Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\b7585402d354395dd4cb9031486b62c65856189cdf27ebf5e0a9a3685970f187_payload.exe

"C:\Users\user\Desktop\b7585402d354395dd4cb9031486b62c65856189cdf27ebf5e0a9a3685970f187_payload.exe"

Details

Is windows:	false
Is dropped:	false
PID:	6332
Target ID:	0
Parent PID:	2580
Name:	b7585402d354395dd4cb9031486b62c65856189cdf27ebf5e0a9a3685970f187_payload.exe
Path:	C:\Users\user\Desktop\b7585402d354395dd4cb9031486b62c65856189cdf27ebf5e0a9a3685970f187_payload.exe
Commandline:	"C:\Users\user\Desktop\b7585402d354395dd4cb9031486b62c65856189cdf27ebf5e0a9a3685970f187_payload.exe"
Size:	307712
MD5:	0EEE364C84B92138879A0161C5A54CCA
Time:	01:42:54
Date:	13/07/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x1b0000
Modulesize:	335872
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Found malware configuration	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Yara detected RedLine Stealer	Stealing of Sensitive Information, Remote Access Functionality
Machine Learning detection for sample	AV Detection
Binary contains a suspicious time stamp	Data Obfuscation	Timestomp
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
URLs found in memory or binary data	Networking
Binary contains paths to debug symbols	Compliance, System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

URLs

Name

Malicious

212.162.149.77:1912

http://tempuri.org/Entity/Id20ResponseX%y

unknown

http://tempuri.org/Entity/Id24LR

unknown

http://tempuri.org/Entity/Id20LR

unknown

http://tempuri.org/Entity/Id12Response

unknown

http://tempuri.org/Entity/Id10ResponseX%y

unknown

http://tempuri.org/

unknown

http://tempuri.org/Entity/Id2Response

unknown

http://tempuri.org/Entity/Id12X%yLR

unknown

http://tempuri.org/Entity/Id21Response

unknown

http://tempuri.org/Entity/Id9

unknown

http://tempuri.org/Entity/Id8

unknown

http://tempuri.org/Entity/Id23ResponseX%y

unknown

http://tempuri.org/Entity/Id5

unknown

http://tempuri.org/Entity/Id4

unknown

http://tempuri.org/Entity/Id17LR

unknown

http://tempuri.org/Entity/Id7

unknown

http://tempuri.org/Entity/Id13ResponseX%y

unknown

http://tempuri.org/Entity/Id6

unknown

http://tempuri.org/Entity/Id9LR

unknown

http://tempuri.org/Entity/Id19Response

unknown

http://tempuri.org/Entity/Id13LR

unknown

http://tempuri.org/Entity/Id1LR

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence

unknown

http://tempuri.org/Entity/Id3ResponseX%y

unknown

http://tempuri.org/Entity/Id5LR

unknown

http://tempuri.org/Ent

unknown

http://tempuri.org/Entity/Id15Response

unknown

http://tempuri.org/Entity/Id4ResponseX%y

unknown

http://tempuri.org/Entity/Id19ResponseX%y

unknown

http://tempuri.org/Entity/Id6Response

unknown

http://tempuri.org/Entity/Id17ResponseX%y

unknown

https://api.ip.sb/ip

unknown

http://tempuri.org/Entity/Id21LR

unknown

http://tempuri.org/Entity/Id24ResponseX%y

unknown

http://tempuri.org/Entity/Id9Response

unknown

http://tempuri.org/Entity/Id14ResponseX%y

unknown

http://tempuri.org/Entity/Id20

unknown

http://tempuri.org/Entity/Id21

unknown

http://tempuri.org/Entity/Id22

unknown

http://tempuri.org/Entity/Id23

unknown

http://tempuri.org/Entity/Id24

unknown

http://tempuri.org/Entity/Id24Response

unknown

http://tempuri.org/Entity/Id1Response

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested

unknown

http://tempuri.org/Entity/Id18LR

unknown

http://tempuri.org/Entity/Id14LR

unknown

http://tempuri.org/Entity/Id6LR

unknown

http://tempuri.org/Entity/

unknown

http://schemas.xmlsoap.org/ws/2004/08/addressing

unknown

http://tempuri.org/Entity/Id10LR

unknown

http://tempuri.org/Entity/Id16ResponseX%y

unknown

http://tempuri.org/Entity/Id2LR

unknown

http://tempuri.org/Entity/Id10

unknown

http://tempuri.org/Entity/Id1ResponseX%y

unknown

http://tempuri.org/Entity/Id11

unknown

http://tempuri.org/Entity/Id12

unknown

http://tempuri.org/Entity/Id16Response

unknown

http://tempuri.org/Entity/Id13

unknown

http://tempuri.org/Entity/Id14

unknown

http://tempuri.org/Entity/Id15

unknown

http://tempuri.org/Entity/Id16

unknown

http://tempuri.org/Entity/Id17

unknown

http://tempuri.org/Entity/Id18

unknown

http://tempuri.org/Entity/Id5Response

unknown

http://tempuri.org/Entity/Id19

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns

unknown

http://tempuri.org/Entity/Id15ResponseX%y

unknown

http://tempuri.org/Entity/Id10Response

unknown

http://tempuri.org/Entity/Id2ResponseX%y

unknown

http://tempuri.org/Entity/Id8Response

unknown

http://tempuri.org/Entity/Id22LR

unknown

http://tempuri.org/Entity/Id5ResponseX%y

unknown

http://schemas.xmlsoap.org/soap/envelope/

unknown

http://tempuri.org/Entity/Id19LR

unknown

http://tempuri.org/Entity/Id23Response

unknown

http://tempuri.org/Entity/Id15LR

unknown

http://tempuri.org/Entity/Id7LR

unknown

http://tempuri.org/Entity/Id11LR

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse

unknown

http://schemas.xmlsoap.org/ws/2004/08/addressing/fault

unknown

http://tempuri.org/Entity/Id17Response

unknown

http://tempuri.org/Entity/Id22ResponseX%y

unknown

http://tempuri.org/Entity/Id20Response

unknown

http://tempuri.org/Entity/Id12ResponseX%y

unknown

http://tempuri.org/Entity/Id3LR

unknown

http://tempuri.org/Entity/Id11ResponseX%y

unknown

http://tempuri.org/Entity/Id21ResponseX%y

unknown

http://tempuri.org/Entity/Id18ResponseX%y

unknown

http://tempuri.org/Entity/Id13Response

unknown

http://tempuri.org/Entity/Id4Response

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty

unknown

http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement

unknown

http://tempuri.org/Entity/Id23LR

unknown

http://tempuri.org/Entity/Id7Response

unknown

http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous

unknown

http://tempuri.org/Entity/Id11Response

unknown

http://tempuri.org/Entity/Id9ResponseX%y

unknown

http://tempuri.org/Entity/Id22Response

unknown

http://tempuri.org/Entity/Id6ResponseX%y

unknown

There are 90 hidden URLs, click here to show them.

IPs

Domain

Country

Malicious

212.162.149.77

unknown

Netherlands

Details

IP:	212.162.149.77
TargetID:	0
Current Path:	C:\Users\user\Desktop\b7585402d354395dd4cb9031486b62c65856189cdf27ebf5e0a9a3685970f187_payload.exe
Country:	Netherlands
Countrycode:	NLD
ASN number:	64236
ASN name:	UNREAL-SERVERSUS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

1B2000

unkown

page readonly

4AA2000

trusted library allocation

page read and write

2380000

trusted library allocation

page execute and read and write

2A69000

trusted library allocation

page read and write

4AD0000

heap

page read and write

599E000

stack

page read and write

5B50000

trusted library allocation

page read and write

27A2000

trusted library allocation

page read and write

464E000

stack

page read and write

4D40000

trusted library allocation

page read and write

2390000

heap

page execute and read and write

283F000

trusted library allocation

page read and write

34BF000

trusted library allocation

page read and write

22D0000

trusted library allocation

page read and write

5940000

trusted library allocation

page read and write

49B4000

trusted library allocation

page read and write

77E000

heap

page read and write

4A80000

heap

page read and write

4D1E000

stack

page read and write

80F000

heap

page read and write

1F6000

unkown

page readonly

49BB000

trusted library allocation

page read and write

4D3A000

trusted library allocation

page read and write

5E2F000

stack

page read and write

C9A000

heap

page read and write

2667000

trusted library allocation

page read and write

292B000

trusted library allocation

page read and write

778000

heap

page read and write

C84000

trusted library allocation

page read and write

4F9E000

stack

page read and write

573F000

stack

page read and write

2B55000

trusted library allocation

page read and write

4D50000

heap

page execute and read and write

C70000

trusted library allocation

page read and write

1E7000

unkown

page readonly

2AB7000

trusted library allocation

page read and write

5B11000

trusted library allocation

page read and write

C83000

trusted library allocation

page execute and read and write

4A20000

trusted library allocation

page read and write

2753000

trusted library allocation

page read and write

C90000

heap

page read and write

4A90000

heap

page read and write

49E2000

trusted library allocation

page read and write

83F000

heap

page read and write

5B3A000

trusted library allocation

page read and write

7A5000

heap

page read and write

86D000

heap

page read and write

5B90000

trusted library allocation

page execute and read and write

44B8000

trusted library allocation

page read and write

34B1000

trusted library allocation

page read and write

22F0000

trusted library allocation

page read and write

1E2000

unkown

page readonly

6110000

trusted library allocation

page read and write

29A000

stack

page read and write

24AE000

stack

page read and write

4D38000

trusted library allocation

page read and write

6115000

trusted library allocation

page read and write

4990000

trusted library allocation

page read and write

49D1000

trusted library allocation

page read and write

4D35000

trusted library allocation

page read and write

22DB000

trusted library allocation

page execute and read and write

869000

heap

page read and write

837000

heap

page read and write

5B40000

trusted library allocation

page read and write

49CE000

trusted library allocation

page read and write

23A0000

heap

page read and write

6790000

heap

page read and write

C96000

heap

page read and write

5CEE000

stack

page read and write

2704000

trusted library allocation

page read and write

4A00000

trusted library allocation

page read and write

6F0000

heap

page read and write

5080000

heap

page read and write

49A0000

trusted library allocation

page read and write

4D30000

trusted library allocation

page read and write

4F5F000

stack

page read and write

49B6000

trusted library allocation

page read and write

5B0B000

trusted library allocation

page read and write

4AB0000

trusted library allocation

page execute and read and write

5BA0000

trusted library allocation

page read and write

7AA0000

trusted library allocation

page read and write

81A000

heap

page read and write

22D5000

trusted library allocation

page execute and read and write

583E000

stack

page read and write

679D000

heap

page read and write

C80000

trusted library allocation

page read and write

49BE000

trusted library allocation

page read and write

4FDE000

stack

page read and write

5BC0000

trusted library allocation

page execute and read and write

24B1000

trusted library allocation

page read and write

2A1A000

trusted library allocation

page read and write

5950000

trusted library allocation

page execute and read and write

611B000

trusted library allocation

page read and write

49C2000

trusted library allocation

page read and write

60D1000

trusted library allocation

page read and write

7AB0000

trusted library allocation

page read and write

817000

heap

page read and write

49B0000

trusted library allocation

page read and write

233E000

stack

page read and write

7B80000

trusted library allocation

page execute and read and write

34D1000

trusted library allocation

page read and write

6740000

heap

page read and write

49DD000

trusted library allocation

page read and write

22C6000

trusted library allocation

page execute and read and write

4A10000

trusted library allocation

page read and write

C8D000

trusted library allocation

page execute and read and write

22B3000

trusted library allocation

page read and write

397000

stack

page read and write

26B6000

trusted library allocation

page read and write

600000

heap

page read and write

237C000

stack

page read and write

5BB0000

trusted library allocation

page read and write

5B2E000

trusted library allocation

page read and write

22CA000

trusted library allocation

page execute and read and write

49D6000

trusted library allocation

page read and write

22B0000

trusted library allocation

page read and write

4A15000

trusted library allocation

page read and write

288E000

trusted library allocation

page read and write

6792000

heap

page read and write

4AA0000

trusted library allocation

page read and write

27F1000

trusted library allocation

page read and write

9B0000

heap

page read and write

22C2000

trusted library allocation

page read and write

5D2E000

stack

page read and write

4A40000

trusted library allocation

page read and write

6E6000

heap

page read and write

797000

heap

page read and write

2618000

trusted library allocation

page read and write

22D2000

trusted library allocation

page read and write

5B80000

trusted library allocation

page read and write

7AC0000

trusted library allocation

page read and write

7B2000

heap

page read and write

4AD3000

heap

page read and write

6E0000

heap

page read and write

4A08000

trusted library allocation

page read and write

2516000

trusted library allocation

page read and write

5B22000

trusted library allocation

page read and write

22D7000

trusted library allocation

page execute and read and write

5B70000

trusted library allocation

page execute and read and write

25C4000

trusted library allocation

page read and write

28DD000

trusted library allocation

page read and write

7E4000

heap

page read and write

7F490000

trusted library allocation

page execute and read and write

770000

heap

page read and write

49F0000

trusted library allocation

page read and write

750000

heap

page read and write

833000

heap

page read and write

22BD000

trusted library allocation

page execute and read and write

1B0000

unkown

page readonly

29C9000

trusted library allocation

page read and write

4CC0000

trusted library allocation

page read and write

5B00000

trusted library allocation

page read and write

6040000

trusted library allocation

page read and write

2514000

trusted library allocation

page read and write

5B60000

trusted library allocation

page read and write

22C0000

trusted library allocation

page read and write

297A000

trusted library allocation

page read and write

611E000

trusted library allocation

page read and write

5B16000

trusted library allocation

page read and write

5BE0000

trusted library allocation

page read and write

2B06000

trusted library allocation

page read and write

There are 151 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
b7585402d354395dd4cb9031486b62c65856189cdf27ebf5e0a9a3685970f187_payload.exe

Processes

URLs

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportb7585402d354395dd4cb9031486b62c65856189cdf27ebf5e0a9a3685970f187_payload.exe

Processes

URLs

IPs

Memdumps

IOC Report
b7585402d354395dd4cb9031486b62c65856189cdf27ebf5e0a9a3685970f187_payload.exe