IOC Report
1737701404d7e2db9bd85949651d771cf2c71b35c7c53a8031379846bc9bf607c745814b60686.dat-decoded.exe

FilesProcessesURLsDomainsIPsRegistryMemdumps1010Label

Files

File Path
Type
Category
Malicious
Download
1737701404d7e2db9bd85949651d771cf2c71b35c7c53a8031379846bc9bf607c745814b60686.dat-decoded.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
initial sample
malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_JBRCCT4D2EK14A3N_3835ea14cb22c2f8b732e9ab365882fef9c6cd_7f578f9e_077622d2-b85c-458a-bcdc-851180f678bd\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5CCA.tmp.dmp
Mini DuMP crash report, 16 streams, Fri Jan 24 07:01:06 2025, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5F8A.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5FBA.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Windows\appcompat\Programs\Amcache.hve
MS Windows registry file, NT/2000 or above
dropped

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\1737701404d7e2db9bd85949651d771cf2c71b35c7c53a8031379846bc9bf607c745814b60686.dat-decoded.exe
"C:\Users\user\Desktop\1737701404d7e2db9bd85949651d771cf2c71b35c7c53a8031379846bc9bf607c745814b60686.dat-decoded.exe"
malicious
C:\Windows\System32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 7400 -s 1516

URLs

Name
IP
Malicious
81.161.238.16
malicious
http://upx.sf.net
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown

Domains

Name
IP
Malicious
s-part-0017.t-0009.t-msedge.net
13.107.246.45

IPs

IP
Domain
Country
Malicious
81.161.238.16
unknown
Germany
malicious

Registry

Path
Value
Malicious
\REGISTRY\A\{677d81e3-3b01-7baf-95ef-cd117d1cbc47}\Root\InventoryApplicationFile\1737701404d7e2db|55bf6bed9e5da89e
ProgramId
\REGISTRY\A\{677d81e3-3b01-7baf-95ef-cd117d1cbc47}\Root\InventoryApplicationFile\1737701404d7e2db|55bf6bed9e5da89e
FileId
\REGISTRY\A\{677d81e3-3b01-7baf-95ef-cd117d1cbc47}\Root\InventoryApplicationFile\1737701404d7e2db|55bf6bed9e5da89e
LowerCaseLongPath
\REGISTRY\A\{677d81e3-3b01-7baf-95ef-cd117d1cbc47}\Root\InventoryApplicationFile\1737701404d7e2db|55bf6bed9e5da89e
LongPathHash
\REGISTRY\A\{677d81e3-3b01-7baf-95ef-cd117d1cbc47}\Root\InventoryApplicationFile\1737701404d7e2db|55bf6bed9e5da89e
Name
\REGISTRY\A\{677d81e3-3b01-7baf-95ef-cd117d1cbc47}\Root\InventoryApplicationFile\1737701404d7e2db|55bf6bed9e5da89e
OriginalFileName
\REGISTRY\A\{677d81e3-3b01-7baf-95ef-cd117d1cbc47}\Root\InventoryApplicationFile\1737701404d7e2db|55bf6bed9e5da89e
Publisher
\REGISTRY\A\{677d81e3-3b01-7baf-95ef-cd117d1cbc47}\Root\InventoryApplicationFile\1737701404d7e2db|55bf6bed9e5da89e
Version
\REGISTRY\A\{677d81e3-3b01-7baf-95ef-cd117d1cbc47}\Root\InventoryApplicationFile\1737701404d7e2db|55bf6bed9e5da89e
BinFileVersion
\REGISTRY\A\{677d81e3-3b01-7baf-95ef-cd117d1cbc47}\Root\InventoryApplicationFile\1737701404d7e2db|55bf6bed9e5da89e
BinaryType
\REGISTRY\A\{677d81e3-3b01-7baf-95ef-cd117d1cbc47}\Root\InventoryApplicationFile\1737701404d7e2db|55bf6bed9e5da89e
ProductName
\REGISTRY\A\{677d81e3-3b01-7baf-95ef-cd117d1cbc47}\Root\InventoryApplicationFile\1737701404d7e2db|55bf6bed9e5da89e
ProductVersion
\REGISTRY\A\{677d81e3-3b01-7baf-95ef-cd117d1cbc47}\Root\InventoryApplicationFile\1737701404d7e2db|55bf6bed9e5da89e
LinkDate
\REGISTRY\A\{677d81e3-3b01-7baf-95ef-cd117d1cbc47}\Root\InventoryApplicationFile\1737701404d7e2db|55bf6bed9e5da89e
BinProductVersion
\REGISTRY\A\{677d81e3-3b01-7baf-95ef-cd117d1cbc47}\Root\InventoryApplicationFile\1737701404d7e2db|55bf6bed9e5da89e
AppxPackageFullName
\REGISTRY\A\{677d81e3-3b01-7baf-95ef-cd117d1cbc47}\Root\InventoryApplicationFile\1737701404d7e2db|55bf6bed9e5da89e
AppxPackageRelativeId
\REGISTRY\A\{677d81e3-3b01-7baf-95ef-cd117d1cbc47}\Root\InventoryApplicationFile\1737701404d7e2db|55bf6bed9e5da89e
Size
\REGISTRY\A\{677d81e3-3b01-7baf-95ef-cd117d1cbc47}\Root\InventoryApplicationFile\1737701404d7e2db|55bf6bed9e5da89e
Language
\REGISTRY\A\{677d81e3-3b01-7baf-95ef-cd117d1cbc47}\Root\InventoryApplicationFile\1737701404d7e2db|55bf6bed9e5da89e
Usn
There are 9 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
Download
842000
unkown
page readonly
malicious
7FF887B90000
trusted library allocation
page read and write
2AAF000
stack
page read and write
84C000
unkown
page readonly
F9E000
stack
page read and write
E97000
heap
page read and write
840000
unkown
page readonly
DA0000
heap
page read and write
7FF887D50000
trusted library allocation
page execute and read and write
7FF887C50000
trusted library allocation
page execute and read and write
7FF887C4C000
trusted library allocation
page execute and read and write
2BE0000
trusted library allocation
page read and write
1BDC0000
heap
page read and write
DDF000
heap
page read and write
7FF887C46000
trusted library allocation
page read and write
1BA4F000
stack
page read and write
1BB4E000
stack
page read and write
981000
stack
page read and write
7FF887BA0000
trusted library allocation
page read and write
12B91000
trusted library allocation
page read and write
D83000
trusted library allocation
page read and write
1C1CA000
stack
page read and write
7FF887B93000
trusted library allocation
page execute and read and write
7FF887B9D000
trusted library allocation
page execute and read and write
10D0000
heap
page read and write
7FF887BBD000
trusted library allocation
page execute and read and write
11DE000
stack
page read and write
9D0000
heap
page read and write
1C3CC000
stack
page read and write
E64000
heap
page read and write
1AF02000
heap
page read and write
D10000
heap
page read and write
1B844000
stack
page read and write
2E6C000
trusted library allocation
page read and write
7FF887BB4000
trusted library allocation
page read and write
1B10C000
stack
page read and write
DD1000
heap
page read and write
D80000
trusted library allocation
page read and write
DCA000
heap
page read and write
2BCE000
trusted library allocation
page read and write
1200000
heap
page read and write
1B658000
stack
page read and write
1205000
heap
page read and write
7FF887CB0000
trusted library allocation
page execute and read and write
DE2000
heap
page read and write
7FF887BAD000
trusted library allocation
page execute and read and write
2E65000
trusted library allocation
page read and write
2E6E000
trusted library allocation
page read and write
2B81000
trusted library allocation
page read and write
1B740000
heap
page execute and read and write
119E000
stack
page read and write
7FF887D40000
trusted library allocation
page read and write
9F0000
heap
page read and write
DAC000
heap
page read and write
CF0000
heap
page read and write
7FF887BEC000
trusted library allocation
page execute and read and write
E0D000
heap
page read and write
1BFCE000
stack
page read and write
12B88000
trusted library allocation
page read and write
7FF4BC520000
trusted library allocation
page execute and read and write
2B70000
heap
page read and write
7FF887C40000
trusted library allocation
page read and write
1B94F000
stack
page read and write
1B545000
stack
page read and write
1B550000
heap
page read and write
CD0000
heap
page read and write
D70000
trusted library allocation
page read and write
7FF887BA2000
trusted library allocation
page read and write
DCF000
heap
page read and write
1B553000
heap
page read and write
12B81000
trusted library allocation
page read and write
D50000
trusted library allocation
page read and write
1BB50000
heap
page read and write
840000
unkown
page readonly
7FF887B94000
trusted library allocation
page read and write
1110000
heap
page execute and read and write
7FF887BB0000
trusted library allocation
page read and write
E13000
heap
page read and write
1C2CC000
stack
page read and write
7FF887C76000
trusted library allocation
page execute and read and write
1BBBA000
heap
page read and write
E62000
heap
page read and write
7FF887D30000
trusted library allocation
page read and write
9F5000
heap
page read and write
There are 74 hidden memdumps, click here to show them.