IOC Report
WBQXywne4N.exe

loading gif

Files

File Path
Type
Category
Malicious
WBQXywne4N.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\WBQXywne4N.exe.log
ASCII text, with CRLF line terminators
dropped
malicious

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\WBQXywne4N.exe
"C:\Users\user\Desktop\WBQXywne4N.exe"
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
malicious

URLs

Name
IP
Malicious
cjmancool.dynamic-dns.net
malicious
http://geoplugin.net/json.gp
unknown
http://geoplugin.net/json.gp/C
unknown

Domains

Name
IP
Malicious
cjmancool.dynamic-dns.net
94.78.99.194
malicious

IPs

IP
Domain
Country
Malicious
94.78.99.194
cjmancool.dynamic-dns.net
Turkey
malicious

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Rmc-GAT2GZ
exepath
malicious
HKEY_CURRENT_USER\SOFTWARE\Rmc-GAT2GZ
licence
malicious

Memdumps

Base Address
Regiontype
Protect
Malicious
400000
remote allocation
page execute and read and write
malicious
46C0000
trusted library allocation
page read and write
malicious
6380000
trusted library section
page read and write
malicious
43E9000
trusted library allocation
page read and write
malicious
33E1000
trusted library allocation
page read and write
malicious
4461000
trusted library allocation
page read and write
malicious
4820000
trusted library allocation
page read and write
malicious
45EC000
trusted library allocation
page read and write
malicious
129A000
heap
page read and write
malicious
36C3000
trusted library allocation
page read and write
3876000
trusted library allocation
page read and write
35A5000
trusted library allocation
page read and write
38A6000
trusted library allocation
page read and write
3A78000
trusted library allocation
page read and write
3A1F000
trusted library allocation
page read and write
6860000
trusted library allocation
page read and write
942000
unkown
page execute read
3627000
trusted library allocation
page read and write
3494000
trusted library allocation
page read and write
3602000
trusted library allocation
page read and write
39B2000
trusted library allocation
page read and write
34CD000
trusted library allocation
page read and write
37F6000
trusted library allocation
page read and write
35E4000
trusted library allocation
page read and write
3AB9000
trusted library allocation
page read and write
3922000
trusted library allocation
page read and write
39AC000
trusted library allocation
page read and write
6B50000
heap
page read and write
17E7000
trusted library allocation
page execute and read and write
184E000
stack
page read and write
38F8000
trusted library allocation
page read and write
3867000
trusted library allocation
page read and write
385D000
trusted library allocation
page read and write
37A3000
trusted library allocation
page read and write
7D44000
heap
page read and write
1180000
heap
page read and write
39A4000
trusted library allocation
page read and write
398D000
trusted library allocation
page read and write
83D2000
trusted library allocation
page read and write
3A40000
trusted library allocation
page read and write
DCC000
stack
page read and write
3882000
trusted library allocation
page read and write
3500000
trusted library allocation
page read and write
3686000
trusted library allocation
page read and write
3380000
trusted library allocation
page read and write
3688000
trusted library allocation
page read and write
3646000
trusted library allocation
page read and write
37B2000
trusted library allocation
page read and write
39DC000
trusted library allocation
page read and write
3B23000
trusted library allocation
page read and write
3B1D000
trusted library allocation
page read and write
151E000
stack
page read and write
17BD000
trusted library allocation
page execute and read and write
369F000
trusted library allocation
page read and write
36B2000
trusted library allocation
page read and write
6510000
heap
page read and write
3140000
trusted library allocation
page execute and read and write
35FB000
trusted library allocation
page read and write
3AE9000
trusted library allocation
page read and write
35AA000
trusted library allocation
page read and write
38E9000
trusted library allocation
page read and write
3941000
trusted library allocation
page read and write
931000
unkown
page execute read
6B96000
heap
page read and write
397C000
trusted library allocation
page read and write
3640000
trusted library allocation
page read and write