IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
CSV text
dropped
malicious

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
malicious

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableIOAVProtection
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableRealtimeMonitoring
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
DisableNotifications
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
AUOptions
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
AutoInstallMinorUpdates
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
NoAutoRebootWithLoggedOnUsers
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
UseWUServer
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
DoNotConnectToWindowsUpdateInternetLocations
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
TamperProtection

Memdumps

Base Address
Regiontype
Protect
Malicious
473F000
stack
page read and write
7CC000
stack
page read and write
397F000
stack
page read and write
C44000
unkown
page execute and write copy
C64000
unkown
page execute and write copy
C01000
unkown
page execute and read and write
113E000
stack
page read and write
40FF000
stack
page read and write
383F000
stack
page read and write
2D3E000
stack
page read and write
423F000
stack
page read and write
4D50000
trusted library allocation
page read and write
F1E000
heap
page read and write
BFA000
unkown
page execute and read and write
4C00000
direct allocation
page read and write
4D4D000
trusted library allocation
page execute and read and write
734E000
stack
page read and write
C25000
unkown
page execute and write copy
4BE0000
heap
page read and write
5020000
heap
page execute and read and write
373E000
stack
page read and write
4EDF000
stack
page read and write
A25000
heap
page read and write
3C3E000
stack
page read and write
4D8B000
trusted library allocation
page execute and read and write
4C00000
direct allocation
page read and write
A30000
unkown
page read and write
61B5000
trusted library allocation
page read and write
CDA000
unkown
page execute and write copy
C38000
unkown
page execute and read and write
4D60000
direct allocation
page read and write
3ABF000
stack
page read and write
477E000
stack
page read and write
4D54000
trusted library allocation
page read and write
3BFF000
stack
page read and write
3FBF000
stack
page read and write
427E000
stack
page read and write
A3A000
unkown
page execute and write copy
CCA000
unkown
page execute and write copy
2BBF000
stack
page read and write
4C00000
direct allocation
page read and write
BBC000
unkown
page execute and read and write
CBC000
unkown
page execute and write copy
4F3E000
stack
page read and write
BF4000
unkown
page execute and write copy
4D70000
trusted library allocation
page read and write
4C00000
direct allocation
page read and write
4C11000
heap
page read and write
4D70000
direct allocation
page execute and read and write
A20000
heap
page read and write
35BF000
stack
page read and write
C11000
unkown
page execute and read and write
4C11000
heap
page read and write
2BFB000
stack
page read and write
C39000
unkown
page execute and write copy
5080000
heap
page read and write
4EF0000
trusted library allocation
page read and write
F3C000
heap
page read and write
4C00000
direct allocation
page read and write
4C11000
heap
page read and write
34BE000
stack
page read and write
728D000
stack
page read and write
A30000
unkown
page readonly
7350000
heap
page execute and read and write
4D90000
heap
page read and write
A46000
unkown
page execute and write copy
C52000
unkown
page execute and write copy
2FBE000
stack
page read and write
CCA000
unkown
page execute and write copy
35FE000
stack
page read and write
2F7F000
stack
page read and write
F6D000
heap
page read and write
5030000
trusted library allocation
page execute and read and write
127F000
stack
page read and write
A3A000
unkown
page execute and read and write
F31000
heap
page read and write
2A40000
heap
page read and write
4D30000
trusted library allocation
page read and write
44BF000
stack
page read and write
5050000
trusted library allocation
page read and write
4C00000
direct allocation
page read and write
EEA000
heap
page read and write
3EBE000
stack
page read and write
30FE000
stack
page read and write
4D43000
trusted library allocation
page execute and read and write
CD8000
unkown
page execute and read and write
4D80000
trusted library allocation
page read and write
BFC000
unkown
page execute and write copy
5191000
trusted library allocation
page read and write
2E3F000
stack
page read and write
4C11000
heap
page read and write
4DDC000
stack
page read and write
F20000
heap
page read and write
4C00000
direct allocation
page read and write
6191000
trusted library allocation
page read and write
4C20000
heap
page read and write
C66000
unkown
page execute and read and write
BBA000
unkown
page execute and write copy
36FF000
stack
page read and write
3AFE000
stack
page read and write
BAF000
unkown
page execute and read and write
4C11000
heap
page read and write
347F000
stack
page read and write
C0C000
unkown
page execute and write copy
4D60000
direct allocation
page read and write
333F000
stack
page read and write
4C11000
heap
page read and write
4EF0000
direct allocation
page execute and read and write
5040000
trusted library allocation
page read and write
4BC0000
direct allocation
page read and write
ED0000
heap
page read and write
DF0000
heap
page read and write
BD6000
unkown
page execute and read and write
4C00000
direct allocation
page read and write
3D7E000
stack
page read and write
4D10000
trusted library allocation
page read and write
4C11000
heap
page read and write
4C11000
heap
page read and write
C5A000
unkown
page execute and write copy
3FFE000
stack
page read and write
745E000
stack
page read and write
6194000
trusted library allocation
page read and write
44FE000
stack
page read and write
518F000
stack
page read and write
4C11000
heap
page read and write
CDA000
unkown
page execute and write copy
B9F000
unkown
page execute and write copy
2A77000
heap
page read and write
4D7A000
trusted library allocation
page execute and read and write
4D60000
direct allocation
page read and write
C2D000
unkown
page execute and read and write
4C00000
direct allocation
page read and write
EE0000
heap
page read and write
4C11000
heap
page read and write
45FF000
stack
page read and write
765E000
stack
page read and write
4C00000
direct allocation
page read and write
2CFF000
stack
page read and write
43BE000
stack
page read and write
2ABE000
stack
page read and write
C53000
unkown
page execute and read and write
413E000
stack
page read and write
BD1000
unkown
page execute and write copy
3D3F000
stack
page read and write
387E000
stack
page read and write
117E000
stack
page read and write
4C11000
heap
page read and write
C4A000
unkown
page execute and read and write
31FF000
stack
page read and write
C5C000
unkown
page execute and read and write
755E000
stack
page read and write
C47000
unkown
page execute and read and write
A36000
unkown
page write copy
4D87000
trusted library allocation
page execute and read and write
C48000
unkown
page execute and write copy
4C11000
heap
page read and write
4C00000
direct allocation
page read and write
4C00000
direct allocation
page read and write
2A70000
heap
page read and write
4D44000
trusted library allocation
page read and write
A32000
unkown
page execute and read and write
463E000
stack
page read and write
72CE000
stack
page read and write
4C10000
heap
page read and write
A32000
unkown
page execute and write copy
501C000
stack
page read and write
4C00000
direct allocation
page read and write
EEE000
heap
page read and write
CC0000
unkown
page execute and write copy
103E000
stack
page read and write
337E000
stack
page read and write
B9C000
unkown
page execute and read and write
BBC000
unkown
page execute and write copy
DD9000
stack
page read and write
323E000
stack
page read and write
C35000
unkown
page execute and write copy
4C11000
heap
page read and write
CBF000
unkown
page execute and read and write
39BE000
stack
page read and write
4C11000
heap
page read and write
4C11000
heap
page read and write
487F000
stack
page read and write
A36000
unkown
page write copy
4C00000
direct allocation
page read and write
30BF000
stack
page read and write
437F000
stack
page read and write
4C11000
heap
page read and write
730E000
stack
page read and write
3E7F000
stack
page read and write
C3E000
unkown
page execute and read and write
BCF000
unkown
page execute and write copy
2E7E000
stack
page read and write
CD8000
unkown
page execute and write copy
BD0000
unkown
page execute and read and write
There are 184 hidden memdumps, click here to show them.