IOC Report
Update-KB6125-x86.exe

loading gif

Files

File Path
Type
Category
Malicious
Update-KB6125-x86.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\Windows\tserv.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Windows\tserv.exe:Zone.Identifier
ASCII text, with CRLF line terminators
modified
malicious

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\Update-KB6125-x86.exe
"C:\Users\user\Desktop\Update-KB6125-x86.exe"
malicious
C:\Windows\tserv.exe
C:\Windows\tserv.exe s
malicious
C:\Windows\tserv.exe
"C:\Windows\tserv.exe" s
malicious

Domains

Name
IP
Malicious
mta6.am0.yahoodns.net
67.195.204.73
alt3.gmail-smtp-in.l.google.com
142.250.141.26
alt4.gmail-smtp-in.l.google.com
192.178.128.26
mta7.am0.yahoodns.net
67.195.228.110
gmail-smtp-in.l.google.com
209.85.233.26
mta5.am0.yahoodns.net
67.195.204.72
www4.cedesunjerinkas.com
193.166.255.171
alt1.gmail-smtp-in.l.google.com
142.250.157.26
alt2.gmail-smtp-in.l.google.com
173.194.202.27
hotmail-com.olc.protection.outlook.com
52.101.73.23
hotmail.com
unknown
gmail.com
unknown
yahoo.com
unknown
There are 3 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
142.250.141.26
alt3.gmail-smtp-in.l.google.com
United States
193.166.255.171
www4.cedesunjerinkas.com
Finland
142.250.157.26
alt1.gmail-smtp-in.l.google.com
United States
173.194.202.27
alt2.gmail-smtp-in.l.google.com
United States
67.195.204.72
mta5.am0.yahoodns.net
United States
67.195.228.110
mta7.am0.yahoodns.net
United States
209.85.233.26
gmail-smtp-in.l.google.com
United States
192.178.128.26
alt4.gmail-smtp-in.l.google.com
United States
67.195.204.73
mta6.am0.yahoodns.net
United States

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
tserv

Memdumps

Base Address
Regiontype
Protect
Malicious
68C000
heap
page read and write
63B000
heap
page read and write
67F000
heap
page read and write
610000
heap
page read and write
446000
unkown
page readonly
9A000
stack
page read and write
699000
heap
page read and write
400000
unkown
page readonly
3D80000
trusted library allocation
page read and write
64D000
heap
page read and write
575000
heap
page read and write
630000
heap
page read and write
1F0000
heap
page read and write
67F000
heap
page read and write
446000
unkown
page readonly
400000
unkown
page readonly
677000
heap
page read and write
67A000
heap
page read and write
66B000
heap
page read and write
42E000
unkown
page readonly
600000
heap
page read and write
434000
unkown
page readonly
1FA0000
heap
page read and write
431000
unkown
page write copy
1FA4000
heap
page read and write
1F8E000
stack
page read and write
664000
heap
page read and write
67F000
heap
page read and write
431000
unkown
page read and write
464000
unkown
page readonly
676000
heap
page read and write
677000
heap
page read and write
677000
heap
page read and write
677000
heap
page read and write
676000
heap
page read and write
42E000
unkown
page readonly
3A3F000
stack
page read and write
464000
unkown
page readonly
5BE000
stack
page read and write
20E0000
heap
page read and write
694000
heap
page read and write
68C000
heap
page read and write
676000
heap
page read and write
570000
heap
page read and write
673000
heap
page read and write
434000
unkown
page readonly
540000
heap
page read and write
19C000
stack
page read and write
401000
unkown
page execute read
66E000
heap
page read and write
550000
heap
page read and write
57A000
heap
page read and write
690000
heap
page read and write
401000
unkown
page execute read
20AF000
stack
page read and write
There are 45 hidden memdumps, click here to show them.