IOC Report

loading gif

Files

File Path
Type
Category
Malicious
Arrival Notice, CIA Awb Inv Form.pdf.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Local\Temp\~DF09CCCFC54315C8A8.TMP
Composite Document File V2 Document, Cannot read section info
dropped
clean

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exe
"C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exe"
malicious

Memdumps

Base Address
Regiontype
Protect
Malicious
4BB0000
unkown
page execute and read and write
malicious
2F9E000
unkown image
page read and write
clean
7FF50E42C000
unkown image
page readonly
clean
7FF5905A2000
unkown image
page readonly
clean
7DF5F5332000
unkown image
page readonly
clean
1522CC20000
unkown
page read and write
clean
7FF54CE85000
unkown image
page readonly
clean
7DF591A82000
unkown image
page readonly
clean
1C3EC475000
unkown
page read and write
clean
22F7F767000
unkown
page read and write
clean
7FF5905AC000
unkown image
page readonly
clean
2027583C000
unkown
page read and write
clean
7DF5F5332000
unkown image
page readonly
clean
7DF54E3C2000
unkown image
page readonly
clean
22F7F7AE000
unkown
page read and write
clean
263FAACB000
unkown
page read and write
clean
7FF5AE286000
unkown image
page readonly
clean
7FF54CEF6000
unkown image
page readonly
clean
1A0000
unkown image
page readonly
clean
7FF590500000
unkown image
page readonly
clean
7FF59035F000
unkown image
page readonly
clean
22F7F0C3000
unkown
page read and write
clean
22C68E4A000
unkown
page read and write
clean
22F7F0AC000
unkown
page read and write
clean
15228800000
unkown image
page readonly
clean
7DF5AFBE0000
unkown image
page readonly
clean
1EE36C50000
unkown image
page readonly
clean
7FF5A198C000
unkown image
page readonly
clean
681BAFF000
stack
page read and write
clean
7FF5AE54D000
unkown image
page readonly
clean
20275908000
unkown
page read and write
clean
1EE36670000
unkown
page read and write
clean
7FF50E596000
unkown image
page readonly
clean
7FF5B9785000
unkown image
page readonly
clean
7FF590392000
unkown image
page readonly
clean
7FF590585000
unkown image
page readonly
clean
95A17FF000
stack
page read and write
clean
7DF51E3F2000
unkown image
page readonly
clean
7FF50E5A5000
unkown image
page readonly
clean
22F7F792000
unkown
page read and write
clean
15228610000
unkown image
page read and write
clean
681B47C000
stack
page read and write
clean
7DF59D030000
unkown image
page readonly
clean
1007FE000
stack
page read and write
clean
7FF5A17C5000
unkown image
page readonly
clean
1EE365F0000
unkown
page read and write
clean
7FF50E5B3000
unkown image
page readonly
clean
15227690000
unkown image
page readonly
clean
7FF59B989000
unkown image
page readonly
clean
7FF5904AC000
unkown image
page readonly
clean
22F7F026000
unkown
page read and write
clean
40000
unkown image
page readonly
clean
1EE36629000
unkown
page read and write
clean
95A11CE000
stack
page read and write
clean
7FF59BAC5000
unkown image
page readonly
clean
7FF51CCF2000
unkown image
page readonly
clean
4BB0000
unkown
page read and write
clean
7FF59BA1A000
unkown image
page readonly
clean
7DF51E3E2000
unkown image
page readonly
clean
19EA4D02000
unkown
page read and write
clean
7DF54E3D2000
unkown image
page readonly
clean
7FF57F5B0000
unkown image
page readonly
clean
100CFF000
stack
page read and write
clean
2EC0000
unkown image
page readonly
clean
7DF50FA00000
unkown image
page readonly
clean
7FF5A1729000
unkown image
page readonly
clean
7FF59B6EC000
unkown image
page readonly
clean
15227876000
unkown
page read and write
clean
15228113000
unkown
page read and write
clean
7CD3E7E000
stack
page read and write
clean
7FF54CE7F000
unkown image
page readonly
clean
263FB332000
unkown
page read and write
clean
7FF5A18F5000
unkown image
page readonly
clean