Automated Malware Analysis IOC Report for

Details

Name:	00000000.00000002.3167430661.0000000001D70000.00000040.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	1D70000
Size:	16384

Signature Hits	Behavior Group	Mitre Attack
Yara detected GuLoader	Data Obfuscation

Details

Name:	00000000.00000002.3168552019.0000000003225000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	3225000
Size:	49152

Details

Name:	00000000.00000000.2086093126.0000000000401000.00000020.00020000.sdmp
TargetID:	0
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page execute read
Base address:	401000
Size:	69632

Details

Name:	00000000.00000002.3167754398.0000000002B30000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	2B30000
Size:	12288

Details

Name:	00000000.00000002.3168519751.00000000031D2000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	31D2000
Size:	24576

Details

Name:	00000000.00000002.3168441094.0000000003126000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	3126000
Size:	45056

Details

Name:	00000000.00000002.3169052363.000000007EFDF000.00000004.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	7EFDF000
Size:	4096

Details

Name:	00000000.00000002.3167426947.0000000001CE0000.00000004.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	1CE0000
Size:	4096

Details

Name:	00000000.00000002.3167378442.00000000004C0000.00000004.00000020.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	4C0000
Size:	16384

Details

Name:	00000000.00000002.3168413204.0000000003102000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	3102000
Size:	73728

Details

Name:	00000000.00000002.3168752424.0000000003400000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	3400000
Size:	126976

Details

Name:	00000000.00000002.3168483997.0000000003186000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	3186000
Size:	45056

Details

Name:	00000000.00000002.3166501053.00000000002D0000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	2D0000
Size:	913408

Details

Name:	00000000.00000002.3167341414.00000000003B4000.00000004.00000040.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	3B4000
Size:	4096

Details

Name:	00000000.00000002.3167386057.00000000004E4000.00000004.00000020.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	4E4000
Size:	102400

Details

Name:	00000000.00000002.3167403263.00000000008E0000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	8E0000
Size:	327680

Signature Hits	Behavior Group	Mitre Attack
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery

Details

Name:	00000000.00000002.3167356802.0000000000400000.00000002.00020000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	400000
Size:	4096

Details

Name:	00000000.00000002.3167758294.0000000002B50000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	2B50000
Size:	3670016

Details

Name:	00000000.00000002.3168355933.0000000003094000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	3094000
Size:	118784

Details

Name:	00000000.00000002.3168490460.0000000003192000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	3192000
Size:	73728

Details

Name:	00000000.00000002.3167739443.00000000026F0000.00000004.00000040.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	26F0000
Size:	4096

Details

Name:	00000000.00000000.2086108427.0000000000414000.00000002.00020000.sdmp
TargetID:	0
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	414000
Size:	4096

Signature Hits	Behavior Group	Mitre Attack
Sample file is different than original file name gathered from version info	System Summary

Details

Name:	00000000.00000002.3168369363.00000000030B4000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	30B4000
Size:	118784

Details

Name:	00000000.00000002.3167365959.0000000000412000.00000004.00020000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	412000
Size:	8192

Details

Name:	00000000.00000002.3168365967.00000000030B2000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	30B2000
Size:	4096

Details

Name:	00000000.00000002.3168544353.0000000003209000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	3209000
Size:	53248

Details

Name:	00000000.00000002.3167460204.0000000002290000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	2290000
Size:	2945024

Details

Name:	00000000.00000002.3167352370.00000000003F0000.00000004.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	3F0000
Size:	8192

Details

Name:	00000000.00000002.3168503087.00000000031B6000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	31B6000
Size:	4096

Details

Name:	00000000.00000002.3167743423.00000000026F4000.00000004.00000040.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	26F4000
Size:	4096

Details

Name:	00000000.00000002.3168463067.0000000003156000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	3156000
Size:	45056

Details

Name:	00000000.00000002.3168524808.00000000031D9000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	31D9000
Size:	53248

Details

Name:	00000000.00000002.3167446836.0000000001E58000.00000004.00000040.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	1E58000
Size:	45056

Signature Hits	Behavior Group	Mitre Attack
Sample file is different than original file name gathered from version info	System Summary

Details

Name:	00000000.00000002.3168352270.0000000003092000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	3092000
Size:	4096

Details

Name:	00000000.00000002.3167746948.0000000002712000.00000004.00000040.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	2712000
Size:	12288

Details

Name:	00000000.00000002.3167359802.0000000000401000.00000020.00020000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page execute read
Base address:	401000
Size:	69632

Details

Name:	00000000.00000002.3168507140.00000000031B9000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	31B9000
Size:	12288

Details

Name:	00000000.00000002.3168448842.0000000003132000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	3132000
Size:	73728

Details

Name:	00000000.00000002.3168381435.00000000030D2000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	30D2000
Size:	4096

Details

Name:	00000000.00000002.3168470245.0000000003162000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	3162000
Size:	73728

Details

Name:	00000000.00000002.3167338226.00000000003B0000.00000004.00000040.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	3B0000
Size:	4096

Details

Name:	00000000.00000002.3168734259.00000000033C2000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	33C2000
Size:	249856

Details

Name:	00000000.00000002.3167750251.0000000002730000.00000004.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2730000
Size:	16384

Details

Name:	00000000.00000002.3166475193.0000000000250000.00000004.00000020.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	250000
Size:	16384

Details

Name:	00000000.00000002.3168231824.0000000002ED8000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	2ED8000
Size:	1019904

Details

Name:	00000000.00000002.3168763340.0000000003420000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	3420000
Size:	126976

Details

Name:	00000000.00000002.3168773440.0000000003440000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	3440000
Size:	110592

Details

Name:	00000000.00000002.3165926876.000000000008A000.00000004.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	8A000
Size:	24576

Details

Name:	00000000.00000002.3168388318.00000000030D4000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	30D4000
Size:	184320

Details

Name:	00000000.00000002.3168564600.0000000003239000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	3239000
Size:	53248

Details

Name:	00000000.00000002.3166007763.00000000001B0000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	1B0000
Size:	421888

Details

Name:	00000000.00000002.3168905603.0000000003647000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	3647000
Size:	2043904

Signature Hits	Behavior Group	Mitre Attack
Sample file is different than original file name gathered from version info	System Summary
URLs found in memory or binary data	Networking

Details

Name:	00000000.00000002.3167456281.0000000001E90000.00000004.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	1E90000
Size:	4096

Details

Name:	00000000.00000002.3167443053.0000000001E3A000.00000004.00000040.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	1E3A000
Size:	4096

Details

Name:	00000000.00000002.3167438150.0000000001E30000.00000004.00000040.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	1E30000
Size:	28672

Details

Name:	00000000.00000002.3166422985.0000000000240000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	240000
Size:	28672

Details

Name:	00000000.00000002.3167369437.0000000000414000.00000002.00020000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	414000
Size:	4096

Details

Name:	00000000.00000002.3167343961.00000000003B8000.00000004.00000040.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	3B8000
Size:	8192

Details

Name:	00000000.00000002.3168559189.0000000003232000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	3232000
Size:	24576

Details

Name:	00000000.00000002.3167399368.0000000000740000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	740000
Size:	12288

Details

Name:	00000000.00000001.2086133945.0000000000400000.00000002.00020000.sdmp
TargetID:	0
Dumpstage:	image loaded
Regiontype:	unkown image
Protect:	page readonly
Base address:	400000
Size:	4096

Details

Name:	00000000.00000002.3167434983.0000000001DE0000.00000004.00000040.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	1DE0000
Size:	4096

Details

Name:	00000000.00000002.3168305196.0000000002FD2000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	2FD2000
Size:	782336

Details

Name:	00000000.00000002.3168479685.0000000003175000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	3175000
Size:	4096

Details

Name:	00000000.00000002.3167382480.00000000004C7000.00000004.00000020.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	4C7000
Size:	4096

Details

Name:	00000000.00000002.3168785172.0000000003460000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	3460000
Size:	1986560

Signature Hits	Behavior Group	Mitre Attack
Sample file is different than original file name gathered from version info	System Summary
Binary contains paths to development resources	System Summary
Found strings which match to known social media urls	Networking
URLs found in memory or binary data	Networking

Details

Name:	00000000.00000002.3167372333.0000000000420000.00000004.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	420000
Size:	4096

Details

Name:	00000000.00000002.3167346835.00000000003BB000.00000004.00000040.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	3BB000
Size:	61440

Details

Name:	00000000.00000002.3167452741.0000000001E80000.00000004.00000040.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	1E80000
Size:	8192

Details

Name:	00000000.00000002.3165994882.000000000018D000.00000004.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	18D000
Size:	12288

Details

Name:	00000000.00000002.3168498245.00000000031A5000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	31A5000
Size:	4096

Details

Name:	00000000.00000002.3167395190.00000000005C0000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	5C0000
Size:	20480

Details

Name:	00000000.00000000.2086085660.0000000000400000.00000002.00020000.sdmp
TargetID:	0
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	400000
Size:	4096

Details

Name:	00000000.00000002.3167374879.00000000004A0000.00000008.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page write copy
Base address:	4A0000
Size:	20480

Signature Hits	Behavior Group	Mitre Attack
Sample file is different than original file name gathered from version info	System Summary

Details

Name:	00000000.00000002.3168572635.0000000003255000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	3255000
Size:	1486848

Details

Name:	00000000.00000002.3165908563.0000000000020000.00000004.00000040.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	20000
Size:	8192

Details

Name:	00000000.00000002.3168227711.0000000002ED2000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	2ED2000
Size:	16384

Details

Name:	00000000.00000002.3166414022.0000000000230000.00000020.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute read
Base address:	230000
Size:	40960

Details

Name:	00000000.00000002.3168435757.0000000003115000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	3115000
Size:	4096

Details

Name:	00000000.00000002.3168511721.00000000031BD000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	31BD000
Size:	81920

Details

Name:	00000000.00000002.3168458830.0000000003145000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	3145000
Size:	4096

Details

Name:	00000000.00000002.3168537695.0000000003202000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	3202000
Size:	24576

Details

Name:	00000000.00000002.3168531084.00000000031F5000.00000002.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page readonly
Base address:	31F5000
Size:	49152

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOCReport

Processes

URLs

Memdumps