IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
CSV text
dropped
malicious

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
malicious

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableIOAVProtection
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableRealtimeMonitoring
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
DisableNotifications
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
AUOptions
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
AutoInstallMinorUpdates
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
NoAutoRebootWithLoggedOnUsers
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
UseWUServer
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
DoNotConnectToWindowsUpdateInternetLocations
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
TamperProtection

Memdumps

Base Address
Regiontype
Protect
Malicious
4F80000
direct allocation
page read and write
1349000
heap
page read and write
4F91000
heap
page read and write
1194000
heap
page read and write
1194000
heap
page read and write
610000
unkown
page execute and write copy
52C0000
trusted library allocation
page read and write
1194000
heap
page read and write
1341000
heap
page read and write
4F80000
direct allocation
page read and write
528000
unkown
page execute and read and write
396000
unkown
page execute and write copy
433F000
stack
page read and write
5260000
trusted library allocation
page read and write
4F80000
direct allocation
page read and write
1300000
heap
page read and write
54B1000
trusted library allocation
page read and write
40BF000
stack
page read and write
1194000
heap
page read and write
487E000
stack
page read and write
3CFF000
stack
page read and write
525000
unkown
page execute and read and write
64B1000
trusted library allocation
page read and write
78BE000
stack
page read and write
768E000
stack
page read and write
45FE000
stack
page read and write
52B0000
trusted library allocation
page read and write
357F000
stack
page read and write
1194000
heap
page read and write
3FBE000
stack
page read and write
628000
unkown
page execute and write copy
44BE000
stack
page read and write
628000
unkown
page execute and write copy
163F000
stack
page read and write
307F000
stack
page read and write
4F80000
direct allocation
page read and write
5A0000
unkown
page execute and read and write
510000
unkown
page execute and write copy
138E000
heap
page read and write
41FF000
stack
page read and write
3E7E000
stack
page read and write
1194000
heap
page read and write
1194000
heap
page read and write
4F80000
direct allocation
page read and write
4F80000
direct allocation
page read and write
4F80000
direct allocation
page read and write
37FF000
stack
page read and write
2E70000
heap
page read and write
593000
unkown
page execute and read and write
2E77000
heap
page read and write
1194000
heap
page read and write
616000
unkown
page execute and write copy
30BE000
stack
page read and write
12DE000
stack
page read and write
50E0000
direct allocation
page read and write
5120000
heap
page read and write
1194000
heap
page read and write
50E0000
direct allocation
page read and write
584000
unkown
page execute and read and write
133F000
heap
page read and write
382000
unkown
page execute and read and write
4F80000
direct allocation
page read and write
79FE000
stack
page read and write
510000
unkown
page execute and read and write
49BE000
stack
page read and write
53C000
unkown
page execute and write copy
5243000
trusted library allocation
page execute and read and write
4F80000
direct allocation
page read and write
153E000
stack
page read and write
54AE000
stack
page read and write
423E000
stack
page read and write
1194000
heap
page read and write
4E6000
unkown
page execute and read and write
5090000
heap
page read and write
517000
unkown
page execute and read and write
5BB000
unkown
page execute and read and write
1180000
heap
page read and write
4F91000
heap
page read and write
566000
unkown
page execute and read and write
1194000
heap
page read and write
38A000
unkown
page execute and read and write
579000
unkown
page execute and write copy
4F91000
heap
page read and write
35BE000
stack
page read and write
560000
unkown
page execute and write copy
40FE000
stack
page read and write
3ABE000
stack
page read and write
58F000
unkown
page execute and write copy
497F000
stack
page read and write
4F80000
direct allocation
page read and write
5250000
trusted library allocation
page read and write
562000
unkown
page execute and read and write
483F000
stack
page read and write
3D3E000
stack
page read and write
380000
unkown
page readonly
535C000
stack
page read and write
5254000
trusted library allocation
page read and write
764D000
stack
page read and write
45BF000
stack
page read and write
130A000
heap
page read and write
524D000
trusted library allocation
page execute and read and write
4FA0000
heap
page read and write
135E000
heap
page read and write
31BF000
stack
page read and write
36FE000
stack
page read and write
53A0000
heap
page execute and read and write
2E1E000
stack
page read and write
5B0000
unkown
page execute and read and write
1194000
heap
page read and write
31FE000
stack
page read and write
5270000
trusted library allocation
page read and write
1194000
heap
page read and write
5270000
direct allocation
page execute and read and write
4F80000
direct allocation
page read and write
2E5B000
stack
page read and write
4F60000
direct allocation
page read and write
3A7F000
stack
page read and write
3BBF000
stack
page read and write
38A000
unkown
page execute and write copy
1194000
heap
page read and write
53D000
unkown
page execute and read and write
502000
unkown
page execute and read and write
52A0000
trusted library allocation
page execute and read and write
626000
unkown
page execute and write copy
4F80000
direct allocation
page read and write
5277000
trusted library allocation
page execute and read and write
3E3F000
stack
page read and write
386000
unkown
page write copy
1194000
heap
page read and write
527B000
trusted library allocation
page execute and read and write
540000
unkown
page execute and write copy
5244000
trusted library allocation
page read and write
473E000
stack
page read and write
616000
unkown
page execute and write copy
5AF000
unkown
page execute and write copy
59B000
unkown
page execute and write copy
1194000
heap
page read and write
386000
unkown
page write copy
382000
unkown
page execute and write copy
4E8000
unkown
page execute and write copy
4F91000
heap
page read and write
5240000
direct allocation
page execute and read and write
2F7F000
stack
page read and write
447F000
stack
page read and write
552000
unkown
page execute and read and write
4F80000
direct allocation
page read and write
4ABF000
stack
page read and write
393F000
stack
page read and write
46FF000
stack
page read and write
1190000
heap
page read and write
5B8000
unkown
page execute and write copy
522E000
stack
page read and write
383E000
stack
page read and write
563000
unkown
page execute and write copy
4AFE000
stack
page read and write
130E000
heap
page read and write
64B4000
trusted library allocation
page read and write
2E60000
heap
page read and write
626000
unkown
page execute and read and write
57F000
unkown
page execute and write copy
36BF000
stack
page read and write
14FE000
stack
page read and write
57E000
unkown
page execute and read and write
1194000
heap
page read and write
512000
unkown
page execute and write copy
4BFF000
stack
page read and write
50D0000
trusted library allocation
page read and write
50E0000
direct allocation
page read and write
397E000
stack
page read and write
78FE000
stack
page read and write
4F90000
heap
page read and write
347E000
stack
page read and write
64D5000
trusted library allocation
page read and write
3F7F000
stack
page read and write
343F000
stack
page read and write
32FF000
stack
page read and write
1270000
heap
page read and write
5290000
trusted library allocation
page read and write
4F80000
direct allocation
page read and write
1139000
stack
page read and write
76B0000
heap
page execute and read and write
77BE000
stack
page read and write
333E000
stack
page read and write
527000
unkown
page execute and write copy
524000
unkown
page execute and write copy
437E000
stack
page read and write
526A000
trusted library allocation
page execute and read and write
52D0000
heap
page read and write
3BFE000
stack
page read and write
4F91000
heap
page read and write
103C000
stack
page read and write
511B000
stack
page read and write
380000
unkown
page read and write
5090000
trusted library allocation
page read and write
531E000
stack
page read and write
1194000
heap
page read and write
539E000
stack
page read and write
There are 187 hidden memdumps, click here to show them.