IOC Report
rPurchaseOrder300610-PDF.exe

loading gif

Files

File Path
Type
Category
Malicious
rPurchaseOrder300610-PDF.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Local\Temp\Maianthemum
data
dropped
C:\Users\user\AppData\Local\Temp\autCE2F.tmp
data
dropped
C:\Users\user\AppData\Local\Temp\autCE6E.tmp
data
dropped
C:\Users\user\AppData\Local\Temp\turbinate
ASCII text, with very long lines (28740), with no line terminators
dropped

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\rPurchaseOrder300610-PDF.exe
"C:\Users\user\Desktop\rPurchaseOrder300610-PDF.exe"
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
"C:\Users\user\Desktop\rPurchaseOrder300610-PDF.exe"
malicious

URLs

Name
IP
Malicious
https://sectigo.com/CPS0
unknown
https://account.dyn.com/
unknown
http://srv.masternic.net
unknown

Domains

Name
IP
Malicious
srv.masternic.net
174.141.234.138
malicious

IPs

IP
Domain
Country
Malicious
174.141.234.138
srv.masternic.net
United States
malicious

Memdumps

Base Address
Regiontype
Protect
Malicious
3630000
direct allocation
page read and write
malicious
319E000
trusted library allocation
page read and write
malicious
402000
system
page execute and read and write
malicious
31C9000
trusted library allocation
page read and write
malicious
3151000
trusted library allocation
page read and write
malicious
142E000
heap
page read and write
1548000
heap
page read and write
3DDD000
direct allocation
page read and write
55D0000
trusted library allocation
page read and write
FBE000
stack
page read and write
7E0000
unkown
page readonly
3E4E000
direct allocation
page read and write
3C33000
direct allocation
page read and write
9F0000
heap
page read and write
6D90000
heap
page read and write
1400000
trusted library allocation
page read and write
15E1000
heap
page read and write
14CD000
heap
page read and write
173B000
trusted library allocation
page execute and read and write
6620000
trusted library allocation
page read and write
1722000
trusted library allocation
page read and write
65DF000
stack
page read and write
641B000
heap
page read and write
31B9000
trusted library allocation
page read and write
2F78000
trusted library allocation
page read and write
1E2E000
stack
page read and write
518C000
stack
page read and write
1263000
heap
page read and write
2F4E000
stack
page read and write
5630000
trusted library allocation
page read and write
3CB0000
direct allocation
page read and write
6DA0000
trusted library allocation
page execute and read and write
3B10000
direct allocation
page read and write
653E000
stack
page read and write
1360000
heap
page read and write
1612000
heap
page read and write
62DE000
stack
page read and write
661D000
stack
page read and write
6D60000
trusted library allocation
page read and write
5C10000
trusted library allocation
page read and write
1481000
heap
page read and write
36D0000
heap
page read and write
89F000
unkown
page write copy
5670000
heap
page read and write
560D000
trusted library allocation
page read and write
14A1000
heap
page read and write
1730000
trusted library allocation
page read and write
1737000
trusted library allocation
page execute and read and write
1230000
heap
page read and write
1487000
heap
page read and write
3CB0000
direct allocation
page read and write
1726000
trusted library allocation
page execute and read and write
6404000
heap
page read and write
63F0000
heap
page read and write
1594000
heap
page read and write
1735000
trusted library allocation
page execute and read and write
1448000
heap
page read and write
1080000
heap
page read and write
3CB0000
direct allocation
page read and write
3E4E000
direct allocation
page read and write
FFC000
stack
page read and write
6C1F000
stack
page read and write
4151000
trusted library allocation
page read and write
14F4000
heap
page read and write
528D000
stack
page read and write