Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Marys Organizer 2023 Release.zip
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\build.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\96LGQ1XY\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GO30WR0E\json[1].json
|
JSON data
|
dropped
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
privmerkt.com
|
172.111.163.227
|
|
|
|
nwemarkets.com
|
45.74.48.2
|
|
|
|
geoplugin.net
|
178.237.33.50
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
172.111.163.227
|
privmerkt.com
|
United States
|
|
|
|
45.74.48.2
|
nwemarkets.com
|
United States
|
|
|
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|