Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

SecuriteInfo.com.Win32.PWSX-gen.18376.4403.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

initial sample

Details

Filetype:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	7.944329695138337
Filename:	SecuriteInfo.com.Win32.PWSX-gen.18376.4403.exe
Filesize:	720896
MD5:	0213307d4a5c33c73fc8763498a054e5
SHA1:	2c6978c737ad7b1a9547ed3365fef15996d98137
SHA256:	6266398586cea7e8cc4154202bb9f5541b1a6b6b5640f0efdd2f2ef9e82c7ae6
SHA512:	154fe0dc2e3184304ccdc360e9d10c025017b318998d405e9a8e74dc8161e40e1493aede3e8efcd412e62770dc6cc5c0afb26d5b1685ac0b692cfbf8c1aa8c62
SSDEEP:	12288:sWYIPXjxannnHg2SPMey7LKykiCjOkOt5hNF4rdYJpklo0rlBtVpd7kqD+:sWYIPFannnHg2SonkjOkiNS5YwrlBtn4
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....)f..............0...... ......:.... ........@.. .......................@............`................................

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Malicious sample detected (through community Yara rule)	System Summary
Multi AV Scanner detection for submitted file	AV Detection
.NET source code contains method to dynamically call methods (often used by packers)	Data Obfuscation
.NET source code contains potential unpacker	Data Obfuscation
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion
Machine Learning detection for sample	AV Detection
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)	Malware Analysis System Evasion	Windows Management Instrumentation Virtualization/Sandbox Evasion Security Software Discovery
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)	Stealing of Sensitive Information	Credentials in Registry
Tries to harvest and steal browser information (history, passwords, etc)	Stealing of Sensitive Information	OS Credential Dumping Data from Local System
Tries to harvest and steal ftp login credentials	Stealing of Sensitive Information
Tries to steal Mail credentials (via file / registry access)	Stealing of Sensitive Information	Email Collection
Allocates memory with a write watch (potentially for evading sandboxes)	Malware Analysis System Evasion
Contains long sleeps (>= 3 min)	Malware Analysis System Evasion
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion
Detected potential crypto function	System Summary	Encrypted Channel
Enables debug privileges	Anti Debugging
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)	Malware Analysis System Evasion
Found inlined nop instructions (likely shell or obfuscated code)	Software Vulnerabilities
May sleep (evasive loops) to hinder dynamic analysis	Malware Analysis System Evasion
Monitors certain registry keys / values for changes (often done to protect autostart functionality)	Hooking and other Techniques for Hiding and Protection	Query Registry
PE file contains strange resources	System Summary
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)	Malware Analysis System Evasion
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary	Masquerading
Uses code obfuscation techniques (call, push, ret)	Data Obfuscation	Obfuscated Files or Information
Yara signature match	System Summary
Binary may include packed or encrypted code	Data Obfuscation	Software Packing
PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3)	System Summary
.NET source code contains calls to encryption/decryption functions	System Summary	Disable or Modify Tools Deobfuscate/Decode Files or Information Archive Collected Data
.NET source code contains many API calls related to security	System Summary	Disable or Modify Tools
.NET source code contains many randomly named methods	Data Obfuscation	Disable or Modify Tools
.NET source code contains methods with suspicious names	System Summary	Disable or Modify Tools
Contains medium sleeps (>= 30s)	Malware Analysis System Evasion
Creates files inside the user directory	System Summary	Masquerading
Creates guard pages, often used to prevent reverse engineering and debugging	Anti Debugging	Disable or Modify Tools
Creates mutexes	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Queries a list of all running processes	Malware Analysis System Evasion	Process Discovery
Queries process information (via WMI, Win32_Process)	System Summary
Queries the cryptographic machine GUID	Language, Device and Operating System Detection
Reads ini files	System Summary	File and Directory Discovery
Reads software policies	System Summary
Sample is known by Antivirus	System Summary
Tries to load missing DLLs	System Summary	DLL Side-Loading
URLs found in memory or binary data	Networking
Uses an in-process (OLE) Automation server	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
Checks if Microsoft Office is installed	System Summary	System Information Discovery
PE file contains a COM descriptor data directory	System Summary
Uses Microsoft Silverlight	System Summary

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.PWSX-gen.18376.4403.exe.log

ASCII text, with CRLF line terminators

dropped

Details

File:	C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.PWSX-gen.18376.4403.exe.log
Category:	dropped
Dump:	SecuriteInfo.com.Win32.PWSX-gen.18376.4403.exe.log.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.18376.4403.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	5.34331486778365
Encrypted:	false
Ssdeep:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
Size:	1216
Whitelisted:	false
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
PE file contains strange resources	System Summary
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3)	System Summary	Software Packing
Creates files inside the user directory	System Summary	Masquerading
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.18376.4403.exe

"C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.18376.4403.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7404
Target ID:	0
Parent PID:	2580
Name:	SecuriteInfo.com.Win32.PWSX-gen.18376.4403.exe
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.18376.4403.exe
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.18376.4403.exe"
Size:	720896
MD5:	0213307D4A5C33C73FC8763498A054E5
Time:	10:27:55
Date:	25/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x3d0000
Modulesize:	737280
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Yara detected AgentTesla	Stealing of Sensitive Information, Remote Access Functionality
Yara detected AntiVM3	Malware Analysis System Evasion
Yara detected PureLog Stealer	Stealing of Sensitive Information, Remote Access Functionality
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Machine Learning detection for sample	AV Detection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
PE file contains strange resources	System Summary
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Sigma detected: Suspicious Outbound SMTP Connections	System Summary
Uses 32bit PE files	Compliance, System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3)	System Summary	Software Packing
Creates files inside the user directory	System Summary	Masquerading
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
Spawns processes	System Summary	Process Injection
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.18376.4403.exe

"C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.18376.4403.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7588
Target ID:	2
Parent PID:	7404
Name:	SecuriteInfo.com.Win32.PWSX-gen.18376.4403.exe
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.18376.4403.exe
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.18376.4403.exe"
Size:	720896
MD5:	0213307D4A5C33C73FC8763498A054E5
Time:	10:27:59
Date:	25/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x620000
Modulesize:	737280
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Yara detected AgentTesla	Stealing of Sensitive Information, Remote Access Functionality
Yara detected AntiVM3	Malware Analysis System Evasion
Yara detected PureLog Stealer	Stealing of Sensitive Information, Remote Access Functionality
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Machine Learning detection for sample	AV Detection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
PE file contains strange resources	System Summary
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Sigma detected: Suspicious Outbound SMTP Connections	System Summary
Uses 32bit PE files	Compliance, System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3)	System Summary	Software Packing
Creates files inside the user directory	System Summary	Masquerading
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
Spawns processes	System Summary	Process Injection
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

URLs

Name

Malicious

https://api.ipify.org/

104.26.12.205

http://www.apache.org/licenses/LICENSE-2.0

unknown

http://www.fontbureau.com

unknown

http://www.fontbureau.com/designersG

unknown

http://www.fontbureau.com/designers/?

unknown

http://www.founder.com.cn/cn/bThe

unknown

https://account.dyn.com/

unknown

http://www.fontbureau.com/designers?

unknown

http://www.tiro.com

unknown

http://www.fontbureau.com/designers

unknown

http://www.goodfont.co.kr

unknown

https://api.ipify.org/t

unknown

http://www.carterandcone.coml

unknown

http://r3.i.lencr.org/0

unknown

http://www.sajatypeworks.com

unknown

http://www.typography.netD

unknown

http://www.fontbureau.com/designers/cabarga.htmlN

unknown

http://www.founder.com.cn/cn/cThe

unknown

http://www.galapagosdesign.com/staff/dennis.htm

unknown

https://api.ipify.org

unknown

http://www.founder.com.cn/cn

unknown

http://www.fontbureau.com/designers/frere-user.html

unknown

http://mail.albushrametalic.com

unknown

http://x1.c.lencr.org/0

unknown

http://x1.i.lencr.org/0

unknown

http://www.jiyu-kobo.co.jp/

unknown

http://r3.o.lencr.org0

unknown

http://www.galapagosdesign.com/DPlease

unknown

http://www.fontbureau.com/designers8

unknown

http://www.fonts.com

unknown

http://www.sandoll.co.kr

unknown

http://www.urwpp.deDPlease

unknown

http://www.zhongyicts.com.cn

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

unknown

http://www.sakkal.com

unknown

There are 25 hidden URLs, click here to show them.

Domains

Name

Malicious

mail.albushrametalic.com

50.87.218.140

Details

Name:	mail.albushrametalic.com
IP:	50.87.218.140
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Sigma detected: Suspicious Outbound SMTP Connections	System Summary
Uses SMTP (mail sending)	Networking	Application Layer Protocol
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

api.ipify.org

104.26.12.205

Details

Name:	api.ipify.org
IP:	104.26.12.205
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
May check the online IP address of the machine	Networking	System Network Configuration Discovery
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

IPs

Domain

Country

Malicious

50.87.218.140

mail.albushrametalic.com

United States

Details

IP:	50.87.218.140
TargetID:	2
Current Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.18376.4403.exe
Country:	United States
Countrycode:	USA
ASN number:	46606
ASN name:	UNIFIEDLAYER-AS-1US
Private:	false
Domain:	mail.albushrametalic.com

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Sigma detected: Suspicious Outbound SMTP Connections	System Summary
Uses SMTP (mail sending)	Networking	Application Layer Protocol

104.26.12.205

api.ipify.org

United States

Details

IP:	104.26.12.205
TargetID:	2
Current Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.18376.4403.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	api.ipify.org

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

Registry

Path

Value

Malicious

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASAPI32

EnableFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASAPI32

EnableAutoFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASAPI32

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASAPI32

FileTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASAPI32

ConsoleTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASAPI32

MaxFileSize

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASAPI32

FileDirectory

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASMANCS

EnableFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASMANCS

EnableAutoFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASMANCS

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASMANCS

FileTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASMANCS

ConsoleTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASMANCS

MaxFileSize

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASMANCS

FileDirectory

There are 5 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

28B1000

trusted library allocation

page read and write

4F90000

trusted library section

page read and write

28DC000

trusted library allocation

page read and write

39E9000

trusted library allocation

page read and write

402000

remote allocation

page execute and read and write

28E4000

trusted library allocation

page read and write

473B000

trusted library allocation

page read and write

6750000

heap

page read and write

C6A000

trusted library allocation

page execute and read and write

4DA6000

trusted library allocation

page read and write

46F6000

trusted library allocation

page read and write

A20000

trusted library allocation

page read and write

4DC0000

trusted library allocation

page execute and read and write

E40000

heap

page read and write

A33000

trusted library allocation

page read and write

E30000

trusted library allocation

page read and write

A30000

trusted library allocation

page read and write

4E00000

heap

page read and write

AB0000

heap

page read and write

43D7000

trusted library allocation

page read and write

950D000

trusted library allocation

page read and write

613A000

heap

page read and write

5130000

heap

page read and write

7C0000

heap

page read and write

52EC000

stack

page read and write

DC0000

heap

page read and write

70A0000

trusted library allocation

page read and write

D59000

heap

page read and write

D05D000

stack

page read and write

8F7000

stack

page read and write

E50000

trusted library allocation

page read and write

2897000

trusted library allocation

page read and write

4DA1000

trusted library allocation

page read and write

2A41000

trusted library allocation

page read and write

6DCE000

stack

page read and write

A40000

trusted library allocation

page read and write

C45000

heap

page read and write

38CD000

trusted library allocation

page read and write

CA8000

heap

page read and write

CC9000

heap

page read and write

C60000

trusted library allocation

page read and write

CE7000

heap

page read and write

4DAD000

trusted library allocation

page read and write

5110000

trusted library section

page read and write

2990000

trusted library allocation

page read and write

53D0000

trusted library allocation

page execute and read and write

C50000

trusted library allocation

page read and write

5149000

heap

page read and write

A42000

trusted library allocation

page read and write

CB64000

heap

page read and write

542E000

stack

page read and write

611F000

stack

page read and write

1110000

heap

page read and write

2CCA000

trusted library allocation

page read and write

70B5000

trusted library allocation

page read and write

A4A000

trusted library allocation

page execute and read and write

D77000

heap

page read and write

CE0000

heap

page read and write

6610000

trusted library allocation

page execute and read and write

28F0000

trusted library allocation

page read and write

D35E000

stack

page read and write

4250000

trusted library allocation

page read and write

C90000

trusted library allocation

page read and write

CE8000

heap

page read and write

27BE000

stack

page read and write

4DB2000

trusted library allocation

page read and write

4D9E000

trusted library allocation

page read and write

5EDE000

stack

page read and write

6630000

trusted library allocation

page read and write

D14000

heap

page read and write

2C45000

trusted library allocation

page read and write

E70000

heap

page read and write

CE5E000

stack

page read and write

290E000

trusted library allocation

page read and write

A10000

trusted library allocation

page read and write

4D92000

trusted library allocation

page read and write

C70000

trusted library allocation

page read and write

28F4000

trusted library allocation

page read and write

D0A000

heap

page read and write

28EF000

trusted library allocation

page read and write

4D8E000

trusted library allocation

page read and write

546E000

stack

page read and write

670F000

stack

page read and write

C67000

heap

page read and write

4E20000

heap

page read and write

429E000

trusted library allocation

page read and write

64B0000

trusted library allocation

page read and write

3D0000

unkown

page readonly

64A0000

heap

page read and write

27C0000

trusted library allocation

page execute and read and write

580000

heap

page read and write

A57000

trusted library allocation

page execute and read and write

516E000

heap

page read and write

7D0000

heap

page read and write

A2D000

trusted library allocation

page execute and read and write

5180000

heap

page read and write

2911000

trusted library allocation

page read and write

6620000

trusted library allocation

page read and write

5CE000

stack

page read and write

29B0000

trusted library allocation

page read and write

53EE000

stack

page read and write

CDE000

stack

page read and write

CA9E000

stack

page read and write

C40000

heap

page read and write

5140000

heap

page read and write

4D86000

trusted library allocation

page read and write

A5B000

trusted library allocation

page execute and read and write

C75000

trusted library allocation

page execute and read and write

50BE000

stack

page read and write

C75000

trusted library allocation

page read and write

53C0000

trusted library allocation

page read and write

6B30000

heap

page read and write

277D000

stack

page read and write

667D000

stack

page read and write

635E000

stack

page read and write

74DE000

stack

page read and write

A0E000

stack

page read and write

A24000

trusted library allocation

page read and write

E64000

trusted library allocation

page read and write

99A0000

trusted library section

page read and write

2C5E000

trusted library allocation

page read and write

2C6F000

trusted library allocation

page read and write

3889000

trusted library allocation

page read and write

39E1000

trusted library allocation

page read and write

2980000

heap

page read and write

29E1000

trusted library allocation

page read and write

42EC000

trusted library allocation

page read and write

61B4000

heap

page read and write

2B00000

trusted library allocation

page read and write

6B40000

trusted library allocation

page execute and read and write

CA0000

heap

page read and write

A3D000

trusted library allocation

page execute and read and write

E9E000

stack

page read and write

AF9000

stack

page read and write

5100000

trusted library allocation

page execute and read and write

C3D000

trusted library allocation

page execute and read and write

28A1000

trusted library allocation

page read and write

49FE000

stack

page read and write

639E000

stack

page read and write

2930000

trusted library allocation

page read and write

5125000

heap

page read and write

AA0000

trusted library allocation

page read and write

E1C000

stack

page read and write

70B0000

trusted library allocation

page read and write

649D000

stack

page read and write

CB60000

heap

page read and write

28EC000

stack

page read and write

2C5B000

trusted library allocation

page read and write

29D0000

heap

page execute and read and write

BFE000

stack

page read and write

69B2000

trusted library allocation

page read and write

28DA000

trusted library allocation

page read and write

C72000

trusted library allocation

page read and write

2970000

heap

page read and write

289F000

trusted library allocation

page read and write

50A0000

heap

page execute and read and write

29A0000

trusted library allocation

page execute and read and write

52B0000

heap

page read and write

64B9000

trusted library allocation

page read and write

A52000

trusted library allocation

page read and write

51A000

stack

page read and write

7F350000

trusted library allocation

page execute and read and write

50FE000

stack

page read and write

CD5E000

stack

page read and write

C20000

trusted library allocation

page read and write

5FDE000

stack

page read and write

6760000

trusted library allocation

page execute and read and write

3D2000

unkown

page readonly

2922000

trusted library allocation

page read and write

4DD0000

trusted library allocation

page read and write

2850000

heap

page execute and read and write

A46000

trusted library allocation

page execute and read and write

6ECE000

stack

page read and write

CF5F000

stack

page read and write

76A000

stack

page read and write

5C5E000

stack

page read and write

C33000

trusted library allocation

page execute and read and write

C66000

trusted library allocation

page execute and read and write

2830000

trusted library allocation

page read and write

6B00000

trusted library allocation

page read and write

28AD000

trusted library allocation

page read and write

D16000

heap

page read and write

C34000

trusted library allocation

page read and write

3861000

trusted library allocation

page read and write

A23000

trusted library allocation

page execute and read and write

4E23000

heap

page read and write

A90000

trusted library allocation

page execute and read and write

601D000

stack

page read and write

28D8000

trusted library allocation

page read and write

C5D000

trusted library allocation

page execute and read and write

6AE7000

trusted library allocation

page read and write

6120000

heap

page read and write

1117000

heap

page read and write

C3B000

stack

page read and write

507E000

stack

page read and write

4E10000

heap

page read and write

2916000

trusted library allocation

page read and write

726E000

stack

page read and write

C77000

trusted library allocation

page execute and read and write

C60000

heap

page read and write

662D000

trusted library allocation

page read and write

CA5E000

stack

page read and write

4D80000

trusted library allocation

page read and write

E20000

trusted library allocation

page execute and read and write

2F06000

trusted library allocation

page read and write

6AD0000

trusted library allocation

page read and write

4DF0000

heap

page read and write

4F00000

heap

page read and write

C80000

trusted library allocation

page read and write

6170000

heap

page read and write

6AF0000

trusted library allocation

page read and write

CAE000

heap

page read and write

273E000

stack

page read and write

2920000

trusted library allocation

page read and write

CE4000

heap

page read and write

4F5B000

stack

page read and write

D2E000

heap

page read and write

4DF3000

heap

page read and write

4D8B000

trusted library allocation

page read and write

6AE0000

trusted library allocation

page read and write

D3F000

heap

page read and write

C40000

trusted library allocation

page read and write

291D000

trusted library allocation

page read and write

70FE000

stack

page read and write

4D9A000

trusted library allocation

page read and write

6637000

trusted library allocation

page read and write

5120000

heap

page read and write

D57000

heap

page read and write

6990000

trusted library allocation

page read and write

4868000

trusted library allocation

page read and write

52BE000

heap

page read and write

503C000

stack

page read and write

CC0000

heap

page read and write

4DF0000

trusted library section

page readonly

4FB0000

heap

page execute and read and write

C62000

trusted library allocation

page read and write

2861000

trusted library allocation

page read and write

27E0000

heap

page read and write

D4F000

heap

page read and write

6E00000

heap

page read and write

A80000

trusted library allocation

page read and write

D25F000

stack

page read and write

65FE000

stack

page read and write

400000

remote allocation

page execute and read and write

A70000

heap

page read and write

570000

heap

page read and write

C30000

trusted library allocation

page read and write

D060000

heap

page read and write

D8C000

heap

page read and write

28D6000

trusted library allocation

page read and write

28FB000

trusted library allocation

page read and write

4F60000

trusted library allocation

page read and write

5B5F000

stack

page read and write

64FE000

stack

page read and write

53B0000

trusted library allocation

page read and write

BBE000

stack

page read and write

C50000

trusted library allocation

page read and write

C7B000

trusted library allocation

page execute and read and write

282E000

stack

page read and write

625D000

stack

page read and write

4F70000

trusted library allocation

page execute and read and write

E60000

trusted library allocation

page read and write

D75000

heap

page read and write

There are 253 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
SecuriteInfo.com.Win32.PWSX-gen.18376.4403.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportSecuriteInfo.com.Win32.PWSX-gen.18376.4403.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
SecuriteInfo.com.Win32.PWSX-gen.18376.4403.exe