IOC Report
7zba89tklZ.exe

loading gif

Files

File Path
Type
Category
Malicious
7zba89tklZ.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Local\Microsoft\svcapp.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Microsoft\svcapp.exe:Zone.Identifier
ASCII text, with CRLF line terminators
modified
malicious

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\7zba89tklZ.exe
"C:\Users\user\Desktop\7zba89tklZ.exe"
malicious
C:\Users\user\Desktop\7zba89tklZ.exe
"C:\Users\user\Desktop\7zba89tklZ.exe"
malicious
C:\Users\user\AppData\Local\Microsoft\svcapp.exe
"C:\Users\user\AppData\Local\Microsoft\svcapp.exe"
malicious

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SystemHandler
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SystemHandler

Memdumps

Base Address
Regiontype
Protect
Malicious
BC0000
heap
page read and write
7D0000
heap
page read and write
DC0000
heap
page read and write
1615000
heap
page read and write
50D000
unkown
page readonly
DF0000
heap
page read and write
371000
unkown
page execute read
30B0000
heap
page read and write
384000
unkown
page readonly
DF5000
heap
page read and write
4F1000
unkown
page execute read
504000
unkown
page readonly
F80000
heap
page read and write
87E000
stack
page read and write
12AE000
heap
page read and write
4F0000
unkown
page readonly
DB0000
heap
page read and write
38D000
unkown
page readonly
12A0000
heap
page read and write
2DE0000
heap
page read and write
8D0000
heap
page read and write
12AA000
heap
page read and write
4F1000
unkown
page execute read
38A000
unkown
page write copy
25F0000
heap
page read and write
CCE000
stack
page read and write
6FD000
stack
page read and write
4F0000
unkown
page readonly
371000
unkown
page execute read
8DE000
heap
page read and write
ACE000
stack
page read and write
FC0000
heap
page read and write
DD0000
heap
page read and write
38D000
unkown
page readonly
504000
unkown
page readonly
384000
unkown
page readonly
50A000
unkown
page write copy
36C000
stack
page read and write
8DA000
heap
page read and write
7E0000
heap
page read and write
50D000
unkown
page readonly
1610000
heap
page read and write
4F1000
unkown
page execute read
504000
unkown
page readonly
1180000
heap
page read and write
50A000
unkown
page write copy
FE0000
heap
page read and write
10FC000
stack
page read and write
BC5000
heap
page read and write
D4C000
stack
page read and write
83E000
stack
page read and write
38A000
unkown
page read and write
4F1000
unkown
page execute read
370000
unkown
page readonly
F4C000
stack
page read and write
504000
unkown
page readonly
1390000
heap
page read and write
50D000
unkown
page readonly
FD0000
heap
page read and write
12FD000
stack
page read and write
7F0000
heap
page read and write
1398000
heap
page read and write
4F0000
unkown
page readonly
2D7C000
stack
page read and write
50D000
unkown
page readonly
322F000
stack
page read and write
370000
unkown
page readonly
50A000
unkown
page read and write
3F0000
heap
page read and write
4F0000
unkown
page readonly
50A000
unkown
page read and write
There are 61 hidden memdumps, click here to show them.