06 66 5B E6 9E 18 40 88 41 5B 27 39 99 B8 77 BE E3 53 A2 48 CE C7 EE B5 A0 95 C2 17 4B C9 52 6C AF E3 37 2C 59 DB FB E7 58 13 4E D3 51 E5 14 72 73 FE C6 85 77 AE 45 52 A6 F9 9A C8 0C A8 D0 EE 42 2A F5 28 85 8C 6B E8 1C B0 A8 03 1A B0 AE 83 C0 EB 55 64 F4 E8 7A 5C 06 29 5D 39 03 EE E2 FD F9 2D 62 A7 F4 D4 05 4D EA A7 9B CA EB DA 4E 8B 1A 6E FD 42 AE F9 D0 1C 70 75 72 8C B1 3A A8 55 7C 85 A7 25 32 B5 E2 D6 C3 E5 50 41 C9 86 7C A8 F5 62 BB D2 AB 0C 37 10 D8 31 73 EC 37 81 D1 DC AA C5 C6 E0 7E E7 26 62 4D FD C5 81 4C FF D3 36 E1 79 32 F8 9B EB 9C F7 FD BE E9 BE BF 61

Signature Hits	Behavior Group	Mitre Attack
Installs new ROOT certificates	Persistence and Installation Behavior	Install Root Certificate

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

Owner

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

SessionHash

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

Sequence

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

RegFiles0000

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

RegFilesHash

Memdumps

Base Address

Regiontype

Protect

Malicious

2A88000

trusted library allocation

page read and write

402000

remote allocation

page execute and read and write

B17000

unkown

page read and write

29E1000

trusted library allocation

page read and write

3D7C000

trusted library allocation

page read and write

6B33000

trusted library allocation

page read and write

CF0000

heap

page read and write

2C9C000

trusted library allocation

page read and write

752F000

trusted library allocation

page read and write

7600000

trusted library allocation

page read and write

5510000

trusted library allocation

page read and write

D46000

trusted library allocation

page execute and read and write

FE0000

trusted library allocation

page read and write

5BE2000

heap

page read and write

541F000

heap

page read and write

63B0000

trusted library allocation

page read and write

2E55000

trusted library allocation

page read and write

7229000

heap

page read and write

1020000

trusted library allocation

page execute and read and write

6640000

trusted library allocation

page read and write

4FF0000

heap

page read and write

72D9000

heap

page read and write

2EE0000

trusted library allocation

page read and write

720D000

heap

page read and write

5120000

heap

page read and write

75FF000

stack

page read and write

6B00000

trusted library allocation

page read and write

D42000

trusted library allocation

page read and write

E60000

heap

page read and write

7518000

trusted library allocation

page read and write

5471000

heap

page read and write

91FE000

stack

page read and write

CBD000

stack

page read and write

A51000

unkown

page execute read

752A000

trusted library allocation

page read and write

7296000

heap

page read and write

6820000

heap

page execute and read and write

6600000

trusted library allocation

page read and write

A50000

unkown

page readonly

2B30000

trusted library allocation

page read and write

49E0000

trusted library allocation

page read and write

79DE000

stack

page read and write

7509000

trusted library allocation

page read and write

2B10000

trusted library allocation

page read and write

7BBE000

stack

page read and write

6460000

trusted library allocation

page execute and read and write

B72000

unkown

page write copy

7244000

heap

page read and write

7EA000

stack

page read and write

767E000

stack

page read and write

D84000

heap

page read and write

6540000

trusted library allocation

page read and write

4FBE000

trusted library allocation

page read and write

7540000

trusted library allocation

page execute and read and write

6570000

trusted library allocation

page read and write

6592000

trusted library allocation

page read and write

72D7000

heap

page read and write

4FB0000

trusted library allocation

page read and write

2B72000

trusted library allocation

page read and write

63A0000

trusted library allocation

page read and write

72FC000

heap

page read and write

2B1E000

trusted library allocation

page read and write

4F31000

trusted library allocation

page read and write

119F000

stack

page read and write

614E000

stack

page read and write

69BC000

stack

page read and write

659E000

trusted library allocation

page read and write

67F0000

trusted library allocation

page read and write

6670000

trusted library allocation

page execute and read and write

6530000

trusted library allocation

page read and write

7B70000

trusted library allocation

page read and write

B77000

unkown

page readonly

7B1F000

stack

page read and write

7B5B000

stack

page read and write

4F3D000

trusted library allocation

page read and write

516E000

stack

page read and write

6610000

trusted library allocation

page read and write

3C72000

trusted library allocation

page read and write

543A000

heap

page read and write

3ABD000

trusted library allocation

page read and write

5E4E000

stack

page read and write

B50000

heap

page read and write

446000

remote allocation

page execute and read and write

6810000

trusted library allocation

page read and write

72B2000

heap

page read and write

A50000

unkown

page readonly

B79000

unkown

page readonly

7F2D0000

trusted library allocation

page execute and read and write

53A2000

heap

page read and write

E6E000

heap

page read and write

D40000

trusted library allocation

page read and write

CE0000

heap

page read and write

E47000

heap

page read and write

AFB000

unkown

page execute read

6390000

trusted library allocation

page read and write

FEB000

trusted library allocation

page execute and read and write

7CEE000

stack

page read and write

2870000

heap

page read and write

5D0E000

stack

page read and write

4F63000

heap

page read and write

6B36000

trusted library allocation

page read and write

4F85000

trusted library allocation

page read and write

6545000

trusted library allocation

page read and write

39E1000

trusted library allocation

page read and write

6586000

trusted library allocation

page read and write

2BDE000

trusted library allocation

page read and write

2B41000

trusted library allocation

page read and write

5397000

heap

page read and write

6538000

trusted library allocation

page read and write

2B7A000

trusted library allocation

page read and write

3AB8000

trusted library allocation

page read and write

4F90000

trusted library allocation

page read and write

B5A000

unkown

page read and write

2BB6000

trusted library allocation

page read and write

2B21000

trusted library allocation

page read and write

7550000

trusted library allocation

page read and write

4ABC000

stack

page read and write

72ED000

heap

page read and write

721D000

heap

page read and write

28D0000

heap

page execute and read and write

72E5000

heap

page read and write

39EF000

trusted library allocation

page read and write

1010000

trusted library allocation

page read and write

5E8E000

stack

page read and write

A5B000

unkown

page execute read

5453000

heap

page read and write

6870000

trusted library allocation

page execute and read and write

4F00000

trusted library allocation

page read and write

D91000

heap

page read and write

3B2F000

trusted library allocation

page read and write

66C0000

trusted library allocation

page execute and read and write

6B80000

trusted library allocation

page read and write

FE2000

trusted library allocation

page read and write

5477000

heap

page read and write

65F0000

trusted library allocation

page read and write

B63000

unkown

page execute and read and write

4F36000

trusted library allocation

page read and write

7212000

heap

page read and write

65D0000

trusted library allocation

page read and write

1000000

heap

page read and write

4F1E000

trusted library allocation

page read and write

76BE000

stack

page read and write

E21000

heap

page read and write

4F10000

trusted library allocation

page read and write

751F000

trusted library allocation

page read and write

6B88000

trusted library allocation

page read and write

2ECF000

trusted library allocation

page read and write

2B4E000

trusted library allocation

page read and write

B17000

unkown

page write copy

8300000

heap

page read and write

2BC9000

trusted library allocation

page read and write

722F000

heap

page read and write

C40000

heap

page read and write

7530000

trusted library allocation

page read and write

DEB000

heap

page read and write

4BBB000

stack

page read and write

6660000

trusted library allocation

page execute and read and write

65E0000

trusted library allocation

page read and write

7231000

heap

page read and write

799E000

stack

page read and write

D5B000

heap

page read and write

2B59000

trusted library allocation

page read and write

D10000

trusted library allocation

page read and write

7505000

trusted library allocation

page read and write

727E000

heap

page read and write

6AFC000

stack

page read and write

28C0000

trusted library allocation

page read and write

7200000

heap

page read and write

284E000

stack

page read and write

B03000

unkown

page readonly

3AC4000

trusted library allocation

page read and write

725C000

heap

page read and write

537E000

stack

page read and write

432000

remote allocation

page execute and read and write

65B0000

trusted library allocation

page read and write

2ED8000

trusted library allocation

page read and write

3B72000

trusted library allocation

page read and write

B03000

unkown

page readonly

2C1D000

trusted library allocation

page read and write

2B32000

trusted library allocation

page read and write

511E000

stack

page read and write

7502000

trusted library allocation

page read and write

2B65000

trusted library allocation

page read and write

FE5000

trusted library allocation

page execute and read and write

547E000

heap

page read and write

6547000

trusted library allocation

page read and write

A51000

unkown

page execute read

437000

remote allocation

page execute and read and write

109E000

stack

page read and write

3AFE000

trusted library allocation

page read and write

53AD000

heap

page read and write

A5B000

unkown

page execute read

4F42000

trusted library allocation

page read and write

624F000

stack

page read and write

1009000

heap

page read and write

7610000

trusted library allocation

page read and write

2B51000

trusted library allocation

page read and write

7BE0000

heap

page read and write

D3D000

trusted library allocation

page execute and read and write

1030000

heap

page read and write

7400000

heap

page read and write

5180000

heap

page execute and read and write

6535000

trusted library allocation

page read and write

BBD000

stack

page read and write

72CD000

heap

page read and write

28BE000

stack

page read and write

5002000

trusted library allocation

page read and write

2BA4000

trusted library allocation

page read and write

628E000

stack

page read and write

657B000

trusted library allocation

page read and write

2C94000

trusted library allocation

page read and write

4F50000

trusted library allocation

page read and write

6B70000

trusted library allocation

page read and write

72DD000

heap

page read and write

2BBE000

trusted library allocation

page read and write

5000000

trusted library allocation

page read and write

FE7000

trusted library allocation

page execute and read and write

3A02000

trusted library allocation

page read and write

5BCF000

stack

page read and write

541C000

heap

page read and write

7377000

heap

page read and write

29DE000

stack

page read and write

4F14000

trusted library allocation

page read and write

4F60000

heap

page read and write

C45000

heap

page read and write

D70000

heap

page read and write

7319000

heap

page read and write

A5F000

unkown

page execute read

6B02000

trusted library allocation

page read and write

2BB0000

trusted library allocation

page read and write

65CB000

trusted library allocation

page read and write

6549000

trusted library allocation

page read and write

2C9A000

trusted library allocation

page read and write

B4B000

unkown

page read and write

6650000

trusted library allocation

page read and write

D30000

trusted library allocation

page read and write

D2D000

trusted library allocation

page execute and read and write

B77000

unkown

page readonly

2B3F000

trusted library allocation

page read and write

AF7000

stack

page read and write

4F2E000

trusted library allocation

page read and write

E6A000

heap

page read and write

2B24000

trusted library allocation

page read and write

400000

remote allocation

page execute and read and write

49E8000

trusted library allocation

page read and write

7630000

trusted library allocation

page execute and read and write

5183000

heap

page execute and read and write

5380000

heap

page read and write

1005000

heap

page read and write

6B74000

trusted library allocation

page read and write

53C8000

heap

page read and write

AFB000

unkown

page execute read

7BD0000

trusted library allocation

page read and write

5010000

trusted library allocation

page execute and read and write

274E000

stack

page read and write

7410000

heap

page read and write

5BF3000

heap

page read and write

68BC000

stack

page read and write

1230000

heap

page read and write

2850000

heap

page read and write

7285000

heap

page read and write

6B40000

trusted library allocation

page execute and read and write

5500000

heap

page read and write

7A1E000

stack

page read and write

638E000

stack

page read and write

6440000

trusted library allocation

page execute and read and write

2B4B000

trusted library allocation

page read and write

6840000

trusted library allocation

page read and write

545D000

heap

page read and write

D3E000

stack

page read and write

4F70000

trusted library allocation

page read and write

D4A000

trusted library allocation

page execute and read and write

100E000

heap

page read and write

6B30000

trusted library allocation

page read and write

D50000

heap

page read and write

A5F000

unkown

page execute read

3AD6000

trusted library allocation

page read and write

4F1B000

trusted library allocation

page read and write

65CE000

trusted library allocation

page read and write

6830000

trusted library allocation

page read and write

7223000

heap

page read and write

2CDB000

trusted library allocation

page read and write

C30000

heap

page read and write

69FD000

stack

page read and write

7525000

trusted library allocation

page read and write

65A1000

trusted library allocation

page read and write

B72000

unkown

page read and write

76C0000

trusted library allocation

page execute and read and write

D20000

trusted library allocation

page read and write

65C5000

trusted library allocation

page read and write

B79000

unkown

page readonly

7500000

trusted library allocation

page read and write

66D0000

trusted library allocation

page execute and read and write

6581000

trusted library allocation

page read and write

CAE000

stack

page read and write

2BD7000

trusted library allocation

page read and write

D24000

trusted library allocation

page read and write

6800000

trusted library allocation

page read and write

3D81000

trusted library allocation

page read and write

4F80000

trusted library allocation

page read and write

2C40000

trusted library allocation

page read and write

653A000

trusted library allocation

page read and write

7B60000

trusted library allocation

page read and write

7206000

heap

page read and write

751A000

trusted library allocation

page read and write

5BF8000

heap

page read and write

5E0F000

stack

page read and write

75BD000

stack

page read and write

7253000

heap

page read and write

2BB3000

trusted library allocation

page read and write

CEE000

stack

page read and write

65C0000

trusted library allocation

page read and write

6398000

trusted library allocation

page read and write

543D000

heap

page read and write

7262000

heap

page read and write

5391000

heap

page read and write

105F000

stack

page read and write

6850000

trusted library allocation

page execute and read and write

DEF000

heap

page read and write

D23000

trusted library allocation

page execute and read and write

There are 310 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
file.exe

Files

Processes

URLs

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportfile.exe

Files

Processes

URLs

IPs

Registry

Memdumps

IOC Report
file.exe