IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_b9723c8c59fbf3360dcec0a5a51ea489967c0_852b229c_5c24df66-f17b-4133-8eea-a3c476bb875c\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
 malicious
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDCE2.tmp.dmp
Mini DuMP crash report, 14 streams, Sun Oct 20 19:22:01 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDD31.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDD61.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Windows\appcompat\Programs\Amcache.hve
MS Windows registry file, NT/2000 or above
dropped

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
 malicious
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7772 -s 232

URLs

Name
IP
Malicious
http://upx.sf.net
unknown

Registry

Path
Value
Malicious
\REGISTRY\A\{b30dd461-e3af-fdb9-6837-b30bbfb11f58}\Root\InventoryApplicationFile\file.exe|43858f5a1c9fa22
ProgramId
 malicious
\REGISTRY\A\{b30dd461-e3af-fdb9-6837-b30bbfb11f58}\Root\InventoryApplicationFile\file.exe|43858f5a1c9fa22
FileId
 malicious
\REGISTRY\A\{b30dd461-e3af-fdb9-6837-b30bbfb11f58}\Root\InventoryApplicationFile\file.exe|43858f5a1c9fa22
LowerCaseLongPath
 malicious
\REGISTRY\A\{b30dd461-e3af-fdb9-6837-b30bbfb11f58}\Root\InventoryApplicationFile\file.exe|43858f5a1c9fa22
LongPathHash
 malicious
\REGISTRY\A\{b30dd461-e3af-fdb9-6837-b30bbfb11f58}\Root\InventoryApplicationFile\file.exe|43858f5a1c9fa22
Name
 malicious
\REGISTRY\A\{b30dd461-e3af-fdb9-6837-b30bbfb11f58}\Root\InventoryApplicationFile\file.exe|43858f5a1c9fa22
OriginalFileName
 malicious
\REGISTRY\A\{b30dd461-e3af-fdb9-6837-b30bbfb11f58}\Root\InventoryApplicationFile\file.exe|43858f5a1c9fa22
Publisher
 malicious
\REGISTRY\A\{b30dd461-e3af-fdb9-6837-b30bbfb11f58}\Root\InventoryApplicationFile\file.exe|43858f5a1c9fa22
Version
 malicious
\REGISTRY\A\{b30dd461-e3af-fdb9-6837-b30bbfb11f58}\Root\InventoryApplicationFile\file.exe|43858f5a1c9fa22
BinFileVersion
 malicious
\REGISTRY\A\{b30dd461-e3af-fdb9-6837-b30bbfb11f58}\Root\InventoryApplicationFile\file.exe|43858f5a1c9fa22
BinaryType
 malicious
\REGISTRY\A\{b30dd461-e3af-fdb9-6837-b30bbfb11f58}\Root\InventoryApplicationFile\file.exe|43858f5a1c9fa22
ProductName
 malicious
\REGISTRY\A\{b30dd461-e3af-fdb9-6837-b30bbfb11f58}\Root\InventoryApplicationFile\file.exe|43858f5a1c9fa22
ProductVersion
 malicious
\REGISTRY\A\{b30dd461-e3af-fdb9-6837-b30bbfb11f58}\Root\InventoryApplicationFile\file.exe|43858f5a1c9fa22
LinkDate
 malicious
\REGISTRY\A\{b30dd461-e3af-fdb9-6837-b30bbfb11f58}\Root\InventoryApplicationFile\file.exe|43858f5a1c9fa22
BinProductVersion
 malicious
\REGISTRY\A\{b30dd461-e3af-fdb9-6837-b30bbfb11f58}\Root\InventoryApplicationFile\file.exe|43858f5a1c9fa22
AppxPackageFullName
 malicious
\REGISTRY\A\{b30dd461-e3af-fdb9-6837-b30bbfb11f58}\Root\InventoryApplicationFile\file.exe|43858f5a1c9fa22
AppxPackageRelativeId
 malicious
\REGISTRY\A\{b30dd461-e3af-fdb9-6837-b30bbfb11f58}\Root\InventoryApplicationFile\file.exe|43858f5a1c9fa22
Size
 malicious
\REGISTRY\A\{b30dd461-e3af-fdb9-6837-b30bbfb11f58}\Root\InventoryApplicationFile\file.exe|43858f5a1c9fa22
Language
 malicious
\REGISTRY\A\{b30dd461-e3af-fdb9-6837-b30bbfb11f58}\Root\InventoryApplicationFile\file.exe|43858f5a1c9fa22
Usn
 malicious
There are 9 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
6C0000
heap
page read and write
7D0000
unkown
page readonly
9BD000
unkown
page execute and write copy
18C000
stack
page read and write
6CA000
heap
page read and write
830000
unkown
page execute and write copy
580000
heap
page read and write
1E0000
heap
page read and write
AC6000
unkown
page execute and write copy
830000
unkown
page execute and write copy
AC6000
unkown
page execute and write copy
7D0000
unkown
page readonly
9BD000
unkown
page execute and write copy
7D1000
unkown
page execute and write copy
6CE000
heap
page read and write
7D1000
unkown
page execute and write copy
4FD000
stack
page read and write
1F0000
heap
page read and write
There are 8 hidden memdumps, click here to show them.