IOC Report
Justificante.exe

loading gif

Files

File Path
Type
Category
Malicious
Justificante.exe
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
initial sample
malicious
C:\Users\user\AppData\Local\Temp\Apathism.exe
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
dropped
malicious
C:\Users\user\AppData\Local\Temp\Apathism.exe:Zone.Identifier
ASCII text, with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Local\unavailability\unmeliorated\Daredeviltry.Unw
ASCII text, with very long lines (2987), with CRLF, LF line terminators
dropped
malicious
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
data
modified
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0cdouox1.21r.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1i3ohep2.drq.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_corb1isq.y35.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hu4erstn.av2.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\nsr6B3A.tmp
data
dropped
C:\Users\user\AppData\Local\unavailability\unmeliorated\Clathrarian.kaj
data
dropped
C:\Users\user\AppData\Local\unavailability\unmeliorated\Organisationsmeddelelses\Konfronteringer\minimummets.und
data
dropped
C:\Users\user\AppData\Local\unavailability\unmeliorated\Organisationsmeddelelses\Konfronteringer\nedsalt.emp
data
dropped
C:\Users\user\AppData\Local\unavailability\unmeliorated\Organisationsmeddelelses\Konfronteringer\overgangsperioder.kon
data
dropped
C:\Users\user\AppData\Local\unavailability\unmeliorated\Organisationsmeddelelses\Konfronteringer\plasmopara.hot
data
dropped
C:\Users\user\AppData\Local\unavailability\unmeliorated\Organisationsmeddelelses\Konfronteringer\sciatic.mol
data
dropped
C:\Users\user\AppData\Local\unavailability\unmeliorated\Organisationsmeddelelses\hungerroot.ord
DIY-Thermocam raw data (Lepton 2.x), scale 116-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 0.000000, slope 128.000000
dropped
C:\Users\user\AppData\Local\unavailability\unmeliorated\Pengenden142.txt
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\unavailability\unmeliorated\smidiggrelsen.Oec
data
dropped
There are 9 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\Justificante.exe
"C:\Users\user\Desktop\Justificante.exe"
malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" -windowstyle hidden "$Florsukkeres=Get-Content -raw 'C:\Users\user\AppData\Local\unavailability\unmeliorated\Daredeviltry.Unw';$duncedom=$Florsukkeres.SubString(5663,3);.$duncedom($Florsukkeres)
malicious
C:\Users\user\AppData\Local\Temp\Apathism.exe
"C:\Users\user\AppData\Local\Temp\Apathism.exe"
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

URLs

Name
IP
Malicious
https://www.google.com
unknown
http://nuget.org/NuGet.exe
unknown
http://pesterbdd.com/images/Pester.png
unknown
https://aka.ms/pscore6lB
unknown
http://www.apache.org/licenses/LICENSE-2.0.html
unknown
https://drive.google.com/
unknown
https://contoso.com/
unknown
https://nuget.org/nuget.exe
unknown
https://contoso.com/License
unknown
https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
unknown
https://contoso.com/Icon
unknown
http://www.ftp.ftp://ftp.gopher.
unknown
https://drive.usercontent.google.com/
unknown
https://apis.google.com
unknown
http://nsis.sf.net/NSIS_ErrorError
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
https://github.com/Pester/Pester
unknown
There are 7 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
drive.google.com
142.250.184.238
drive.usercontent.google.com
142.250.186.97

IPs

IP
Domain
Country
Malicious
142.250.184.238
drive.google.com
United States
142.250.186.97
drive.usercontent.google.com
United States

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
{BD84B380-8CA2-1069-AB1D-08000948F534} {000214E6-0000-0000-C000-000000000046} 0xFFFF
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
@fontext.dll,-8007

Memdumps

Base Address
Regiontype
Protect
Malicious
D563000
direct allocation
page execute and read and write
malicious
21F90000
direct allocation
page read and write
malicious
4A33000
remote allocation
page execute and read and write
66F0000
heap
page execute and read and write
7EBE000
stack
page read and write
640000
direct allocation
page read and write
6D2D000
heap
page read and write
669D000
heap
page read and write
700E000
stack
page read and write
6D1D000
heap
page read and write
7C20000
heap
page read and write
55B000
heap
page read and write
930000
heap
page read and write
2808000
heap
page read and write
66B5000
heap
page read and write
44E8000
trusted library allocation
page read and write
80CC000
heap
page read and write
879000
trusted library allocation
page read and write
3430000
heap
page read and write
A80000
trusted library allocation
page execute and read and write
216D0000
direct allocation
page read and write
7CA5000
trusted library allocation
page read and write
66FE000
heap
page read and write
460000
unkown
page readonly
3100000
heap
page read and write
3237000
heap
page read and write
5B6000
heap
page read and write
895000
trusted library allocation
page execute and read and write
6640000
heap
page read and write
22429000
direct allocation
page execute and read and write
21FE0000
direct allocation
page read and write
4033000
remote allocation
page execute and read and write
23B0000
heap
page read and write
5E33000
remote allocation
page execute and read and write
555000
heap
page read and write
7140000
trusted library allocation
page read and write
311E000
heap
page read and write
567000
heap
page read and write
890000
trusted library allocation
page read and write
7100000
trusted library allocation
page read and write
7B60000
trusted library allocation
page execute and read and write
21700000
direct allocation
page read and write
790000
direct allocation
page read and write
6F20000
trusted library allocation
page read and write
1660000
remote allocation
page execute and read and write
7EC0000
trusted library allocation
page read and write
408000
unkown
page readonly
5433000
remote allocation
page execute and read and write
626000
unkown
page execute read
7F99000
heap
page read and write
33B6000
heap
page read and write
21B4D000
stack
page read and write
4D00000
trusted library allocation
page read and write
9E0000
heap
page read and write
66ED000
heap
page read and write
82E000
stack
page read and write
7F95000
heap
page read and write
CB63000
direct allocation
page execute and read and write
3221000
heap
page read and write
7DB0000
trusted library allocation
page read and write
7D00000
trusted library allocation
page read and write
2C33000
remote allocation
page execute and read and write
3139000
heap
page read and write
7130000
trusted library allocation
page read and write
66D8000
heap
page read and write
2242D000
direct allocation
page execute and read and write
401000
unkown
page execute read
21E8E000
stack
page read and write
66AD000
heap
page read and write
5FE000
heap
page read and write
66FE000
heap
page read and write
21CC0000
heap
page read and write
864000
trusted library allocation
page read and write
6D00000
heap
page read and write
3141000
heap
page read and write
A9C000
heap
page read and write
40A000
unkown
page write copy
400000
unkown
page readonly
8160000
trusted library allocation
page execute and read and write
81A0000
direct allocation
page execute and read and write
5E4000
unkown
page execute read
22275000
heap
page read and write
21E3F000
stack
page read and write
59E000
heap
page read and write
7B70000
trusted library allocation
page read and write
3178000
heap
page read and write
233F000
stack
page read and write
6470000
heap
page read and write
7F8D000
heap
page read and write
669D000
heap
page read and write
8D90000
direct allocation
page execute and read and write
98E000
stack
page read and write
66A6000
heap
page read and write
5EA000
unkown
page execute read
66AC000
heap
page read and write
70000
heap
page read and write
725000
heap
page read and write
40A000
unkown
page read and write
19A000
stack
page read and write
690000
heap
page read and write
5F6000
heap
page read and write
66F4000
heap
page read and write
3178000
heap
page read and write
1833000
remote allocation
page execute and read and write
665F000
stack
page read and write
4610000
heap
page execute and read and write
4CF0000
heap
page read and write
94000
stack
page read and write
3510000
heap
page read and write
7FE8000
heap
page read and write
6F30000
trusted library allocation
page read and write
8020000
heap
page read and write
7110000
trusted library allocation
page read and write
6648000
heap
page read and write
66FE000
heap
page read and write
43C000
stack
page read and write
453C000
stack
page read and write
5832000
trusted library allocation
page read and write
66AC000
heap
page read and write
21CBF000
stack
page read and write
A9C000
heap
page read and write
225CD000
direct allocation
page execute and read and write
850000
trusted library allocation
page read and write
616000
heap
page read and write
9E4000
heap
page read and write
22279000
heap
page read and write
7120000
trusted library allocation
page read and write
3101000
heap
page read and write
3231000
heap
page read and write
6800000
direct allocation
page read and write
5A7000
heap
page read and write
216F0000
direct allocation
page read and write
71BB000
stack
page read and write
21DC0000
remote allocation
page read and write
317C000
heap
page read and write
3185000
heap
page read and write
6CD7000
trusted library allocation
page read and write
649000
unkown
page execute read
67D0000
direct allocation
page read and write
6FCE000
stack
page read and write
21FE0000
direct allocation
page read and write
21DC0000
remote allocation
page read and write
4681000
trusted library allocation
page read and write
225D1000
direct allocation
page execute and read and write
5EA000
heap
page read and write
434000
unkown
page read and write
66F5000
heap
page execute and read and write
80A5000
heap
page read and write
5645000
trusted library allocation
page read and write
5EE000
unkown
page execute read
669E000
stack
page read and write
840000
trusted library section
page read and write
3246000
heap
page read and write
66FE000
heap
page read and write
408000
unkown
page readonly
21FE0000
direct allocation
page read and write
6780000
direct allocation
page read and write
72E000
heap
page read and write
21BCE000
stack
page read and write
6692000
heap
page read and write
5E6000
unkown
page execute read
3239000
heap
page read and write
21D5E000
stack
page read and write
610000
heap
page read and write
810000
heap
page read and write
401000
unkown
page execute read
7BF0000
heap
page read and write
547000
heap
page read and write
7EF0000
trusted library allocation
page execute and read and write
6F80000
trusted library allocation
page read and write
6B8E000
stack
page read and write
400000
unkown
page readonly
5A5000
heap
page read and write
80FA000
heap
page read and write
21ACE000
stack
page read and write
92F000
stack
page read and write
5649000
trusted library allocation
page read and write
56D000
heap
page read and write
66D9000
heap
page read and write
5631000
trusted library allocation
page read and write
863000
trusted library allocation
page execute and read and write
67E0000
direct allocation
page read and write
8F63000
direct allocation
page execute and read and write
460000
unkown
page readonly
311B000
heap
page read and write
5EF000
heap
page read and write
66EA000
heap
page read and write
222EA000
heap
page read and write
57C8000
trusted library allocation
page read and write
3224000
heap
page read and write
7090000
trusted library allocation
page read and write
70C0000
trusted library allocation
page read and write
860000
trusted library allocation
page read and write
7F3A8000
trusted library allocation
page execute and read and write
216E0000
direct allocation
page read and write
5F0000
direct allocation
page read and write
808F000
heap
page read and write
650000
direct allocation
page read and write
6520000
heap
page read and write
86D000
trusted library allocation
page execute and read and write
615000
heap
page read and write
3633000
remote allocation
page execute and read and write
21FE0000
direct allocation
page read and write
6693000
heap
page read and write
5E0000
direct allocation
page read and write
5DD000
heap
page read and write
67E0000
direct allocation
page read and write
7F390000
trusted library allocation
page execute and read and write
317E000
heap
page read and write
708D000
stack
page read and write
7B80000
trusted library allocation
page read and write
27FF000
stack
page read and write
67B0000
direct allocation
page read and write
6525000
heap
page read and write
53F000
heap
page read and write
7EF000
stack
page read and write
7160000
trusted library allocation
page read and write
2233000
remote allocation
page execute and read and write
8990000
heap
page read and write
6810000
heap
page read and write
66ED000
heap
page read and write
7F60000
heap
page read and write
5E9000
heap
page read and write
70B0000
trusted library allocation
page read and write
7F91000
heap
page read and write
C163000
direct allocation
page execute and read and write
620000
direct allocation
page read and write
67C0000
direct allocation
page read and write
508000
heap
page read and write
830000
trusted library section
page read and write
591000
heap
page read and write
322F000
heap
page read and write
70F0000
trusted library allocation
page read and write
7F64000
heap
page read and write
3246000
heap
page read and write
704E000
stack
page read and write
457D000
stack
page read and write
3390000
heap
page read and write
7B50000
heap
page read and write
80E8000
heap
page read and write
7A0000
direct allocation
page read and write
400000
unkown
page readonly
8DA000
heap
page read and write
7F10000
trusted library allocation
page read and write
5C4000
heap
page read and write
170000
direct allocation
page read and write
4580000
trusted library allocation
page read and write
4777000
trusted library allocation
page read and write
A70000
heap
page readonly
7ED0000
trusted library allocation
page read and write
A363000
direct allocation
page execute and read and write
57C3000
trusted library allocation
page read and write
3220000
heap
page read and write
324B000
heap
page read and write
3178000
heap
page read and write
460000
unkown
page readonly
573000
heap
page read and write
71000
heap
page read and write
3239000
heap
page read and write
6E21000
heap
page read and write
311E000
heap
page read and write
668B000
heap
page read and write
45DE000
stack
page read and write
A95000
heap
page read and write
21F90000
direct allocation
page read and write
8006000
heap
page read and write
5621000
trusted library allocation
page read and write
8B7000
heap
page read and write
8C0000
trusted library allocation
page read and write
7CD0000
trusted library allocation
page read and write
6F10000
trusted library allocation
page read and write
40A000
unkown
page write copy
317C000
heap
page read and write
5CB000
heap
page read and write
3237000
heap
page read and write
6D5E000
heap
page read and write
21C7E000
stack
page read and write
70E0000
trusted library allocation
page read and write
3239000
heap
page read and write
5684000
trusted library allocation
page read and write
56B000
heap
page read and write
64BE000
stack
page read and write
57F000
heap
page read and write
677F000
stack
page read and write
21B0F000
stack
page read and write
6BCE000
stack
page read and write
408000
unkown
page readonly
67A0000
direct allocation
page read and write
88A000
trusted library allocation
page execute and read and write
7B0000
direct allocation
page read and write
B763000
direct allocation
page execute and read and write
7C0000
direct allocation
page read and write
6C9000
heap
page read and write
422000
unkown
page read and write
663E000
stack
page read and write
66D8000
heap
page read and write
21D1E000
stack
page read and write
70A0000
trusted library allocation
page execute and read and write
448E000
stack
page read and write
67D0000
direct allocation
page read and write
7F80000
heap
page read and write
7B44000
stack
page read and write
6527000
heap
page read and write
3178000
heap
page read and write
677E000
stack
page read and write
6DD0000
heap
page read and write
7150000
trusted library allocation
page read and write
4D0000
heap
page read and write
480000
heap
page read and write
6CF0000
heap
page execute and read and write
500000
heap
page read and write
6A50000
heap
page read and write
A9D000
heap
page read and write
5AA000
heap
page read and write
21DC0000
remote allocation
page read and write
7CE0000
trusted library allocation
page read and write
698000
heap
page read and write
44CF000
stack
page read and write
3237000
heap
page read and write
170000
direct allocation
page read and write
3178000
heap
page read and write
7C10000
trusted library allocation
page read and write
600000
direct allocation
page read and write
894E000
stack
page read and write
478000
stack
page read and write
630000
direct allocation
page read and write
66F4000
heap
page read and write
6500000
heap
page read and write
7CF0000
trusted library allocation
page read and write
21F8D000
stack
page read and write
5CA000
heap
page read and write
7170000
trusted library allocation
page read and write
7F00000
trusted library allocation
page read and write
5A1000
heap
page read and write
6CD0000
trusted library allocation
page read and write
5EF000
heap
page read and write
3246000
heap
page read and write
2249E000
direct allocation
page execute and read and write
33B0000
heap
page read and write
8180000
trusted library allocation
page execute and read and write
5D0000
direct allocation
page read and write
22642000
direct allocation
page execute and read and write
64FF000
stack
page read and write
4F0000
heap
page read and write
6683000
heap
page read and write
4CE000
stack
page read and write
66FE000
heap
page read and write
401000
unkown
page execute read
66B0000
heap
page read and write
8170000
trusted library allocation
page execute and read and write
7F62000
heap
page read and write
A70000
heap
page read and write
5D2000
heap
page read and write
66D8000
heap
page read and write
A80000
heap
page read and write
5F0000
unkown
page execute read
59D000
heap
page read and write
5EC000
unkown
page execute read
543000
heap
page read and write
70D0000
trusted library allocation
page read and write
668C000
heap
page read and write
8D0000
heap
page read and write
66B0000
heap
page read and write
6F40000
trusted library allocation
page read and write
5E8000
unkown
page execute read
9963000
direct allocation
page execute and read and write
3500000
heap
page read and write
3148000
heap
page read and write
673E000
stack
page read and write
576000
heap
page read and write
6790000
direct allocation
page read and write
5A6000
heap
page read and write
8B0000
heap
page read and write
668B000
heap
page read and write
427000
unkown
page read and write
806D000
heap
page read and write
66DB000
stack
page read and write
8047000
heap
page read and write
21710000
direct allocation
page read and write
3239000
heap
page read and write
21DFE000
stack
page read and write
7E7E000
stack
page read and write
898E000
stack
page read and write
9CE000
stack
page read and write
401000
unkown
page execute read
324B000
heap
page read and write
4621000
trusted library allocation
page read and write
3246000
heap
page read and write
3185000
heap
page read and write
7FEC000
heap
page read and write
3185000
heap
page read and write
7C6E000
stack
page read and write
66B4000
heap
page read and write
21C0E000
stack
page read and write
66B1000
heap
page read and write
870000
trusted library allocation
page read and write
892000
trusted library allocation
page read and write
66F4000
heap
page read and write
A90000
heap
page read and write
66FA000
heap
page read and write
42B000
unkown
page read and write
21F99000
heap
page read and write
6BD000
heap
page read and write
3237000
heap
page read and write
6D54000
heap
page read and write
5FE000
heap
page read and write
5F2000
unkown
page execute read
610000
heap
page read and write
660000
heap
page read and write
21B8D000
stack
page read and write
66B5000
heap
page read and write
574000
heap
page read and write
579000
heap
page read and write
67F0000
direct allocation
page read and write
AD63000
direct allocation
page execute and read and write
22300000
direct allocation
page execute and read and write
7FC3000
heap
page read and write
77A000
heap
page read and write
66ED000
heap
page read and write
44D0000
heap
page read and write
A9A000
heap
page read and write
4B68000
trusted library allocation
page read and write
2214C000
heap
page read and write
7BED000
stack
page read and write
220BC000
heap
page read and write
7D05000
trusted library allocation
page read and write
34F0000
heap
page read and write
3178000
heap
page read and write
7C00000
trusted library allocation
page execute and read and write
70E000
heap
page read and write
There are 420 hidden memdumps, click here to show them.