IOC Report
eXiJWkp8OE.exe

Files

File Path

Type

Category

Malicious

eXiJWkp8OE.exe

PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive

initial sample

C:\Users\user\AppData\Local\Temp\Settings.ini

ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\nsr69D8.tmp\System.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\nsv6736.tmp

data

dropped

C:\Users\user\Forbydende173.ini

ASCII text, with CRLF line terminators

dropped

C:\Users\user\tndingers\idyllion\Afregn\Hetaerism\echeneis.ver

data

dropped

C:\Users\user\tndingers\idyllion\Coprinus.Mul

data

dropped

C:\Users\user\tndingers\idyllion\Farthest122\Burdalone\hovedstoles\Overtenaciousness\Yves231.txt

ASCII text, with CRLF line terminators

dropped

C:\Users\user\tndingers\idyllion\Hexagonet121\landgrevskabet.afl

data

dropped

C:\Users\user\tndingers\idyllion\Hexagonet121\spildevandsledningen.hur

data

dropped

C:\Users\user\tndingers\idyllion\Hexagonet121\spp.fav

data

dropped

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\eXiJWkp8OE.exe

"C:\Users\user\Desktop\eXiJWkp8OE.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7288
Target ID:	0
Parent PID:	2580
Name:	eXiJWkp8OE.exe
Path:	C:\Users\user\Desktop\eXiJWkp8OE.exe
Commandline:	"C:\Users\user\Desktop\eXiJWkp8OE.exe"
Size:	476328
MD5:	1209391DFF4079C9C796EFB0AF814C08
Time:	08:33:58
Date:	03/07/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	450560
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
PE / OLE file has an invalid certificate	System Summary
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
URLs found in memory or binary data	Networking
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary

URLs

Name

IP

Malicious

http://nsis.sf.net/NSIS_ErrorError

unknown

Registry

Path

Value

Malicious

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

HKEY_CURRENT_USER\SOFTWARE\Astro

Collisi

There are 216 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

4BBF000

direct allocation

page execute and read and write

73B000

heap

page read and write

2190000

heap

page read and write

733000

heap

page read and write

436000

unkown

page read and write

5EE000

stack

page read and write

3160000

heap

page read and write

5FBF000

direct allocation

page execute and read and write

570000

heap

page read and write

455000

unkown

page readonly

2730000

heap

page read and write

455000

unkown

page readonly

74E000

heap

page read and write

55BF000

direct allocation

page execute and read and write

5A0000

direct allocation

page read and write

427000

unkown

page read and write

10003000

unkown

page readonly

450000

unkown

page read and write

422000

unkown

page read and write

98000

stack

page read and write

585000

heap

page read and write

742000

heap

page read and write

20D0000

heap

page read and write

400000

unkown

page readonly

400000

unkown

page readonly

401000

unkown

page execute read

408000

unkown

page readonly

373C000

stack

page read and write

550000

heap

page read and write

40A000

unkown

page write copy

737000

heap

page read and write

71E000

heap

page read and write

75E000

heap

page read and write

3670000

heap

page read and write

383C000

stack

page read and write

574000

heap

page read and write

430000

unkown

page read and write

19A000

stack

page read and write

759000

heap

page read and write

10000000

unkown

page readonly

10005000

unkown

page readonly

452000

unkown

page read and write

6F0000

heap

page read and write

4B20000

direct allocation

page execute and read and write

470000

heap

page read and write

21A0000

heap

page read and write

8EF000

unkown

page read and write

10001000

unkown

page execute read

580000

heap

page read and write

6F8000

heap

page read and write

2748000

heap

page read and write

283B000

heap

page read and write

414000

unkown

page read and write

21A5000

heap

page read and write

590000

direct allocation

page read and write

401000

unkown

page execute read

408000

unkown

page readonly

40A000

unkown

page read and write

There are 48 hidden memdumps, click here to show them.