IOC Report
Installer.exe

FilesProcessesURLsDomainsIPsRegistryMemdumps21010010Label

Files

File Path
Type
Category
Malicious
Download
Installer.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
initial sample
malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Installer.exe_9469d890b41742d176746fc237efbae3532d795_8c4c92ab_08c18af6-0e99-4432-9209-5b51782a6310\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
malicious
C:\ProgramData\Microsoft\Windows\WER\Temp\WER54DC.tmp.dmp
Mini DuMP crash report, 15 streams, Sun Jan 26 14:59:01 2025, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER55A8.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5607.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Windows\appcompat\Programs\Amcache.hve
MS Windows registry file, NT/2000 or above
dropped

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\Installer.exe
"C:\Users\user\Desktop\Installer.exe"
malicious
C:\Users\user\Desktop\Installer.exe
"C:\Users\user\Desktop\Installer.exe"
malicious
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5660 -s 952

URLs

Name
IP
Malicious
https://guardeduppe.com/api
188.114.96.3
malicious
https://guardeduppe.com/apis;
unknown
http://upx.sf.net
unknown
https://guardeduppe.com/
unknown
https://guardeduppe.com/CC
unknown
https://guardeduppe.com/dow
unknown
https://guardeduppe.com/86)hw
unknown

Domains

Name
IP
Malicious
guardeduppe.com
188.114.96.3
malicious
immolatechallen.bond
unknown

IPs

IP
Domain
Country
Malicious
188.114.96.3
guardeduppe.com
European Union
malicious

Registry

Path
Value
Malicious
\REGISTRY\A\{f8d74e63-d35c-90c1-ce42-8a9b2319e814}\Root\InventoryApplicationFile\installer.exe|71770c98929fe6fb
ProgramId
\REGISTRY\A\{f8d74e63-d35c-90c1-ce42-8a9b2319e814}\Root\InventoryApplicationFile\installer.exe|71770c98929fe6fb
FileId
\REGISTRY\A\{f8d74e63-d35c-90c1-ce42-8a9b2319e814}\Root\InventoryApplicationFile\installer.exe|71770c98929fe6fb
LowerCaseLongPath
\REGISTRY\A\{f8d74e63-d35c-90c1-ce42-8a9b2319e814}\Root\InventoryApplicationFile\installer.exe|71770c98929fe6fb
LongPathHash
\REGISTRY\A\{f8d74e63-d35c-90c1-ce42-8a9b2319e814}\Root\InventoryApplicationFile\installer.exe|71770c98929fe6fb
Name
\REGISTRY\A\{f8d74e63-d35c-90c1-ce42-8a9b2319e814}\Root\InventoryApplicationFile\installer.exe|71770c98929fe6fb
OriginalFileName
\REGISTRY\A\{f8d74e63-d35c-90c1-ce42-8a9b2319e814}\Root\InventoryApplicationFile\installer.exe|71770c98929fe6fb
Publisher
\REGISTRY\A\{f8d74e63-d35c-90c1-ce42-8a9b2319e814}\Root\InventoryApplicationFile\installer.exe|71770c98929fe6fb
Version
\REGISTRY\A\{f8d74e63-d35c-90c1-ce42-8a9b2319e814}\Root\InventoryApplicationFile\installer.exe|71770c98929fe6fb
BinFileVersion
\REGISTRY\A\{f8d74e63-d35c-90c1-ce42-8a9b2319e814}\Root\InventoryApplicationFile\installer.exe|71770c98929fe6fb
BinaryType
\REGISTRY\A\{f8d74e63-d35c-90c1-ce42-8a9b2319e814}\Root\InventoryApplicationFile\installer.exe|71770c98929fe6fb
ProductName
\REGISTRY\A\{f8d74e63-d35c-90c1-ce42-8a9b2319e814}\Root\InventoryApplicationFile\installer.exe|71770c98929fe6fb
ProductVersion
\REGISTRY\A\{f8d74e63-d35c-90c1-ce42-8a9b2319e814}\Root\InventoryApplicationFile\installer.exe|71770c98929fe6fb
LinkDate
\REGISTRY\A\{f8d74e63-d35c-90c1-ce42-8a9b2319e814}\Root\InventoryApplicationFile\installer.exe|71770c98929fe6fb
BinProductVersion
\REGISTRY\A\{f8d74e63-d35c-90c1-ce42-8a9b2319e814}\Root\InventoryApplicationFile\installer.exe|71770c98929fe6fb
AppxPackageFullName
\REGISTRY\A\{f8d74e63-d35c-90c1-ce42-8a9b2319e814}\Root\InventoryApplicationFile\installer.exe|71770c98929fe6fb
AppxPackageRelativeId
\REGISTRY\A\{f8d74e63-d35c-90c1-ce42-8a9b2319e814}\Root\InventoryApplicationFile\installer.exe|71770c98929fe6fb
Size
\REGISTRY\A\{f8d74e63-d35c-90c1-ce42-8a9b2319e814}\Root\InventoryApplicationFile\installer.exe|71770c98929fe6fb
Language
\REGISTRY\A\{f8d74e63-d35c-90c1-ce42-8a9b2319e814}\Root\InventoryApplicationFile\installer.exe|71770c98929fe6fb
Usn
There are 9 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
Download
3F29000
trusted library allocation
page read and write
malicious
B22000
unkown
page readonly
malicious
15F2000
heap
page read and write
2F21000
trusted library allocation
page read and write
316E000
stack
page read and write
FA0000
heap
page read and write
14D0000
heap
page read and write
1174000
trusted library allocation
page read and write
2F1E000
stack
page read and write
11FE000
heap
page read and write
15DD000
heap
page read and write
1686000
heap
page read and write
1170000
trusted library allocation
page read and write
53B4000
trusted library allocation
page read and write
53F0000
trusted library allocation
page read and write
3F21000
trusted library allocation
page read and write
119A000
trusted library allocation
page execute and read and write
14EF000
stack
page read and write
3DFC000
trusted library allocation
page read and write
B5C000
unkown
page readonly
501E000
stack
page read and write
1180000
trusted library allocation
page read and write
10DB000
stack
page read and write
1580000
heap
page read and write
115E000
stack
page read and write
1197000
trusted library allocation
page execute and read and write
14CE000
stack
page read and write
1173000
trusted library allocation
page execute and read and write
1080000
heap
page read and write
1085000
heap
page read and write
1570000
trusted library allocation
page read and write
3E67000
trusted library allocation
page read and write
11A7000
trusted library allocation
page execute and read and write
3E52000
trusted library allocation
page read and write
3DD2000
trusted library allocation
page read and write
152E000
stack
page read and write
53C9000
trusted library allocation
page read and write
E3C000
stack
page read and write
3E0F000
trusted library allocation
page read and write
396E000
stack
page read and write
1225000
heap
page read and write
3220000
heap
page read and write
160A000
heap
page read and write
188E000
stack
page read and write
376D000
stack
page read and write
53A4000
trusted library allocation
page read and write
1190000
trusted library allocation
page read and write
1184000
trusted library allocation
page read and write
11AB000
trusted library allocation
page execute and read and write
366E000
stack
page read and write
1515000
heap
page read and write
321D000
stack
page read and write
3A6D000
stack
page read and write
B20000
unkown
page readonly
1160000
trusted library allocation
page read and write
5370000
trusted library allocation
page read and write
B58000
unkown
page readonly
5390000
trusted library allocation
page execute and read and write
11D0000
trusted library allocation
page execute and read and write
1670000
heap
page read and write
5362000
trusted library allocation
page read and write
156D000
stack
page read and write
386E000
stack
page read and write
53C6000
trusted library allocation
page read and write
3E73000
trusted library allocation
page read and write
53D5000
trusted library allocation
page read and write
1650000
heap
page read and write
3EBA000
trusted library allocation
page read and write
3E78000
trusted library allocation
page read and write
3ACE000
stack
page read and write
1510000
heap
page read and write
11E0000
trusted library allocation
page read and write
1090000
heap
page read and write
11DB000
stack
page read and write
2F2E000
trusted library allocation
page execute and read and write
40D0000
heap
page read and write
121C000
heap
page read and write
459000
remote allocation
page execute and read and write
1520000
heap
page read and write
3BCF000
stack
page read and write
11A0000
trusted library allocation
page read and write
1619000
heap
page read and write
198F000
stack
page read and write
128D000
heap
page read and write
5410000
heap
page execute and read and write
148E000
stack
page read and write
160D000
heap
page read and write
157D000
stack
page read and write
1234000
heap
page read and write
3C2E000
stack
page read and write
11C0000
trusted library allocation
page read and write
15EC000
heap
page read and write
1598000
trusted library allocation
page read and write
3D2F000
stack
page read and write
15C8000
heap
page read and write
1440000
heap
page read and write
111E000
stack
page read and write
3E6C000
trusted library allocation
page read and write
400000
remote allocation
page execute and read and write
31AE000
stack
page read and write
3ED0000
trusted library allocation
page read and write
11F0000
heap
page read and write
1297000
heap
page read and write
1668000
heap
page read and write
2F2F000
trusted library allocation
page read and write
1230000
heap
page read and write
F38000
stack
page read and write
1218000
heap
page read and write
3E71000
trusted library allocation
page read and write
15BD000
stack
page read and write
13EE000
stack
page read and write
1640000
heap
page execute and read and write
53E0000
trusted library allocation
page read and write
15C0000
heap
page read and write
12AB000
heap
page read and write
3DC0000
heap
page read and write
3E50000
trusted library allocation
page read and write
10D0000
heap
page read and write
11F8000
heap
page read and write
3E63000
trusted library allocation
page read and write
There are 110 hidden memdumps, click here to show them.