IOCReport

loading gif

Files

File Path
Type
Category
Malicious
SecuriteInfo.com.Variant.Razy.845229.13077.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Local\Temp\tmp167E.tmp
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
Non-ISO extended-ASCII text, with no line terminators
dropped
malicious
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
clean
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\RegAsm.exe.log
ASCII text, with CRLF line terminators
modified
clean
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\dhcpmon.exe.log
ASCII text, with CRLF line terminators
modified
clean
C:\Users\user\AppData\Local\Temp\tmp19AB.tmp
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\task.dat
ASCII text, with no line terminators
dropped
clean
\Device\ConDrv
ASCII text, with CRLF line terminators
dropped
clean

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.845229.13077.exe
'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.845229.13077.exe'
malicious
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.845229.13077.exe'
malicious
C:\Windows\SysWOW64\schtasks.exe
'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp167E.tmp'
malicious
C:\Windows\SysWOW64\schtasks.exe
'schtasks.exe' /create /f /tn 'DHCP Monitor Task' /xml 'C:\Users\user\AppData\Local\Temp\tmp19AB.tmp'
malicious
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe 0
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
clean
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
clean
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
clean
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
clean
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe' 0
clean
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
clean
There are 1 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://mtspsmjeli.sch.id/cl/Maly%20nanocre%202021_ECMFFfzt176.bin
103.150.60.242
malicious

Domains

Name
IP
Malicious
mtspsmjeli.sch.id
103.150.60.242
malicious
ghsgatvxbznmklopwagdhusvxbznxgtewuahjkop.ydns.eu
10.2.118.40
clean

IPs

IP
Domain
Country
Active
Malicious
103.150.60.242
unknown
unknown
unknown
malicious
10.2.118.40
unknown
unknown
unknown
clean

Registry

Path
Value
Malicious
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
DHCP Monitor
clean

Memdumps

Base Address
Regiontype
Protect
Malicious
5122000
unkown
page read and write
clean
23885FDD000
unkown
page read and write
clean
DA0000
unkown
page read and write
clean
28020100000
unkown
page read and write
clean
28020400000
unkown
page read and write
clean
239FB600000
unkown
page read and write
clean
28897613000
unkown
page read and write
clean
23885FD8000
unkown
page read and write
clean
7FF529A9B000
unkown
page readonly
clean
B9CE47B000
unkown
page read and write
clean
7FF52609B000
unkown
page readonly
clean
7FF5E2F40000
unkown
page readonly
clean
20C0000
heap private
page read and write
clean
1FA78000
unkown
page read and write
clean
2801AC13000
unkown
page read and write
clean
7FF5730D9000
unkown
page readonly
clean
1A8C166F000
unkown
page read and write
clean
23885FCB000
unkown
page read and write
clean
2801BF60000
unkown
page read and write
clean
958000
heap default
page read and write
clean
6FA000
stack
page read and write
clean
23059040000
heap default
page read and write
clean
23059308000
unkown
page read and write
clean
BDCBC7F000
unkown
page read and write
clean
23885FCB000
unkown
page read and write
clean
E21097F000
unkown
page read and write
clean
C6E4C75000
unkown
page read and write
clean
23885FCB000
unkown
page read and write
clean
7FF58243E000
unkown
page readonly
clean
23885F1D000
unkown
page read and write
clean
24D64B50000
unkown
page write copy
clean
24D68002000
unkown
page read and write
clean
DA84E7E000
unkown
page read and write
clean
97C31FE000
unkown
page read and write
clean
24D67310000
unkown
page read and write
clean