Automated Malware Analysis IOC Report for

Details

Name:	00000000.00000002.1193811530.0000000004BF0000.00000040.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute and read and write
Base address:	4BF0000
Size:	163840

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Yara detected GuLoader	Data Obfuscation

Details

Name:	00000000.00000002.1193922723.000000007FFC2000.00000002.00020000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7FFC2000
Size:	4096

Details

Name:	00000000.00000001.665489570.0000000000400000.00000002.00020000.sdmp
TargetID:	0
Dumpstage:	image loaded
Regiontype:	unkown image
Protect:	page readonly
Base address:	400000
Size:	4096

Details

Name:	00000000.00000002.1192811568.0000000002278000.00000004.00000040.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	2278000
Size:	16384

Details

Name:	00000000.00000002.1191724406.0000000000401000.00000020.00020000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page execute read
Base address:	401000
Size:	188416

Details

Name:	00000000.00000002.1191561730.0000000000030000.00000004.00020000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	30000
Size:	4096

Details

Name:	00000000.00000002.1192341711.0000000000C30000.00000002.00020000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	C30000
Size:	69632

Details

Name:	00000000.00000002.1191719786.0000000000400000.00000002.00020000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	400000
Size:	4096

Details

Name:	00000000.00000002.1193904208.000000007FFC0000.00000002.00020000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7FFC0000
Size:	4096

Details

Name:	00000000.00000002.1192667987.0000000002200000.00000002.00020000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	2200000
Size:	12288

Details

Name:	00000000.00000002.1193792759.000000000486E000.00000004.00000010.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	486E000
Size:	8192

Details

Name:	00000000.00000002.1191627928.000000000009A000.00000004.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	9A000
Size:	24576

Details

Name:	00000000.00000002.1193745040.0000000002CA0000.00000004.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2CA0000
Size:	4096

Details

Name:	00000000.00000002.1192879542.0000000002400000.00000004.00000040.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	2400000
Size:	8192

Details

Name:	00000000.00000002.1191940434.00000000005E4000.00000004.00000040.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	5E4000
Size:	4096

Details

Name:	00000000.00000002.1192775778.0000000002270000.00000004.00000040.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	2270000
Size:	12288

Details

Name:	00000000.00000002.1191876180.00000000005C0000.00000020.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page execute read
Base address:	5C0000
Size:	40960

Details

Name:	00000000.00000002.1192694100.0000000002230000.00000004.00000040.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	2230000
Size:	28672

Details

Name:	00000000.00000002.1192688528.0000000002220000.00000004.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2220000
Size:	4096

Details

Name:	00000000.00000000.665426975.000000007FFB2000.00000002.00020000.sdmp
TargetID:	0
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7FFB2000
Size:	4096

Details

Name:	00000000.00000002.1191812090.000000000042F000.00000004.00020000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	42F000
Size:	8192

Details

Name:	00000000.00000002.1193501888.0000000002C1E000.00000004.00020000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page read and write
Base address:	2C1E000
Size:	499712

Details

Name:	00000000.00000002.1191923140.00000000005E0000.00000004.00000040.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	5E0000
Size:	8192

Details

Name:	00000000.00000002.1191997856.00000000005FA000.00000004.00000020.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	5FA000
Size:	69632

Details

Name:	00000000.00000002.1193804878.000000000496F000.00000004.00000010.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	496F000
Size:	4096

Details

Name:	00000000.00000000.665404546.0000000000431000.00000002.00020000.sdmp
TargetID:	0
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	431000
Size:	12288

Signature Hits	Behavior Group	Mitre Attack
Sample file is different than original file name gathered from version info	System Summary

Details

Name:	00000000.00000002.1192425989.0000000000DB0000.00000002.00020000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	DB0000
Size:	4096

Details

Name:	00000000.00000002.1191858973.0000000000530000.00000004.00000020.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	530000
Size:	20480

Details

Name:	00000000.00000002.1192855705.0000000002380000.00000004.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2380000
Size:	4096

Details

Name:	00000000.00000002.1192442091.0000000000DC0000.00000002.00020000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	DC0000
Size:	348160

Signature Hits	Behavior Group	Mitre Attack
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery

Details

Name:	00000000.00000002.1193857787.000000007FEB0000.00000002.00020000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7FEB0000
Size:	20480

Details

Name:	00000000.00000002.1192647403.00000000021F0000.00000004.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	21F0000
Size:	4096

Details

Name:	00000000.00000000.665450231.000000007FFD0000.00000002.00020000.sdmp
TargetID:	0
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7FFD0000
Size:	12288

Details

Name:	00000000.00000002.1192716452.0000000002239000.00000004.00000040.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	2239000
Size:	24576

Details

Name:	00000000.00000000.665436786.000000007FFC0000.00000002.00020000.sdmp
TargetID:	0
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7FFC0000
Size:	4096

Details

Name:	00000000.00000002.1192271154.0000000000A30000.00000002.00020000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	A30000
Size:	36864

Details

Name:	00000000.00000002.1191918278.00000000005D0000.00000004.00000040.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	5D0000
Size:	4096

Details

Name:	00000000.00000000.665412012.000000007FFB0000.00000002.00020000.sdmp
TargetID:	0
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7FFB0000
Size:	4096

Details

Name:	00000000.00000002.1192890577.0000000002410000.00000004.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2410000
Size:	4096

Details

Name:	00000000.00000000.665442208.000000007FFC2000.00000002.00020000.sdmp
TargetID:	0
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	7FFC2000
Size:	4096

Details

Name:	00000000.00000002.1191686759.00000000001F0000.00000004.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	1F0000
Size:	4096

Details

Name:	00000000.00000002.1193884196.000000007FFB0000.00000002.00020000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7FFB0000
Size:	4096

Details

Name:	00000000.00000002.1191818167.0000000000431000.00000002.00020000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	431000
Size:	12288

Details

Name:	00000000.00000002.1192914554.0000000002B50000.00000002.00020000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	2B50000
Size:	733184

Details

Name:	00000000.00000002.1192834113.0000000002280000.00000004.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2280000
Size:	16384

Details

Name:	00000000.00000000.665374468.0000000000401000.00000020.00020000.sdmp
TargetID:	0
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page execute read
Base address:	401000
Size:	188416

Details

Name:	00000000.00000000.665340469.0000000000040000.00000002.00020000.sdmp
TargetID:	0
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	40000
Size:	102400

Details

Name:	00000000.00000002.1191691058.00000000003EA000.00000004.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	3EA000
Size:	12288

Details

Name:	00000000.00000002.1191705782.00000000003EE000.00000004.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	3EE000
Size:	4096

Details

Name:	00000000.00000002.1193764267.000000000472E000.00000004.00000010.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	472E000
Size:	8192

Details

Name:	00000000.00000002.1193777012.000000000482F000.00000004.00000010.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	stack
Protect:	page read and write
Base address:	482F000
Size:	4096

Details

Name:	00000000.00000000.665367479.0000000000400000.00000002.00020000.sdmp
TargetID:	0
Dumpstage:	process new
Regiontype:	unkown image
Protect:	page readonly
Base address:	400000
Size:	4096

Details

Name:	00000000.00000002.1193898451.000000007FFB2000.00000002.00020000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7FFB2000
Size:	4096

Details

Name:	00000000.00000002.1192787849.0000000002275000.00000004.00000040.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap private
Protect:	page read and write
Base address:	2275000
Size:	8192

Details

Name:	00000000.00000002.1192087374.0000000000612000.00000004.00000020.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	612000
Size:	139264

Details

Name:	00000000.00000002.1191576243.0000000000040000.00000002.00020000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	40000
Size:	102400

Details

Name:	00000000.00000002.1191832179.0000000000510000.00000002.00020000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	510000
Size:	16384

Details

Name:	00000000.00000002.1192760982.0000000002240000.00000004.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	2240000
Size:	4096

Details

Name:	00000000.00000002.1191955463.00000000005F0000.00000004.00000020.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	heap default
Protect:	page read and write
Base address:	5F0000
Size:	32768

Details

Name:	00000000.00000002.1191662597.00000000001A0000.00000002.00020000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	1A0000
Size:	16384

Details

Name:	00000000.00000002.1191855416.0000000000520000.00000004.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	520000
Size:	4096

Details

Name:	00000000.00000002.1191646970.000000000019C000.00000004.00000001.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown
Protect:	page read and write
Base address:	19C000
Size:	16384

Details

Name:	00000000.00000002.1193940082.000000007FFD0000.00000002.00020000.sdmp
TargetID:	0
Dumpstage:	process exit
Regiontype:	unkown image
Protect:	page readonly
Base address:	7FFD0000
Size:	12288

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report

Processes

URLs

Memdumps