IOC Report
BWuMwnE7tw.exe

loading gif

Files

File Path
Type
Category
Malicious
BWuMwnE7tw.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Local\Temp\deldll.bat
DOS batch file, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\gentee72\chromeum.bat
Unicode text, UTF-8 text, with very long lines (56071), with CRLF, CR line terminators
dropped
C:\Users\user\AppData\Local\Temp\gentee72\guig.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\gentee72\libeay32.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\gentee72\setup_temp.gea
data
dropped
C:\Users\user\AppData\Local\Temp\gentee72\ssleay32.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\genteert.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
\Device\Null
ASCII text, with CRLF line terminators
dropped

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\BWuMwnE7tw.exe
"C:\Users\user\Desktop\BWuMwnE7tw.exe"
malicious
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\gentee72\chromeum.bat""
malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c deldll.bat
malicious
C:\Windows\SysWOW64\PING.EXE
ping -n 2 -w 1000 127.0.0.1
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

URLs

Name
IP
Malicious
http://repository.certum.pl/ctnca.cer09
unknown
http://repository.certum.pl/cscasha2.cer0
unknown
http://crl.thawte.com/ThawteTimestampingCA.crl0
unknown
http://www.gentee.comB
unknown
http://82.115.223.189/chromeum.bat#tempinstpath#chromeum.bat0
unknown
http://crl.certum.pl/ctnca.crl0k
unknown
http://ocsp.thawte.com0
unknown
http://subca.ocsp-certum.com01
unknown
http://82.115.223.189/chromeum.bat
unknown
https://www.certum.pl/CPS0
unknown
http://www.openssl.org/f
unknown
http://crl.certum.pl/cscasha2.crl0q
unknown
http://www.certum.pl/CPS0
unknown
http://cscasha2.ocsp-certum.com04
unknown
http://www.openssl.org/support/faq.html
unknown
There are 5 hidden URLs, click here to show them.

IPs

IP
Domain
Country
Malicious
127.0.0.1
unknown
unknown
malicious
82.115.223.189
unknown
Russian Federation

Memdumps

Base Address
Regiontype
Protect
Malicious
3040000
direct allocation
page read and write
31F4000
heap
page read and write
2B64000
heap
page read and write
401000
unkown
page execute read
34B7000
heap
page read and write
7F0000
direct allocation
page read and write
2E7D000
heap
page read and write
6B0000
heap
page read and write
7F0000
direct allocation
page read and write
30C0000
heap
page read and write
2240000
heap
page read and write
22C3000
heap
page read and write
36C4000
heap
page read and write
7F0000
direct allocation
page read and write
7F0000
direct allocation
page read and write
7F0000
direct allocation
page read and write
7C0000
direct allocation
page read and write
2218000
heap
page read and write
2E3E000
stack
page read and write
402000
unkown
page readonly
22CB000
heap
page read and write
7F0000
direct allocation
page read and write
22C8000
heap
page read and write
21F0000
heap
page read and write
34BF000
stack
page read and write
404000
unkown
page readonly
7F0000
direct allocation
page read and write
83B000
heap
page read and write
1000A000
unkown
page readonly
8A2000
heap
page read and write
7F0000
direct allocation
page read and write
307E000
unkown
page read and write
2CFE000
unkown
page read and write
7C0000
heap
page read and write
7F0000
direct allocation
page read and write
820000
heap
page read and write
31B0000
heap
page read and write
7F0000
direct allocation
page read and write
1000E000
unkown
page readonly
2345000
heap
page read and write
22C9000
heap
page read and write
81E000
stack
page read and write
876000
heap
page read and write
7F0000
direct allocation
page read and write
404000
unkown
page readonly
86D000
heap
page read and write
8A2000
heap
page read and write
2370000
heap
page read and write
2575000
heap
page read and write
3040000
direct allocation
page read and write
32A0000
heap
page read and write
7F0000
direct allocation
page read and write
400000
unkown
page readonly
304F000
stack
page read and write
2874000
heap
page read and write
6B5000
heap
page read and write
2344000
heap
page read and write
2340000
heap
page read and write
A1F000
stack
page read and write
86A000
heap
page read and write
2689000
heap
page read and write
4F0000
heap
page read and write
650000
heap
page read and write
2CB0000
heap
page read and write
2FEE000
stack
page read and write
32A0000
direct allocation
page read and write
31C0000
heap
page read and write
30E0000
heap
page read and write
259F000
heap
page read and write
7F0000
direct allocation
page read and write
7F0000
direct allocation
page read and write
2E5B000
heap
page read and write
234A000
heap
page read and write
2B5D000
stack
page read and write
3030000
trusted library allocation
page read and write
2E50000
heap
page read and write
400000
unkown
page readonly
7F0000
direct allocation
page read and write
403000
unkown
page read and write
30BE000
stack
page read and write
1000C000
unkown
page read and write
2348000
heap
page read and write
876000
heap
page read and write
21EA000
heap
page read and write
2380000
direct allocation
page read and write
32A2000
heap
page read and write
64E000
stack
page read and write
3090000
heap
page read and write
10001000
unkown
page execute read
403000
unkown
page write copy
329F000
stack
page read and write
33BF000
unkown
page read and write
22C1000
heap
page read and write
21CB000
heap
page read and write
31E7000
heap
page read and write
690000
direct allocation
page read and write
319E000
stack
page read and write
2CCD000
stack
page read and write
31F3000
heap
page read and write
2347000
heap
page read and write
34C0000
heap
page read and write
10000000
unkown
page readonly
2DFF000
unkown
page read and write
680000
direct allocation
page read and write
828000
heap
page read and write
7F0000
direct allocation
page read and write
32A0000
direct allocation
page read and write
7F0000
direct allocation
page read and write
19A000
stack
page read and write
2373000
heap
page read and write
2A5D000
stack
page read and write
3030000
heap
page read and write
22C6000
heap
page read and write
86B000
heap
page read and write
31E2000
heap
page read and write
2202000
heap
page read and write
8A2000
heap
page read and write
876000
heap
page read and write
31F4000
heap
page read and write
2BA0000
heap
page read and write
2DCC000
stack
page read and write
60E000
stack
page read and write
7F0000
direct allocation
page read and write
31F4000
heap
page read and write
31CB000
heap
page read and write
402000
unkown
page readonly
21C0000
heap
page read and write
30D0000
heap
page read and write
2241000
heap
page read and write
2C80000
heap
page read and write
7F0000
direct allocation
page read and write
9B000
stack
page read and write
2342000
heap
page read and write
401000
unkown
page execute read
30F0000
heap
page read and write
839000
heap
page read and write
2206000
heap
page read and write
32A1000
heap
page read and write
22C5000
heap
page read and write
7BF000
stack
page read and write
There are 130 hidden memdumps, click here to show them.