Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

nJ8mJTmMf0.exe

PE32 executable (GUI) Intel 80386, for MS Windows

initial sample

Details

Filetype:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	7.190082518573828
Filename:	nJ8mJTmMf0.exe
Filesize:	1234944
MD5:	dd560917fd1166f8f9a3ca565e1c3957
SHA1:	07e6f2b8aa9410f9a649353da7ca692b14d4a5c4
SHA256:	8e2c2721d94a488e27b363152a56ea079a7932b41144b71f385d8b37ca70aa2e
SHA512:	1c5823fb4be16263634e833f6cab448a3746d2b42f088f2f26bb6f73707502dc475c3e057fd239403d6fedf97727bcd4031a39d641e5784d9941bc5aad9b3003
SSDEEP:	24576:pAHnh+eWsN3skA4RV1Hom2KXMmHa44xPAUJDFowvVLwi8QIzLYJ5:wh+ZkldoPK8Ya4cPAUJDFowvVLwUiLO
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s..R...R...R....C..P.....;.S..._@#.a..._@......_@..g...[j..[...[jo.w...R...r.............#.S..._@'.S...R.k.S.....".S...RichR..

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection	Disable or Modify Tools
Binary is likely a compiled AutoIt script file	System Summary
Machine Learning detection for sample	AV Detection
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Disable or Modify Tools
Switches to a custom stack to bypass stack traces	Malware Analysis System Evasion
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Disable or Modify Tools
Contains functionality for read data from the clipboard	Key, Mouse, Clipboard, Microphone and Screen Capturing
Contains functionality to block mouse and keyboard input (often used to hinder debugging)	Anti Debugging	Disable or Modify Tools
Contains functionality to check if a debugger is running (IsDebuggerPresent)	Anti Debugging
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)	Anti Debugging
Contains functionality to check if a window is minimized (may be used to check if an application is visible)	Hooking and other Techniques for Hiding and Protection
Contains functionality to communicate with device drivers	System Summary
Contains functionality to dynamically determine API calls	Data Obfuscation, Anti Debugging	Native API
Contains functionality to execute programs as a different user	HIPS / PFW / Operating System Protection Evasion	Disable or Modify Tools
Contains functionality to launch a process as a different user	System Summary	Valid Accounts Native API Access Token Manipulation
Contains functionality to launch a program with higher privileges	HIPS / PFW / Operating System Protection Evasion	Exploitation for Privilege Escalation
Contains functionality to modify clipboard data	Key, Mouse, Clipboard, Microphone and Screen Capturing	Process Discovery
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)	Remote Access Functionality
Contains functionality to query CPU information (cpuid)	Language, Device and Operating System Detection	Disable or Modify Tools
Contains functionality to read the PEB	Anti Debugging
Contains functionality to read the clipboard data	Key, Mouse, Clipboard, Microphone and Screen Capturing	Disable or Modify Tools Clipboard Data
Contains functionality to retrieve information about pressed keystrokes	Key, Mouse, Clipboard, Microphone and Screen Capturing	Input Capture
Contains functionality to shutdown / reboot the system	System Summary	System Shutdown/Reboot
Contains functionality to simulate keystroke presses	HIPS / PFW / Operating System Protection Evasion
Contains functionality to simulate mouse events	HIPS / PFW / Operating System Protection Evasion
Contains functionality which may be used to detect a debugger (GetProcessHeap)	Anti Debugging	Security Software Discovery
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Disable or Modify Tools
Detected potential crypto function	System Summary	Process Discovery Archive Collected Data Encrypted Channel
Extensive use of GetProcAddress (often used to hide API calls)	Hooking and other Techniques for Hiding and Protection
Found evasive API chain (date check)	Malware Analysis System Evasion
Found large amount of non-executed APIs	Malware Analysis System Evasion
OS version to string mapping found (often used in BOTs)	Stealing of Sensitive Information	Disable or Modify Tools System Shutdown/Reboot
Potential key logger detected (key state polling based)	Key, Mouse, Clipboard, Microphone and Screen Capturing	Disable or Modify Tools
Sample file is different than original file name gathered from version info	System Summary	System Shutdown/Reboot
Uses 32bit PE files	Compliance, System Summary	Disable or Modify Tools
Uses code obfuscation techniques (call, push, ret)	Data Obfuscation	Obfuscated Files or Information
Contains functionality for error logging	System Summary	Disable or Modify Tools
Contains functionality to add an ACL to a security descriptor	HIPS / PFW / Operating System Protection Evasion
Contains functionality to adjust token privileges (e.g. debug / backup)	System Summary
Contains functionality to check free disk space	System Summary
Contains functionality to create a new security descriptor	HIPS / PFW / Operating System Protection Evasion
Contains functionality to download additional files from the internet	Networking	Ingress Tool Transfer
Contains functionality to enum processes or threads	System Summary	Process Discovery
Contains functionality to enumerate / list files inside a directory	Spreading, Malware Analysis System Evasion	File and Directory Discovery
Contains functionality to instantiate COM classes	System Summary
Contains functionality to load and extract PE file embedded resources	System Summary
Contains functionality to query local / system time	Language, Device and Operating System Detection	System Time Discovery System Information Discovery
Contains functionality to query system information	Malware Analysis System Evasion
Contains functionality to query the account / user name	Language, Device and Operating System Detection	Account Discovery System Owner/User Discovery
Contains functionality to query time zone information	Language, Device and Operating System Detection
Contains functionality to query windows version	Language, Device and Operating System Detection
Contains functionality to register its own exception handler	Anti Debugging
Creates temporary files	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection	Disable or Modify Tools
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion
PE file has an executable .text section and no other executable section	System Summary
Program exit points	Malware Analysis System Evasion	Disable or Modify Tools
Reads software policies	System Summary
Sample is known by Antivirus	System Summary	Disable or Modify Tools
Tries to load missing DLLs	System Summary	DLL Side-Loading Disable or Modify Tools
PE file contains a valid data directory to section mapping	System Summary	Security Software Discovery
PE file contains a debug data directory	System Summary
PE file contains a mix of data directories often seen in goodware	System Summary
Submission file is bigger than most known malware samples	System Summary	Disable or Modify Tools

C:\Users\user\AppData\Local\Temp\6e1-519

SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\6e1-519
Category:	dropped
Dump:	6e1-519.6.dr
ID:	dr_4
Target ID:	6
Process:	C:\Windows\SysWOW64\PresentationHost.exe
Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Entropy:	0.9746603542602881
Encrypted:	false
Ssdeep:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
Size:	114688
Whitelisted:	true
Reputation:	high

C:\Users\user\AppData\Local\Temp\aut8BB6.tmp

data

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\aut8BB6.tmp
Category:	dropped
Dump:	aut8BB6.tmp.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\nJ8mJTmMf0.exe
Type:	data
Entropy:	7.995933022398111
Encrypted:	true
Ssdeep:	6144:v4OXWgkdDQyOSs3kf/iKLAbKrqgkvxVHUCExFlKL3Uh/:vZXWxdaknDAGPAvlL3M
Size:	271360
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Creates temporary files	System Summary

C:\Users\user\AppData\Local\Temp\aut8BE5.tmp

data

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\aut8BE5.tmp
Category:	dropped
Dump:	aut8BE5.tmp.0.dr
ID:	dr_2
Target ID:	0
Process:	C:\Users\user\Desktop\nJ8mJTmMf0.exe
Type:	data
Entropy:	7.5966586667893985
Encrypted:	false
Ssdeep:	192:na0ZsqLUGeKtxWQa8wgK/IltCvbdpWAsdbSvy/BYWuzdDYkiTfnkdIqj:azqLFLtx3a8wgKJbgdm6/B3uRDcfnkdr
Size:	9864
Whitelisted:	false
Reputation:	low

C:\Users\user\AppData\Local\Temp\fondaco

ASCII text, with very long lines (28740), with no line terminators

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\fondaco
Category:	dropped
Dump:	fondaco.0.dr
ID:	dr_3
Target ID:	0
Process:	C:\Users\user\Desktop\nJ8mJTmMf0.exe
Type:	ASCII text, with very long lines (28740), with no line terminators
Entropy:	3.593970899382246
Encrypted:	false
Ssdeep:	768:WiTZ+2QoioGRk6ZklputwjpjBkCiw2RuJ3nXKUrvzjsNbCO+IFh6q84vfF3if6g0:WiTZ+2QoioGRk6ZklputwjpjBkCiw2RP
Size:	28740
Whitelisted:	false
Reputation:	low

C:\Users\user\AppData\Local\Temp\subbase

data

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\subbase
Category:	dropped
Dump:	subbase.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Users\user\Desktop\nJ8mJTmMf0.exe
Type:	data
Entropy:	7.995933022398111
Encrypted:	true
Ssdeep:	6144:v4OXWgkdDQyOSs3kf/iKLAbKrqgkvxVHUCExFlKL3Uh/:vZXWxdaknDAGPAvlL3M
Size:	271360
Whitelisted:	false
Reputation:	low

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\nJ8mJTmMf0.exe

"C:\Users\user\Desktop\nJ8mJTmMf0.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7256
Target ID:	0
Parent PID:	2580
Name:	nJ8mJTmMf0.exe
Path:	C:\Users\user\Desktop\nJ8mJTmMf0.exe
Commandline:	"C:\Users\user\Desktop\nJ8mJTmMf0.exe"
Size:	1234944
MD5:	DD560917FD1166F8F9A3CA565E1C3957
Time:	08:05:54
Date:	02/07/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x600000
Modulesize:	1261568
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Binary is likely a compiled AutoIt script file	System Summary
Machine Learning detection for sample	AV Detection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
OS version to string mapping found (often used in BOTs)	Stealing of Sensitive Information
Sample file is different than original file name gathered from version info	System Summary
Sigma detected: Uncommon Svchost Parent Process	System Summary
Uses 32bit PE files	Compliance, System Summary
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sigma detected: Windows Processes Suspicious Parent Directory	System Summary
Spawns processes	System Summary	Process Injection
PE file contains a valid data directory to section mapping	System Summary
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
PE file contains a mix of data directories often seen in goodware	System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Windows\SysWOW64\svchost.exe

"C:\Users\user\Desktop\nJ8mJTmMf0.exe"

Details

Is windows:	true
Is dropped:	false
PID:	7272
Target ID:	1
Parent PID:	7256
Name:	svchost.exe
Path:	C:\Windows\SysWOW64\svchost.exe
Commandline:	"C:\Users\user\Desktop\nJ8mJTmMf0.exe"
Size:	46504
MD5:	1ED18311E3DA35942DB37D15FA40CC5B
Time:	08:05:54
Date:	02/07/2024
Reason:	newprocess
Reputation:	moderate
Is admin:	true
Is elevated:	true
Modulebase:	0x6c0000
Modulesize:	53248
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Yara detected FormBook	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Sigma detected: Uncommon Svchost Parent Process	System Summary
Sigma detected: Windows Processes Suspicious Parent Directory	System Summary
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Program Files (x86)\PSNIHCXaKDrnALQsNgDQieIQUWGIiVdoeeQtERQzuwNNCmVpiZSCnJGsRqhVkcRLs\TzzjhIsXBfyeXRQZvZSpYcTAWcByP.exe

"C:\Program Files (x86)\PSNIHCXaKDrnALQsNgDQieIQUWGIiVdoeeQtERQzuwNNCmVpiZSCnJGsRqhVkcRLs\TzzjhIsXBfyeXRQZvZSpYcTAWcByP.exe"

Details

Is windows:	true
Is dropped:	false
PID:	1364
Target ID:	3
Parent PID:	7272
Name:	TzzjhIsXBfyeXRQZvZSpYcTAWcByP.exe
Path:	C:\Program Files (x86)\PSNIHCXaKDrnALQsNgDQieIQUWGIiVdoeeQtERQzuwNNCmVpiZSCnJGsRqhVkcRLs\TzzjhIsXBfyeXRQZvZSpYcTAWcByP.exe
Commandline:	"C:\Program Files (x86)\PSNIHCXaKDrnALQsNgDQieIQUWGIiVdoeeQtERQzuwNNCmVpiZSCnJGsRqhVkcRLs\TzzjhIsXBfyeXRQZvZSpYcTAWcByP.exe"
Size:	140800
MD5:	32B8AD6ECA9094891E792631BAEA9717
Time:	08:06:18
Date:	02/07/2024
Reason:	existingprocessinject
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x800000
Modulesize:	155648
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Windows\SysWOW64\PresentationHost.exe

"C:\Windows\SysWOW64\PresentationHost.exe"

Details

Is windows:	true
Is dropped:	false
PID:	7616
Target ID:	6
Parent PID:	1364
Name:	PresentationHost.exe
Class:	system-tools
Path:	C:\Windows\SysWOW64\PresentationHost.exe
Commandline:	"C:\Windows\SysWOW64\PresentationHost.exe"
Size:	256000
MD5:	C6671F8B9F073785FD617661AD1F1C45
Time:	08:06:20
Date:	02/07/2024
Reason:	newprocess
Reputation:	low
Is admin:	false
Is elevated:	false
Modulebase:	0xba0000
Modulesize:	270336
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\Firefox.exe"

Details

Is windows:	true
Is dropped:	false
PID:	7764
Target ID:	7
Parent PID:	7616
Name:	firefox.exe
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Commandline:	"C:\Program Files\Mozilla Firefox\Firefox.exe"
Size:	676768
MD5:	C86B1BE9ED6496FE0E0CBE73F81D8045
Time:	08:06:50
Date:	02/07/2024
Reason:	newprocess
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x7ff6bf500000
Modulesize:	708608
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

URLs

Name

Malicious

http://www.synergon.space/zgi4/?wd98XJp=Bv8WP0Y6I4L4rkLxeI7P9FySYZNc9GwgDECc8onmv+Up0YCRhWOMiFe4VqushDbL0H+yYl3KgA/w0/Chwa1nzYna+/yL7Br3qSv0RQdnV5Z6V6VBi/tSxM4=&2hZdq=H6f4R

109.95.158.127

http://www.adoby.xyz/ghq5/

162.0.213.72

http://www.adoby.xyz/ghq5/?wd98XJp=dNjYg/LNb+Btw7/gHk7XSMyPk/zPSOV1YOlLUnvgSo8eic1H8Ppx0PY9ldg0aj+ffPmEFDEyAFk9JBqMQ/w/NLyeMKaPgOi3ekgmu34KkG/nLXsYy1o9wJg=&2hZdq=H6f4R

162.0.213.72

http://www.coinwab.com/efdt/

188.114.97.3

http://www.abc8web.com/sm5e/?wd98XJp=o8xG6LBLqhGEFqfWTr3vbfLymD68CBTmrGDPPbcweY6zCsuE8W4/fbHpwlO8ph1RffMeX91soDhoi1OdGkM065Zd4OviC0ZoCrIQ2N2wQupqguS4lzCfvC0=&2hZdq=H6f4R

3.33.130.190

http://www.personalcaresale.shop/2nu3/?wd98XJp=kpCfKF0WzJdSazQmt+Slz7YMxCL88Ck3GTDuMNK/H/Z7+vSkhcWJrxIVRHFhCg6b5G6dYsxeFoEulnLMEOj8SMB4wRe40fAIutKuKCnjbT5TVzUJ6OZr4Zg=&2hZdq=H6f4R

172.67.200.242

http://www.coinwab.com/efdt/?wd98XJp=MALnGsSsCxZXAJsklBHSyvV4Cwt+rIU5CjwRGjorv42b71G2YZGZ8sEfFWk4L2DJaggYN2F6bElJhaqiOt+r3C6w5v7JMVR/VQKh9hDc+/lVPZE+6qMMIlI=&2hZdq=H6f4R

188.114.97.3

http://www.mqmsqkw.lol/pqva/?wd98XJp=ZKm3cPRqjLICFiRrATX7oY0MbRIIvi8qgjtP/vsOoinDFUrpWf4t7wcwUBRK5t7Qc0H9b4lf1rTESW8G/Q5oJQ2SGD/5MgBfv+zXfj20S4XoQgB8oyIQXRQ=&2hZdq=H6f4R

116.213.43.190

http://www.threendresses.com/ecb1/

78.111.111.51

http://www.threendresses.com/ecb1/?wd98XJp=i1LTV2o1IZtmrbvE4asAhp8fTTMl8iuKZlDswLcPFQRrGDQpSYT4T6Qz9Nxrj1c/x943R5zeBwNAiK6gnAeQLZ/WlxRJaqzCSDsHaoXTEmVBFAAd8oj/2Yo=&2hZdq=H6f4R

78.111.111.51

http://www.personalcaresale.shop/2nu3/

172.67.200.242

http://www.mqmsqkw.lol/pqva/

116.213.43.190

http://www.abc8web.com/sm5e/

3.33.130.190

http://www.synergon.space/zgi4/

109.95.158.127

https://g.alicdn.com/woodpeckerx/jssdk/plugins/performance.js

unknown

https://reg.ru

unknown

https://g.alicdn.com/woodpeckerx/jssdk/plugins/globalerror.js

unknown

https://www.threendresses.com/ecb1/?wd98XJp=i1LTV2o1IZtmrbvE4asAhp8fTTMl8iuKZlDswLcPFQRrGDQpSYT4T6Qz

unknown

http://www.0araba.net/s5jh/

46.30.211.38

http://www.washio.world/uox9/

194.58.112.174

https://www.reg.ru/whois/?check=&dname=www.washio.world&reg_source=parking_auto

unknown

https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.css

unknown

https://track.uc.cn/collect

unknown

https://www.reg.ru/web-sites/website-builder/?utm_source=www.washio.world&utm_medium=parking&utm_cam

unknown

https://dhosting.pl/bledyhttp/domeny.html

unknown

http://www.0araba.net/s5jh/?wd98XJp=1TiKqhVN19vKBh0iYV68FE6kd9yptaYL0yZFpqoiJ2lM+QkJ7dUu1EsavkeNrTvMwGcxWHp0eakXjUqcr3ub0eMvg/6QMTuDK9dTv3I1AhU9igMWM3XHjus=&2hZdq=H6f4R

46.30.211.38

https://dhosting.pl/img/logo.svg

unknown

https://parking.reg.ru/script/get_domain_data?domain_name=www.washio.world&rand=

unknown

https://dhosting.pl/kontakt

unknown

https://hm.baidu.com/hm.js?

unknown

https://coinwab.com/index.php/efdt/?wd98XJp=MALnGsSsCxZXAJsklBHSyvV4Cwt

unknown

https://dhosting.pl

unknown

https://dhosting.pl/bledyhttp/hosting.html

unknown

https://g.alicdn.com/woodpeckerx/jssdk/wpkReporter.js

unknown

https://www.reg.ru/dedicated/?utm_source=www.washio.world&utm_medium=parking&utm_campaign=s_land_ser

unknown

https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css

unknown

https://image.uc.cn/s/uae/g/3o/berg/static/index.c4bc5b38d870fecd8a1f.css

unknown

https://www.reg.ru/web-sites/?utm_source=www.washio.world&utm_medium=parking&utm_campaign=s_land_cms

unknown

http://www.0araba.net

unknown

https://download.quark.cn/download/quarkpc?platform=android&ch=pcquark

unknown

http://www.6666111p.vip/7c6d/?wd98XJp=w8YgqO/Zj/36mufrJumMstPGQWcWOvmXve42clWXA0OufJxdz0t5qmDG9Y+qzl9OADQlddr1Os9brfaQNQSPZtNIRBmq9MUfYdPf/ru8jRm7NVZbS2vao50=&2hZdq=H6f4R

35.186.221.100

https://www.kosherphonestore.com/y0az/?wd98XJp=1StTTN5BD

unknown

https://www.reg.ru/hosting/?utm_source=www.washio.world&utm_medium=parking&utm_campaign=s_land_host&

unknown

https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-

unknown

https://image.uc.cn/s/uae/g/3o/berg/static/archer_index.e96dc6dc6863835f4ad0.js

unknown

https://cdnjs.cloudflare.com/ajax/libs/gsap/3.1.1/gsap.min.js

unknown

https://www.reg.ru/domain/new/?utm_source=www.washio.world&utm_medium=parking&utm_campaign=s_land_ne

unknown

http://www.washio.world/uox9/?wd98XJp=SkqqSrQ8SMo2XL3atDg5EwteixjEHmcOkKNOXL2YXVO5YY42DfvwbKSww9pKtEGGvKt0lrGjy49L8DH+d/eZjL5PtpdyGoJABAcliTTSnjNRJ5qgIg1UjKg=&2hZdq=H6f4R

194.58.112.174

http://www.6666111p.vip/7c6d/

35.186.221.100

There are 39 hidden URLs, click here to show them.

Domains

Name

Malicious

www.kosherphonestore.com.cdn.hstgr.net

84.32.84.112

threendresses.com

78.111.111.51

www.personalcaresale.shop

172.67.200.242

www.adoby.xyz

162.0.213.72

abc8web.com

3.33.130.190

www.mqmsqkw.lol

116.213.43.190

synergon.space

109.95.158.127

www.coinwab.com

188.114.97.3

www.miningarea.fun

unknown

www.threendresses.com

unknown

www.kosherphonestore.com

unknown

www.com-kh.com

unknown

www.rtrpodcast.online

unknown

www.synergon.space

unknown

www.abc8web.com

unknown

www.wepayassessments.com

unknown

www.washio.world

194.58.112.174

www.6666111p.vip

35.186.221.100

rtrpodcast.online

76.223.67.189

www.0araba.net

46.30.211.38

There are 10 hidden domains, click here to show them.

IPs

Domain

Country

Malicious

78.111.111.51

threendresses.com

Turkey

162.0.213.72

www.adoby.xyz

Canada

188.114.97.3

www.coinwab.com

European Union

109.95.158.127

synergon.space

Poland

84.32.84.112

www.kosherphonestore.com.cdn.hstgr.net

Lithuania

3.33.130.190

abc8web.com

United States

116.213.43.190

www.mqmsqkw.lol

Hong Kong

172.67.200.242

www.personalcaresale.shop

United States

35.186.221.100

www.6666111p.vip

United States

194.58.112.174

www.washio.world

Russian Federation

46.30.211.38

www.0araba.net

Denmark

There are 1 hidden IPs, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

82C0000

system

page execute and read and write

3080000

unclassified section

page execute and read and write

4C00000

unclassified section

page execute and read and write

400000

system

page execute and read and write

B00000

system

page execute and read and write

45C0000

unkown

page execute and read and write

2E8A000

heap

page read and write

14BE000

heap

page read and write

B60000

heap

page read and write

84DC000

unkown

page read and write

1332000

heap

page read and write

B65000

heap

page read and write

26B983CE000

trusted library allocation

page read and write

6B5000

unkown

page readonly

7D9E000

stack

page read and write

160B000

unkown

page read and write

2A13000

heap

page read and write

801000

unkown

page execute read

4EE0000

direct allocation

page execute and read and write

1471000

unkown

page readonly

1BCE000

stack

page read and write

4A63000

trusted library allocation

page read and write

63F2000

unclassified section

page read and write

1460000

unkown

page read and write

168B000

unkown

page read and write

34CD000

direct allocation

page execute and read and write

A9B000

stack

page read and write

26B983BE000

trusted library allocation

page read and write

400D000

direct allocation

page read and write

2C00000

heap

page read and write

2EE2000

heap

page read and write

6A4E000

system

page read and write

68BC000

system

page read and write

1320000

unkown

page readonly

4E76000

unkown

page execute and read and write

12FC000

stack

page read and write

15A1000

heap

page read and write

26B9820A000

trusted library allocation

page read and write

4009000

direct allocation

page read and write

27FE000

stack

page read and write

3E63000

direct allocation

page read and write

5228000

direct allocation

page execute and read and write

1650000

heap

page read and write

3D40000

direct allocation

page read and write

166B000

heap

page read and write

138D000

heap

page read and write

6D72000

system

page read and write

5191000

direct allocation

page execute and read and write

11BF000

stack

page read and write

5EB6000

unclassified section

page execute and read and write

400D000

direct allocation

page read and write

2EEC000

heap

page read and write

15CF000

stack

page read and write

16712000

system

page read and write

3040000

direct allocation

page read and write

30D0000

unkown

page readonly

2050000

heap

page read and write

2F15000

heap

page read and write

13FA000

heap

page read and write

16E5000

heap

page read and write

1690000

unkown

page read and write

7E06000

heap

page read and write

5C72000

system

page read and write

26B96863000

heap

page read and write

26B983C4000

trusted library allocation

page read and write

690000

heap

page read and write

3601000

heap

page read and write

15B8000

heap

page read and write

3920000

heap

page read and write

2A13000

heap

page read and write

800000

unkown

page readonly

1320000

unkown

page readonly

16652000

system

page read and write

2EA6000

heap

page read and write

16F0000

unkown

page readonly

16D6000

heap

page read and write

303E000

stack

page read and write

16D7000

heap

page read and write

27B0000

heap

page read and write

6BCC000

unclassified section

page read and write

31C0000

unkown

page execute and read and write

16D4000

heap

page read and write

80E000

unkown

page readonly

304C000

unkown

page read and write

5F3C000

unclassified section

page read and write

2E20000

heap

page read and write

2F06000

heap

page read and write

15D0000

unkown

page read and write

1A81000

unkown

page readonly

68F000

unkown

page readonly

4A31000

trusted library allocation

page read and write

2EA0000

heap

page read and write

165A000

heap

page read and write

2F00000

heap

page read and write

1410000

heap

page read and write

7EF0000

trusted library allocation

page read and write

4E08000

unkown

page execute and read and write

14A0000

unkown

page readonly

63B000

stack

page read and write

F60000

unkown

page readonly

815000

unkown

page read and write

2C17000

heap

page read and write

672A000

system

page read and write

2ECE000

stack

page read and write

2A13000

heap

page read and write

7E3B000

heap

page read and write

1333000

heap

page read and write

851E000

stack

page read and write

26B980E0000

trusted library allocation

page read and write

6C8000

unkown

page readonly

30C4000

heap

page read and write

6D5E000

unclassified section

page read and write

39F4000

heap

page read and write

534C000

unclassified section

page read and write

166B000

heap

page read and write

3200000

direct allocation

page execute and read and write

4A74000

trusted library allocation

page read and write

145E000

stack

page read and write

30C0000

heap

page read and write

F50000

unkown

page readonly

400D000

direct allocation

page read and write

26B96860000

heap

page read and write

16D4000

heap

page read and write

3D40000

direct allocation

page read and write

3D40000

direct allocation

page read and write

550C000

unclassified section

page read and write

166B000

heap

page read and write

7DDE000

stack

page read and write

6C8000

unkown

page readonly

2A13000

heap

page read and write

54B6000

unclassified section

page execute and read and write

34D1000

direct allocation

page execute and read and write

FDA000

stack

page read and write

6BF000

unkown

page write copy

2EB4000

heap

page read and write

4009000

direct allocation

page read and write

817000

unkown

page readonly

26B967B0000

heap

page read and write

1308000

heap

page read and write

B90000

heap

page read and write

F70000

unkown

page readonly

2D01000

heap

page read and write

3EE0000

direct allocation

page read and write

39F0000

heap

page read and write

817000

unkown

page readonly

B80000

heap

page read and write

4B70000

heap

page read and write

7E0B000

heap

page read and write

3950000

direct allocation

page read and write

26B966C0000

system

page execute and read and write

6C3000

unkown

page write copy

302E000

stack

page read and write

4A4B000

trusted library allocation

page read and write

4009000

direct allocation

page read and write

2A13000

heap

page read and write

4009000

direct allocation

page read and write

68A8000

unclassified section

page read and write

2C19000

heap

page read and write

13FA000

heap

page read and write

27C0000

direct allocation

page read and write

8338000

system

page execute and read and write

52F2000

unclassified section

page read and write

15F8000

heap

page read and write

1480000

unkown

page read and write

11DB000

stack

page read and write

3080000

direct allocation

page read and write

2C59000

heap

page read and write

10C0000

unkown

page read and write

16C5000

heap

page read and write

2C05000

heap

page read and write

26B96839000

heap

page read and write

15CF000

stack

page read and write

2A13000

heap

page read and write

26B98212000

trusted library allocation

page read and write

4009000

direct allocation

page read and write

3E63000

direct allocation

page read and write

12CE000

stack

page read and write

2E9D000

heap

page read and write

3E63000

direct allocation

page read and write

1280000

heap

page read and write

2F23000

heap

page read and write

1692C000

system

page read and write

26B96830000

heap

page read and write

16F0000

unkown

page readonly

5C18000

unclassified section

page read and write

3542000

direct allocation

page execute and read and write

3D40000

direct allocation

page read and write

14C0000

heap

page read and write

5BB2000

system

page read and write

160E000

heap

page read and write

14A0000

unkown

page readonly

2ECF000

heap

page read and write

6BF000

unkown

page read and write

FDA000

stack

page read and write

AD8000

stack

page read and write

7AE0000

trusted library allocation

page read and write

1300000

heap

page read and write

30C4000

heap

page read and write

2C12000

heap

page read and write

2A02000

heap

page read and write

B6EFFFB000

stack

page read and write

142F000

heap

page read and write

1480000

unkown

page read and write

1343000

heap

page read and write

407E000

direct allocation

page read and write

76DE000

system

page read and write

2EFC000

heap

page read and write

2F3E000

stack

page read and write

26B966F4000

system

page execute and read and write

601000

unkown

page execute read

13FB000

heap

page read and write

6716000

unclassified section

page read and write

407E000

direct allocation

page read and write

16C4000

heap

page read and write

1330000

unkown

page readonly

500D000

direct allocation

page execute and read and write

2A13000

heap

page read and write

507E000

direct allocation

page execute and read and write

7E0F000

heap

page read and write

5009000

direct allocation

page execute and read and write

5CCC000

system

page read and write

26B9820E000

trusted library allocation

page read and write

2ED5000

heap

page read and write

839B000

system

page execute and read and write

1310000

unkown

page readonly

2EFE000

stack

page read and write

BB9000

stack

page read and write

7E1A000

heap

page read and write

2A13000

heap

page read and write

1471000

unkown

page readonly

1330000

unkown

page readonly

1344000

heap

page read and write

3129000

heap

page read and write

1310000

unkown

page readonly

15D0000

unkown

page read and write

5A86000

unclassified section

page read and write

601000

unkown

page execute read

1662000

heap

page read and write

16EA6000

system

page read and write

15F0000

heap

page read and write

670000

heap

page read and write

80E000

unkown

page readonly

5448000

unclassified section

page execute and read and write

400D000

direct allocation

page read and write

855F000

stack

page read and write

30D0000

unkown

page readonly

2ED0000

unkown

page read and write

3080000

direct allocation

page read and write

3EE0000

direct allocation

page read and write

7DF1000

heap

page read and write

1460000

unkown

page read and write

15F8000

heap

page read and write

4A2D000

trusted library allocation

page read and write

754C000

system

page read and write

1A81000

unkown

page readonly

2A13000

heap

page read and write

60CE000

unclassified section

page read and write

7EE0000

trusted library allocation

page read and write

15F0000

heap

page read and write

2A13000

heap

page read and write

145E000

stack

page read and write

1270000

heap

page read and write

2A13000

heap

page read and write

5DAA000

unclassified section

page read and write

26B9683F000

heap

page read and write

4AA0000

trusted library allocation

page read and write

126D000

stack

page read and write

4B92000

trusted library allocation

page execute and read and write

6B5000

unkown

page readonly

7096000

system

page read and write

3E63000

direct allocation

page read and write

2F01000

heap

page read and write

26B9685C000

heap

page read and write

312D000

heap

page read and write

400D000

direct allocation

page read and write

11CF000

stack

page read and write

2F00000

heap

page read and write

26B98200000

trusted library allocation

page read and write

3EE0000

direct allocation

page read and write

1636000

heap

page read and write

2C1A000

heap

page read and write

3800000

unclassified section

page execute and read and write

3EE0000

direct allocation

page read and write

8170000

heap

page read and write

5FC000

stack

page read and write

2E00000

heap

page read and write

15E0000

unkown

page read and write

26B98100000

trusted library allocation

page read and write

26B983A5000

trusted library allocation

page read and write

3270000

heap

page read and write

26B96820000

heap

page read and write

5E8C000

system

page read and write

319E000

heap

page read and write

8344000

system

page execute and read and write

16D5000

heap

page read and write

3000000

heap

page read and write

2E58000

heap

page read and write

16D7000

heap

page read and write

815000

unkown

page read and write

339E000

direct allocation

page execute and read and write

407E000

direct allocation

page read and write

26B98210000

trusted library allocation

page read and write

3EE0000

direct allocation

page read and write

14C0000

heap

page read and write

4A42000

trusted library allocation

page read and write

1FCE000

stack

page read and write

2ECC000

heap

page read and write

1333000

heap

page read and write

2EF6000

heap

page read and write

5876000

unkown

page execute and read and write

26B98203000

trusted library allocation

page read and write

26B980E0000

trusted library allocation

page read and write

2A13000

heap

page read and write

2A13000

heap

page read and write

2A00000

heap

page read and write

26D0000

heap

page read and write

3D40000

direct allocation

page read and write

6598000

system

page read and write

7E31000

heap

page read and write

3080000

direct allocation

page read and write

800000

unkown

page readonly

B6F07FD000

stack

page read and write

3170000

heap

page read and write

407E000

direct allocation

page read and write

26B98300000

trusted library allocation

page read and write

51AD000

direct allocation

page execute and read and write

1340000

heap

page read and write

12FC000

stack

page read and write

2E90000

heap

page read and write

51A6000

direct allocation

page execute and read and write

15DE000

heap

page read and write

30C0000

heap

page read and write

400D000

direct allocation

page read and write

3940000

direct allocation

page execute and read and write

2A13000

heap

page read and write

600000

unkown

page readonly

11FC000

stack

page read and write

2A13000

heap

page read and write

68F000

unkown

page readonly

1340000

heap

page read and write

B6F17FE000

stack

page read and write

3BC0000

unkown

page execute and read and write

B6F0FFE000

stack

page read and write

7E36000

heap

page read and write

15CC000

heap

page read and write

4A89000

trusted library allocation

page read and write

7E3E000

heap

page read and write

14C6000

heap

page read and write

8347000

system

page execute and read and write

2EBF000

heap

page read and write

F60000

unkown

page readonly

16D6000

heap

page read and write

2E3E000

heap

page read and write

3D40000

direct allocation

page read and write

3329000

direct allocation

page execute and read and write

3EE0000

direct allocation

page read and write

26B96790000

heap

page read and write

407E000

direct allocation

page read and write

600000

unkown

page readonly

F50000

unkown

page readonly

332D000

direct allocation

page execute and read and write

801000

unkown

page execute read

300F000

stack

page read and write

2C17000

heap

page read and write

26B9684C000

heap

page read and write

1508000

heap

page read and write

1662000

heap

page read and write

4200000

unclassified section

page execute and read and write

4009000

direct allocation

page read and write

306F000

stack

page read and write

2A13000

heap

page read and write

26B966F0000

system

page execute and read and write

2E28000

heap

page read and write

6406000

system

page read and write

26B96863000

heap

page read and write

1220000

heap

page read and write

2C05000

heap

page read and write

3E63000

direct allocation

page read and write

F70000

unkown

page readonly

1342000

heap

page read and write

26B967E0000

heap

page read and write

407E000

direct allocation

page read and write

7228000

system

page read and write

5232000

unclassified section

page read and write

8328000

system

page execute and read and write

26B98301000

trusted library allocation

page read and write

26B98221000

trusted library allocation

page read and write

3E63000

direct allocation

page read and write

There are 378 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
nJ8mJTmMf0.exe

Files

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportnJ8mJTmMf0.exe

Files

Processes

URLs

Domains

IPs

Memdumps

IOC Report
nJ8mJTmMf0.exe