IOCReport

loading gif

Files

File Path
Type
Category
Malicious
Dimmock5.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
\Device\ConDrv
ASCII text, with CRLF line terminators
dropped
clean

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\Dimmock5.exe
'C:\Users\user\Desktop\Dimmock5.exe'
malicious
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
'C:\Users\user\Desktop\Dimmock5.exe'
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
clean

URLs

Name
IP
Malicious
http://JgAptYOPYbQxfk.net
malicious
http://127.0.0.1:HTTP/1.1
unknown
clean
http://DynDns.comDynDNS
unknown
clean
http://pki.goog/gsr2/GTS1O1.crt0
unknown
clean
http://ENtKzK.com
unknown
clean
http://crl.pki.goog/gsr2/gsr2.crl0?
unknown
clean
https://pki.goog/repository/0
unknown
clean
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
unknown
clean
http://crl.pki.goog/GTS1O1core.crl0
unknown
clean

Domains

Name
IP
Malicious
palacioguevara.com
54.37.255.108
malicious
mail.palacioguevara.com
unknown
malicious
googlehosted.l.googleusercontent.com
172.217.23.33
clean
doc-14-04-docs.googleusercontent.com
unknown
clean

IPs

IP
Domain
Country
Malicious
54.37.255.108
palacioguevara.com
France
malicious
172.217.23.33
googlehosted.l.googleusercontent.com
United States
clean

Memdumps

Base Address
Regiontype
Protect
Malicious
1E0F1000
unkown
page read and write
malicious
1351000
unkown
page execute and read and write
malicious
1D2D0000
unkown
page read and write
clean
7FF4F6FE6000
unkown
page readonly
clean
7FF5E3E86000
unkown
page readonly
clean
1A189F3B000
unkown
page read and write
clean
7FF4F6FFA000
unkown
page readonly
clean
1A189DE0000
unkown
page readonly
clean
1DBD0000
unkown
page read and write
clean
1485A9F0000
unkown
page read and write
clean
7FF51CCA5000
unkown
page readonly
clean
14860110000
unkown
page read and write
clean
7FF50CBAD000
unkown
page readonly
clean
7FF5C5334000
unkown
page readonly
clean
7FF5D4A05000
unkown
page readonly
clean
7FF51CC12000
unkown
page readonly
clean
7FF569F16000
unkown
page readonly
clean
2D2EE7D0000
unkown
page readonly
clean
7FF55776D000
unkown
page readonly
clean
2455CB5F000
unkown
page read and write
clean
1229000
unkown
page read and write
clean
1CE48708000
unkown
page read and write
clean
24D9D919000
unkown
page read and write
clean
2455CAFB000
unkown
page read and write
clean
7FF5C2809000
unkown
page readonly
clean
244C2F40000
unkown
page readonly
clean
933C077000
unkown
page read and write
clean
2455E8D0000
unkown
page read and write
clean
1720000
unkown
page read and write
clean
5F0000
heap private
page read and write
clean
2455EB60000
unkown
page read and write
clean
24D9D650000
unkown
page readonly
clean
1DEF0000
unkown
page read and write
clean
7FF51CAD1000
unkown
page readonly
clean
7FF5D49D6000
unkown
page readonly
clean
7FF59BA39000
unkown
page readonly
clean
7FF520CD8000
unkown
page readonly
clean
3CCD000
unkown
page readonly
clean
1D2D0000
unkown
page read and write
clean
2455CB1C000
unkown
page read and write
clean
1DF1B000
unkown
page execute and read and write
clean
13F69800000
unkown
page readonly
clean
1266E63C000
unkown
page read and write
clean
33D5000
unkown
page readonly
clean
7FF51CADE000
unkown
page readonly
clean
1266000
unkown
page read and write
clean
7FF5205F2000
unkown
page readonly
clean
1485FE20000
unkown
page read and write
clean
2455EBF1000
unkown
page read and write
clean
1CE48700000
unkown
page read and write
clean
1318B3E0000
unkown
page read and write
clean
1DFC0000
unkown
page readonly
clean