IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
CSV text
dropped
malicious

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
malicious

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableIOAVProtection
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableRealtimeMonitoring
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
DisableNotifications
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
AUOptions
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
AutoInstallMinorUpdates
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
NoAutoRebootWithLoggedOnUsers
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
UseWUServer
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
DoNotConnectToWindowsUpdateInternetLocations
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
TamperProtection

Memdumps

Base Address
Regiontype
Protect
Malicious
396F000
stack
page read and write
28F0000
direct allocation
page read and write
A4A000
heap
page read and write
A40000
heap
page read and write
436F000
stack
page read and write
A4E000
heap
page read and write
9F4000
heap
page read and write
10FD000
unkown
page execute and read and write
3FAF000
stack
page read and write
F06000
unkown
page execute and write copy
9F4000
heap
page read and write
1064000
unkown
page execute and write copy
4A30000
heap
page read and write
9F4000
heap
page read and write
4AD3000
trusted library allocation
page execute and read and write
332F000
stack
page read and write
35EE000
stack
page read and write
9F4000
heap
page read and write
4931000
heap
page read and write
10CF000
unkown
page execute and write copy
6FDE000
stack
page read and write
1113000
unkown
page execute and write copy
1102000
unkown
page execute and read and write
2D2E000
stack
page read and write
9F4000
heap
page read and write
9F4000
heap
page read and write
28EF000
stack
page read and write
AA2000
heap
page read and write
9F4000
heap
page read and write
1072000
unkown
page execute and read and write
3BEF000
stack
page read and write
2920000
heap
page read and write
4A80000
direct allocation
page read and write
2CEF000
stack
page read and write
4A30000
trusted library allocation
page read and write
4A70000
trusted library allocation
page read and write
EF2000
unkown
page execute and write copy
70DE000
stack
page read and write
4B7E000
stack
page read and write
4A80000
direct allocation
page read and write
5EE000
stack
page read and write
EF0000
unkown
page read and write
EFA000
unkown
page execute and write copy
2910000
direct allocation
page read and write
35AF000
stack
page read and write
9F4000
heap
page read and write
4931000
heap
page read and write
9F4000
heap
page read and write
10B9000
unkown
page execute and write copy
C3E000
stack
page read and write
44EE000
stack
page read and write
3AAF000
stack
page read and write
EFA000
unkown
page execute and read and write
9F4000
heap
page read and write
3AEE000
stack
page read and write
1121000
unkown
page execute and write copy
10D6000
unkown
page execute and read and write
9F4000
heap
page read and write
30EE000
stack
page read and write
34AE000
stack
page read and write
2910000
direct allocation
page read and write
6E8C000
stack
page read and write
4930000
heap
page read and write
40EF000
stack
page read and write
2910000
direct allocation
page read and write
4B0B000
trusted library allocation
page execute and read and write
1148000
unkown
page execute and write copy
2910000
direct allocation
page read and write
4931000
heap
page read and write
10EE000
unkown
page execute and write copy
1099000
unkown
page execute and read and write
4AE4000
trusted library allocation
page read and write
2910000
direct allocation
page read and write
4D40000
heap
page execute and read and write
110A000
unkown
page execute and write copy
426E000
stack
page read and write
2910000
direct allocation
page read and write
2910000
direct allocation
page read and write
4AD4000
trusted library allocation
page read and write
4E4E000
stack
page read and write
4A80000
direct allocation
page read and write
3FEE000
stack
page read and write
110C000
unkown
page execute and read and write
118A000
unkown
page execute and write copy
3E6F000
stack
page read and write
9F4000
heap
page read and write
2910000
direct allocation
page read and write
2910000
direct allocation
page read and write
1198000
unkown
page execute and write copy