IOC Report
Occipitomental.exe

loading gif

Files

File Path
Type
Category
Malicious
Occipitomental.exe
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
initial sample
malicious
C:\Users\user\AppData\Local\Temp\nslA8AC.tmp\System.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
modified
C:\Users\user\AppData\Local\barberknivene\Valonia\Erstattende.som
ASCII text, with very long lines (65536), with no line terminators
dropped
C:\Users\user\AppData\Local\barberknivene\Valonia\Memnon.afb
data
dropped
C:\Users\user\AppData\Local\barberknivene\Valonia\Undvige.por
data
dropped
C:\Users\user\AppData\Local\barberknivene\Valonia\chechako.com
data
dropped
C:\Users\user\AppData\Local\barberknivene\Valonia\chirality.tan
Matlab v4 mat-file (little endian) \313, numeric, rows 0, columns 0
dropped
C:\Users\user\AppData\Local\barberknivene\Valonia\fortraeffelige.txt
ASCII text, with very long lines (372), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\barberknivene\Valonia\krigsforbrydelser.pre
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\engelskgrs.ini
ASCII text, with CRLF line terminators
dropped

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\Occipitomental.exe
"C:\Users\user\Desktop\Occipitomental.exe"
malicious
C:\Users\user\Desktop\Occipitomental.exe
"C:\Users\user\Desktop\Occipitomental.exe"
malicious

URLs

Name
IP
Malicious
http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
unknown
https://www.google.com
unknown
http://www.ftp.ftp://ftp.gopher.
unknown
https://drive.usercontent.google.com/
unknown
http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
unknown
http://nsis.sf.net/NSIS_Error
unknown
https://apis.google.com
unknown
http://nsis.sf.net/NSIS_ErrorError
unknown
https://drive.google.com/%v
unknown
https://drive.google.com/5v-z
unknown
https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
unknown
There are 1 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
drive.google.com
142.250.186.78
drive.usercontent.google.com
142.250.186.97

IPs

IP
Domain
Country
Malicious
142.250.186.78
drive.google.com
United States
142.250.186.97
drive.usercontent.google.com
United States

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\forlbsmodellers\Uninstall\indsyes\prelatial
unthick
HKEY_CURRENT_USER\Carinulate\personalise\Mytologis
gaas

Memdumps

Base Address
Regiontype
Protect
Malicious
215F000
remote allocation
page execute and read and write
malicious
35330000
direct allocation
page read and write
malicious
3A2F000
direct allocation
page execute and read and write
malicious
35461000
heap
page read and write
3505F000
stack
page read and write
436000
unkown
page read and write
3519E000
stack
page read and write
4EF000
heap
page read and write
5688000
heap
page read and write
563E000
heap
page read and write
35380000
direct allocation
page read and write
25EC000
heap
page read and write
55B0000
direct allocation
page read and write
5689000
heap
page read and write
562D000
heap
page read and write
35380000
direct allocation
page read and write
10000000
unkown
page readonly
35961000
direct allocation
page execute and read and write
2100000
heap
page read and write
4EF000
heap
page read and write
54E0000
heap
page read and write
5613000
heap
page read and write
35160000
remote allocation
page read and write
5689000
heap
page read and write
5620000
heap
page read and write
545E000
stack
page read and write
1660000
remote allocation
page execute and read and write
34AA0000
direct allocation
page read and write
5340000
heap
page read and write
400000
unkown
page readonly
35680000
heap
page read and write
470000
direct allocation
page read and write
5640000
heap
page read and write
3532D000
stack
page read and write
25E7000
heap
page read and write
35160000
remote allocation
page read and write
4F2000
heap
page read and write
3582E000
direct allocation
page execute and read and write
4F0000
heap
page read and write
34E6E000
stack
page read and write
35330000
direct allocation
page read and write
407000
unkown
page readonly
5620000
heap
page read and write
34A70000
direct allocation
page read and write
357BD000
direct allocation
page execute and read and write
4F3000
heap
page read and write
2F30000
direct allocation
page execute and read and write
55FB000
heap
page read and write
401000
unkown
page execute read
568C000
heap
page read and write
54DE000
stack
page read and write
25E6000
heap
page read and write
54F5000
heap
page read and write
4DE000
heap
page read and write
3560F000
heap
page read and write
5688000
heap
page read and write
34F2E000
stack
page read and write
5560000
direct allocation
page read and write
400000
unkown
page readonly
5640000
heap
page read and write
409000
unkown
page write copy
449000
unkown
page readonly
6F0000
direct allocation
page read and write
34AB0000
direct allocation
page read and write
4F0000
heap
page read and write
4EB000
heap
page read and write
4EF000
heap
page read and write
3501E000
stack
page read and write
5EE000
unkown
page execute read
350CE000
stack
page read and write
5643000
heap
page read and write
4DE000
heap
page read and write
3F5F000
remote allocation
page execute and read and write
4DE000
heap
page read and write
490000
direct allocation
page read and write
25E8000
heap
page read and write
568C000
heap
page read and write
17E000
stack
page read and write
357B9000
direct allocation
page execute and read and write
354E2000
heap
page read and write
5F0000
unkown
page execute read
563E000
heap
page read and write
4DE000
heap
page read and write
35160000
remote allocation
page read and write
4A0000
direct allocation
page read and write
421000
unkown
page read and write
355F000
remote allocation
page execute and read and write
4EB000
heap
page read and write
55D8000
heap
page read and write
5643000
heap
page read and write
5688000
heap
page read and write
5683000
heap
page read and write
5570000
direct allocation
page read and write
55A0000
direct allocation
page read and write
460000
heap
page read and write
55C0000
heap
page read and write
2B5F000
remote allocation
page execute and read and write
439000
unkown
page readonly
6C0000
direct allocation
page read and write
4EB000
heap
page read and write
563E000
heap
page read and write
5E0000
heap
page read and write
567F000
heap
page read and write
6D0000
direct allocation
page read and write
3510F000
stack
page read and write
35380000
direct allocation
page read and write
582F000
direct allocation
page execute and read and write
34EEE000
stack
page read and write
495F000
remote allocation
page execute and read and write
4EF000
heap
page read and write
563E000
heap
page read and write
442F000
direct allocation
page execute and read and write
710000
direct allocation
page read and write
5E4000
unkown
page execute read
5550000
direct allocation
page read and write
626000
unkown
page execute read
5580000
direct allocation
page read and write
34F6D000
stack
page read and write
4EF000
heap
page read and write
409000
unkown
page read and write
553F000
stack
page read and write
5640000
heap
page read and write
4EB000
heap
page read and write
2260000
heap
page read and write
649000
unkown
page execute read
449000
unkown
page readonly
5590000
direct allocation
page read and write
34FAD000
stack
page read and write
4EB000
heap
page read and write
25E1000
heap
page read and write
5E6000
unkown
page execute read
401000
unkown
page execute read
55D0000
heap
page read and write
10001000
unkown
page execute read
5637000
heap
page read and write
5643000
heap
page read and write
4B0000
heap
page read and write
5B0000
heap
page read and write
439000
unkown
page readonly
4B8000
heap
page read and write
562D000
heap
page read and write
34EAF000
stack
page read and write
5F2000
unkown
page execute read
480000
direct allocation
page read and write
5622000
heap
page read and write
54F7000
heap
page read and write
4EF000
heap
page read and write
4EB000
heap
page read and write
302F000
direct allocation
page execute and read and write
25E2000
heap
page read and write
562D000
heap
page read and write
4DE000
heap
page read and write
359D2000
direct allocation
page execute and read and write
4EB000
heap
page read and write
34A90000
direct allocation
page read and write
4EF000
heap
page read and write
4E2F000
direct allocation
page execute and read and write
4EB000
heap
page read and write
5640000
heap
page read and write
70000
heap
page read and write
730000
direct allocation
page read and write
3560B000
heap
page read and write
5E8000
unkown
page execute read
407000
unkown
page readonly
3595D000
direct allocation
page execute and read and write
9B000
stack
page read and write
34A80000
direct allocation
page read and write
449000
unkown
page readonly
4DE000
heap
page read and write
5637000
heap
page read and write
4EB000
heap
page read and write
400000
unkown
page readonly
2290000
heap
page read and write
71000
heap
page read and write
5EA000
unkown
page execute read
549F000
stack
page read and write
6E0000
direct allocation
page read and write
5637000
heap
page read and write
35380000
direct allocation
page read and write
25EC000
heap
page read and write
567C000
heap
page read and write
4EF000
heap
page read and write
25EE000
heap
page read and write
409000
unkown
page write copy
5643000
heap
page read and write
567F000
heap
page read and write
407000
unkown
page readonly
700000
direct allocation
page read and write
563E000
heap
page read and write
622F000
direct allocation
page execute and read and write
567F000
heap
page read and write
4DE000
heap
page read and write
5E5000
heap
page read and write
3522E000
stack
page read and write
10005000
unkown
page readonly
720000
direct allocation
page read and write
5EC000
unkown
page execute read
5643000
heap
page read and write
351DF000
stack
page read and write
5622000
heap
page read and write
35380000
direct allocation
page read and write
35690000
direct allocation
page execute and read and write
54F0000
heap
page read and write
25EA000
heap
page read and write
35380000
direct allocation
page read and write
5643000
heap
page read and write
3533E000
heap
page read and write
401000
unkown
page execute read
4DE000
heap
page read and write
5640000
heap
page read and write
439000
unkown
page readonly
10003000
unkown
page readonly
429000
unkown
page read and write
562D000
heap
page read and write
175F000
remote allocation
page execute and read and write
35060000
heap
page read and write
401000
unkown
page execute read
There are 207 hidden memdumps, click here to show them.