IOC Report
scan_doc_zapit_836893.pdf.exe

loading gif

Files

File Path
Type
Category
Malicious
scan_doc_zapit_836893.pdf.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Local\NanoSec Cryptographics\NanoCipher.js
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Local\NanoSec Cryptographics\NanoCipher.scr
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\185027\Spy.pif
PE32 executable (GUI) Intel 80386, for MS Windows
modified
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NanoCipher.url
MS Windows 95 Internet shortcut text (URL=<"C:\Users\user\AppData\Local\NanoSec Cryptographics\NanoCipher.js" >), ASCII text, with CRLF line terminators
dropped
 malicious
C:\Users\user\AppData\Local\NanoSec Cryptographics\o
data
dropped
C:\Users\user\AppData\Local\Temp\185027\H
data
dropped
C:\Users\user\AppData\Local\Temp\Already
data
dropped
C:\Users\user\AppData\Local\Temp\Determined
data
dropped
C:\Users\user\AppData\Local\Temp\Finnish
data
dropped
C:\Users\user\AppData\Local\Temp\Hint
data
dropped
C:\Users\user\AppData\Local\Temp\Martin
data
dropped
C:\Users\user\AppData\Local\Temp\Organizing
data
dropped
C:\Users\user\AppData\Local\Temp\Presentations
data
dropped
C:\Users\user\AppData\Local\Temp\Tim
data
dropped
C:\Users\user\AppData\Local\Temp\Tournaments
data
dropped
C:\Users\user\AppData\Local\Temp\Yes
ASCII text, with very long lines (579), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Yes.bat
ASCII text, with very long lines (579), with CRLF line terminators
dropped
There are 8 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\scan_doc_zapit_836893.pdf.exe
"C:\Users\user\Desktop\scan_doc_zapit_836893.pdf.exe"
 malicious
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c copy Yes Yes.bat & Yes.bat
 malicious
C:\Windows\SysWOW64\findstr.exe
findstr /I "wrsa opssvc"
malicious
C:\Windows\SysWOW64\findstr.exe
findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth"
malicious
C:\Windows\SysWOW64\cmd.exe
cmd /c md 185027
 malicious
C:\Windows\SysWOW64\findstr.exe
findstr /V "venezuelalandscapesmeantposters" Tournaments
malicious
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b ..\Martin + ..\Organizing + ..\Finnish + ..\Determined + ..\Already + ..\Presentations + ..\Hint H
 malicious
C:\Users\user\AppData\Local\Temp\185027\Spy.pif
Spy.pif H
 malicious
C:\Windows\SysWOW64\cmd.exe
cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NanoCipher.url" & echo URL="C:\Users\user\AppData\Local\NanoSec Cryptographics\NanoCipher.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NanoCipher.url" & exit
malicious
C:\Windows\System32\wscript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\NanoSec Cryptographics\NanoCipher.js"
malicious
C:\Users\user\AppData\Local\NanoSec Cryptographics\NanoCipher.scr
"C:\Users\user\AppData\Local\NanoSec Cryptographics\NanoCipher.scr" "C:\Users\user\AppData\Local\NanoSec Cryptographics\o"
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\choice.exe
choice /d y /t 5
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 6 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://www.autoitscript.com/autoit3/J
unknown
http://nsis.sf.net/NSIS_ErrorError
unknown
https://www.autoitscript.com/autoit3/
unknown

Domains

Name
IP
Malicious
EPjDBRbjWjdkBwcRYTSjrZwkKu.EPjDBRbjWjdkBwcRYTSjrZwkKu
unknown

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\wscript.exe
JScriptSetScriptStateStarted

Memdumps

Base Address
Regiontype
Protect
Malicious
182458EC000
heap
page read and write
6F1000
heap
page read and write
6ED000
heap
page read and write
6DC000
heap
page read and write
3CD1000
heap
page read and write
701000
unkown
page execute read
6E0000
heap
page read and write
3F91000
heap
page read and write
1320000
trusted library allocation
page read and write
8DC000
heap
page read and write
929000
heap
page read and write
1744000
heap
page read and write
400000
unkown
page readonly
6ED000
heap
page read and write
182475A0000
heap
page read and write
85F000
stack
page read and write
3F91000
heap
page read and write
67E000
stack
page read and write
BE0000
heap
page read and write
5E3E1FF000
stack
page read and write
462F000
stack
page read and write
4240000
trusted library allocation
page read and write
3CD1000
heap
page read and write
12C4000
heap
page read and write
12C4000
heap
page read and write
12C4000
heap
page read and write
360000
heap
page read and write
3F91000
heap
page read and write
78E000
stack
page read and write
3CD1000
heap
page read and write
3100000
heap
page read and write
8FD000
heap
page read and write
3F91000
heap
page read and write
1712000
heap
page read and write
B10000
heap
page read and write
45AF000
stack
page read and write
2300000
heap
page read and write
6ED000
heap
page read and write
8CE000
heap
page read and write
3CD1000
heap
page read and write
3CD1000
heap
page read and write
3F91000
heap
page read and write
6F1000
heap
page read and write
6E9000
heap
page read and write
74E000
stack
page read and write
1584000
heap
page read and write
6E9000
heap
page read and write
182456BE000
heap
page read and write
6EF000
heap
page read and write
22FC000
stack
page read and write
3CD1000
heap
page read and write
4240000
trusted library allocation
page read and write
B10000
unkown
page readonly
1605000
heap
page read and write
29E0000
heap
page read and write
1830000
heap
page read and write
6D9000
heap
page read and write
2FC000
stack
page read and write
6EB000
heap
page read and write
6DD000
heap
page read and write
1815000
heap
page read and write
B9E000
stack
page read and write
1320000
trusted library allocation
page read and write
8FE000
stack
page read and write
96F000
stack
page read and write
12C4000
heap
page read and write
6F1000
heap
page read and write
18245688000
heap
page read and write
7C9000
unkown
page readonly
6F1000
heap
page read and write
3F90000
heap
page read and write
182456A6000
heap
page read and write
6E9000
heap
page read and write
4240000
trusted library allocation
page read and write
182456A6000
heap
page read and write
A6F000
stack
page read and write
6ED000
heap
page read and write
403E000
trusted library allocation
page read and write
4240000
trusted library allocation
page read and write
6ED000
heap
page read and write
650000
heap
page read and write
404C000
trusted library allocation
page read and write
6DD000
heap
page read and write
A81000
unkown
page execute read
3CD1000
heap
page read and write
6EE000
heap
page read and write
1320000
trusted library allocation
page read and write
8BE000
stack
page read and write
12C4000
heap
page read and write
350F000
stack
page read and write
8FD000
heap
page read and write
12C4000
heap
page read and write
4240000
trusted library allocation
page read and write
6E9000
heap
page read and write
6CF000
heap
page read and write
18A7000
heap
page read and write
12C4000
heap
page read and write
1320000
trusted library allocation
page read and write
182456E7000
heap
page read and write
291B000
heap
page read and write
1824569C000
heap
page read and write
3F91000
heap
page read and write
285C000
heap
page read and write
2D4F000
stack
page read and write
29F0000
heap
page read and write
185D000
heap
page read and write
3C44000
heap
page read and write
B19000
heap
page read and write
5E3E5FF000
stack
page read and write
89E000
stack
page read and write
790000
unkown
page readonly
339F000
unkown
page read and write
1723000
heap
page read and write
3CD1000
heap
page read and write
182456AA000
heap
page read and write
6CE000
heap
page read and write
182458E5000
heap
page read and write
144E000
stack
page read and write
56E000
stack
page read and write
8EE000
heap
page read and write
6DD000
heap
page read and write
3F91000
heap
page read and write
3FBE000
stack
page read and write
2DEF000
stack
page read and write
8EF000
heap
page read and write
18F9000
heap
page read and write
5E3E3FE000
stack
page read and write
8CF000
heap
page read and write
12C4000
heap
page read and write
2D60000
heap
page read and write
5AE000
stack
page read and write
152E000
heap
page read and write
182455D0000
heap
page read and write
6F1000
heap
page read and write
285A000
heap
page read and write
8DB000
heap
page read and write
6DD000
heap
page read and write
2D4D000
stack
page read and write
1320000
heap
page read and write
5E3E2FE000
stack
page read and write
182456A6000
heap
page read and write
33C000
stack
page read and write
6E9000
heap
page read and write
8FD000
heap
page read and write
69E000
stack
page read and write
5E3E4FF000
stack
page read and write
41F000
unkown
page read and write
8B0000
heap
page read and write
3CD0000
heap
page read and write
461000
unkown
page read and write
5E3DFFF000
stack
page read and write
407B000
trusted library allocation
page read and write
5E3DB0A000
stack
page read and write
6DD000
heap
page read and write
366000
heap
page read and write
1585000
heap
page read and write
6ED000
heap
page read and write
6A0000
heap
page read and write
285A000
heap
page read and write
1F70000
heap
page read and write
BDF000
stack
page read and write
3CD1000
heap
page read and write
3F91000
heap
page read and write
7CF000
stack
page read and write
3CD1000
heap
page read and write
B10000
unkown
page readonly
6E9000
heap
page read and write
3F91000
heap
page read and write
2305000
heap
page read and write
6E9000
heap
page read and write
5E3E6FE000
stack
page read and write
7C0000
unkown
page write copy
7C0000
unkown
page read and write
182456D1000
heap
page read and write
1320000
trusted library allocation
page read and write
6FC000
heap
page read and write
6E9000
heap
page read and write
401000
unkown
page execute read
182456CC000
heap
page read and write
2DB0000
heap
page read and write
3CD1000
heap
page read and write
401000
unkown
page execute read
390000
heap
page read and write
1A69000
heap
page read and write
467F000
stack
page read and write
707000
heap
page read and write
12C4000
heap
page read and write
3F91000
heap
page read and write
182456E5000
heap
page read and write
285A000
heap
page read and write
722000
heap
page read and write
920000
heap
page read and write
30E0000
heap
page read and write
3F91000
heap
page read and write
3C57000
heap
page read and write
182456A1000
heap
page read and write
3CD1000
heap
page read and write
5F0000
heap
page read and write
1703000
heap
page read and write
182456D1000
heap
page read and write
63F000
stack
page read and write
3CD1000
heap
page read and write
166D000
heap
page read and write
3CD1000
heap
page read and write
1320000
trusted library allocation
page read and write
33BC000
heap
page read and write
1320000
trusted library allocation
page read and write
3F91000
heap
page read and write
1A70000
heap
page read and write
11CF000
stack
page read and write
6F1000
heap
page read and write
364C000
stack
page read and write
6EB000
heap
page read and write
1320000
trusted library allocation
page read and write
4130000
trusted library allocation
page read and write
1320000
trusted library allocation
page read and write
81E000
stack
page read and write
2855000
heap
page read and write
B99000
stack
page read and write
2DFE000
unkown
page read and write
8EB000
heap
page read and write
6E0000
heap
page read and write
12C4000
heap
page read and write
6D2000
heap
page read and write
12C0000
heap
page read and write
790000
unkown
page readonly
3F91000
heap
page read and write
3CD1000
heap
page read and write
7B6000
unkown
page readonly
1581000
heap
page read and write
22B4000
heap
page read and write
408000
unkown
page readonly
1584000
heap
page read and write
3F91000
heap
page read and write
43BF000
stack
page read and write
16DB000
heap
page read and write
700000
heap
page read and write
6D9000
heap
page read and write
6F1000
heap
page read and write
30FE000
stack
page read and write
15A1000
heap
page read and write
3CD1000
heap
page read and write
2858000
heap
page read and write
12C4000
heap
page read and write
3F91000
heap
page read and write
1310000
heap
page read and write
3F91000
heap
page read and write
2EE0000
heap
page read and write
22A0000
heap
page read and write
B36000
unkown
page readonly
6DD000
heap
page read and write
413E000
trusted library allocation
page read and write
3F91000
heap
page read and write
6F9000
heap
page read and write
3CD1000
heap
page read and write
5E0000
heap
page read and write
12C4000
heap
page read and write
927000
heap
page read and write
64E000
stack
page read and write
6EB000
heap
page read and write
274E000
stack
page read and write
3F91000
heap
page read and write
1320000
trusted library allocation
page read and write
43FE000
stack
page read and write
7C9000
unkown
page readonly
14E0000
heap
page read and write
182456E5000
heap
page read and write
16E8000
heap
page read and write
182456B6000
heap
page read and write
354C000
stack
page read and write
17A4000
heap
page read and write
3A0000
heap
page read and write
182456E6000
heap
page read and write
707000
heap
page read and write
1314000
heap
page read and write
141B000
heap
page read and write
40B000
unkown
page read and write
3F91000
heap
page read and write
19A000
stack
page read and write
199D000
heap
page read and write
182456CA000
heap
page read and write
11BF000
stack
page read and write
1320000
trusted library allocation
page read and write
1723000
heap
page read and write
182456DF000
heap
page read and write
1803000
heap
page read and write
1433000
heap
page read and write
707000
heap
page read and write
3CD1000
heap
page read and write
46F0000
heap
page read and write
6ED000
heap
page read and write
16E6000
heap
page read and write
182456B6000
heap
page read and write
700000
unkown
page readonly
4240000
trusted library allocation
page read and write
2EE8000
heap
page read and write
12F0000
heap
page read and write
46C0000
heap
page read and write
3F91000
heap
page read and write
16F4000
heap
page read and write
3F91000
heap
page read and write
1725000
heap
page read and write
3F91000
heap
page read and write
B36000
unkown
page readonly
182458E0000
heap
page read and write
3CD1000
heap
page read and write
BF0000
heap
page read and write
3E0000
heap
page read and write
1320000
trusted library allocation
page read and write
4240000
trusted library allocation
page read and write
6AE000
heap
page read and write
143F000
stack
page read and write
1584000
heap
page read and write
182456D4000
heap
page read and write
6AA000
heap
page read and write
8DF000
heap
page read and write
3F91000
heap
page read and write
70D000
heap
page read and write
182456BD000
heap
page read and write
B49000
unkown
page readonly
B44000
unkown
page write copy
3CD1000
heap
page read and write
12C4000
heap
page read and write
3CD1000
heap
page read and write
1388000
heap
page read and write
182456D3000
heap
page read and write
4240000
trusted library allocation
page read and write
6B0000
heap
page read and write
1580000
heap
page read and write
2290000
heap
page read and write
1A5F000
heap
page read and write
466E000
stack
page read and write
8B8000
heap
page read and write
6D9000
heap
page read and write
1584000
heap
page read and write
B17000
heap
page read and write
6DA000
heap
page read and write
3CD1000
heap
page read and write
1320000
trusted library allocation
page read and write
3F0000
heap
page read and write
19C4000
heap
page read and write
6CE000
heap
page read and write
3C10000
heap
page read and write
3CD1000
heap
page read and write
3CD1000
heap
page read and write
1530000
heap
page read and write
297C000
stack
page read and write
3F91000
heap
page read and write
1380000
heap
page read and write
19DD000
heap
page read and write
6E9000
heap
page read and write
197D000
heap
page read and write
182455F0000
heap
page read and write
3822000
heap
page read and write
1320000
trusted library allocation
page read and write
16C0000
heap
page read and write
1844000
heap
page read and write
A80000
unkown
page readonly
3F91000
heap
page read and write
5E5000
heap
page read and write
182456A1000
heap
page read and write
6FC000
heap
page read and write
A81000
unkown
page execute read
1584000
heap
page read and write
12C4000
heap
page read and write
182456D6000
heap
page read and write
3CD1000
heap
page read and write
8DF000
heap
page read and write
46BE000
stack
page read and write
3CD1000
heap
page read and write
45EE000
stack
page read and write
6E0000
heap
page read and write
3F91000
heap
page read and write
3EE000
stack
page read and write
4240000
trusted library allocation
page read and write
3CD1000
heap
page read and write
8CE000
heap
page read and write
B5F000
stack
page read and write
3CD1000
heap
page read and write
BE0000
heap
page read and write
4090000
trusted library allocation
page read and write
3F91000
heap
page read and write
1452000
heap
page read and write
98000
stack
page read and write
B40000
unkown
page read and write
700000
unkown
page readonly
22B0000
heap
page read and write
6EB000
heap
page read and write
C10000
heap
page read and write
6F1000
heap
page read and write
510000
heap
page read and write
15E5000
heap
page read and write
8DF000
heap
page read and write
6DF000
heap
page read and write
704000
heap
page read and write
182456B6000
heap
page read and write
164D000
heap
page read and write
40B000
unkown
page write copy
8EB000
heap
page read and write
707000
heap
page read and write
290D000
heap
page read and write
6F1000
heap
page read and write
4240000
trusted library allocation
page read and write
6E9000
heap
page read and write
182456CC000
heap
page read and write
2851000
heap
page read and write
11FC000
stack
page read and write
107A000
stack
page read and write
285E000
heap
page read and write
1320000
trusted library allocation
page read and write
701000
unkown
page execute read
13A4000
heap
page read and write
3F91000
heap
page read and write
3CD1000
heap
page read and write
19EF000
heap
page read and write
6DD000
heap
page read and write
3F91000
heap
page read and write
4ABF000
stack
page read and write
3620000
heap
page read and write
11DD000
stack
page read and write
3C40000
heap
page read and write
6DD000
heap
page read and write
6DD000
heap
page read and write
706000
heap
page read and write
3F91000
heap
page read and write
193D000
heap
page read and write
8DF000
heap
page read and write
6ED000
heap
page read and write
B49000
unkown
page readonly
3CD1000
heap
page read and write
3F89000
trusted library allocation
page read and write
3F91000
heap
page read and write
182456A9000
heap
page read and write
8D2000
heap
page read and write
182456E1000
heap
page read and write
705000
heap
page read and write
2D0E000
stack
page read and write
3F91000
heap
page read and write
285A000
heap
page read and write
427E000
stack
page read and write
47FF000
stack
page read and write
3CD1000
heap
page read and write
147C000
stack
page read and write
3CD1000
heap
page read and write
37CE000
stack
page read and write
6ED000
heap
page read and write
6DD000
heap
page read and write
2DAE000
stack
page read and write
7C4000
unkown
page write copy
6FC000
heap
page read and write
6F1000
heap
page read and write
17D6000
heap
page read and write
2856000
heap
page read and write
6ED000
heap
page read and write
1919000
heap
page read and write
12C4000
heap
page read and write
2200000
heap
page read and write
18247250000
heap
page read and write
31C0000
heap
page read and write
340E000
stack
page read and write
182456D9000
heap
page read and write
189A000
heap
page read and write
293C000
stack
page read and write
3CD1000
heap
page read and write
6B8000
heap
page read and write
3CD1000
heap
page read and write
3610000
heap
page read and write
1584000
heap
page read and write
3F91000
heap
page read and write
13B5000
heap
page read and write
12C4000
heap
page read and write
16E0000
heap
page read and write
4F4000
unkown
page readonly
2856000
heap
page read and write
6F1000
heap
page read and write
17AC000
heap
page read and write
1723000
heap
page read and write
33B0000
heap
page read and write
1584000
heap
page read and write
12C4000
heap
page read and write
3CD1000
heap
page read and write
4F4000
unkown
page readonly
4240000
trusted library allocation
page read and write
8FD000
heap
page read and write
1455000
heap
page read and write
4240000
trusted library allocation
page read and write
4240000
trusted library allocation
page read and write
182455C0000
heap
page read and write
18245680000
heap
page read and write
6E0000
heap
page read and write
3CD1000
heap
page read and write
8EB000
heap
page read and write
3F91000
heap
page read and write
6E9000
heap
page read and write
400000
unkown
page readonly
6FC000
heap
page read and write
314E000
stack
page read and write
195D000
heap
page read and write
182456E4000
heap
page read and write
408000
unkown
page readonly
182456D8000
heap
page read and write
4240000
trusted library allocation
page read and write
15C5000
heap
page read and write
35AF000
stack
page read and write
46AF000
stack
page read and write
7B6000
unkown
page readonly
284F000
stack
page read and write
5E3DEFF000
stack
page read and write
6DD000
heap
page read and write
31C000
stack
page read and write
145D000
stack
page read and write
1320000
trusted library allocation
page read and write
3F91000
heap
page read and write
182456B6000
heap
page read and write
3CD1000
heap
page read and write
12C4000
heap
page read and write
14E6000
heap
page read and write
1320000
trusted library allocation
page read and write
162D000
heap
page read and write
182456E8000
heap
page read and write
A80000
unkown
page readonly
182456DA000
heap
page read and write
6ED000
heap
page read and write
3F91000
heap
page read and write
3612000
heap
page read and write
3F91000
heap
page read and write
3CD1000
heap
page read and write
520000
heap
page read and write
182456D7000
heap
page read and write
8EB000
heap
page read and write
2DC000
stack
page read and write
3DE000
stack
page read and write
1584000
heap
page read and write
B40000
unkown
page write copy
There are 524 hidden memdumps, click here to show them.