IOC Report
Reminder.exe

loading gif

Files

File Path
Type
Category
Malicious
Reminder.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Local\Temp\is-8CPJ0.tmp\_isetup\_isdecmp.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\is-8CPJ0.tmp\_isetup\_setup64.tmp
PE32+ executable (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\is-KHK92.tmp\Reminder.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\coigned\Updater.exe (copy)
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\coigned\friendliwise.csv (copy)
data
dropped
C:\Users\user\AppData\Local\coigned\friendliwise.mid (copy)
data
dropped
C:\Users\user\AppData\Local\coigned\is-9F4FN.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\coigned\is-F09AJ.tmp
data
dropped
C:\Users\user\AppData\Local\coigned\is-P4H94.tmp
data
dropped
\Device\Null
ASCII text, with CRLF line terminators
dropped

URLs

Name
IP
Malicious
http://152.89.198.124/8bdDsv3dk2FF/index.php
152.89.198.124
malicious

IPs

IP
Domain
Country
Malicious
152.89.198.124
unknown
United Kingdom
malicious
127.0.0.1
unknown
unknown
malicious