IOC Report
2Nxwe78suT.exe

loading gif

Files

File Path
Type
Category
Malicious
2Nxwe78suT.exe
PE32 executable (console) Intel 80386, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Local\Temp\tmp.bmp
PC bitmap, Windows 3.x format, 1920 x 1080 x 24, image size 6220800, cbSize 6220854, bits offset 54
dropped
C:\Users\user\AppData\Roaming\time.dat
ASCII text, with no line terminators
modified

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\2Nxwe78suT.exe
"C:\Users\user\Desktop\2Nxwe78suT.exe"
 malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im mmc.exe /t
 malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c taskkill /f /im mmc.exe /t
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 67 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://t.me/shiro_SATA)
unknown
https://t.me/WalterBishop42)
unknown
https://t.me/madoneputain)
unknown
https://t.me/moonnight_god)
unknown
https://t.me/Britannique)
unknown
https://t.me/te1egram_usr)
unknown
https://t.me/doubleface_group
unknown
https://t.me/masturbateur)
unknown
https://t.me/tcpsnow)
unknown
https://t.me/tombezyy)
unknown

Domains

Name
IP
Malicious
206.23.85.13.in-addr.arpa
unknown

Memdumps

Base Address
Regiontype
Protect
Malicious
C57000
heap
page read and write
430000
unkown
page readonly
C21000
heap
page read and write
421000
unkown
page readonly
C48000
heap
page read and write
A1C000
unkown
page readonly
401000
unkown
page execute read
400000
unkown
page readonly
C2E000
heap
page read and write
429000
unkown
page write copy
C22000
heap
page read and write
C27000
heap
page read and write
430000
unkown
page readonly
C25000
heap
page read and write
C25000
heap
page read and write
There are 5 hidden memdumps, click here to show them.