IOC Report
lUAc7lqa56.exe

loading gif

Files

File Path
Type
Category
Malicious
lUAc7lqa56.exe
PE32+ executable (console) x86-64, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\Vulnerability[1].exe
PE32+ executable (console) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\driverfo[1].sys
PE32+ executable (native) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\nULoYBmSWb
PE32+ executable (native) x86-64, for MS Windows
dropped
 malicious
C:\Windows\Vulnerability.exe
PE32+ executable (console) x86-64, for MS Windows
dropped
 malicious
C:\Windows\driverfo.sys
PE32+ executable (native) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\AB6E94A2098C7E1ADF1A0B7B18448F0D6B5F55AA62BB62760C12A51161058F4B00[1].blob
MSVC program database ver 7.00, 1024*915 bytes
dropped
C:\Windows\symbols\74b74f1f14570c9cf7868ff6d4bda773.pdb
MSVC program database ver 7.00, 1024*915 bytes
dropped
C:\Windows\symbols\74b74f1f14570c9cf7868ff6d4bda773.pdb.md5
ASCII text, with no line terminators
dropped
\Device\ConDrv
ASCII text, with CRLF line terminators
dropped

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\lUAc7lqa56.exe
"C:\Users\user\Desktop\lUAc7lqa56.exe"
 malicious
C:\Windows\System32\cmd.exe
C:\Windows\system32\cmd.exe /c cd C:\
 malicious
C:\Windows\System32\cmd.exe
C:\Windows\system32\cmd.exe /c start C:\Windows\Vulnerability.exe C:\Windows\driverfo.sys
 malicious
C:\Windows\Vulnerability.exe
C:\Windows\Vulnerability.exe C:\Windows\driverfo.sys
 malicious
C:\Windows\System32\cmd.exe
C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\user\Desktop\lUAc7lqa56.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
malicious
C:\Windows\System32\cmd.exe
C:\Windows\system32\cmd.exe /c start cmd /C "color b && title Error && echo SSL connect error && timeout /t 5"
 malicious
C:\Windows\System32\cmd.exe
cmd /C "color b && title Error && echo SSL connect error && timeout /t 5"
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\certutil.exe
certutil -hashfile "C:\Users\user\Desktop\lUAc7lqa56.exe" MD5
C:\Windows\System32\find.exe
find /i /v "md5"
C:\Windows\System32\find.exe
find /i /v "certutil"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 460 -p 2256 -ip 2256
C:\Windows\System32\timeout.exe
timeout /t 5
C:\Windows\System32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2256 -s 1288
There are 6 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://keyauth.win/api/1.2/4-100I
unknown
http://185.101.104.122/Vulnerability.exeT
unknown
http://185.101.104.122/driverfo.sys.6
unknown
http://185.101.104.122/driverfo.sysUUC:
unknown
http://185.101.104.122/VulneH)C
unknown
http://185.101.104.122/driverfo.sys$63
unknown
https://www.behance.net/madetypeFree
unknown
http://185.101.104.122/driverfo.sysM6
unknown
http://185.101.104.122/h
unknown
https://keyauth.win/api/1.2/fo.sysv
unknown
http://185.101.104.122/driverfo.sysH6W
unknown
http://185.101.104.122/driverfo.sysLMEMHhX
unknown
http://185.101.104.122/driverfo.sys
185.101.104.122
http://185.101.104.122/D
unknown
http://185.101.104.122/Vulnerability.exeJ)A
unknown
https://curl.haxx.se/docs/http-cookies.html
unknown
http://185.101.104.122/Vulnerability.exe
185.101.104.122
https://keyauth.win/api/1.2/http://185.101.104.122/Vulnerability.exeC:
unknown
http://185.101.104.122/Vulnerability.exeZZC:
unknown
http://185.101.104.122/driverfo.syst
unknown
http://185.101.104.122/Vulnerability.exeLMEMXxZ
unknown
http://185.101.104.122/driverfo.syst6C
unknown
http://185.101.104.122/Vulnerability.exe&
unknown
http://185.101.104.122/driverfo.sysC:
unknown
http://185.101.104.122/driverfo.sys.122/h
unknown
https://keyauth.win/api/1.2/
unknown
http://185.101.104.122/driverfo.sysC6
unknown
There are 17 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
keyauth.win
104.26.0.5

IPs

IP
Domain
Country
Malicious
104.26.0.5
keyauth.win
United States
185.101.104.122
unknown
Romania
127.0.0.1
unknown
unknown

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nULoYBmSWb
ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nULoYBmSWb
Type
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.60.3.1!7
Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.60.3.2!7
Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.60.3.3!7
Name

Memdumps

Base Address
Regiontype
Protect
Malicious
245E1050000
heap
page read and write
2181DAC3000
heap
page read and write
2181C296000
heap
page read and write
2181DB2B000
heap
page read and write
245E10A5000
heap
page read and write
2181C2D7000
heap
page read and write
2181C2B7000
heap
page read and write
1DBFA330000
heap
page read and write
2181C2D7000
heap
page read and write
245E2A70000
remote allocation
page read and write
2181C2B7000
heap
page read and write
2181C2B7000
heap
page read and write
1FA57BD0000
heap
page read and write
6E6236F000
stack
page read and write
2181DBD5000
heap
page read and write
A7DAEFE000
stack
page read and write
2181C200000
heap
page read and write
A7DB4FB000
stack
page read and write
7FF7CC433000
unkown
page read and write
2181C296000
heap
page read and write
2181DBE0000
heap
page read and write
245E0FF0000
heap
page read and write
245E10BD000
heap
page read and write
245E103D000
heap
page read and write
20B09735000
heap
page read and write
2181C255000
heap
page read and write
A7DAFFF000
stack
page read and write
8E50A7F000
stack
page read and write
A7DB0FF000
stack
page read and write
2181E1E0000
remote allocation
page read and write
2181C231000
heap
page read and write
245E1041000
heap
page read and write
A7DB2FE000
stack
page read and write
14D9B0E0000
heap
page read and write
2181DB7C000
heap
page read and write
2181DB0F000
heap
page read and write
245E1010000
heap
page read and write
7FF790082000
unkown
page read and write
5CC9AFE000
stack
page read and write
245E2A30000
heap
page read and write
2181DB2B000
heap
page read and write
6E623EF000
stack
page read and write
1DBFA360000
heap
page read and write
20B09400000
heap
page read and write
2181C286000
heap
page read and write
245E10C0000
heap
page read and write
2181C248000
heap
page read and write
2181C298000
heap
page read and write
2181C20C000
heap
page read and write
245E2A70000
remote allocation
page read and write
2181C296000
heap
page read and write
245E10A5000
heap
page read and write
245E10A5000
heap
page read and write
49D372E000
stack
page read and write
7FF7CC410000
unkown
page readonly
245E2AD0000
heap
page read and write
2181C2D7000
heap
page read and write
2181E1A0000
heap
page read and write
7FF7900D9000
unkown
page read and write
5CC98FF000
stack
page read and write
2181DB2B000
heap
page read and write
2181E231000
heap
page read and write
20B09500000
heap
page read and write
2181C286000
heap
page read and write
2181C230000
heap
page read and write
5CC92F5000
stack
page read and write
245E2980000
trusted library allocation
page read and write
2181C0E0000
heap
page read and write
245E108A000
heap
page read and write
2181DB3F000
heap
page read and write
2181C2FB000
heap
page read and write
2181C289000
heap
page read and write
7FF7CC433000
unkown
page write copy
245E10BA000
heap
page read and write
245E1019000
heap
page read and write
2181DBE1000
heap
page read and write
1DBFA685000
heap
page read and write
5CC9CFE000
stack
page read and write
5A6BA7F000
stack
page read and write
7FF7CC426000
unkown
page readonly
5A6B79C000
stack
page read and write
14D99230000
heap
page read and write
245E108A000
heap
page read and write
5CC95FF000
stack
page read and write
1FA57C59000
heap
page read and write
2181C225000
heap
page read and write
2181C2D7000
heap
page read and write
2181DC47000
heap
page read and write
2181DC7C000
heap
page read and write
5A6BAFF000
stack
page read and write
245E0FD0000
heap
page read and write
7FF7CC434000
unkown
page readonly
2181C228000
heap
page read and write
49D36AC000
stack
page read and write
6E6267F000
stack
page read and write
1DBFA390000
heap
page read and write
2181C238000
heap
page read and write
245E1042000
heap
page read and write
2181DB7B000
heap
page read and write
245E1083000
heap
page read and write
1FA596B0000
heap
page read and write
2181DAC3000
heap
page read and write
7FF79005B000
unkown
page readonly
7FF7909F2000
unkown
page readonly
2181C27A000
heap
page read and write
5CC99FD000
stack
page read and write
2181C24A000
heap
page read and write
2181C289000
heap
page read and write
1FA57BE0000
heap
page read and write
2181E1E0000
remote allocation
page read and write
7FF7900A9000
unkown
page execute read
245E101C000
heap
page read and write
2181DAC0000
heap
page read and write
2181DB0E000
heap
page read and write
2181DB39000
heap
page read and write
7FF7900BC000
unkown
page execute read
7FF7900A0000
unkown
page readonly
7FF78FFA0000
unkown
page readonly
2181C248000
heap
page read and write
14D99485000
heap
page read and write
245E10B2000
heap
page read and write
2181DB3B000
heap
page read and write
20B09420000
heap
page read and write
2181C2F8000
heap
page read and write
2181DB7B000
heap
page read and write
5CC96FF000
stack
page read and write
2181C24A000
heap
page read and write
245E10BC000
heap
page read and write
2181C24C000
heap
page read and write
245E2A70000
remote allocation
page read and write
49D3A7F000
stack
page read and write
2181DB7C000
heap
page read and write
245E2A34000
heap
page read and write
7FF7CC411000
unkown
page execute read
2181DBD0000
heap
page read and write
245E10B2000
heap
page read and write
2181DB62000
heap
page read and write
7FF7CC410000
unkown
page readonly
245E2AD5000
heap
page read and write
2181DAA0000
heap
page read and write
8E5075C000
stack
page read and write
14D99200000
heap
page read and write
1DBFA340000
heap
page read and write
7FF7CC426000
unkown
page readonly
20B09730000
heap
page read and write
7FF7900DF000
unkown
page execute read
2181C230000
heap
page read and write
14D990F0000
heap
page read and write
5CC93FE000
stack
page read and write
2181C1C0000
heap
page read and write
1FA57C50000
heap
page read and write
2181C2F5000
heap
page read and write
2181C297000
heap
page read and write
20B09508000
heap
page read and write
2181E1E0000
remote allocation
page read and write
1FA57C20000
heap
page read and write
20B09320000
heap
page read and write
2181DB05000
heap
page read and write
2181C2FA000
heap
page read and write
2181E630000
trusted library allocation
page read and write
2181DB05000
heap
page read and write
2181C27A000
heap
page read and write
2181DB3F000
heap
page read and write
2181C2FA000
heap
page read and write
8E507DF000
stack
page read and write
5CC94FF000
stack
page read and write
2181C279000
heap
page read and write
A7DB1FE000
stack
page read and write
245E2A70000
remote allocation
page read and write
2181C225000
heap
page read and write
7FF78FFA0000
unkown
page readonly
2181E230000
heap
page read and write
A7DADFE000
stack
page read and write
245E0FA0000
heap
page read and write
7FF7CC411000
unkown
page execute read
2181C296000
heap
page read and write
2181C24A000
heap
page read and write
2181C289000
heap
page read and write
49D37AE000
stack
page read and write
2181DB05000
heap
page read and write
14D99480000
heap
page read and write
14D991D0000
heap
page read and write
245E0F90000
heap
page read and write
5CC97FF000
stack
page read and write
7FF7900AB000
unkown
page execute read
2181C2FA000
heap
page read and write
7FF79042A000
unkown
page execute read
245E1083000
heap
page read and write
245E10AF000
heap
page read and write
7FF7900B1000
unkown
page execute read
2181DC35000
heap
page read and write
2181DBE1000
heap
page read and write
A7DB6FF000
stack
page read and write
2181DC7A000
heap
page read and write
2181C2B7000
heap
page read and write
A7DACF6000
stack
page read and write
7FF78FFA1000
unkown
page execute read
2181C286000
heap
page read and write
245E1050000
heap
page read and write
2181C2D7000
heap
page read and write
2181E630000
trusted library allocation
page read and write
2181DC7A000
heap
page read and write
1DBFA680000
heap
page read and write
2181C248000
heap
page read and write
245E10AF000
heap
page read and write
1DBFA398000
heap
page read and write
2181DAC4000
heap
page read and write
7FF7909F2000
unkown
page readonly
245E1050000
heap
page read and write
2181DB7B000
heap
page read and write
245E1024000
heap
page read and write
2181C2FA000
heap
page read and write
2181DB39000
heap
page read and write
7FF7CC434000
unkown
page readonly
2181C255000
heap
page read and write
20B0950A000
heap
page read and write
2181C24B000
heap
page read and write
245E2CC0000
heap
page read and write
14D99238000
heap
page read and write
2181DC7A000
heap
page read and write
245E1083000
heap
page read and write
6E622EC000
stack
page read and write
245E2980000
trusted library allocation
page read and write
2181C289000
heap
page read and write
2181C296000
heap
page read and write
2181DB3E000
heap
page read and write
A7DB5FD000
stack
page read and write
14D993A0000
heap
page read and write
2181DB5E000
heap
page read and write
A7DB3FD000
stack
page read and write
2181DB0C000
heap
page read and write
2181C27B000
heap
page read and write
5CC9BFB000
stack
page read and write
7FF7900B5000
unkown
page execute read
1FA596B5000
heap
page read and write
7FF7900C0000
unkown
page execute read
1DBFA39B000
heap
page read and write
2181E650000
trusted library allocation
page read and write
There are 228 hidden memdumps, click here to show them.