IOC Report
1.exe

loading gif

Files

File Path
Type
Category
Malicious
1.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\1.exe.log
ASCII text, with CRLF line terminators
dropped

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\1.exe
C:\Users\user\Desktop\1.exe
malicious
C:\Users\user\Desktop\1.exe
C:\Users\user\Desktop\1.exe
malicious
C:\Windows\explorer.exe
C:\Windows\Explorer.EXE
malicious
C:\Windows\SysWOW64\colorcpl.exe
C:\Windows\SysWOW64\colorcpl.exe
malicious
C:\Windows\SysWOW64\cmd.exe
/c del "C:\Users\user\Desktop\1.exe"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

URLs

Name
IP
Malicious
http://www.lbarco.com/jskg/?yV3lvHf=sl42yIbVTE2EkcOIsEKOUlHCBbE7QxdA6NZ7PagwYH4YR2l/R8Pf4e2TsXHmMhsmvqG9&8pbLu=d8z4X8O0M
34.149.87.45
malicious
http://www.lactationdrink.com/jskg/?yV3lvHf=VpJkz2P0T+/fMnrM7Dd1ATiiN68XLLnGpPbE/bn1fGrx+Ecv7ydvnShawUNCssxxEBuD&8pbLu=d8z4X8O0M
167.172.69.40
malicious
http://www.erotictoybox.com/jskg/?yV3lvHf=YCW0/yd7C01aElrhcPhS/kt9m722krufJvCDJvN/MprEBXvxMY86CRBbv2aG0eSAUYQv&8pbLu=d8z4X8O0M
23.227.38.74
malicious
http://www.saraadamchak.com/jskg/?yV3lvHf=D3ZsiJPHujYqAAcPubxypI16Ov1mNCduO0wq0OOwpknW2PP1SKlK/fdwCNTvhBS54Rsq&8pbLu=d8z4X8O0M
23.227.38.74
malicious
www.switchtoambitwithmirtha.com/jskg/
malicious
https://word.office.comon
unknown
http://www.bootyfashions.comReferer:
unknown
http://www.lactationdrink.com
unknown
http://www.lbarco.com/jskg/www.bootyfashions.com
unknown
http://www.ppc-listing.infoReferer:
unknown
http://www.dog2meeting.com
unknown
http://www.coryfireshop.com
unknown
http://www.lacroixundkress.com/jskg/www.saraadamchak.com
unknown
http://www.successwithyolandafgreen.com/jskg/www.lbarco.com
unknown
https://powerpoint.office.comcember
unknown
http://www.successwithyolandafgreen.comReferer:
unknown
http://www.lacroixundkress.comReferer:
unknown
http://www.lactationdrink.comReferer:
unknown
http://www.successwithyolandafgreen.com/jskg/
unknown
https://excel.office.com
unknown
http://schemas.micro
unknown
http://www.ppc-listing.info/jskg/www.pnorg.net
unknown
http://www.pnorg.net/jskg/
unknown
http://www.saraadamchak.com
unknown
http://www.successwithyolandafgreen.com
unknown
http://www.switchtoambitwithmirtha.com/jskg/
unknown
http://www.saraadamchak.com/jskg/
unknown
http://www.saraadamchak.com/jskg/www.kvrkl.com
unknown
http://www.erotictoybox.comReferer:
unknown
http://www.kvrkl.com/jskg/www.switchtoambitwithmirtha.com
unknown
http://www.saraadamchak.comReferer:
unknown
http://www.pnorg.netReferer:
unknown
http://www.coryfireshop.com/jskg/
unknown
http://www.ppc-listing.info/jskg/
unknown
http://www.revistabrasileiramarketing.info/jskg/
unknown
http://www.coryfireshop.com/jskg/www.lacroixundkress.com
unknown
https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe
unknown
http://www.ppc-listing.info
unknown
http://www.wisdomtoothguru.com/jskg/www.successwithyolandafgreen.com
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
http://www.wisdomtoothguru.comReferer:
unknown
http://www.kvrkl.com/jskg/
unknown
https://wns.windows.com/)s
unknown
http://www.kvrkl.com
unknown
http://www.topazkibblez.com
unknown
http://www.coryfireshop.comReferer:
unknown
http://www.dog2meeting.com/jskg/www.erotictoybox.com
unknown
http://www.revistabrasileiramarketing.info/jskg/www.lactationdrink.com
unknown
http://www.wisdomtoothguru.com/jskg/
unknown
http://www.litespeedtech.com/error-page
unknown
http://www.lbarco.comReferer:
unknown
http://www.lbarco.com
unknown
http://www.revistabrasileiramarketing.infoReferer:
unknown
http://www.topazkibblez.comReferer:
unknown
http://www.bootyfashions.com
unknown
http://www.topazkibblez.com/jskg/www.coryfireshop.com
unknown
http://www.pnorg.net
unknown
http://www.pnorg.net/jskg/www.dog2meeting.com
unknown
http://www.lactationdrink.com/jskg/www.wisdomtoothguru.com
unknown
http://www.switchtoambitwithmirtha.com/jskg/www.ppc-listing.info
unknown
https://outlook.com
unknown
http://www.erotictoybox.com/jskg/
unknown
https://www.cloudflare.com/5xx-error-landing
unknown
http://www.topazkibblez.com/jskg/
unknown
http://www.erotictoybox.com
unknown
http://www.dog2meeting.comReferer:
unknown