IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
CSV text
dropped
malicious

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
malicious

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableIOAVProtection
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableRealtimeMonitoring
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
DisableNotifications
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
AUOptions
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
AutoInstallMinorUpdates
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
NoAutoRebootWithLoggedOnUsers
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
UseWUServer
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
DoNotConnectToWindowsUpdateInternetLocations
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
TamperProtection

Memdumps

Base Address
Regiontype
Protect
Malicious
206000
unkown
page write copy
6F00000
heap
page execute and read and write
46B0000
direct allocation
page read and write
4990000
trusted library allocation
page read and write
2ACF000
stack
page read and write
273E000
stack
page read and write
420F000
stack
page read and write
2CCF000
stack
page read and write
5BB5000
trusted library allocation
page read and write
46C1000
heap
page read and write
330F000
stack
page read and write
46B0000
direct allocation
page read and write
402000
unkown
page execute and read and write
410E000
stack
page read and write
5C0000
heap
page read and write
47D0000
direct allocation
page read and write
4B2000
unkown
page execute and read and write
A4E000
stack
page read and write
A70000
heap
page read and write
431000
unkown
page execute and read and write
A74000
heap
page read and write
2BCF000
stack
page read and write
320E000
stack
page read and write
4B91000
trusted library allocation
page read and write
27C0000
heap
page read and write
A74000
heap
page read and write
47D0000
direct allocation
page read and write
4A50000
heap
page execute and read and write
3BCF000
stack
page read and write
6EEE000
stack
page read and write
5B94000
trusted library allocation
page read and write
6D2D000
stack
page read and write
4B8E000
stack
page read and write
3E9000
unkown
page execute and write copy
334E000
stack
page read and write
46D0000
heap
page read and write
36E000
unkown
page execute and write copy
4980000
trusted library allocation
page read and write
A74000
heap
page read and write
31CF000
stack
page read and write
200000
unkown
page readonly
2F4F000
stack
page read and write
47D0000
direct allocation
page read and write
3CF000
unkown
page execute and write copy
49C000
unkown
page execute and write copy
277E000
stack
page read and write
29CF000
stack
page read and write
46C1000
heap
page read and write
35CE000
stack
page read and write
3A8F000
stack
page read and write
4973000
trusted library allocation
page execute and read and write
3FA000
unkown
page execute and write copy
2F8E000
stack
page read and write
36CF000
stack
page read and write
3D7000
unkown
page execute and read and write
2D0E000
stack
page read and write
46B0000
direct allocation
page read and write
424E000
stack
page read and write
200000
unkown
page read and write
A74000
heap
page read and write
443000
unkown
page execute and read and write
216000
unkown
page execute and write copy
A74000
heap
page read and write
47C0000
trusted library allocation
page read and write
4A70000
trusted library allocation
page read and write
46B0000
direct allocation
page read and write
496E000
stack
page read and write
4690000
direct allocation
page read and write
8F9000
stack
page read and write
4984000
trusted library allocation
page read and write
46B0000
direct allocation
page read and write
4820000
trusted library allocation
page read and write
3D4E000
stack
page read and write
30CE000
stack
page read and write
38F000
unkown
page execute and read and write
4A3000
unkown
page execute and write copy
3CA000
unkown
page execute and write copy
3EC000
unkown
page execute and read and write
3E8E000
stack
page read and write
3F8F000
stack
page read and write
3F9000
unkown
page execute and read and write
A74000
heap
page read and write
410000
unkown
page execute and write copy
3F6000
unkown
page execute and write copy
26FF000
stack
page read and write
5B91000
trusted library allocation
page read and write
54C000
stack
page read and write
46B0000
direct allocation
page read and write