IOC Report
ceFgl3jkkk.exe

loading gif

Files

File Path
Type
Category
Malicious
ceFgl3jkkk.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Local\Temp\_MEI8242\VCRUNTIME140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI8242\_asyncio.pyd
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI8242\_bz2.pyd
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI8242\_ctypes.pyd
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI8242\_decimal.pyd
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI8242\_hashlib.pyd
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI8242\_lzma.pyd
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI8242\_multiprocessing.pyd
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI8242\_overlapped.pyd
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI8242\_queue.pyd
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI8242\_socket.pyd
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI8242\_ssl.pyd
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI8242\_uuid.pyd
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip
Zip archive data, at least v2.0 to extract, compression method=store
dropped
C:\Users\user\AppData\Local\Temp\_MEI8242\libcrypto-1_1.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI8242\libffi-7.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI8242\libssl-1_1.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI8242\pyexpat.pyd
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI8242\python39.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI8242\select.pyd
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI8242\unicodedata.pyd
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
There are 12 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\ceFgl3jkkk.exe
"C:\Users\user\Desktop\ceFgl3jkkk.exe"
malicious
C:\Users\user\Desktop\ceFgl3jkkk.exe
"C:\Users\user\Desktop\ceFgl3jkkk.exe"
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe
C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\ngentask.exe
malicious

URLs

Name
IP
Malicious
droppyrelivei.cfd
malicious
https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
unknown
https://steamcommunity.com/profiles/76561199724331900
104.102.49.254
https://www.ntcore.com/files/richsign.htm
unknown
https://auscitte.github.io/systems%20blog/Exception-Directory-pefile#implementation-details
unknown
https://www.python.org/download/releases/2.3/mro/.
unknown
http://ocsp.thawte.com0
unknown
http://store.steampowered.com/privacy_agreement/
unknown
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
unknown
resinedyw.sbs
enlargkiw.sbs
https://community.fastly.steamstatic.co
unknown
https://marshal-zhukov.com/api)
unknown
https://www.python.org/dev/peps/pep-0205/
unknown
allocatinow.sbs
http://store.steampowered.com/subscriber_agreement/
unknown
https://python.org/dev/peps/pep-0263/
unknown
drawwyobstacw.sbs
vennurviot.sbs
https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
unknown
http://crl3.digi
unknown
https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?
unknown
ehticsprocw.sbs
https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
unknown
https://marshal-zhukov.com/apis
unknown
https://community.fastly.steamstatic.com/public/im
unknown
mathcucom.sbs
http://crl.thawte.com/ThawteTimestampingCA.crl0
unknown
https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=id
unknown
https://www.openssl.org/H
unknown
https://marshal-zhukov.com/
unknown
https://community.fastly.steamstati
unknown
condifendteu.sbs
http://store.steampowered.com/account/cookiepreferences/
unknown
https://marshal-zhukov.com/api
188.114.97.3
http://crl4.digice
unknown
https://www.mandiant.com/resources/blog/tracking-malware-import-hashing
unknown
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
unknown
https://store.steampowered.com/legal/
unknown
There are 29 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
droppyrelivei.cfd
unknown
malicious
condifendteu.sbs
unknown
malicious
allocatinow.sbs
unknown
malicious
vennurviot.sbs
unknown
malicious
drawwyobstacw.sbs
unknown
malicious
mathcucom.sbs
unknown
malicious
ehticsprocw.sbs
unknown
malicious
resinedyw.sbs
unknown
malicious
enlargkiw.sbs
unknown
malicious
steamcommunity.com
104.102.49.254
s-part-0017.t-0009.t-msedge.net
13.107.246.45
marshal-zhukov.com
188.114.97.3
There are 2 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
188.114.97.3
marshal-zhukov.com
European Union
104.102.49.254
steamcommunity.com
United States

Memdumps

Base Address
Regiontype
Protect
Malicious
9C8B000
heap
page read and write
malicious
DFE000
heap
page read and write
9D82000
heap
page read and write
334D000
heap
page read and write
D3D000
heap
page read and write
D52000
heap
page read and write
D5C000
heap
page read and write
D28000
heap
page read and write
D84000
heap
page read and write
D8C000
heap
page read and write
12BE000
stack
page read and write
342E000
stack
page read and write
32E3000
heap
page read and write
F90000
unkown
page readonly
F51000
unkown
page execute read
C45000
heap
page read and write
D78000
heap
page read and write
DE9000
heap
page read and write
DDD000
heap
page read and write
D90000
heap
page read and write
32B9000
heap
page read and write
D98000
heap
page read and write
A330000
direct allocation
page read and write
D64000
heap
page read and write
D7B000
heap
page read and write
DB5000
heap
page read and write
DE0000
heap
page read and write
3EB5000
heap
page read and write
D82000
heap
page read and write
DDF000
heap
page read and write
66C000
stack
page read and write
9C0D000
heap
page read and write
2CDD000
stack
page read and write
32D6000
heap
page read and write
DDC000
heap
page read and write
A3B0000
direct allocation
page read and write
3710000
heap
page read and write
11B5000
heap
page read and write
9DD6000
heap
page read and write
D83000
heap
page read and write
A430000
direct allocation
page read and write
D34000
heap
page read and write
32EE000
heap
page read and write
32F4000
heap
page read and write
DE4000
heap
page read and write
A3F0000
direct allocation
page read and write
BE3000
stack
page read and write
6DA000
heap
page read and write
F80000
unkown
page write copy
3342000
heap
page read and write
3430000
direct allocation
page read and write
DB4000
heap
page read and write
33DE000
stack
page read and write
32E6000
heap
page read and write
3342000
heap
page read and write
D90000
heap
page read and write
D84000
heap
page read and write
6CD000
heap
page read and write
DA8000
heap
page read and write
DFC000
heap
page read and write
3311000
heap
page read and write
9C1A000
heap
page read and write
DAE000
heap
page read and write
2BA0000
heap
page read and write
3270000
direct allocation
page read and write
333E000
heap
page read and write
334D000
heap
page read and write
6D0000
heap
page read and write
3360000
heap
page read and write
32E3000
heap
page read and write
DE1000
heap
page read and write
11AE000
stack
page read and write
333A000
heap
page read and write
1391000
heap
page read and write
D64000
heap
page read and write
D9F000
heap
page read and write
A370000
direct allocation
page read and write
52B5000
heap
page read and write
DFE000
heap
page read and write
32E3000
heap
page read and write
DB4000
heap
page read and write
BEC000
stack
page read and write
F73000
unkown
page readonly
D4C000
heap
page read and write
D83000
heap
page read and write
E0D000
heap
page read and write
85E000
stack
page read and write
32E6000
heap
page read and write
9BA9000
heap
page read and write
D8A000
heap
page read and write
6CD000
heap
page read and write
32D8000
heap
page read and write
AF30000
heap
page read and write
2C80000
heap
page read and write
D84000
heap
page read and write
333F000
heap
page read and write
D3D000
heap
page read and write
32D2000
heap
page read and write
32E2000
heap
page read and write
66B5000
heap
page read and write
D20000
heap
page read and write
B2E000
stack
page read and write
F90000
unkown
page readonly
381F000
stack
page read and write
331D000
heap
page read and write
A170000
direct allocation
page read and write
D88000
heap
page read and write
1050000
heap
page read and write
D55000
heap
page read and write
3397000
heap
page read and write
32D6000
heap
page read and write
D83000
heap
page read and write
32DC000
heap
page read and write
32D5000
heap
page read and write
DB4000
heap
page read and write
DA0000
heap
page read and write
12D8000
heap
page read and write
DE6000
heap
page read and write
D4E000
heap
page read and write
D52000
heap
page read and write
6CD000
heap
page read and write
333A000
heap
page read and write
DF8000
heap
page read and write
D96000
heap
page read and write
32F4000
heap
page read and write
DB4000
heap
page read and write
331A000
heap
page read and write
2DDC000
stack
page read and write
6CD000
heap
page read and write
6CD000
heap
page read and write
9B30000
heap
page read and write
32EE000
heap
page read and write
DC8000
heap
page read and write
DB4000
heap
page read and write
DEC000
stack
page read and write
14CF000
stack
page read and write
DB5000
heap
page read and write
66A000
stack
page read and write
DAE000
heap
page read and write
D64000
heap
page read and write
12D0000
heap
page read and write
D84000
heap
page read and write
2F4D000
stack
page read and write
6CD000
heap
page read and write
D8C000
heap
page read and write
6CD000
heap
page read and write
333A000
heap
page read and write
F51000
unkown
page execute read
D90000
heap
page read and write
D55000
heap
page read and write
6B0000
heap
page read and write
32B1000
heap
page read and write
D96000
heap
page read and write
6B8000
heap
page read and write
DFB000
heap
page read and write
DDE000
heap
page read and write
D81000
heap
page read and write
D5C000
heap
page read and write
32E6000
heap
page read and write
D6A000
heap
page read and write
DB4000
heap
page read and write
DF4000
heap
page read and write
D8C000
heap
page read and write
32F7000
heap
page read and write
DB5000
heap
page read and write
6CD000
heap
page read and write
D64000
heap
page read and write
1342000
heap
page read and write
32EE000
heap
page read and write
DB5000
heap
page read and write
6CD000
heap
page read and write
6CD000
heap
page read and write
DB5000
heap
page read and write
F90000
unkown
page readonly
D7D000
heap
page read and write
D64000
heap
page read and write
CF0000
heap
page read and write
D90000
heap
page read and write
9B9E000
heap
page read and write
334B000
heap
page read and write
C60000
heap
page read and write
31B0000
direct allocation
page read and write
D4C000
heap
page read and write
48B5000
heap
page read and write
D64000
heap
page read and write
D8A000
heap
page read and write
DE4000
heap
page read and write
DE9000
heap
page read and write
32BA000
heap
page read and write
1396000
heap
page read and write
DA1000
heap
page read and write
D96000
heap
page read and write
12C0000
heap
page read and write
F8F000
unkown
page read and write
F51000
unkown
page execute read
1347000
heap
page read and write
3350000
heap
page read and write
71AA000
heap
page read and write
DE9000
heap
page read and write
6C9000
heap
page read and write
D5A000
heap
page read and write
3030000
direct allocation
page read and write
133E000
heap
page read and write
D64000
heap
page read and write
3328000
heap
page read and write
DAE000
heap
page read and write
D88000
heap
page read and write
32EE000
heap
page read and write
6CD000
heap
page read and write
32B1000
heap
page read and write
D96000
heap
page read and write
DA5000
heap
page read and write
458000
remote allocation
page execute and read and write
32DD000
heap
page read and write
A530000
heap
page read and write
DEE000
heap
page read and write
6C9000
heap
page read and write
9CFC000
heap
page read and write
DF4000
heap
page read and write
DD7000
heap
page read and write
D96000
heap
page read and write
32DD000
heap
page read and write
334C000
heap
page read and write
32CD000
heap
page read and write
32B4000
heap
page read and write
C40000
heap
page read and write
A230000
direct allocation
page read and write
32E3000
heap
page read and write
D18000
heap
page read and write
F51000
unkown
page execute read
3342000
heap
page read and write
DC2000
heap
page read and write
D55000
heap
page read and write
D9F000
heap
page read and write
DAE000
heap
page read and write
32BA000
heap
page read and write
6D9000
heap
page read and write
D88000
heap
page read and write
F80000
unkown
page read and write
32D2000
heap
page read and write
DE5000
heap
page read and write
DFE000
heap
page read and write
DF8000
heap
page read and write
9B31000
heap
page read and write
9D84000
heap
page read and write
A2F0000
direct allocation
page read and write
D55000
heap
page read and write
DA1000
heap
page read and write
3400000
heap
page read and write
DFB000
heap
page read and write
2B60000
direct allocation
page read and write
3344000
heap
page read and write
D55000
heap
page read and write
CAD000
stack
page read and write
32B1000
heap
page read and write
1312000
heap
page read and write
9C19000
heap
page read and write
F50000
unkown
page readonly
DA5000
heap
page read and write
DFE000
heap
page read and write
D73000
heap
page read and write
D5A000
heap
page read and write
3328000
heap
page read and write
36EE000
stack
page read and write
3343000
heap
page read and write
F73000
unkown
page readonly
D83000
heap
page read and write
368F000
stack
page read and write
DDC000
heap
page read and write
D8A000
heap
page read and write
32EB000
heap
page read and write
DA1000
heap
page read and write
6CD000
heap
page read and write
33B0000
direct allocation
page read and write
D98000
heap
page read and write
F83000
unkown
page read and write
D1F000
stack
page read and write
DAE000
heap
page read and write
DDC000
heap
page read and write
D78000
heap
page read and write
3360000
heap
page read and write
DB4000
heap
page read and write
1321000
heap
page read and write
CEB000
stack
page read and write
A130000
direct allocation
page read and write
DF4000
heap
page read and write
D70000
heap
page read and write
860000
heap
page read and write
DFB000
heap
page read and write
67AA000
heap
page read and write
DA7000
heap
page read and write
6DA000
heap
page read and write
3360000
heap
page read and write
132E000
heap
page read and write
31F0000
direct allocation
page read and write
32D0000
heap
page read and write
32BC000
heap
page read and write
5CB5000
heap
page read and write
9C0E000
heap
page read and write
CED000
stack
page read and write
6D1000
heap
page read and write
D4D000
heap
page read and write
DC7000
heap
page read and write
A1B0000
direct allocation
page read and write
400000
remote allocation
page execute and read and write
D96000
heap
page read and write
12FE000
heap
page read and write
81E000
stack
page read and write
D9F000
heap
page read and write
3360000
heap
page read and write
D5C000
heap
page read and write
DDC000
heap
page read and write
DDC000
heap
page read and write
333A000
heap
page read and write
47C000
stack
page read and write
D70000
heap
page read and write
D9F000
heap
page read and write
116E000
stack
page read and write
DAE000
heap
page read and write
32D6000
heap
page read and write
B757000
heap
page read and write
E0D000
heap
page read and write
3350000
heap
page read and write
3230000
direct allocation
page read and write
6CD000
heap
page read and write
D4D000
heap
page read and write
6DA000
heap
page read and write
F80000
unkown
page write copy
334C000
heap
page read and write
D82000
heap
page read and write
32F0000
heap
page read and write
F80000
unkown
page read and write
9CFC000
heap
page read and write
32DC000
heap
page read and write
DFE000
heap
page read and write
6CD000
heap
page read and write
DDD000
heap
page read and write
333A000
heap
page read and write
F73000
unkown
page readonly
2E40000
heap
page read and write
3360000
heap
page read and write
D83000
heap
page read and write
F50000
unkown
page readonly
6CD000
heap
page read and write
D8B000
heap
page read and write
DB5000
heap
page read and write
34B5000
heap
page read and write
D58000
heap
page read and write
334A000
heap
page read and write
26B0000
heap
page read and write
137E000
stack
page read and write
D83000
heap
page read and write
D57000
heap
page read and write
9C8B000
heap
page read and write
3360000
heap
page read and write
D49000
heap
page read and write
DB5000
heap
page read and write
32CF000
heap
page read and write
3470000
direct allocation
page read and write
32B1000
heap
page read and write
DC3000
heap
page read and write
11B0000
heap
page read and write
6CD000
heap
page read and write
D55000
heap
page read and write
D56000
heap
page read and write
D7C000
heap
page read and write
D83000
heap
page read and write
32DE000
stack
page read and write
3360000
heap
page read and write
D64000
heap
page read and write
DAE000
heap
page read and write
D5A000
heap
page read and write
32E9000
heap
page read and write
D58000
heap
page read and write
358E000
stack
page read and write
32B1000
heap
page read and write
F8F000
unkown
page read and write
D7C000
heap
page read and write
9CFC000
heap
page read and write
DAE000
heap
page read and write
32D4000
heap
page read and write
2B20000
direct allocation
page read and write
9D31000
heap
page read and write
3360000
heap
page read and write
F50000
unkown
page readonly
F00000
direct allocation
page read and write
D86000
heap
page read and write
32CD000
heap
page read and write
DA6000
heap
page read and write
DEC000
heap
page read and write
6D6000
heap
page read and write
333A000
heap
page read and write
DA6000
heap
page read and write
D95000
heap
page read and write
6CD000
heap
page read and write
DB4000
heap
page read and write
32B1000
heap
page read and write
DF8000
heap
page read and write
DFC000
heap
page read and write
32E7000
heap
page read and write
32E3000
heap
page read and write
6CD000
heap
page read and write
DF4000
heap
page read and write
6CD000
heap
page read and write
12ED000
heap
page read and write
D83000
heap
page read and write
DE9000
heap
page read and write
A2B0000
direct allocation
page read and write
32E3000
heap
page read and write
D56000
heap
page read and write
13A8000
heap
page read and write
2E1D000
stack
page read and write
D98000
heap
page read and write
DF4000
heap
page read and write
32D3000
heap
page read and write
D78000
heap
page read and write
DB4000
heap
page read and write
7FC000
stack
page read and write
6DA000
heap
page read and write
7D0000
heap
page read and write
F90000
unkown
page readonly
D9F000
heap
page read and write
D88000
heap
page read and write
6CD000
heap
page read and write
32EE000
heap
page read and write
334D000
heap
page read and write
D5A000
heap
page read and write
3348000
heap
page read and write
F73000
unkown
page readonly
9B31000
heap
page read and write
D54000
heap
page read and write
6CD000
heap
page read and write
DDC000
heap
page read and write
352E000
stack
page read and write
DF8000
heap
page read and write
6D0000
heap
page read and write
D64000
heap
page read and write
DE8000
heap
page read and write
DA5000
heap
page read and write
F50000
unkown
page readonly
32B0000
heap
page read and write
DF8000
heap
page read and write
D10000
heap
page read and write
118E000
stack
page read and write
DDC000
heap
page read and write
D33000
heap
page read and write
3070000
direct allocation
page read and write
DE7000
heap
page read and write
A1F0000
direct allocation
page read and write
1334000
heap
page read and write
E0D000
heap
page read and write
32E3000
heap
page read and write
D64000
heap
page read and write
663000
stack
page read and write
7BAA000
heap
page read and write
9C8B000
heap
page read and write
3348000
heap
page read and write
D98000
heap
page read and write
DBC000
heap
page read and write
DAE000
heap
page read and write
DDC000
heap
page read and write
D54000
heap
page read and write
There are 452 hidden memdumps, click here to show them.