IOCReport

loading gif

Files

File Path
Type
Category
Malicious
41609787.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Local\Temp\posekiggerne\optrner.exe
data
dropped
clean
C:\Users\user\AppData\Roaming\Runtime2021\xlogs201.dat
data
dropped
clean

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\41609787.exe
'C:\Users\user\Desktop\41609787.exe'
malicious
C:\Program Files (x86)\Internet Explorer\ieinstal.exe
'C:\Users\user\Desktop\41609787.exe'
malicious
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
clean
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
clean
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
clean

URLs

Name
IP
Malicious
https://smokeadmsend.online/loade
malicious
https://smokeadmsend.online/loader/1ArmadaNac1copia_YCusoPusF143.bin
unknown
clean
https://smokeadmsend.online/loader/1ArmadaNac1copia_YCusoPusF143.binwininet.dllMozilla/5.0
unknown
clean

Domains

Name
IP
Malicious
smokeadmsend.online
198.54.115.48
malicious
databasepropersonombrecomercialideasearchwords.services
186.169.69.166
malicious

IPs

IP
Domain
Country
Malicious
186.169.69.166
databasepropersonombrecomercialideasearchwords.services
Colombia
malicious
198.54.115.48
smokeadmsend.online
United States
malicious

Registry

Path
Value
Malicious
C:\Users\user\Desktop\41609787.exe
trophoplasmatic
clean
C:\Program Files (x86)\Internet Explorer\ieinstal.exe
SPINTOS
clean
C:\Program Files (x86)\Internet Explorer\ieinstal.exe
exepath
clean
C:\Program Files (x86)\Internet Explorer\ieinstal.exe
licence
clean

Memdumps

Base Address
Regiontype
Protect
Malicious
32B5000
heap default
page read and write
malicious
2100000
unkown
page execute and read and write
malicious
7FF50E399000
unkown
page readonly
clean
7FF51FABF000
unkown
page readonly
clean
170754F0000
heap default
page read and write
clean
7FF531649000
unkown
page readonly
clean
7FF565DBA000
unkown
page readonly
clean
1FF4585F000
unkown
page read and write
clean
1F65DC61000
unkown
page read and write
clean
7FF4F9E62000
unkown
page readonly
clean
1F65DC00000
unkown
page read and write
clean
1EBDF000
unkown
page read and write
clean
342F000
unkown
page read and write
clean
9E953F7000
unkown
page read and write
clean
7FF50E36A000
unkown
page readonly
clean
21DBB4D0000
unkown
page readonly
clean
1E7DE000
unkown
page read and write
clean
170753F0000
unkown
page read and write
clean
201E9E66000
unkown
page read and write
clean
1707555A000
unkown
page read and write
clean
7FF4F9EC6000
unkown
page readonly
clean
1E7FCAE9000
unkown
page read and write
clean
1D53B940000
unkown
page readonly
clean
21A09602000
unkown
page read and write
clean
7FF531542000
unkown
page readonly
clean
21A09C60000
unkown
page readonly
clean
1F65DAF0000
unkown
page read and write
clean
323E000
unkown
page read and write
clean
7FF51FB14000
unkown
page readonly
clean
2960000
unkown
page read and write
clean
1F659980000
unkown
page read and write
clean
1F658550000
unkown
page read and write
clean
7FF5A074E000
unkown
page readonly
clean
7FF531218000
unkown
page readonly
clean
11B227E000
unkown
page read and write
clean
2820000
unkown
page readonly
clean
21A09580000
unkown
page readonly
clean
1E35D000
unkown
page read and write
clean
1903288A000
unkown
page read and write
clean
1E7FD3AE000
unkown
page read and write
clean
1D53B1F0000
heap default
page read and write
clean
7FF50E15F000
unkown
page readonly
clean
1707552B000
unkown
page read and write
clean
1FF45760000
unkown
page read and write
clean
1FF45850000
unkown
page read and write
clean
7FF565D90000
unkown
page readonly
clean
1E7FD861000
unkown
page read and write
clean
27B7000
unkown
page readonly
clean
7FF5E0DCC000
unkown
page readonly
clean
21DBBA02000
unkown
page read and write
clean