Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\WAdE7vk6kk.exe

"C:\Users\user\Desktop\WAdE7vk6kk.exe"

Details

Is windows:	false
Is dropped:	false
PID:	5796
Target ID:	0
Parent PID:	2580
Name:	WAdE7vk6kk.exe
Path:	C:\Users\user\Desktop\WAdE7vk6kk.exe
Commandline:	"C:\Users\user\Desktop\WAdE7vk6kk.exe"
Size:	952320
MD5:	23D0437F7B646ED9239EECED668E0F12
Time:	18:53:58
Date:	26/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x8a0000
Modulesize:	978944
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Machine Learning detection for sample	AV Detection
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Public key (encryption) found	Cryptography	Archive Collected Data
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
URLs found in memory or binary data	Networking
PE file contains a valid data directory to section mapping	System Summary
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a mix of data directories often seen in goodware	System Summary

URLs

Name

Malicious

https://curl.se/docs/hsts.html

unknown

https://curl.se/docs/alt-svc.html#

unknown

https://curl.se/docs/http-cookies.html#

unknown

https://curl.se/docs/alt-svc.html

unknown

https://curl.se/docs/http-cookies.html

unknown

https://curl.se/docs/hsts.html#

unknown

Domains

Name

Malicious

helloitelemetry.cc

104.21.65.101

Details

Name:	helloitelemetry.cc
IP:	104.21.65.101
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

IPs

Domain

Country

Malicious

127.0.0.1

unknown

104.21.65.101

helloitelemetry.cc

United States

Details

IP:	104.21.65.101
TargetID:	0
Current Path:	C:\Users\user\Desktop\WAdE7vk6kk.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	helloitelemetry.cc

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

8A1000

unkown

page execute read

F6E000

heap

page read and write

12DD000

stack

page read and write

1360000

heap

page read and write

131E000

stack

page read and write

125E000

stack

page read and write

DB0000

heap

page read and write

DC0000

heap

page read and write

980000

unkown

page write copy

F60000

heap

page read and write

F98000

heap

page read and write

156E000

stack

page read and write

E60000

heap

page read and write

E65000

heap

page read and write

F40000

heap

page read and write

146E000

stack

page read and write

8A0000

unkown

page readonly

129E000

stack

page read and write

E4E000

stack

page read and write

8A1000

unkown

page execute read

980000

unkown

page read and write

985000

unkown

page readonly

C5D000

stack

page read and write

166F000

stack

page read and write

E50000

remote allocation

page read and write

942000

unkown

page readonly

E0E000

stack

page read and write

E50000

remote allocation

page read and write

985000

unkown

page readonly

D5D000

stack

page read and write

942000

unkown

page readonly

8A0000

unkown

page readonly

E50000

remote allocation

page read and write

F6A000

heap

page read and write

115E000

stack

page read and write

F8D000

heap

page read and write

There are 26 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
WAdE7vk6kk.exe

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportWAdE7vk6kk.exe

Processes

URLs

Domains

IPs

Memdumps

IOC Report
WAdE7vk6kk.exe