Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\vbc.exe.exe

'C:\Users\user\Desktop\vbc.exe.exe'

Details

Is windows:	true
Is dropped:	false
PID:	2400
Target ID:	0
Parent PID:	912
Name:	vbc.exe.exe
Path:	C:\Users\user\Desktop\vbc.exe.exe
Commandline:	'C:\Users\user\Desktop\vbc.exe.exe'
Size:	147456
MD5:	788016C9072423914B96F0D15A61812D
Time:	10:11:44
Date:	08/06/2021
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	151552
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Yara detected GuLoader	Data Obfuscation
PE file contains strange resources	System Summary
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary

URLs

Name

Malicious

https://bara-seck.com/bin_YIuwAXdc211.bin, https://wizumiya.co.jp/html/user_data/

Details

Name:	https://bara-seck.com/bin_YIuwAXdc211.bin, https://wizumiya.co.jp/html/user_data/
TargetID:	0
From Memory:	false
Current Path:	C:\Users\user\Desktop\vbc.exe.exe
Source:	config extactor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol

Memdumps

Base Address

Regiontype

Protect

Malicious

401000

unkown image

page execute read

401000

unkown image

page execute read

330000

unkown

page write copy

320000

unkown

page read and write

400000

unkown image

page readonly

2B0000

heap private

page read and write

424000

unkown image

page readonly

7EFDF000

unkown

page read and write

720000

unkown

page readonly

424000

unkown image

page readonly

450000

unkown

page readonly

1E50000

heap private

page read and write

310000

heap private

page read and write

5A0000

unkown

page readonly

300000

unkown

page readonly

166000

unkown

page read and write

20000

unkown

page read and write

1D50000

unkown

page readonly

1D32000

heap private

page read and write

1D10000

heap private

page read and write

2260000

unkown

page readonly

380000

unkown

page read and write

400000

unkown image

page readonly

460000

unkown

page execute and read and write

1D14000

heap private

page read and write

4A0000

heap default

page read and write

2F0000

unkown

page execute read

4A7000

heap default

page read and write

367000

heap private

page read and write

1B0000

unkown

page readonly

400000

unkown image

page readonly

1E60000

unkown

page read and write

430000

unkown

page readonly

220000

heap default

page read and write

4C4000

heap default

page read and write

87000

unkown

page read and write

8C0000

unkown

page readonly

340000

heap private

page read and write

422000

unkown image

page read and write

34A000

heap private

page read and write

There are 30 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOCReport

Processes

URLs

Memdumps