IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
CSV text
dropped
malicious

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
malicious

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableIOAVProtection
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableRealtimeMonitoring
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
DisableNotifications
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
AUOptions
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
AutoInstallMinorUpdates
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
NoAutoRebootWithLoggedOnUsers
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
UseWUServer
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
DoNotConnectToWindowsUpdateInternetLocations
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
TamperProtection

Memdumps

Base Address
Regiontype
Protect
Malicious
2C70000
direct allocation
page read and write
DFE000
stack
page read and write
2D8F000
stack
page read and write
DA2000
unkown
page execute and write copy
A69000
stack
page read and write
2C70000
direct allocation
page read and write
33CF000
stack
page read and write
D04000
unkown
page execute and read and write
4DB1000
heap
page read and write
2C70000
direct allocation
page read and write
2C70000
direct allocation
page read and write
418F000
stack
page read and write
4EF0000
trusted library allocation
page read and write
480E000
stack
page read and write
4DB1000
heap
page read and write
D3A000
unkown
page execute and write copy
DBA000
unkown
page execute and write copy
B10000
unkown
page readonly
CF6000
unkown
page execute and read and write
96C000
stack
page read and write
2ECF000
stack
page read and write
D11000
unkown
page execute and read and write
42CF000
stack
page read and write
3F4E000
stack
page read and write
CCD000
unkown
page execute and read and write
50DE000
stack
page read and write
390E000
stack
page read and write
507B000
trusted library allocation
page execute and read and write
CAF000
unkown
page execute and read and write
529E000
stack
page read and write
4DB1000
heap
page read and write
1095000
heap
page read and write
5180000
trusted library allocation
page execute and read and write
4DB1000
heap
page read and write
DA0000
unkown
page execute and write copy
4DB1000
heap
page read and write
4DB1000
heap
page read and write
318E000
stack
page read and write
454F000
stack
page read and write
DA9000
unkown
page execute and write copy
4F00000
direct allocation
page read and write
2C70000
direct allocation
page read and write
CCC000
unkown
page execute and write copy
300F000
stack
page read and write
3E0E000
stack
page read and write
C9B000
unkown
page execute and read and write
37CE000
stack
page read and write
CB3000
unkown
page execute and read and write
440F000
stack
page read and write
4EED000
trusted library allocation
page execute and read and write
490F000
stack
page read and write
5077000
trusted library allocation
page execute and read and write
2C70000
direct allocation
page read and write
4D90000
heap
page read and write
4DB1000
heap
page read and write
458E000
stack
page read and write
D29000
unkown
page execute and write copy
AE0000
heap
page read and write
4EB0000
trusted library allocation
page read and write
B12000
unkown
page execute and write copy
2C70000
direct allocation
page read and write
4EE4000
trusted library allocation
page read and write
4DB0000
heap
page read and write
430E000
stack
page read and write
5190000
heap
page read and write
404F000
stack
page read and write
AD0000
heap
page read and write
408E000
stack
page read and write
46CE000
stack
page read and write
5090000
trusted library allocation
page read and write
D47000
unkown
page execute and read and write
3CCE000
stack
page read and write
41CE000
stack
page read and write
5300000
heap
page execute and read and write
350F000
stack
page read and write
76CE000
stack
page read and write
10CE000
heap
page read and write
52E0000
trusted library allocation
page read and write
328F000
stack
page read and write
740D000
stack
page read and write
3A0F000
stack
page read and write
4F3C000
stack
page read and write
D32000
unkown
page execute and read and write
C9F000
unkown
page execute and write copy
1101000
heap
page read and write
4DC0000
heap
page read and write
4DB1000
heap
page read and write
354E000
stack
page read and write
B26000
unkown
page execute and write copy
103E000
stack
page read and write
111E000
heap
page read and write
CE0000
unkown
page execute and read and write
CF3000
unkown
page execute and write copy
4F00000
direct allocation
page read and write
D2B000
unkown
page execute and read and write
DB8000
unkown
page execute and write copy
CAD000
unkown
page execute and write copy
1060000
heap
page read and write
D0B000
unkown
page execute and write copy
314F000
stack
page read and write
770E000
stack
page read and write
10A0000
direct allocation
page read and write
340E000
stack
page read and write
744E000
stack
page read and write
52DC000
stack
page read and write
D3B000
unkown
page execute and read and write
5070000
trusted library allocation
page read and write
B10000
unkown
page read and write
4DB1000
heap
page read and write
4DB1000
heap
page read and write
38CF000
stack
page read and write
2DCC000
stack
page read and write
2C6E000
stack
page read and write
4EF4000
trusted library allocation
page read and write
B16000
unkown
page write copy
3DCF000
stack
page read and write
758E000
stack
page read and write
2F0E000
stack
page read and write
2C70000
direct allocation
page read and write
C72000
unkown
page execute and read and write
3B8E000
stack
page read and write
DB8000
unkown
page execute and read and write
114E000
heap
page read and write
494E000
stack
page read and write
4DB1000
heap
page read and write
47CF000
stack
page read and write
2C80000
heap
page read and write
C8E000
unkown
page execute and read and write
75C0000
heap
page execute and read and write
CCE000
unkown
page execute and write copy
10FF000
heap
page read and write
754E000
stack
page read and write
4DB1000
heap
page read and write
DA9000
unkown
page execute and write copy
6335000
trusted library allocation
page read and write
6311000
trusted library allocation
page read and write
DA1000
unkown
page execute and read and write
10CA000
heap
page read and write
2C70000
direct allocation
page read and write
B12000
unkown
page execute and read and write
D03000
unkown
page execute and write copy
4EE3000
trusted library allocation
page execute and read and write
B16000
unkown
page write copy
D18000
unkown
page execute and read and write
503F000
stack
page read and write
3B4F000
stack
page read and write
2C70000
direct allocation
page read and write
1110000
heap
page read and write
5050000
direct allocation
page execute and read and write
444E000
stack
page read and write
4A4F000
stack
page read and write
DBA000
unkown
page execute and write copy
4ED0000
trusted library allocation
page read and write
2C70000
direct allocation
page read and write
CB1000
unkown
page execute and write copy
B1A000
unkown
page execute and read and write
1109000
heap
page read and write
C74000
unkown
page execute and write copy
5311000
trusted library allocation
page read and write
B1A000
unkown
page execute and write copy
4F00000
direct allocation
page read and write
780E000
stack
page read and write
D2C000
unkown
page execute and write copy
D13000
unkown
page execute and write copy
10C0000
heap
page read and write
CA4000
unkown
page execute and read and write
3A4E000
stack
page read and write
5090000
direct allocation
page execute and read and write
2C87000
heap
page read and write
4DB1000
heap
page read and write
468F000
stack
page read and write
138E000
stack
page read and write
304E000
stack
page read and write
2C70000
direct allocation
page read and write
364F000
stack
page read and write
148E000
stack
page read and write
2C70000
direct allocation
page read and write
2C70000
direct allocation
page read and write
1090000
heap
page read and write
378F000
stack
page read and write
4DB1000
heap
page read and write
52F0000
trusted library allocation
page read and write
368E000
stack
page read and write
6314000
trusted library allocation
page read and write
4DB1000
heap
page read and write
4DB1000
heap
page read and write
3C8F000
stack
page read and write
3F0F000
stack
page read and write
505A000
trusted library allocation
page execute and read and write
32CE000
stack
page read and write
D45000
unkown
page execute and write copy
5060000
heap
page read and write
C9A000
unkown
page execute and write copy
There are 183 hidden memdumps, click here to show them.