IOC Report
Factura 1-2501377.exe

loading gifFilesProcessesURLsDomainsIPsRegistryMemdumps4321010010Label

Files

File Path
Type
Category
Malicious
Download
Factura 1-2501377.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Factura 1-2501377.exe.log
ASCII text, with CRLF line terminators
dropped
 malicious

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\Factura 1-2501377.exe
"C:\Users\user\Desktop\Factura 1-2501377.exe"
 malicious
C:\Users\user\Desktop\Factura 1-2501377.exe
"C:\Users\user\Desktop\Factura 1-2501377.exe"
 malicious
C:\Users\user\Desktop\Factura 1-2501377.exe
"C:\Users\user\Desktop\Factura 1-2501377.exe"
 malicious
C:\Users\user\Desktop\Factura 1-2501377.exe
"C:\Users\user\Desktop\Factura 1-2501377.exe"
 malicious

URLs

Name
IP
Malicious
https://www.office.com/
unknown
https://duckduckgo.com/ac/?q=
unknown
https://api.telegram.org
unknown
https://chrome.google.com/webstore?hl=enlBDr
unknown
https://api.telegram.org/bot
unknown
https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:841618%0D%0ADate%20and%20Time:%2028/03/2025%20/%2021:04:31%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20841618%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D
149.154.167.220
http://www.microsoft.co
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
https://ac.ecosia.org?q=
unknown
http://checkip.dyndns.org
unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
unknown
https://chrome.google.com/webstore?hl=en4
unknown
https://reallyfreegeoip.org/xml/45.92.229.138$
unknown
https://api.telegram.org/bot/sendMessage?chat_id=&text=
unknown
https://chrome.google.com/webstore?hl=en
unknown
http://varders.kozow.com:8081
unknown
https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:841618%0D%0ADate%20a
unknown
http://aborters.duckdns.org:8081
unknown
https://www.google.com/images/branding/product/ico/googleg_alldp.ico
unknown
https://www.ecosia.org/newtab/v20w
unknown
http://checkip.dyndns.org/
132.226.8.169
https://www.office.com/4
unknown
http://webmail.mupa.com.tr
unknown
http://51.38.247.67:8081/_send_.php?L
unknown
http://anotherarmy.dns.army:8081
unknown
https://duckduckgo.com/chrome_newtabv20
unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
unknown
http://checkip.dyndns.org/q
unknown
https://reallyfreegeoip.org
unknown
https://reallyfreegeoip.org/xml/45.92.229.138
104.21.32.1
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
unknown
https://gemini.google.com/app?q=
unknown
https://www.office.com/lBDr
unknown
http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded
unknown
https://reallyfreegeoip.org/xml/
unknown
There are 26 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
webmail.mupa.com.tr
94.199.205.104
 malicious
reallyfreegeoip.org
104.21.32.1
api.telegram.org
149.154.167.220
checkip.dyndns.com
132.226.8.169
checkip.dyndns.org
unknown

IPs

IP
Domain
Country
Malicious
94.199.205.104
webmail.mupa.com.tr
Turkey
malicious
132.226.8.169
checkip.dyndns.com
United States
149.154.167.220
api.telegram.org
United Kingdom
104.21.32.1
reallyfreegeoip.org
United States

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Factura 1-2501377_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Factura 1-2501377_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Factura 1-2501377_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Factura 1-2501377_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Factura 1-2501377_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Factura 1-2501377_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Factura 1-2501377_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Factura 1-2501377_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Factura 1-2501377_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Factura 1-2501377_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Factura 1-2501377_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Factura 1-2501377_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Factura 1-2501377_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Factura 1-2501377_RASMANCS
FileDirectory
There are 5 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
Download
3021000
trusted library allocation
page read and write
 malicious
46D9000
trusted library allocation
page read and write
 malicious
402000
remote allocation
page execute and read and write
 malicious
592E000
stack
page read and write
6D50000
trusted library allocation
page read and write
7950000
trusted library section
page read and write
5400000
trusted library allocation
page read and write
2ED0000
heap
page read and write
5760000
trusted library allocation
page read and write
30D3000
trusted library allocation
page read and write
2ECE000
stack
page read and write
1223000
trusted library allocation
page read and write
677E000
stack
page read and write
4323000
trusted library allocation
page read and write
79F0000
trusted library allocation
page execute and read and write
59F0000
trusted library section
page readonly
5A00000
trusted library allocation
page execute and read and write
4289000
trusted library allocation
page read and write
7384000
heap
page read and write
54A0000
heap
page read and write
43FE000
trusted library allocation
page read and write
5AB0000
trusted library allocation
page execute and read and write
6196000
heap
page read and write
7370000
heap
page read and write
687E000
stack
page read and write
32A9000
trusted library allocation
page read and write
4021000
trusted library allocation
page read and write
61BA000
heap
page read and write
2F1A000
trusted library allocation
page read and write
7572000
trusted library allocation
page read and write
10E0000
trusted library allocation
page read and write
B92000
unkown
page readonly
1620000
heap
page read and write
6ABE000
stack
page read and write
2E90000
heap
page execute and read and write
548D000
trusted library allocation
page read and write
4049000
trusted library allocation
page read and write
4132000
trusted library allocation
page read and write
4302000
trusted library allocation
page read and write
336F000
trusted library allocation
page read and write
155E000
stack
page read and write
143A000
trusted library allocation
page execute and read and write
308A000
trusted library allocation
page read and write
31D9000
trusted library allocation
page read and write
31DF000
trusted library allocation
page read and write
5500000
heap
page read and write
1447000
trusted library allocation
page execute and read and write
55E0000
heap
page read and write
3348000
trusted library allocation
page read and write
59D0000
trusted library section
page read and write
3287000
trusted library allocation
page read and write
B5AE000
stack
page read and write
422A000
trusted library allocation
page read and write
10F0000
heap
page read and write
3233000
trusted library allocation
page read and write
3343000
trusted library allocation
page read and write
40B8000
trusted library allocation
page read and write
59B0000
trusted library allocation
page read and write
B7EE000
stack
page read and write
12D4000
heap
page read and write
31A8000
trusted library allocation
page read and write
1414000
trusted library allocation
page read and write
2E80000
trusted library allocation
page read and write
333A000
trusted library allocation
page read and write
2E74000
trusted library allocation
page read and write
5420000
trusted library allocation
page read and write
1214000
trusted library allocation
page read and write
5520000
trusted library allocation
page read and write
6D35000
trusted library allocation
page read and write
1400000
trusted library allocation
page read and write
31B3000
trusted library allocation
page read and write
3106000
trusted library allocation
page read and write
6C40000
trusted library allocation
page execute and read and write
B92E000
stack
page read and write
4258000
trusted library allocation
page read and write
7B3E000
stack
page read and write
6BFE000
stack
page read and write
1560000
trusted library allocation
page read and write
6CD0000
trusted library allocation
page read and write
6654000
heap
page read and write
53F2000
trusted library allocation
page read and write
12D0000
heap
page read and write
1450000
heap
page read and write
4354000
trusted library allocation
page read and write
32DD000
trusted library allocation
page read and write
6682000
heap
page read and write
546E000
trusted library allocation
page read and write
400000
remote allocation
page execute and read and write
30CF000
trusted library allocation
page read and write
122D000
trusted library allocation
page execute and read and write
42A1000
trusted library allocation
page read and write
42EB000
trusted library allocation
page read and write
409F000
trusted library allocation
page read and write
53CB000
trusted library allocation
page read and write
1532000
trusted library allocation
page read and write
3096000
trusted library allocation
page read and write
618C000
heap
page read and write
5486000
trusted library allocation
page read and write
142D000
trusted library allocation
page execute and read and write
429C000
trusted library allocation
page read and write
4451000
trusted library allocation
page read and write
6C20000
trusted library allocation
page read and write
1136000
heap
page read and write
121D000
trusted library allocation
page execute and read and write
593E000
trusted library allocation
page read and write
111E000
heap
page read and write
59C5000
heap
page read and write
5A80000
heap
page read and write
553A000
trusted library allocation
page read and write
6D32000
trusted library allocation
page read and write
617C000
heap
page read and write
4087000
trusted library allocation
page read and write
142E000
stack
page read and write
1040000
heap
page read and write
417A000
trusted library allocation
page read and write
1213000
trusted library allocation
page execute and read and write
506C000
stack
page read and write
5930000
trusted library allocation
page read and write
3331000
trusted library allocation
page read and write
1436000
trusted library allocation
page execute and read and write
433C000
trusted library allocation
page read and write
2DD8000
trusted library allocation
page read and write
DD7000
stack
page read and write
3ED9000
trusted library allocation
page read and write
123E000
heap
page read and write
4426000
trusted library allocation
page read and write
54F0000
trusted library allocation
page read and write
6D80000
trusted library allocation
page execute and read and write
42F0000
trusted library allocation
page read and write
3092000
trusted library allocation
page read and write
1108000
heap
page read and write
1570000
trusted library allocation
page read and write
6D70000
trusted library allocation
page read and write
62A7000
heap
page read and write
54C0000
trusted library allocation
page read and write
1220000
trusted library allocation
page read and write
5481000
trusted library allocation
page read and write
10D0000
heap
page read and write
1442000
trusted library allocation
page read and write
1129000
heap
page read and write
31E4000
trusted library allocation
page read and write
1610000
heap
page read and write
4331000
trusted library allocation
page read and write
6A7E000
stack
page read and write
1620000
heap
page read and write
1230000
heap
page read and write
6AFE000
stack
page read and write
4380000
trusted library allocation
page read and write
1600000
trusted library allocation
page execute and read and write
6CE0000
trusted library allocation
page execute and read and write
59BE000
stack
page read and write
653E000
stack
page read and write
B6EE000
stack
page read and write
40A1000
trusted library allocation
page read and write
1600000
heap
page execute and read and write
1540000
trusted library allocation
page read and write
3372000
trusted library allocation
page read and write
B90000
unkown
page readonly
2EA0000
trusted library allocation
page read and write
10A0000
heap
page read and write
5770000
trusted library allocation
page read and write
54DA000
trusted library allocation
page read and write
68BD000
stack
page read and write
7A3E000
stack
page read and write
6C30000
trusted library allocation
page execute and read and write
4347000
trusted library allocation
page read and write
53DE000
trusted library allocation
page read and write
109E000
stack
page read and write
6C60000
trusted library allocation
page execute and read and write
3297000
trusted library allocation
page read and write
42F6000
trusted library allocation
page read and write
5460000
trusted library allocation
page read and write
6D60000
trusted library allocation
page read and write
31D0000
trusted library allocation
page read and write
53B0000
trusted library allocation
page read and write
1410000
trusted library allocation
page read and write
3227000
trusted library allocation
page read and write
4089000
trusted library allocation
page read and write
6D30000
trusted library allocation
page read and write
120E000
stack
page read and write
5780000
heap
page read and write
1133000
heap
page read and write
1050000
heap
page read and write
2ED1000
trusted library allocation
page read and write
53C4000
trusted library allocation
page read and write
30CB000
trusted library allocation
page read and write
337D000
trusted library allocation
page read and write
68FF000
stack
page read and write
11C4000
heap
page read and write
4274000
trusted library allocation
page read and write
7240000
heap
page read and write
6C50000
trusted library allocation
page execute and read and write
30C7000
trusted library allocation
page read and write
41AC000
trusted library allocation
page read and write
6CF6000
trusted library allocation
page read and write
5534000
trusted library allocation
page read and write
336A000
trusted library allocation
page read and write
576B000
stack
page read and write
1430000
trusted library allocation
page read and write
10FE000
stack
page read and write
1536000
trusted library allocation
page execute and read and write
2ED3000
heap
page read and write
32CA000
trusted library allocation
page read and write
411C000
trusted library allocation
page read and write
CDA000
stack
page read and write
5425000
trusted library allocation
page read and write
6170000
heap
page read and write
15AE000
stack
page read and write
511E000
stack
page read and write
5536000
trusted library allocation
page read and write
3338000
trusted library allocation
page read and write
7D50000
heap
page read and write
53E6000
trusted library allocation
page read and write
1547000
trusted library allocation
page execute and read and write
1440000
trusted library allocation
page read and write
430E000
trusted library allocation
page read and write
13CE000
stack
page read and write
DE7000
stack
page read and write
2F10000
heap
page read and write
30BF000
trusted library allocation
page read and write
59AE000
stack
page read and write
2F25000
trusted library allocation
page read and write
15FC000
stack
page read and write
152E000
stack
page read and write
53ED000
trusted library allocation
page read and write
54D0000
trusted library allocation
page read and write
144B000
trusted library allocation
page execute and read and write
6280000
heap
page read and write
33A0000
trusted library allocation
page read and write
6D57000
trusted library allocation
page read and write
59C0000
heap
page read and write
328D000
trusted library allocation
page read and write
54C2000
trusted library allocation
page read and write
32D7000
trusted library allocation
page read and write
414E000
trusted library allocation
page read and write
4454000
trusted library allocation
page read and write
1258000
heap
page read and write
1273000
heap
page read and write
15BE000
stack
page read and write
2E70000
trusted library allocation
page read and write
330D000
trusted library allocation
page read and write
3ED1000
trusted library allocation
page read and write
5AA0000
trusted library allocation
page read and write
5503000
heap
page read and write
1445000
trusted library allocation
page execute and read and write
30C3000
trusted library allocation
page read and write
116A000
heap
page read and write
1210000
trusted library allocation
page read and write
32A5000
trusted library allocation
page read and write
693E000
stack
page read and write
6A3E000
stack
page read and write
31D5000
trusted library allocation
page read and write
41C2000
trusted library allocation
page read and write
1432000
trusted library allocation
page read and write
6194000
heap
page read and write
307C000
trusted library allocation
page read and write
306F000
trusted library allocation
page read and write
4ED8000
trusted library allocation
page read and write
616E000
stack
page read and write
40BA000
trusted library allocation
page read and write
5950000
heap
page read and write
30D7000
trusted library allocation
page read and write
153A000
trusted library allocation
page execute and read and write
5466000
trusted library allocation
page read and write
5410000
trusted library allocation
page read and write
54DD000
stack
page read and write
30DB000
trusted library allocation
page read and write
6180000
heap
page read and write
10B0000
heap
page read and write
5490000
heap
page execute and read and write
446000
remote allocation
page execute and read and write
3374000
trusted library allocation
page read and write
6270000
heap
page read and write
1542000
trusted library allocation
page read and write
31AE000
trusted library allocation
page read and write
154B000
trusted library allocation
page execute and read and write
3379000
trusted library allocation
page read and write
1100000
heap
page read and write
312A000
trusted library allocation
page read and write
1270000
heap
page read and write
547E000
trusted library allocation
page read and write
6C00000
trusted library allocation
page read and write
4413000
trusted library allocation
page read and write
15F0000
trusted library allocation
page execute and read and write
5A90000
trusted library allocation
page read and write
32A0000
trusted library allocation
page read and write
CEA000
stack
page read and write
4308000
trusted library allocation
page read and write
30DF000
trusted library allocation
page read and write
5492000
trusted library allocation
page read and write
6DB0000
heap
page read and write
2F27000
trusted library allocation
page read and write
6CC0000
trusted library allocation
page read and write
6C10000
trusted library allocation
page execute and read and write
547A000
trusted library allocation
page read and write
53C0000
trusted library allocation
page read and write
53E1000
trusted library allocation
page read and write
3087000
trusted library allocation
page read and write
109E000
stack
page read and write
1420000
trusted library allocation
page read and write
546B000
trusted library allocation
page read and write
6D24000
trusted library allocation
page read and write
1610000
trusted library allocation
page read and write
1413000
trusted library allocation
page execute and read and write
6640000
heap
page read and write
1530000
trusted library allocation
page read and write
54B0000
trusted library allocation
page execute and read and write
42FD000
trusted library allocation
page read and write
B6AE000
stack
page read and write
15EB000
stack
page read and write
79E0000
trusted library allocation
page read and write
301F000
stack
page read and write
2FD6000
trusted library allocation
page read and write
31A4000
trusted library allocation
page read and write
309A000
trusted library allocation
page read and write
B82E000
stack
page read and write
320F000
trusted library allocation
page read and write
5430000
trusted library allocation
page read and write
663E000
stack
page read and write
4255000
trusted library allocation
page read and write
12F6000
heap
page read and write
32D0000
trusted library allocation
page read and write
576D000
trusted library allocation
page read and write
5460000
trusted library allocation
page read and write
141D000
trusted library allocation
page execute and read and write
4318000
trusted library allocation
page read and write
1265000
heap
page read and write
319F000
trusted library allocation
page read and write
162A000
heap
page read and write
1050000
heap
page read and write
5710000
trusted library allocation
page execute and read and write
3282000
trusted library allocation
page read and write
5770000
heap
page execute and read and write
123A000
heap
page read and write
6D40000
trusted library allocation
page read and write
There are 325 hidden memdumps, click here to show them.