IOCReport

loading gif

Files

File Path
Type
Category
Malicious
SecuriteInfo.com.Trojan.Packed2.43183.29557.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Trojan.Packed2.43183.29557.exe.log
ASCII text, with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Local\Temp\AddInProcess32.exe
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.43183.29557.exe
'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.43183.29557.exe'
malicious
C:\Users\user\AppData\Local\Temp\AddInProcess32.exe
C:\Users\user\AppData\Local\Temp\AddInProcess32.exe
malicious
C:\Windows\explorer.exe
malicious
C:\Windows\SysWOW64\systray.exe
C:\Windows\SysWOW64\systray.exe
malicious
C:\Windows\SysWOW64\cmd.exe
/c del 'C:\Users\user\AppData\Local\Temp\AddInProcess32.exe'
clean
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
clean

URLs

Name
IP
Malicious
www.roamallday.com/sadn/
malicious
http://www.mclpay.com/sadn/?9r8=DXfJxxxI+/4CaoDoAzC1V5G6SJQKNuW4mru3KXZlF9SJY6Uq4c9wctugrHKIzz2k7BKt&5jDxn=9rYPWNexEp
13.59.53.244
malicious
http://www.apache.org/licenses/LICENSE-2.0
unknown
clean
http://www.fontbureau.com
unknown
clean
http://www.fontbureau.com/designersG
unknown
clean
http://www.fontbureau.com/designers/?
unknown
clean
http://www.founder.com.cn/cn/bThe
unknown
clean
http://ns.adobe.cobj
unknown
clean
http://ns.adobe.c/gP
unknown
clean
http://www.fontbureau.com/designers?
unknown
clean
http://ns.d
unknown
clean
http://www.granthamrobotics.com/sadn/?5jDxn=9rYPWNexEp&9r8=cvOZMLUYKOYUB2MIVs3brF1aeCykDgyLTnisf2vSTBUNQvDIkJgvRwpKMlOnwLgVr/YP
34.102.136.180
clean
http://www.tiro.com
unknown
clean
http://ns.adobe.cobjP
unknown
clean
http://www.fontbureau.com/designers
unknown
clean
http://ns.adobe.c/g
unknown
clean
http://www.goodfont.co.kr
unknown
clean
http://ns.ado/1P
unknown
clean
http://schema.org/WebPage
unknown
clean
http://www.carterandcone.coml
unknown
clean
http://www.sajatypeworks.com
unknown
clean
http://www.typography.netD
unknown
clean
http://www.fontbureau.com/designers/cabarga.htmlN
unknown
clean
http://www.founder.com.cn/cn/cThe
unknown
clean
http://www.galapagosdesign.com/staff/dennis.htm
unknown
clean
http://fontfabrik.com
unknown
clean
http://www.founder.com.cn/cn
unknown
clean
http://www.fontbureau.com/designers/frere-user.html
unknown
clean
http://www.jiyu-kobo.co.jp/
unknown
clean
http://www.galapagosdesign.com/DPlease
unknown
clean
http://www.fontbureau.com/designers8
unknown
clean
http://www.%s.comPA
unknown
clean
http://www.fonts.com
unknown
clean
http://www.sandoll.co.kr
unknown
clean
http://www.urwpp.deDPlease
unknown
clean
http://www.zhongyicts.com.cn
unknown
clean
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
clean
http://www.sakkal.com
unknown
clean
http://ns.ado/1
unknown
clean
There are 29 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
www.mclpay.com
unknown
malicious
www.granthamrobotics.com
unknown
malicious
prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com
13.59.53.244
clean
granthamrobotics.com
34.102.136.180
clean
www.stealthshop.net
74.220.199.6
clean

IPs

IP
Domain
Country
Malicious
13.59.53.244
prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com
United States
clean
34.102.136.180
granthamrobotics.com
United States
clean

Registry

Path
Value
Malicious
C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.43183.29557.exe
EnableConsoleTracing
clean
C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.43183.29557.exe
EnableFileTracing
clean
C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.43183.29557.exe
EnableAutoFileTracing
clean
C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.43183.29557.exe
EnableConsoleTracing
clean
C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.43183.29557.exe
FileTracingMask
clean
C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.43183.29557.exe
ConsoleTracingMask
clean
C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.43183.29557.exe
MaxFileSize
clean
C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.43183.29557.exe
FileDirectory
clean
C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.43183.29557.exe
EnableFileTracing
clean
C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.43183.29557.exe
EnableAutoFileTracing
clean
C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.43183.29557.exe
EnableConsoleTracing
clean
C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.43183.29557.exe
FileTracingMask
clean
C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.43183.29557.exe
ConsoleTracingMask
clean
C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.43183.29557.exe
MaxFileSize
clean
C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.43183.29557.exe
FileDirectory
clean
There are 5 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
37CC000
unkown
page read and write
malicious
1290000
unkown
page execute and read and write
malicious
400000
unkown
page execute and read and write
malicious
400000
unkown
page execute and read and write
malicious
1180000
unkown
page execute and read and write
malicious