IOC Report
X4KSeQkYJT

loading gif

Files

File Path
Type
Category
Malicious
X4KSeQkYJT.exe
PE32+ executable (console) x86-64, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Local\Temp\_MEI73522\VCRUNTIME140.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI73522\_asyncio.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI73522\_bz2.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI73522\_ctypes.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI73522\_decimal.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI73522\_hashlib.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI73522\_lzma.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI73522\_multiprocessing.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI73522\_overlapped.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI73522\_queue.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI73522\_socket.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI73522\_ssl.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip
Zip archive data, at least v2.0 to extract, compression method=store
dropped
C:\Users\user\AppData\Local\Temp\_MEI73522\libcrypto-1_1.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI73522\libffi-7.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI73522\libssl-1_1.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI73522\pyexpat.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI73522\python310.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI73522\select.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI73522\unicodedata.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
\Device\ConDrv
JSON data
dropped
There are 12 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\X4KSeQkYJT.exe
"C:\Users\user\Desktop\X4KSeQkYJT.exe"
 malicious
C:\Users\user\Desktop\X4KSeQkYJT.exe
"C:\Users\user\Desktop\X4KSeQkYJT.exe"
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

URLs

Name
IP
Malicious
https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
unknown
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/imp
unknown
http://crl3.digip
unknown
http://crl.thawte.com/ThawteTimestampingCA.crl0
unknown
https://www.python.org/download/releases/2.3/mro/.
unknown
http://ocsp.thawte.com0
unknown
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
unknown
https://www.openssl.org/H
unknown
https://www.python.org/dev/peps/pep-0205/
unknown
https://python.org/dev/peps/pep-0263/
unknown
https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
unknown
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
unknown
https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/cor
unknown
http://crl3.digi
unknown
https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
unknown
http://json.org
unknown
There are 6 hidden URLs, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
7FF7A6A21000
unkown
page execute read
1FB0DA22000
heap
page read and write
1FB0DA4B000
heap
page read and write
1FB0DA0F000
heap
page read and write
1931B085000
heap
page read and write
1FB0E182000
heap
page read and write
1FB0FD3E000
heap
page read and write
7FFE1A500000
unkown
page readonly
1FB0D9BB000
heap
page read and write
1931B076000
heap
page read and write
1FB0E242000
heap
page read and write
1FB0D98B000
heap
page read and write
1FB0D9D2000
heap
page read and write
1FB0E262000
heap
page read and write
1FB0DA1E000
heap
page read and write
1FB0D9F3000
heap
page read and write
1FB0D9D4000
heap
page read and write
7FFDFB885000
unkown
page readonly
1FB0E1E2000
heap
page read and write
1FB0E1D0000
heap
page read and write
1FB0DA2F000
heap
page read and write
1FB0E1BE000
heap
page read and write
1FB0D9CB000
heap
page read and write
7FF7A6A57000
unkown
page read and write
1FB0D9F3000
heap
page read and write
1FB0FD2B000
heap
page read and write
7FF7A6A45000
unkown
page readonly
7FFE1A453000
unkown
page readonly
1FB0FD62000
heap
page read and write
1FB0FD62000
heap
page read and write
1931B081000
heap
page read and write
7FF7A6A68000
unkown
page readonly
1FB0E1D2000
heap
page read and write
1931B160000
heap
page read and write
7FFE1A455000
unkown
page read and write
7FF7A6A45000
unkown
page readonly
1FB0DA4E000
heap
page read and write
7FFDFB858000
unkown
page write copy
1FB0FC98000
direct allocation
page read and write
7FFDFB8A7000
unkown
page readonly
1931B07F000
heap
page read and write
7FFE1A470000
unkown
page readonly
1FB0E1E1000
heap
page read and write
1FB0D9EA000
heap
page read and write
1FB0DA04000
heap
page read and write
1FB0DA2F000
heap
page read and write
1FB0D9AC000
heap
page read and write
1FB0E175000
heap
page read and write
7FFDFB769000
unkown
page readonly
1931B07A000
heap
page read and write
1FB0E202000
heap
page read and write
1FB0E182000
heap
page read and write
1FB0E242000
heap
page read and write
1FB0DA1B000
heap
page read and write
1FB0D9E8000
heap
page read and write
1931B07A000
heap
page read and write
1931B07A000
heap
page read and write
33E8BDF000
stack
page read and write
1FB0E199000
heap
page read and write
33E8DCF000
stack
page read and write
1FB0E262000
heap
page read and write
1FB0D9C0000
heap
page read and write
1FB0E1A4000
heap
page read and write
7FFE1A516000
unkown
page read and write
7FF7A6A66000
unkown
page read and write
7FF7A6A68000
unkown
page readonly
1FB0DA0C000
heap
page read and write
1FB0E1D3000
heap
page read and write
1FB0D9D4000
heap
page read and write
1FB0E1FA000
heap
page read and write
1FB0E1C0000
heap
page read and write
1FB0FBBC000
direct allocation
page read and write
1FB0E1C1000
heap
page read and write
1FB0E26A000
heap
page read and write
1FB0D9EB000
heap
page read and write
1FB0E1F7000
heap
page read and write
7FFE1A4F0000
unkown
page readonly
1FB0E24F000
heap
page read and write
1FB0E26E000
heap
page read and write
1FB0D830000
heap
page read and write
1FB0D9D2000
heap
page read and write
7FF7A6A57000
unkown
page write copy
1FB0D9C4000
heap
page read and write
1FB0E1A6000
heap
page read and write
7FFE13342000
unkown
page readonly
7FF7A6A20000
unkown
page readonly
1931B040000
heap
page read and write
1FB0DA2F000
heap
page read and write
1FB0E1D1000
heap
page read and write
1FB0D9C3000
heap
page read and write
7FF7A6A20000
unkown
page readonly
1931B180000
heap
page read and write
1FB0FCB0000
direct allocation
page read and write
1FB0D950000
heap
page read and write
1FB0FD43000
heap
page read and write
1FB0D993000
heap
page read and write
7FF7A6A21000
unkown
page execute read
1FB0D98E000
heap
page read and write
1931B07A000
heap
page read and write
1931B07A000
heap
page read and write
1FB0E262000
heap
page read and write
1FB0D9E5000
heap
page read and write
7FFE1A460000
unkown
page readonly
1931B07A000
heap
page read and write
1FB0DA2A000
heap
page read and write
1FB0D9BC000
heap
page read and write
7FFE1A451000
unkown
page execute read
1FB0FF1C000
direct allocation
page read and write
BF2B7ED000
stack
page read and write
1FB0DA4E000
heap
page read and write
7FF7A6A57000
unkown
page write copy
1FB0FCD0000
direct allocation
page read and write
1FB0DA08000
heap
page read and write
1FB0DAAC000
direct allocation
page read and write
7FF7A6A57000
unkown
page read and write
1FB0E1FA000
heap
page read and write
7FF7A6A20000
unkown
page readonly
7FF7A6A5A000
unkown
page read and write
1931B076000
heap
page read and write
1FB0D9E0000
heap
page read and write
1FB0E1DD000
heap
page read and write
7FF7A6A66000
unkown
page read and write
1FB0DB34000
direct allocation
page read and write
7FFE1A511000
unkown
page readonly
1931B087000
heap
page read and write
1FB0E1E3000
heap
page read and write
7FFDFB698000
unkown
page readonly
1FB0D9DF000
heap
page read and write
1FB0D9DF000
heap
page read and write
1FB0D9E2000
heap
page read and write
1FB0DA4C000
heap
page read and write
1FB0DA2F000
heap
page read and write
1FB0DA08000
heap
page read and write
1FB0D910000
heap
page read and write
1FB0D9F1000
heap
page read and write
7FFE1A4F1000
unkown
page execute read
1FB0D9CE000
heap
page read and write
1FB0D9CE000
heap
page read and write
7FFE1A461000
unkown
page execute read
1FB0E25D000
heap
page read and write
1FB0E1F7000
heap
page read and write
1FB0D994000
heap
page read and write
1FB0DA48000
heap
page read and write
1FB0E1C0000
heap
page read and write
1FB0E192000
heap
page read and write
1FB0E1DE000
heap
page read and write
1FB0D9D0000
heap
page read and write
1FB0E1F7000
heap
page read and write
1FB0E1B4000
heap
page read and write
1FB0E18B000
heap
page read and write
1FB0E25D000
heap
page read and write
7FFDFB460000
unkown
page readonly
1FB0E1A5000
heap
page read and write
7FFE13331000
unkown
page execute read
1FB0E1F6000
heap
page read and write
1FB0D98E000
heap
page read and write
7FFE1A4F9000
unkown
page readonly
1FB0DA09000
heap
page read and write
1FB0E1A1000
heap
page read and write
1FB0FD5C000
heap
page read and write
7FFDFB859000
unkown
page read and write
1931B07A000
heap
page read and write
7FFDFB85B000
unkown
page write copy
7FFE13340000
unkown
page read and write
1FB0D9D8000
heap
page read and write
1FB0FB10000
direct allocation
page read and write
1FB0D9F5000
heap
page read and write
7FF7A6A21000
unkown
page execute read
1FB0E170000
heap
page read and write
1931B07A000
heap
page read and write
1FB0DA08000
heap
page read and write
1FB0D9E5000
heap
page read and write
1FB0D957000
heap
page read and write
7FF7A6A21000
unkown
page execute read
7FFDFB83B000
unkown
page read and write
7FF7A6A20000
unkown
page readonly
1FB0DA4B000
heap
page read and write
1FB0FC64000
direct allocation
page read and write
1FB0E1A7000
heap
page read and write
1FB0DA4C000
heap
page read and write
1FB0E262000
heap
page read and write
7FFDFB727000
unkown
page readonly
7FFE13330000
unkown
page readonly
1FB0D9E1000
heap
page read and write
1FB0E268000
heap
page read and write
1FB0E192000
heap
page read and write
1FB0E262000
heap
page read and write
1FB0D9F6000
heap
page read and write
1FB0E1BF000
heap
page read and write
1FB0FCDC000
direct allocation
page read and write
1FB0DA23000
heap
page read and write
1FB0DA08000
heap
page read and write
1FB0D9FE000
heap
page read and write
1931B07A000
heap
page read and write
7FFE1A456000
unkown
page readonly
7FFDFB874000
unkown
page read and write
1FB0D9FA000
heap
page read and write
1FB0D9F3000
heap
page read and write
1FB0DA60000
direct allocation
page read and write
1FB0DA08000
heap
page read and write
1FB0D9E8000
heap
page read and write
1FB0D9D1000
heap
page read and write
1FB0DA23000
heap
page read and write
1FB0DA32000
heap
page read and write
7FFE1A47B000
unkown
page readonly
1FB0DA08000
heap
page read and write
1FB0DA1B000
heap
page read and write
1FB0FCF0000
direct allocation
page read and write
1FB0DA0B000
heap
page read and write
1FB0FF10000
direct allocation
page read and write
1FB0DA1F000
heap
page read and write
1FB0DB04000
direct allocation
page read and write
1FB0D972000
heap
page read and write
1FB0E1DC000
heap
page read and write
7FFE13338000
unkown
page readonly
1FB0DA26000
heap
page read and write
1931B07A000
heap
page read and write
1FB0E244000
heap
page read and write
1FB0E1A9000
heap
page read and write
1FB0D964000
heap
page read and write
1931B07A000
heap
page read and write
1931B07A000
heap
page read and write
33E89E3000
stack
page read and write
7FF7A6A68000
unkown
page readonly
1FB0DA22000
heap
page read and write
1FB0E25D000
heap
page read and write
7FFDFB78E000
unkown
page readonly
1FB0D930000
heap
page read and write
1FB0E171000
heap
page read and write
1FB0E1E2000
heap
page read and write
7FFE1A450000
unkown
page readonly
1FB0E25D000
heap
page read and write
1FB0E1A4000
heap
page read and write
1FB0D9C3000
heap
page read and write
1FB0FD59000
heap
page read and write
1FB0E1E6000
heap
page read and write
1931B087000
heap
page read and write
1FB0E1AC000
heap
page read and write
1FB0E1A3000
heap
page read and write
1FB0FCE4000
direct allocation
page read and write
7FFE1A477000
unkown
page read and write
1931B07A000
heap
page read and write
1FB0FC14000
direct allocation
page read and write
1FB0E1E2000
heap
page read and write
1FB0DAC8000
direct allocation
page read and write
1FB0FD5B000
heap
page read and write
1FB0E242000
heap
page read and write
1FB0E191000
heap
page read and write
1FB0E171000
heap
page read and write
1FB0D9FE000
heap
page read and write
7FFE1A501000
unkown
page execute read
1FB0E02C000
direct allocation
page read and write
1FB0D9FE000
heap
page read and write
1FB0E1A6000
heap
page read and write
1931B07A000
heap
page read and write
1FB0E242000
heap
page read and write
1FB0DA4B000
heap
page read and write
1FB0E1A2000
heap
page read and write
1FB0E1A4000
heap
page read and write
1FB0D98B000
heap
page read and write
1FB0DAE8000
direct allocation
page read and write
1FB0E1F7000
heap
page read and write
1931B060000
heap
page read and write
1FB0FC70000
direct allocation
page read and write
1FB0E1BE000
heap
page read and write
1FB0E171000
heap
page read and write
1FB0D994000
heap
page read and write
1FB0FD66000
heap
page read and write
7FF7A6A45000
unkown
page readonly
1931B07A000
heap
page read and write
1FB0E262000
heap
page read and write
BF2B9DE000
stack
page read and write
1931B07A000
heap
page read and write
33E89EA000
stack
page read and write
1931B07A000
heap
page read and write
7FFDFB87B000
unkown
page read and write
7FF7A6A68000
unkown
page readonly
1FB0E242000
heap
page read and write
1FB0DA27000
heap
page read and write
1FB0DA0C000
heap
page read and write
1FB0E1D3000
heap
page read and write
7FFDFB461000
unkown
page execute read
1931B087000
heap
page read and write
1931AF60000
heap
page read and write
1FB0E25D000
heap
page read and write
1FB0E1A7000
heap
page read and write
1FB0E243000
heap
page read and write
1FB0DBE0000
heap
page read and write
1FB0DA1B000
heap
page read and write
1FB0DA47000
heap
page read and write
1FB0D9CE000
heap
page read and write
1FB0D9E0000
heap
page read and write
1FB0DA2F000
heap
page read and write
1931B07A000
heap
page read and write
1FB0D9AB000
heap
page read and write
1FB0DA4E000
heap
page read and write
1FB0DA38000
heap
page read and write
1FB0DA4D000
heap
page read and write
1FB0DA0C000
heap
page read and write
1FB0D9C6000
heap
page read and write
1FB0E1E3000
heap
page read and write
1FB0DA23000
heap
page read and write
1FB0D9DB000
heap
page read and write
1FB0E25F000
heap
page read and write
33E89ED000
stack
page read and write
1FB0DA26000
heap
page read and write
1931B07A000
heap
page read and write
7FFE1A4F6000
unkown
page readonly
1FB0E1E2000
heap
page read and write
1FB0DA1B000
heap
page read and write
1FB0E1A4000
heap
page read and write
1FB0E182000
heap
page read and write
1FB0DB08000
direct allocation
page read and write
1FB0FC10000
direct allocation
page read and write
1FB0DF30000
direct allocation
page read and write
1FB0E1FA000
heap
page read and write
1FB0E1FA000
heap
page read and write
1FB0DFD0000
direct allocation
page read and write
1FB0E1F7000
heap
page read and write
7FF7A6A45000
unkown
page readonly
1931B07A000
heap
page read and write
1FB0E1A4000
heap
page read and write
7FFDFB878000
unkown
page read and write
1FB0E1F7000
heap
page read and write
1FB0FD10000
heap
page read and write
1FB0E189000
heap
page read and write
1FB0D9CE000
heap
page read and write
1FB0DA47000
heap
page read and write
1FB0D9DD000
heap
page read and write
1FB0DA32000
heap
page read and write
1FB0FCD4000
direct allocation
page read and write
BF2BBCE000
stack
page read and write
7FFE1A517000
unkown
page readonly
1FB0E242000
heap
page read and write
1FB0FC68000
direct allocation
page read and write
1931B068000
heap
page read and write
1FB0E1BE000
heap
page read and write
1FB0D9E4000
heap
page read and write
1FB0DA08000
heap
page read and write
1FB0DA34000
heap
page read and write
1FB0DA08000
heap
page read and write
1FB0E25D000
heap
page read and write
1FB0E1DE000
heap
page read and write
BF2B7DB000
stack
page read and write
There are 334 hidden memdumps, click here to show them.