IOCReport

loading gif

Files

File Path
Type
Category
Malicious
vCVJO4xhuE.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
data
dropped
malicious
C:\Users\user\AppData\Roaming\Gfxv2_0\RMActivate_isv.exe.bat
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sdchange.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Sep 15 16:03:18 2021, mtime=Wed Sep 15 16:03:18 2021, atime=Wed Sep 15 16:03:18 2021, length=1254056, window=hide
dropped
clean

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\vCVJO4xhuE.exe
'C:\Users\user\Desktop\vCVJO4xhuE.exe'
malicious
C:\Users\user\AppData\Roaming\Gfxv2_0\RMActivate_isv.exe.bat
'C:\Users\user\AppData\Roaming\Gfxv2_0\RMActivate_isv.exe.bat'
malicious
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
malicious

URLs

Name
IP
Malicious
malicious
megida.hopto.org
malicious
http://bot.whatismyipaddress.comc=
unknown
clean
https://api.ipify.org
unknown
clean
https://api.ipify.orgL
unknown
clean
http://bot.whatismyipaddress.comU
unknown
clean
http://www.myexternalip.com/raw
unknown
clean
http://checkip.dyndns.orgmTimeq
unknown
clean
http://checkip.dyndns.orgmTime
unknown
clean

Domains

Name
IP
Malicious
megida.hopto.org
0.0.0.0
malicious

Memdumps

Base Address
Regiontype
Protect
Malicious
39FC000
unkown
page read and write
malicious
3A2D000
unkown
page read and write
malicious
3B0C000
unkown
page read and write
malicious
35BF000
unkown
page read and write
malicious
3919000
unkown
page read and write
malicious
4A04000
unkown
page read and write
malicious
402000
unkown image
page execute and read and write
malicious
351B000
unkown
page read and write
malicious
3971000
unkown
page read and write
malicious
3616000
unkown
page read and write
malicious
4563000
unkown
page read and write
malicious
39C8000
unkown
page read and write
malicious
49D1000
unkown
page read and write
malicious
3152000
unkown image
page execute and read and write
malicious
388E000
unkown
page read and write
malicious
3616000
unkown
page read and write
malicious
3914000
unkown
page read and write
malicious
4A88000
unkown
page read and write
malicious
399C000
unkown
page read and write
malicious
49D1000
unkown
page read and write
malicious
3616000
unkown
page read and write
malicious
3616000
unkown
page read and write
malicious
5DB0000
unkown image
page read and write
malicious
3652000
unkown
page read and write
malicious
3567000
unkown
page read and write
malicious
35EA000
unkown
page read and write
malicious
3110000
unkown
page read and write
clean
D76000
unkown
page read and write
clean
3608000
unkown
page read and write
clean
A55000
unkown
page read and write
clean
293435B0000
unkown image
page readonly
clean
7DF587D30000
unkown image
page readonly
clean
57B6000
unkown
page read and write
clean
7DF5AA490000
unkown image
page readonly
clean
1CCBCED0000
unkown image
page readonly
clean
1D2ABC70000
unkown image
page readonly
clean
A55000
unkown
page read and write
clean
1CCBCBA0000
unkown
page read and write
clean
FE35B7E000
unkown
page read and write
clean
17C49C51000
unkown
page read and write
clean
17C49AB0000
unkown image
page read and write
clean
A54000
unkown
page read and write
clean
29343602000
unkown
page read and write
clean
DA7000
unkown
page read and write
clean
DFE000
unkown
page read and write
clean