Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\THN6clTA6P.exe

"C:\Users\user\Desktop\THN6clTA6P.exe"

Details

Is windows:	false
Is dropped:	false
PID:	2996
Target ID:	1
Parent PID:	5424
Name:	THN6clTA6P.exe
Path:	C:\Users\user\Desktop\THN6clTA6P.exe
Commandline:	"C:\Users\user\Desktop\THN6clTA6P.exe"
Size:	3723293
MD5:	3983F0EBEEC88B8005724A203AE27180
Time:	23:46:47
Date:	31/08/2022
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	6729728
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Yara detected Wannacry ransomware	Spam, unwanted Advertisements and Ransom Demands
Machine Learning detection for sample	AV Detection
PE file contains executable resources (Code or Archives)	System Summary
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Binary contains paths to development resources	System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
URLs found in memory or binary data	Networking
PE file has a big raw section	System Summary
Submission file is bigger than most known malware samples	System Summary

URLs

Name

Malicious

http://www.ifferfsodp9ifjaposdfjhgosurijfaewrwergwea.com/

104.21.68.165

Details

Name:	http://www.ifferfsodp9ifjaposdfjhgosurijfaewrwergwea.com/
IP:	104.21.68.165
TargetID:	1
From Memory:	false
Current Path:	C:\Users\user\Desktop\THN6clTA6P.exe
Source:	network

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
Multi AV Scanner detection for domain / URL	AV Detection
Snort IDS alert for network traffic	Networking

http://www.ifferfsodp9ifjaposdfjhgosurijfaewrwergwea.com

unknown

Details

Name:	http://www.ifferfsodp9ifjaposdfjhgosurijfaewrwergwea.com
TargetID:	1
From Memory:	true
Current Path:	C:\Users\user\Desktop\THN6clTA6P.exe
Source:	THN6clTA6P.exe

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for URL or domain	AV Detection
Multi AV Scanner detection for domain / URL	AV Detection
URLs found in memory or binary data	Networking

Domains

Name

Malicious

www.ifferfsodp9ifjaposdfjhgosurijfaewrwergwea.com

104.21.68.165

Details

Name:	www.ifferfsodp9ifjaposdfjhgosurijfaewrwergwea.com
IP:	104.21.68.165
TargetID:	1
Current Path:	C:\Users\user\Desktop\THN6clTA6P.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for domain / URL	AV Detection
Snort IDS alert for network traffic	Networking
HTTP GET or POST without a user agent	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

104.21.68.165

www.ifferfsodp9ifjaposdfjhgosurijfaewrwergwea.com

United States

Details

IP:	104.21.68.165
TargetID:	1
Current Path:	C:\Users\user\Desktop\THN6clTA6P.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	www.ifferfsodp9ifjaposdfjhgosurijfaewrwergwea.com

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

40F000

unkown

page write copy

40F000

unkown

page write copy

19FAF600000

heap

page read and write

222DE264000

heap

page read and write

2C286AE0000

trusted library allocation

page read and write

19D68E02000

trusted library allocation

page read and write

1E536D00000

heap

page read and write

C65D57E000

stack

page read and write

222DE302000

heap

page read and write

1315182E000

heap

page read and write

2C28B174000

trusted library allocation

page read and write

222DE258000

heap

page read and write

13151847000

heap

page read and write

19D68420000

heap

page read and write

2C286518000

heap

page read and write

25CFA05B000

heap

page read and write

B3D50FA000

stack

page read and write

1E536C4B000

heap

page read and write

2DB8C7E000

stack

page read and write

131517D0000

heap

page read and write

30000

heap

page read and write

13151802000

heap

page read and write

222DE257000

heap

page read and write

19D68661000

heap

page read and write

13151854000

heap

page read and write

13151780000

heap

page read and write

2C285C29000

heap

page read and write

2327B7E000

stack

page read and write

25CF9E60000

heap

page read and write

19D68590000

trusted library allocation

page read and write

3050000

heap

page read and write

2C28B2E6000

heap

page read and write

13152002000

trusted library allocation

page read and write

222DE22E000

heap

page read and write

22D344A0000

heap

page read and write

2C8F000

stack

page read and write

1445FC00000

heap

page read and write

1F6F183C000

heap

page read and write

B3D58FF000

stack

page read and write

8DC177F000

stack

page read and write

222DE248000

heap

page read and write

17847F40000

trusted library allocation

page read and write

222DE27B000

heap

page read and write

222DE265000

heap

page read and write

2DB8F7B000

stack

page read and write

1F6F198E000

heap

page read and write

2C28B400000

trusted library allocation

page read and write

2C28B2B9000

heap

page read and write

2DB8D7F000

stack

page read and write

329307E000

stack

page read and write

976097C000

stack

page read and write

2C28B300000

heap

page read and write

22D34713000

heap

page read and write

1E536C4F000

heap

page read and write

25CFA070000

heap

page read and write

2327D7F000

stack

page read and write

1F6F1829000

heap

page read and write

B3D55FF000

stack

page read and write

97601EF000

stack

page read and write

17847802000

heap

page read and write

40A000

unkown

page readonly

C65D47E000

stack

page read and write

1F6F1650000

heap

page read and write

1F6F2143000

heap

page read and write

19FAF6C1000

heap

page read and write

1445FC8A000

heap

page read and write

2C285CBB000

heap

page read and write

2DCF000

stack

page read and write

2C28B130000

trusted library allocation

page read and write

22D3465F000

heap

page read and write

19D68629000

heap

page read and write

976087E000

stack

page read and write

431000

unkown

page read and write

22D34660000

heap

page read and write

22D34C70000

trusted library allocation

page read and write

222DE241000

heap

page read and write

5BF507E000

stack

page read and write

CD77B7E000

stack

page read and write

17847770000

heap

page read and write

1F6F2122000

heap

page read and write

2C28B408000

trusted library allocation

page read and write

13151813000

heap

page read and write

5BF54FD000

stack

page read and write

1445FD08000

heap

page read and write

22D34702000

heap

page read and write

DD7267C000

stack

page read and write

25CFA000000

heap

page read and write

222DE268000

heap

page read and write

222DE25C000

heap

page read and write

2C28B2DF000

heap

page read and write

178477E0000

heap

page read and write

19D6865D000

heap

page read and write

22D3463C000

heap

page read and write

C65CEFB000

stack

page read and write

1E536BD0000

trusted library allocation

page read and write

13151829000

heap

page read and write

5BF52FF000

stack

page read and write

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
THN6clTA6P.exe

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportTHN6clTA6P.exe

Processes

URLs

Domains

IPs

Memdumps

IOC Report
THN6clTA6P.exe