IOC Report
u5GtsPYWPJ.exe

loading gif

Files

File Path
Type
Category
Malicious
u5GtsPYWPJ.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Roaming\Count.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\Users\user\AppData\Roaming\Count.exe:Zone.Identifier
ASCII text, with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Count.vbs
ASCII text, with no line terminators
dropped
malicious

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\u5GtsPYWPJ.exe
"C:\Users\user\Desktop\u5GtsPYWPJ.exe"
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
malicious
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6600 -s 1144

URLs

Name
IP
Malicious
https://github.com/mgravell/protobuf-net
unknown
https://github.com/mgravell/protobuf-neti
unknown
https://stackoverflow.com/q/14436606/23354
unknown
https://github.com/mgravell/protobuf-netJ
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
https://stackoverflow.com/q/11564914/23354;
unknown
https://stackoverflow.com/q/2152978/23354
unknown

Memdumps

Base Address
Regiontype
Protect
Malicious
2692000
trusted library allocation
page read and write
malicious
5280000
trusted library section
page read and write
malicious
2A71000
trusted library allocation
page read and write
28AE000
trusted library allocation
page read and write
29D5000
trusted library allocation
page read and write
28C7000
trusted library allocation
page read and write
2610000
heap
page execute and read and write
2ABE000
trusted library allocation
page read and write
4BA0000
trusted library section
page read and write
2B49000
trusted library allocation
page read and write
2A6D000
trusted library allocation
page read and write
29A7000
trusted library allocation
page read and write
28B1000
trusted library allocation
page read and write
2797000
trusted library allocation
page read and write
2A36000
trusted library allocation
page read and write
4E40000
heap
page execute and read and write
2B05000
trusted library allocation
page read and write
27D8000
trusted library allocation
page read and write
2A56000
trusted library allocation
page read and write
2BFB000
trusted library allocation
page read and write
B3F000
trusted library allocation
page read and write
922000
heap
page read and write
2670000
heap
page read and write
29C4000
trusted library allocation
page read and write
29C2000
trusted library allocation
page read and write
29CA000
trusted library allocation
page read and write
28D6000
trusted library allocation
page read and write
2BE2000
trusted library allocation
page read and write
2B81000
trusted library allocation
page read and write
2AD8000
trusted library allocation
page read and write
8E0000
heap
page read and write
2826000
trusted library allocation
page read and write
4E3E000
stack
page read and write
2A88000
trusted library allocation
page read and write
5E0000
heap
page read and write
2981000
trusted library allocation
page read and write
279E000
trusted library allocation
page read and write
2910000
trusted library allocation
page read and write
27A6000
trusted library allocation
page read and write
27AE000
trusted library allocation
page read and write
28A4000
trusted library allocation
page read and write
2678000
heap
page read and write
2B4B000
trusted library allocation
page read and write
2480000
heap
page read and write
2B94000
trusted library allocation
page read and write
277C000
trusted library allocation
page read and write
2966000
trusted library allocation
page read and write
4B71000
trusted library allocation
page read and write
2B5E000
trusted library allocation
page read and write
5340000
trusted library allocation
page execute and read and write
2875000
trusted library allocation
page read and write
2A8C000
trusted library allocation
page read and write
5070000
trusted library allocation
page read and write
2C3C000
trusted library allocation
page read and write
277E000
trusted library allocation
page read and write
5BA0000
trusted library allocation
page read and write
2957000
trusted library allocation
page read and write
29ED000
trusted library allocation
page read and write
2BF3000
trusted library allocation
page read and write
275B000
trusted library allocation
page read and write
9F4000
heap
page read and write
2BF7000
trusted library allocation
page read and write
2971000
trusted library allocation
page read and write
2949000
trusted library allocation
page read and write
290C000
trusted library allocation
page read and write
27AA000
trusted library allocation
page read and write
2B1E000
trusted library allocation
page read and write
5370000
trusted library section
page read and write
2830000
trusted library allocation
page read and write
2A06000
trusted library allocation
page read and write
299C000
trusted library allocation
page read and write
2AA7000
trusted library allocation
page read and write
2774000
trusted library allocation
page read and write
288F000
trusted library allocation
page read and write
2A4C000
trusted library allocation
page read and write
2791000
trusted library allocation
page read and write
293D000
trusted library allocation
page read and write
2B1A000
trusted library allocation
page read and write
2B07000
trusted library allocation
page read and write
29D0000
trusted library allocation
page read and write