Automated Malware Analysis IOC Report for

Details

Name:	00000000.00000002.3147398939.00000000002D0000.00000040.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	2D0000
Size:	16384

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Yara detected GuLoader	Data Obfuscation
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)	Malware Analysis System Evasion	Security Software Discovery
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery

Details

Name:	00000000.00000002.3148628358.0000000002DA8000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	2DA8000
Size:	1019904

Details

Name:	00000000.00000002.3150304345.00000000030A9000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	30A9000
Size:	53248

Details

Name:	00000000.00000002.3147511047.00000000006A0000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	6A0000
Size:	20480

Details

Name:	00000000.00000002.3147345695.00000000001B0000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	1B0000
Size:	421888

Details

Name:	00000000.00000002.3149389865.0000000002F62000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	2F62000
Size:	4096

Details

Name:	00000000.00000002.3147372938.0000000000230000.00000020.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute read
Base address:	230000
Size:	40960

Details

Name:	00000000.00000002.3151218757.00000000032F0000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	32F0000
Size:	126976

Details

Name:	00000000.00000002.3151288024.0000000003330000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	3330000
Size:	1986560

Signature Hits	Behavior Group	Mitre Attack
Sample file is different than original file name gathered from version info	System Summary
Binary contains paths to development resources	System Summary
Found strings which match to known social media urls	Networking
URLs found in memory or binary data	Networking

Details

Name:	00000000.00000002.3152336507.000000007EFDF000.00000004.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	7EFDF000
Size:	4096

Details

Name:	00000000.00000002.3149880531.0000000003002000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	3002000
Size:	73728

Details

Name:	00000000.00000002.3147377359.0000000000240000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	240000
Size:	28672

Details

Name:	00000000.00000002.3147407743.0000000000400000.00000002.00020000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	400000
Size:	4096

Details

Name:	00000000.00000002.3147738600.00000000027C0000.00000004.00000040.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	27C0000
Size:	28672

Details

Name:	00000000.00000002.3151252435.0000000003310000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	3310000
Size:	110592

Details

Name:	00000000.00000002.3150482155.0000000003102000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	3102000
Size:	24576

Details

Name:	00000000.00000002.3150224468.0000000003089000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	3089000
Size:	12288

Details

Name:	00000000.00000002.3147518081.00000000009C0000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	9C0000
Size:	352256

Signature Hits	Behavior Group	Mitre Attack
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery

Details

Name:	00000000.00000000.2068256551.0000000000401000.00000020.00020000.sdmp
TargetID:	0
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page execute read
Base address:	401000
Size:	196608

Details

Name:	00000000.00000002.3147423922.0000000000431000.00000004.00020000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	431000
Size:	8192

Details

Name:	00000000.00000002.3150233297.000000000308D000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	308D000
Size:	81920

Details

Name:	00000000.00000002.3149643737.0000000002FA4000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	2FA4000
Size:	184320

Details

Name:	00000000.00000002.3150292044.00000000030A2000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	30A2000
Size:	24576

Details

Name:	00000000.00000002.3147543171.0000000001F04000.00000004.00000040.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	1F04000
Size:	4096

Details

Name:	00000000.00000002.3150009556.0000000003032000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	3032000
Size:	73728

Details

Name:	00000000.00000002.3150530431.0000000003125000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	3125000
Size:	1486848

Details

Name:	00000000.00000002.3147760433.0000000002A20000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	2A20000
Size:	3670016

Details

Name:	00000000.00000002.3147494248.00000000005A0000.00000004.00000020.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	5A0000
Size:	16384

Details

Name:	00000000.00000002.3149520407.0000000002F82000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	2F82000
Size:	4096

Details

Name:	00000000.00000002.3150187526.0000000003075000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	3075000
Size:	4096

Details

Name:	00000000.00000002.3147548565.0000000001F60000.00000004.00000040.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	1F60000
Size:	8192

Details

Name:	00000000.00000002.3149633052.0000000002FA2000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	2FA2000
Size:	4096

Details

Name:	00000000.00000002.3147540669.0000000001F00000.00000004.00000040.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	1F00000
Size:	4096

Details

Name:	00000000.00000002.3150117339.0000000003062000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	3062000
Size:	73728

Details

Name:	00000000.00000002.3150394882.00000000030D9000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	30D9000
Size:	53248

Details

Name:	00000000.00000000.2068280402.0000000000433000.00000002.00020000.sdmp
TargetID:	0
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	433000
Size:	4096

Signature Hits	Behavior Group	Mitre Attack
Sample file is different than original file name gathered from version info	System Summary

Details

Name:	00000000.00000002.3149794543.0000000002FE5000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	2FE5000
Size:	4096

Details

Name:	00000000.00000002.3147757036.0000000002A00000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	2A00000
Size:	12288

Details

Name:	00000000.00000002.3149952498.0000000003015000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	3015000
Size:	4096

Details

Name:	00000000.00000002.3147499923.00000000005C4000.00000004.00000020.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	5C4000
Size:	110592

Details

Name:	00000000.00000002.3149421765.0000000002F64000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	2F64000
Size:	118784

Details

Name:	00000000.00000002.3147491831.0000000000520000.00000004.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	520000
Size:	4096

Details

Name:	00000000.00000002.3150080439.0000000003056000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	3056000
Size:	45056

Details

Name:	00000000.00000002.3147746520.00000000027E8000.00000004.00000040.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	27E8000
Size:	49152

Signature Hits	Behavior Group	Mitre Attack
Sample file is different than original file name gathered from version info	System Summary

Details

Name:	00000000.00000002.3149965529.0000000003026000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	3026000
Size:	45056

Details

Name:	00000000.00000002.3150429951.00000000030F5000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	30F5000
Size:	49152

Details

Name:	00000000.00000002.3147383700.0000000000260000.00000008.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page write copy
Base address:	260000
Size:	20480

Signature Hits	Behavior Group	Mitre Attack
Sample file is different than original file name gathered from version info	System Summary

Details

Name:	00000000.00000002.3147381228.0000000000250000.00000004.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	250000
Size:	8192

Details

Name:	00000000.00000002.3150369199.00000000030D2000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	30D2000
Size:	24576

Details

Name:	00000000.00000002.3147410131.0000000000401000.00000020.00020000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page execute read
Base address:	401000
Size:	196608

Details

Name:	00000000.00000002.3147334587.0000000000020000.00000004.00000040.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	20000
Size:	8192

Details

Name:	00000000.00000001.2068319235.0000000000400000.00000002.00020000.sdmp
TargetID:	0
Dumpstage:	image loaded
Regiontype:	unkown image
Protect:	page readonly
Base address:	400000
Size:	4096

Details

Name:	00000000.00000002.3149691660.0000000002FD2000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	2FD2000
Size:	73728

Details

Name:	00000000.00000002.3147401898.0000000000310000.00000004.00000020.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	310000
Size:	16384

Details

Name:	00000000.00000002.3147743278.00000000027CA000.00000004.00000040.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	27CA000
Size:	4096

Details

Name:	00000000.00000002.3149541342.0000000002F84000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	2F84000
Size:	118784

Details

Name:	00000000.00000002.3147391089.0000000000278000.00000004.00000040.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	278000
Size:	8192

Details

Name:	00000000.00000002.3149177433.0000000002EA2000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	2EA2000
Size:	782336

Details

Name:	00000000.00000002.3147386756.0000000000270000.00000004.00000040.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	270000
Size:	4096

Details

Name:	00000000.00000002.3147426842.0000000000433000.00000002.00020000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	433000
Size:	4096

Details

Name:	00000000.00000002.3147754336.00000000029F0000.00000004.00000040.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	29F0000
Size:	4096

Details

Name:	00000000.00000002.3147429546.0000000000440000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	440000
Size:	913408

Details

Name:	00000000.00000002.3147508354.00000000005E1000.00000004.00000020.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	5E1000
Size:	12288

Details

Name:	00000000.00000002.3147751828.00000000027FB000.00000004.00000040.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	27FB000
Size:	4096

Details

Name:	00000000.00000002.3147545972.0000000001F22000.00000004.00000040.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	1F22000
Size:	12288

Details

Name:	00000000.00000002.3147388904.0000000000274000.00000004.00000040.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	274000
Size:	4096

Details

Name:	00000000.00000002.3147393444.000000000027B000.00000004.00000040.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	27B000
Size:	61440

Details

Name:	00000000.00000002.3147341227.000000000018D000.00000004.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	18D000
Size:	12288

Details

Name:	00000000.00000002.3151745116.0000000003517000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	3517000
Size:	2043904

Signature Hits	Behavior Group	Mitre Attack
Sample file is different than original file name gathered from version info	System Summary
URLs found in memory or binary data	Networking

Details

Name:	00000000.00000002.3149826012.0000000002FF6000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	2FF6000
Size:	45056

Details

Name:	00000000.00000002.3147337548.000000000008A000.00000004.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	8A000
Size:	24576

Details

Name:	00000000.00000002.3147497116.00000000005A7000.00000004.00000020.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	5A7000
Size:	4096

Details

Name:	00000000.00000002.3147515314.0000000000820000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	820000
Size:	12288

Details

Name:	00000000.00000002.3151130227.00000000032D0000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	32D0000
Size:	126976

Details

Name:	00000000.00000002.3147550850.0000000001F70000.00000004.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	1F70000
Size:	4096

Details

Name:	00000000.00000002.3150336817.00000000030C5000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	30C5000
Size:	49152

Details

Name:	00000000.00000002.3147553273.0000000002370000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	2370000
Size:	2945024

Details

Name:	00000000.00000002.3150201594.0000000003086000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	3086000
Size:	4096

Details

Name:	00000000.00000000.2068247812.0000000000400000.00000002.00020000.sdmp
TargetID:	0
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	400000
Size:	4096

Details

Name:	00000000.00000002.3150055662.0000000003045000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	3045000
Size:	4096

Details

Name:	00000000.00000002.3148621290.0000000002DA2000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	2DA2000
Size:	16384

Details

Name:	00000000.00000002.3151032345.0000000003292000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	3292000
Size:	249856

Details

Name:	00000000.00000002.3150502118.0000000003109000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	3109000
Size:	53248

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOCReport

Processes

URLs

Memdumps