IOC Report
Products Order.exe

loading gif

Files

File Path
Type
Category
Malicious
Products Order.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Products Order.exe.log
CSV text
dropped
C:\Users\user\AppData\Roaming\188E93\31437F.lck
very short file (no magic)
dropped
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\89dad5d484a9f889a3a8dfca823edc3e_9e146be9-c76a-4720-bcdb-53011b87bd06
data
dropped

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\Products Order.exe
"C:\Users\user\Desktop\Products Order.exe"
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
malicious

URLs

Name
IP
Malicious
http://kbfvzoboss.bid/alien/fre.php
malicious
45.90.57.51/big/five/fre.php
malicious
http://alphastand.win/alien/fre.php
malicious
http://45.90.57.51/big/five/fre.php
45.90.57.51
malicious
http://alphastand.trade/alien/fre.php
malicious
http://alphastand.top/alien/fre.php
malicious
http://www.ibsensoftware.com/
unknown

IPs

IP
Domain
Country
Malicious
45.90.57.51
unknown
Bulgaria
malicious

Memdumps

Base Address
Regiontype
Protect
Malicious
400000
remote allocation
page execute and read and write
malicious
2A2D000
trusted library allocation
page read and write
malicious
12AA6000
trusted library allocation
page read and write
malicious
4B6000
unkown
page readonly
malicious
778000
heap
page read and write
malicious
2D82000
trusted library allocation
page read and write
1C000
unkown
page readonly
2E7B000
trusted library allocation
page read and write
2BF8000
trusted library allocation
page read and write
7FF848E0D000
trusted library allocation
page execute and read and write
29E2000
trusted library allocation
page read and write
2BFA000
trusted library allocation
page read and write
D90000
heap
page read and write
7FF848EA0000
trusted library allocation
page read and write
2A26000
trusted library allocation
page read and write
2A1F000
trusted library allocation
page read and write
10000
unkown
page readonly
2E46000
trusted library allocation
page read and write
580000
heap
page read and write
1A910000
trusted library allocation
page read and write
2C07000
trusted library allocation
page read and write
28DE000
stack
page read and write
2D6B000
trusted library allocation
page read and write
2E81000
trusted library allocation
page read and write
2E48000
trusted library allocation
page read and write
A50000
trusted library section
page read and write
7FF848DFD000
trusted library allocation
page execute and read and write
7FF4893F0000
trusted library allocation
page execute and read and write
2D7E000
trusted library allocation
page read and write
F9E000
stack
page read and write
2DA0000
trusted library allocation
page read and write
7FF848E00000
trusted library allocation
page read and write
2E8A000
trusted library allocation
page read and write
2E3C000
trusted library allocation
page read and write
2A1B000
trusted library allocation
page read and write
2A0D000
trusted library allocation
page read and write
4B1000
unkown
page readonly
2E6A000
trusted library allocation
page read and write
12989000
trusted library allocation
page read and write
1035000
heap
page read and write
4C0000
heap
page read and write
128E8000
trusted library allocation
page read and write
1030000
heap
page read and write
2DA4000
trusted library allocation
page read and write
2D94000
trusted library allocation
page read and write
7FF848ED6000
trusted library allocation
page execute and read and write
2A19000
trusted library allocation
page read and write
2E68000
trusted library allocation
page read and write
29E6000
trusted library allocation
page read and write
12AC0000
trusted library allocation
page read and write
12940000
trusted library allocation
page read and write
29EA000
trusted library allocation
page read and write
2D5F000
trusted library allocation
page read and write
2E4E000
trusted library allocation
page read and write
7FF848DF4000
trusted library allocation
page read and write
1B380000
heap
page read and write
2BDA000
trusted library allocation
page read and write
2BE7000
trusted library allocation
page read and write
2B50000
trusted library allocation
page read and write
2E5D000
trusted library allocation
page read and write
29E4000
trusted library allocation
page read and write
29FC000
trusted library allocation
page read and write
29F7000
trusted library allocation
page read and write
ACF000
heap
page read and write
2D6D000
trusted library allocation
page read and write