IOC Report
bIgxdEEcXm.exe

loading gif

Files

File Path
Type
Category
Malicious
bIgxdEEcXm.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Local\Temp\tmp168C.tmp
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Temp\tmp2CC5.tmp
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Temp\tmp3609.tmp
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Temp\tmp3C16.tmp
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Temp\tmp3C17.tmp
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Temp\tmp3C27.tmp
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Temp\tmp41CB.tmp
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Temp\tmp45AD.tmp
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Temp\tmp4955.tmp
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Temp\tmp4E4D.tmp
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Temp\tmp5142.tmp
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Temp\tmp52FD.tmp
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Temp\tmp53D6.tmp
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Temp\tmp5464.tmp
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Temp\tmp57D1.tmp
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Temp\tmp598E.tmp
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Temp\tmp6245.tmp
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Temp\tmp6AAB.tmp
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Temp\tmp7B75.tmp
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Temp\tmp861C.tmp
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Temp\tmp92AC.tmp
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Temp\tmp9652.tmp
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Temp\tmp9E16.tmp
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Temp\tmp9F74.tmp
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Temp\tmpA0C3.tmp
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Temp\tmpA124.tmp
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Temp\tmpA421.tmp
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Temp\tmpA651.tmp
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Temp\tmpAC88.tmp
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Temp\tmpAE99.tmp
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Temp\tmpC4D8.tmp
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Temp\tmpCDEA.tmp
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Temp\tmpCFFA.tmp
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Temp\tmpE3D6.tmp
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Temp\tmpEFDE.tmp
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Temp\tmpF1EF.tmp
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
dropped
There are 27 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\bIgxdEEcXm.exe
"C:\Users\user\Desktop\bIgxdEEcXm.exe"
 malicious

URLs

Name
IP
Malicious
http://185.73.125.96:9000/wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F
185.73.125.96
 malicious
https://ac.ecosia.org/autocomplete?q=
unknown
https://duckduckgo.com/chrome_newtab
unknown
https://duckduckgo.com/ac/?q=
unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
unknown
https://pastebin.com/raw/fmKmDx8F
unknown
http://185.73.125.96:9000
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
unknown
https://www.ecosia.org/newtab/
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
unknown
There are 3 hidden URLs, click here to show them.

IPs

IP
Domain
Country
Malicious
185.73.125.96
unknown
Netherlands
malicious

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\bIgxdEEcXm_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\bIgxdEEcXm_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\bIgxdEEcXm_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\bIgxdEEcXm_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\bIgxdEEcXm_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\bIgxdEEcXm_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\bIgxdEEcXm_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\bIgxdEEcXm_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\bIgxdEEcXm_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\bIgxdEEcXm_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\bIgxdEEcXm_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\bIgxdEEcXm_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\bIgxdEEcXm_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\bIgxdEEcXm_RASMANCS
FileDirectory
There are 5 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
972000
unkown
page readonly
 malicious
3050000
trusted library allocation
page read and write
2C7E000
stack
page read and write
1135000
trusted library allocation
page execute and read and write
110D000
trusted library allocation
page execute and read and write
2E41000
trusted library allocation
page read and write
748D000
stack
page read and write
7E30000
heap
page read and write
329E000
trusted library allocation
page read and write
6D8E000
stack
page read and write
75CE000
stack
page read and write
6730000
trusted library allocation
page read and write
3266000
trusted library allocation
page read and write
10F3000
trusted library allocation
page execute and read and write
4D78000
trusted library allocation
page read and write
6EED000
stack
page read and write
2D71000
trusted library allocation
page read and write
6360000
trusted library allocation
page read and write
7330000
heap
page read and write
ACB000
stack
page read and write
10EE000
stack
page read and write
102C000
stack
page read and write
2D60000
heap
page read and write
62F1000
heap
page read and write
1137000
trusted library allocation
page execute and read and write
5273000
trusted library allocation
page read and write
30DC000
trusted library allocation
page read and write
7810000
trusted library allocation
page execute and read and write
62B4000
heap
page read and write
3237000
trusted library allocation
page read and write
1126000
trusted library allocation
page execute and read and write
52E4000
trusted library allocation
page read and write
592F000
trusted library allocation
page read and write
32E6000
trusted library allocation
page read and write
3320000
trusted library allocation
page read and write
2CF0000
trusted library allocation
page read and write
324A000
trusted library allocation
page read and write
6260000
heap
page read and write
2D08000
trusted library allocation
page read and write
55FD000
stack
page read and write
112A000
trusted library allocation
page execute and read and write
3256000
trusted library allocation
page read and write
125B000
heap
page read and write
5912000
trusted library allocation
page read and write
2D10000
heap
page read and write
795E000
stack
page read and write
2D2E000
trusted library allocation
page read and write
76CD000
stack
page read and write
3D71000
trusted library allocation
page read and write
7960000
trusted library allocation
page read and write
3EE6000
trusted library allocation
page read and write
3E96000
trusted library allocation
page read and write
304E000
trusted library allocation
page read and write
63A0000
trusted library allocation
page read and write
10F0000
trusted library allocation
page read and write
3347000
trusted library allocation
page read and write
63B0000
trusted library allocation
page read and write
1212000
heap
page read and write
1567000
heap
page read and write
32F4000
trusted library allocation
page read and write
7C2D000
stack
page read and write
63E0000
trusted library allocation
page execute and read and write
52D0000
trusted library allocation
page read and write
11D0000
heap
page read and write
6400000
trusted library allocation
page execute and read and write
6315000
heap
page read and write
119E000
stack
page read and write
6DEB000
stack
page read and write
2CBC000
stack
page read and write
5276000
trusted library allocation
page read and write
2E3B000
trusted library allocation
page read and write
53F0000
trusted library allocation
page read and write
6420000
trusted library allocation
page read and write
330E000
trusted library allocation
page read and write
7B6F000
unkown
page read and write
71E0000
heap
page read and write
11DA000
heap
page read and write
113B000
trusted library allocation
page execute and read and write
6334000
heap
page read and write
2D4D000
trusted library allocation
page read and write
6740000
trusted library allocation
page read and write
2D13000
heap
page read and write
6F10000
trusted library allocation
page execute and read and write
5400000
trusted library allocation
page execute and read and write
2D20000
trusted library allocation
page read and write
1110000
heap
page read and write
5250000
trusted library allocation
page read and write
54BE000
stack
page read and write
6380000
trusted library allocation
page execute and read and write
2E3D000
trusted library allocation
page read and write
3E75000
trusted library allocation
page read and write
592A000
trusted library allocation
page read and write
65EF000
stack
page read and write
64E0000
trusted library allocation
page execute and read and write
7A6B000
stack
page read and write
593A000
trusted library allocation
page read and write
60EC000
stack
page read and write
32DE000
trusted library allocation
page read and write
7E40000
trusted library allocation
page read and write
5919000
trusted library allocation
page read and write
5420000
heap
page execute and read and write
5915000
trusted library allocation
page read and write
5280000
trusted library allocation
page read and write
1273000
heap
page read and write
325B000
trusted library allocation
page read and write
5390000
trusted library allocation
page execute and read and write
1100000
trusted library allocation
page read and write
11DE000
heap
page read and write
593F000
trusted library allocation
page read and write
3207000
trusted library allocation
page read and write
970000
unkown
page readonly
313D000
trusted library allocation
page read and write
F9E000
stack
page read and write
125F000
heap
page read and write
53FC000
trusted library allocation
page read and write
3250000
trusted library allocation
page read and write
6230000
trusted library allocation
page read and write
3271000
trusted library allocation
page read and write
6274000
heap
page read and write
55BE000
stack
page read and write
58CE000
stack
page read and write
3E80000
trusted library allocation
page read and write
2F50000
trusted library allocation
page read and write
1122000
trusted library allocation
page read and write
2D2B000
trusted library allocation
page read and write
1150000
trusted library allocation
page read and write
6750000
trusted library allocation
page read and write
62B9000
heap
page read and write
F10000
heap
page read and write
802D000
stack
page read and write
BC8000
stack
page read and write
2D46000
trusted library allocation
page read and write
5910000
trusted library allocation
page read and write
FE5000
heap
page read and write
5935000
trusted library allocation
page read and write
732C000
stack
page read and write
11F8000
heap
page read and write
2F72000
trusted library allocation
page read and write
53F9000
trusted library allocation
page read and write
6410000
trusted library allocation
page execute and read and write
785D000
stack
page read and write
11C0000
trusted library allocation
page execute and read and write
106E000
unkown
page read and write
FE0000
heap
page read and write
5410000
trusted library allocation
page read and write
3315000
trusted library allocation
page read and write
F5E000
stack
page read and write
2CD0000
trusted library allocation
page read and write
2CF9000
trusted library allocation
page read and write
627C000
heap
page read and write
10F4000
trusted library allocation
page read and write
6362000
trusted library allocation
page read and write
758D000
stack
page read and write
6390000
trusted library allocation
page execute and read and write
2CC0000
heap
page execute and read and write
622A000
stack
page read and write
32E8000
trusted library allocation
page read and write
70DA000
stack
page read and write
3327000
trusted library allocation
page read and write
7F20000
heap
page read and write
5270000
trusted library allocation
page read and write
10FD000
trusted library allocation
page execute and read and write
2CE0000
trusted library allocation
page read and write
7090000
trusted library allocation
page execute and read and write
702E000
stack
page read and write
612C000
stack
page read and write
10AE000
unkown
page read and write
646E000
stack
page read and write
2D00000
trusted library allocation
page read and write
6EF0000
trusted library section
page read and write
590C000
stack
page read and write
2D3E000
trusted library allocation
page read and write
7FB40000
trusted library allocation
page execute and read and write
7D2D000
stack
page read and write
32D5000
trusted library allocation
page read and write
62B6000
heap
page read and write
52CD000
stack
page read and write
2E10000
trusted library allocation
page read and write
4F0D000
stack
page read and write
66EE000
stack
page read and write
FD0000
trusted library allocation
page read and write
2CDC000
trusted library allocation
page read and write
1117000
heap
page read and write
1132000
trusted library allocation
page read and write
6DA0000
trusted library allocation
page execute and read and write
54FE000
stack
page read and write
3E90000
trusted library allocation
page read and write
3E6D000
trusted library allocation
page read and write
2D41000
trusted library allocation
page read and write
11A0000
heap
page read and write
546F000
stack
page read and write
7EAE000
stack
page read and write
5928000
trusted library allocation
page read and write
1130000
trusted library allocation
page read and write
323E000
trusted library allocation
page read and write
3301000
trusted library allocation
page read and write
2D3A000
trusted library allocation
page read and write
2CD9000
trusted library allocation
page read and write
63F1000
trusted library allocation
page read and write
5283000
trusted library allocation
page read and write
62BB000
heap
page read and write
52E0000
trusted library allocation
page read and write
13C9000
stack
page read and write
1120000
trusted library allocation
page read and write
722D000
stack
page read and write
1560000
heap
page read and write
2E6E000
trusted library allocation
page read and write
6370000
trusted library allocation
page read and write
62A2000
heap
page read and write
71D9000
stack
page read and write
7080000
heap
page read and write
2E1B000
trusted library allocation
page read and write
1205000
heap
page read and write
5FEE000
stack
page read and write
E30000
heap
page read and write
4D70000
trusted library allocation
page read and write
6F20000
trusted library allocation
page read and write
There are 207 hidden memdumps, click here to show them.