IOC Report
http://assets.localytics.com/amp/customer_upload/ee9c12e9b59bfdc6191f0f183e9554f70db56883/1606877/2420136/phone-Bottom_Third_Icon_One_Button_updated__2_.zip

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\Desktop\cmdline.out
ASCII text, with CRLF line terminators
modified

Processes

Path
Cmdline
Malicious
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "http://assets.localytics.com/amp/customer_upload/ee9c12e9b59bfdc6191f0f183e9554f70db56883/1606877/2420136/phone-Bottom_Third_Icon_One_Button_updated__2_.zip" > cmdline.out 2>&1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\wget.exe
wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "http://assets.localytics.com/amp/customer_upload/ee9c12e9b59bfdc6191f0f183e9554f70db56883/1606877/2420136/phone-Bottom_Third_Icon_One_Button_updated__2_.zip"

URLs

Name
IP
Malicious
http://assets.localytics.com/amp/customer_upload/ee9c12e9b59bfdc6191f0f183e9554f70db56883/1606877/2420136/phone-Bottom_Third_Icon_One_Button_updated__2_.zip
http://assets.localytics.com/amp/customer_upload/ee9c12e9b59bfdc6191f0f183e9554f70db56883/1606877/24
unknown
http://assets.localytics.com/amp/customer_upload/ee9c12e9b59bfdc6191f0f183e955
unknown

Domains

Name
IP
Malicious
assets.localytics.com
unknown

Memdumps

Base Address
Regiontype
Protect
Malicious
A60000
heap
page read and write
1F0000
heap
page read and write
E8F000
stack
page read and write
108F000
stack
page read and write
B90000
heap
page read and write
106000
heap
page read and write
110000
heap
page read and write
A4E000
stack
page read and write
B97000
heap
page read and write
9C000
stack
page read and write
B60000
heap
page read and write
B65000
heap
page read and write
9CD000
stack
page read and write
A0E000
stack
page read and write
A70000
heap
page read and write
100000
heap
page read and write
There are 6 hidden memdumps, click here to show them.