Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

MT Marine Tiger.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

initial sample

Details

Filetype:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	7.506422787849671
Filename:	MT Marine Tiger.exe
Filesize:	377344
MD5:	730e2e475c3e7bb87ca8e53f7f31cfdf
SHA1:	dc2b601e25719862f02be67becc9e499ad97d5ab
SHA256:	faebc09f47203bbe599ac368f12622f38255e957d1435e6763c80bf2ebd988bf
SHA512:	497c564b4463e799043ec0a8f6b6028508f18dc53626853660cc8acf46607bf9b3bec166ac1007a5c0b0ccb80a2af751b7bb794644042e041f2e7c07ba9df8f4
SSDEEP:	6144:n97WboCKnLrtLMY+/KK49Y3zR0NiKF5VEEOuNLBRVMygLc95Bxj4v+avgFjuM:FWboCKLBYiK42RcrGEOuN2rUBxyDgE
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...;............."...0.................. ........@.. ....................... ............`................................

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Malicious sample detected (through community Yara rule)	System Summary
Multi AV Scanner detection for submitted file	AV Detection
.NET source code references suspicious native API functions	HIPS / PFW / Operating System Protection Evasion	Native API
Machine Learning detection for sample	AV Detection
Tries to harvest and steal browser information (history, passwords, etc)	Stealing of Sensitive Information	OS Credential Dumping Data from Local System
Tries to steal Mail credentials (via file / registry access)	Stealing of Sensitive Information	Email Collection
Abnormal high CPU Usage	System Summary
Allocates memory with a write watch (potentially for evading sandboxes)	Malware Analysis System Evasion
Binary contains a suspicious time stamp	Data Obfuscation	Timestomp
Contains long sleeps (>= 3 min)	Malware Analysis System Evasion
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion
Detected potential crypto function	System Summary	Archive Collected Data Encrypted Channel
Enables debug privileges	Anti Debugging
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)	Malware Analysis System Evasion
Found inlined nop instructions (likely shell or obfuscated code)	Software Vulnerabilities
May sleep (evasive loops) to hinder dynamic analysis	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection
Sample file is different than original file name gathered from version info	System Summary
Uses code obfuscation techniques (call, push, ret)	Data Obfuscation
Yara signature match	System Summary
Binary may include packed or encrypted code	Data Obfuscation	Software Packing
.NET source code contains calls to encryption/decryption functions	System Summary	Disable or Modify Tools Deobfuscate/Decode Files or Information
.NET source code contains long base64-encoded strings	System Summary	Disable or Modify Tools Obfuscated Files or Information
Contains medium sleeps (>= 30s)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Creates files inside the user directory	System Summary	Masquerading
Creates guard pages, often used to prevent reverse engineering and debugging	Anti Debugging	Disable or Modify Tools
Creates mutexes	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Queries a list of all running processes	Malware Analysis System Evasion	Process Discovery
Queries the cryptographic machine GUID	Language, Device and Operating System Detection
Reads software policies	System Summary
SQL strings found in memory and binary data	System Summary
Sample is known by Antivirus	System Summary
Tries to load missing DLLs	System Summary	DLL Side-Loading
URLs found in memory or binary data	Networking
Uses an in-process (OLE) Automation server	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
Checks if Microsoft Office is installed	System Summary	System Information Discovery
PE file contains a COM descriptor data directory	System Summary
Uses Microsoft Silverlight	System Summary
Uses Rich Edit Controls	System Summary

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MT Marine Tiger.exe.log

ASCII text, with CRLF line terminators

dropped

Details

File:	C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MT Marine Tiger.exe.log
Category:	dropped
Dump:	MT Marine Tiger.exe.log.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\MT Marine Tiger.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	5.34331486778365
Encrypted:	false
Ssdeep:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
Size:	1216
Whitelisted:	false
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
Binary contains a suspicious time stamp	Data Obfuscation	Timestomp
Sample file is different than original file name gathered from version info	System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
Creates files inside the user directory	System Summary	Masquerading
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\MT Marine Tiger.exe

"C:\Users\user\Desktop\MT Marine Tiger.exe"

Details

Is windows:	false
Is dropped:	false
PID:	5968
Target ID:	0
Parent PID:	4056
Name:	MT Marine Tiger.exe
Path:	C:\Users\user\Desktop\MT Marine Tiger.exe
Commandline:	"C:\Users\user\Desktop\MT Marine Tiger.exe"
Size:	377344
MD5:	730E2E475C3E7BB87CA8E53F7F31CFDF
Time:	14:11:59
Date:	11/06/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x910000
Modulesize:	401408
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Yara detected AntiVM3	Malware Analysis System Evasion
Yara detected Snake Keylogger	Stealing of Sensitive Information, Remote Access Functionality
Machine Learning detection for sample	AV Detection
Yara detected Generic Downloader	Networking
Binary contains a suspicious time stamp	Data Obfuscation	Timestomp
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
Creates files inside the user directory	System Summary	Masquerading
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

C:\Users\user\Desktop\MT Marine Tiger.exe

"C:\Users\user\Desktop\MT Marine Tiger.exe"

Details

Is windows:	false
Is dropped:	false
PID:	2584
Target ID:	2
Parent PID:	5968
Name:	MT Marine Tiger.exe
Path:	C:\Users\user\Desktop\MT Marine Tiger.exe
Commandline:	"C:\Users\user\Desktop\MT Marine Tiger.exe"
Size:	377344
MD5:	730E2E475C3E7BB87CA8E53F7F31CFDF
Time:	14:12:00
Date:	11/06/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x3e0000
Modulesize:	401408
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Yara detected AntiVM3	Malware Analysis System Evasion
Yara detected Snake Keylogger	Stealing of Sensitive Information, Remote Access Functionality
Machine Learning detection for sample	AV Detection
Yara detected Generic Downloader	Networking
Binary contains a suspicious time stamp	Data Obfuscation	Timestomp
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Yara detected Credential Stealer	Stealing of Sensitive Information
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
Creates files inside the user directory	System Summary	Masquerading
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

URLs

Name

Malicious

https://reallyfreegeoip.org

unknown

http://checkip.dyndns.org

unknown

http://checkip.dyndns.org/

132.226.8.169

http://checkip.dyndns.com

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

unknown

https://reallyfreegeoip.org/xml/173.254.250.91$

unknown

http://103.130.147.85

unknown

http://checkip.dyndns.org/q

unknown

https://reallyfreegeoip.org/xml/173.254.250.91

188.114.97.3

http://reallyfreegeoip.org

unknown

https://reallyfreegeoip.org/xml/

unknown

There are 1 hidden URLs, click here to show them.

Domains

Name

Malicious

reallyfreegeoip.org

188.114.97.3

Details

Name:	reallyfreegeoip.org
IP:	188.114.97.3
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Tries to detect the country of the analysis system (by using the IP)	Location Tracking
HTTP GET or POST without a user agent	Networking
May check the online IP address of the machine	Networking	System Network Configuration Discovery
Uses insecure TLS / SSL version for HTTPS connection	Compliance, Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

checkip.dyndns.org

unknown

Details

Name:	checkip.dyndns.org
TargetID:	-1

Signature Hits	Behavior Group	Mitre Attack
May check the online IP address of the machine	Networking	System Network Configuration Discovery
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

checkip.dyndns.com

132.226.8.169

IPs

Domain

Country

Malicious

188.114.97.3

reallyfreegeoip.org

European Union

Details

IP:	188.114.97.3
TargetID:	2
Current Path:	C:\Users\user\Desktop\MT Marine Tiger.exe
Country:	European Union
Countrycode:	EU
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	reallyfreegeoip.org

Signature Hits	Behavior Group	Mitre Attack
Uses insecure TLS / SSL version for HTTPS connection	Compliance, Networking

132.226.8.169

checkip.dyndns.com

United States

Registry

Path

Value

Malicious

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MT Marine Tiger_RASAPI32

EnableFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MT Marine Tiger_RASAPI32

EnableAutoFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MT Marine Tiger_RASAPI32

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MT Marine Tiger_RASAPI32

FileTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MT Marine Tiger_RASAPI32

ConsoleTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MT Marine Tiger_RASAPI32

MaxFileSize

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MT Marine Tiger_RASAPI32

FileDirectory

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MT Marine Tiger_RASMANCS

EnableFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MT Marine Tiger_RASMANCS

EnableAutoFileTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MT Marine Tiger_RASMANCS

EnableConsoleTracing

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MT Marine Tiger_RASMANCS

FileTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MT Marine Tiger_RASMANCS

ConsoleTracingMask

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MT Marine Tiger_RASMANCS

MaxFileSize

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MT Marine Tiger_RASMANCS

FileDirectory

There are 4 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

2841000

trusted library allocation

page read and write

812000

remote allocation

page execute and read and write

3C79000

trusted library allocation

page read and write

2A08000

trusted library allocation

page read and write

5D5D000

heap

page read and write

2C60000

heap

page execute and read and write

521F000

trusted library allocation

page read and write

761E000

stack

page read and write

4E60000

heap

page read and write

C53000

trusted library allocation

page execute and read and write

4D10000

trusted library allocation

page read and write

6490000

trusted library allocation

page read and write

5640000

trusted library allocation

page read and write

5650000

trusted library allocation

page read and write

2ADE000

stack

page read and write

4E5F000

trusted library allocation

page read and write

5D7D000

heap

page read and write

1250000

trusted library allocation

page read and write

D80000

heap

page read and write

54D0000

trusted library allocation

page read and write

262E000

trusted library allocation

page read and write

739E000

stack

page read and write

29F2000

trusted library allocation

page read and write

C82000

trusted library allocation

page read and write

2C40000

trusted library allocation

page read and write

29A8000

trusted library allocation

page read and write

29D1000

trusted library allocation

page read and write

5171000

trusted library allocation

page read and write

4D18000

trusted library allocation

page read and write

263E000

trusted library allocation

page read and write

601E000

stack

page read and write

64A0000

trusted library allocation

page read and write

516E000

trusted library allocation

page read and write

C50000

trusted library allocation

page read and write

8BE000

stack

page read and write

2C55000

trusted library allocation

page read and write

C7A000

trusted library allocation

page execute and read and write

1282000

trusted library allocation

page read and write

54E9000

trusted library allocation

page read and write

8C0000

heap

page read and write

56C0000

heap

page read and write

4E5A000

trusted library allocation

page read and write

4C80000

trusted library allocation

page read and write

614D000

stack

page read and write

6020000

heap

page read and write

2A76000

trusted library allocation

page read and write

54EE000

trusted library allocation

page read and write

1263000

trusted library allocation

page execute and read and write

8E0000

heap

page read and write

1264000

trusted library allocation

page read and write

5F12000

heap

page read and write

CC0000

trusted library allocation

page execute and read and write

521D000

trusted library allocation

page read and write

2D80000

trusted library allocation

page read and write

CE4000

trusted library allocation

page read and write

912000

unkown

page readonly

4D0E000

trusted library allocation

page read and write

2A98000

trusted library allocation

page read and write

1280000

trusted library allocation

page read and write

2A9D000

trusted library allocation

page read and write

4E63000

heap

page read and write

75DF000

stack

page read and write

2AC6000

trusted library allocation

page read and write

C1E000

stack

page read and write

F60000

heap

page read and write

51B0000

trusted library allocation

page read and write

5410000

trusted library allocation

page read and write

6EDB6000

unkown

page readonly

610E000

stack

page read and write

2A94000

trusted library allocation

page read and write

5210000

trusted library allocation

page read and write

4D00000

trusted library allocation

page read and write

56D0000

heap

page read and write

1286000

trusted library allocation

page execute and read and write

C54000

trusted library allocation

page read and write

5F43000

heap

page read and write

38AA000

trusted library allocation

page read and write

74DE000

stack

page read and write

C20000

heap

page read and write

298E000

trusted library allocation

page read and write

5EEC000

heap

page read and write

54F0000

trusted library allocation

page read and write

9FE000

stack

page read and write

56B0000

trusted library section

page readonly

1260000

trusted library allocation

page read and write

29B6000

trusted library allocation

page read and write

1297000

trusted library allocation

page execute and read and write

810000

remote allocation

page execute and read and write

1220000

heap

page read and write

5DB5000

heap

page read and write

515B000

trusted library allocation

page read and write

8E5000

heap

page read and write

CE0000

trusted library allocation

page read and write

12E0000

trusted library allocation

page read and write

A28000

heap

page read and write

B05000

heap

page read and write

5EF0000

trusted library allocation

page execute and read and write

493E000

stack

page read and write

6EDBF000

unkown

page readonly

293E000

trusted library allocation

page read and write

2BFF000

stack

page read and write

618E000

stack

page read and write

111E000

stack

page read and write

2660000

trusted library allocation

page read and write

2670000

heap

page execute and read and write

5190000

trusted library allocation

page read and write

6030000

heap

page read and write

29ED000

trusted library allocation

page read and write

64D0000

heap

page read and write

5620000

trusted library section

page read and write

298A000

trusted library allocation

page read and write

D45000

heap

page read and write

547E000

stack

page read and write

12F0000

heap

page read and write

2986000

trusted library allocation

page read and write

54E0000

trusted library allocation

page read and write

1292000

trusted library allocation

page read and write

264D000

trusted library allocation

page read and write

2AC0000

trusted library allocation

page read and write

5176000

trusted library allocation

page read and write

10D0000

heap

page read and write

521A000

trusted library allocation

page read and write

AE7000

heap

page read and write

C76000

trusted library allocation

page execute and read and write

2908000

trusted library allocation

page read and write

2646000

trusted library allocation

page read and write

517D000

trusted library allocation

page read and write

128A000

trusted library allocation

page execute and read and write

10AE000

stack

page read and write

C87000

trusted library allocation

page execute and read and write

3841000

trusted library allocation

page read and write

5F47000

heap

page read and write

12C3000

heap

page read and write

5510000

heap

page read and write

2920000

trusted library allocation

page read and write

4E40000

trusted library allocation

page execute and read and write

38CF000

trusted library allocation

page read and write

12C0000

heap

page read and write

51AE000

stack

page read and write

5F15000

heap

page read and write

5400000

trusted library allocation

page execute and read and write

262B000

trusted library allocation

page read and write

38C5000

trusted library allocation

page read and write

C70000

trusted library allocation

page read and write

600E000

stack

page read and write

C3A000

stack

page read and write

51F0000

heap

page read and write

2ABC000

trusted library allocation

page read and write

28F5000

trusted library allocation

page read and write

D3F000

stack

page read and write

5D7000

stack

page read and write

725E000

stack

page read and write

2AE0000

trusted library allocation

page read and write

4D1B000

trusted library allocation

page read and write

C85000

trusted library allocation

page execute and read and write

ACD000

heap

page read and write

2C50000

trusted library allocation

page read and write

648F000

stack

page read and write

735E000

stack

page read and write

C60000

trusted library allocation

page read and write

2C3B000

stack

page read and write

4DFD000

stack

page read and write

5500000

trusted library allocation

page read and write

771E000

stack

page read and write

4CD0000

trusted library allocation

page read and write

12B0000

trusted library allocation

page read and write

749E000

stack

page read and write

5182000

trusted library allocation

page read and write

D37000

stack

page read and write

5154000

trusted library allocation

page read and write

261E000

stack

page read and write

126D000

trusted library allocation

page execute and read and write

2730000

heap

page read and write

910000

unkown

page readonly

EA4000

heap

page read and write

E6E000

heap

page read and write

C5D000

trusted library allocation

page execute and read and write

5F37000

heap

page read and write

3C71000

trusted library allocation

page read and write

2942000

trusted library allocation

page read and write

4E70000

heap

page read and write

C72000

trusted library allocation

page read and write

C90000

heap

page read and write

CF0000

heap

page read and write

4E0D000

stack

page read and write

53F0000

trusted library allocation

page execute and read and write

25DE000

stack

page read and write

2ACD000

trusted library allocation

page read and write

4CF0000

trusted library allocation

page execute and read and write

A5B000

heap

page read and write

2946000

trusted library allocation

page read and write

D40000

heap

page read and write

5F6D000

heap

page read and write

54E6000

trusted library allocation

page read and write

E68000

heap

page read and write

5F10000

heap

page read and write

2992000

trusted library allocation

page read and write

5F97000

heap

page read and write

5D50000

heap

page read and write

7120000

heap

page read and write

2641000

trusted library allocation

page read and write

EE2000

heap

page read and write

6570000

heap

page read and write

5150000

trusted library allocation

page read and write

129B000

trusted library allocation

page execute and read and write

E60000

heap

page read and write

638E000

stack

page read and write

61CE000

stack

page read and write

6EDA0000

unkown

page readonly

121F000

stack

page read and write

5EE0000

trusted library allocation

page read and write

2AD3000

trusted library allocation

page read and write

6540000

trusted library allocation

page execute and read and write

5200000

trusted library allocation

page execute and read and write

5480000

trusted library section

page read and write

A20000

heap

page read and write

870000

heap

page read and write

561F000

stack

page read and write

5509000

trusted library allocation

page read and write

56AC000

stack

page read and write

6EDBD000

unkown

page read and write

6EDA1000

unkown

page execute read

C8B000

trusted library allocation

page execute and read and write

4E53000

trusted library allocation

page read and write

CD0000

trusted library allocation

page read and write

2982000

trusted library allocation

page read and write

1290000

trusted library allocation

page read and write

5D73000

heap

page read and write

51C0000

heap

page execute and read and write

263A000

trusted library allocation

page read and write

5F78000

heap

page read and write

28ED000

trusted library allocation

page read and write

3869000

trusted library allocation

page read and write

5506000

trusted library allocation

page read and write

12D0000

trusted library allocation

page execute and read and write

38DB000

trusted library allocation

page read and write

1270000

trusted library allocation

page read and write

5630000

trusted library allocation

page execute and read and write

283E000

stack

page read and write

2997000

trusted library allocation

page read and write

FAE000

stack

page read and write

2935000

trusted library allocation

page read and write

C40000

trusted library allocation

page read and write

5503000

trusted library allocation

page read and write

5ED0000

heap

page read and write

2A7A000

trusted library allocation

page read and write

4D9000

stack

page read and write

2652000

trusted library allocation

page read and write

4CE0000

heap

page execute and read and write

2620000

trusted library allocation

page read and write

C6D000

trusted library allocation

page execute and read and write

127D000

trusted library allocation

page execute and read and write

4D16000

trusted library allocation

page read and write

2C71000

trusted library allocation

page read and write

2AF0000

heap

page read and write

2A8A000

trusted library allocation

page read and write

4E50000

trusted library allocation

page read and write

12F7000

heap

page read and write

2C4F000

trusted library allocation

page read and write

62CE000

stack

page read and write

A4A000

heap

page read and write

2A81000

trusted library allocation

page read and write

There are 252 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
MT Marine Tiger.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportMT Marine Tiger.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
MT Marine Tiger.exe