IOC Report

loading gif

Files

File Path
Type
Category
Malicious
FACTURAS.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Local\Temp\~DF31A7F5A6505F20A0.TMP
Composite Document File V2 Document, Cannot read section info
dropped
clean
\Device\ConDrv
ASCII text, with CRLF line terminators
dropped
clean

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\FACTURAS.exe
"C:\Users\user\Desktop\FACTURAS.exe"
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
"C:\Users\user\Desktop\FACTURAS.exe"
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
"C:\Users\user\Desktop\FACTURAS.exe"
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
clean
C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
clean

URLs

Name
IP
Malicious
http://schemas.microso
unknown
clean
http://127.0.0.1:HTTP/1.1
unknown
clean
http://DynDns.comDynDNS
unknown
clean
https://doc-08-5k-docs.googleusercontent.com/
unknown
clean
https://sectigo.com/CPS0
unknown
clean
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
unknown
clean
https://drive.google.com/
unknown
clean
http://8AH9aWyWzTn3yBDLZw.net
unknown
clean
https://support.google.com/chrome/?p=plugin_flash
unknown
clean
http://furteksdokuma.com.tr
unknown
clean
https://doc-08-5k-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/rnbptrhp
unknown
clean
https://doc-08-5k-docs.googleusercontent.com/_
unknown
clean
http://mail.furteksdokuma.com.tr
unknown
clean
http://kFWRbv.com
unknown
clean
http://8AH9aWyWzTn3yBDLZw.nett-
unknown
clean
https://doc-08-5k-docs.googleusercontent.com/y
unknown
clean
https://doc-08-5k-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/rnbptrhp3ceb3h105f6050578iidjo4j/1637764800000/06007705055686197661/*/150165GSkz9-m3FahfFvn26gkuLRySZPu?e=download
172.217.16.129
clean
https://csp.withgoogle.com/csp/report-to/gse_l9ocaq
unknown
clean
There are 8 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
furteksdokuma.com.tr
116.202.203.61
malicious
mail.furteksdokuma.com.tr
unknown
malicious
drive.google.com
142.250.184.206
clean
googlehosted.l.googleusercontent.com
172.217.16.129
clean
doc-08-5k-docs.googleusercontent.com
unknown
clean

IPs

IP
Domain
Country
Malicious
116.202.203.61
furteksdokuma.com.tr
Germany
malicious
172.217.16.129
googlehosted.l.googleusercontent.com
United States
clean
142.250.184.206
drive.google.com
United States
clean

Memdumps

Base Address
Regiontype
Protect
Malicious
1DD21000
unkown
page read and write
malicious
2290000
unkown
page execute and read and write
malicious
C20000
unkown
page execute and read and write
malicious
7DF56D580000
unkown image
page readonly
clean
7DF548BF0000
unkown image
page readonly
clean
23DBA082000
unkown
page read and write
clean
EF1000
stack
page read and write
clean
7F762000
unkown image
page readonly
clean
253179A0000
unkown
page read and write
clean
1FFC0000
unkown
page read and write
clean
EF0000
stack
page read and write
clean
7FF4FF9A1000
unkown image
page readonly
clean
9E1000
unkown
page read and write
clean
7FF55A68D000
unkown image
page readonly
clean
224F0B91000
unkown image
page readonly
clean
1CC71000
unkown
page read and write
clean
253169E0000
unkown image
page readonly
clean
272F9EA0000
heap private
page read and write
clean
23DBA0AA000
unkown
page read and write
clean
1CC71000
unkown
page read and write
clean
1307CD20000
unkown
page read and write
clean
24CD2647000
unkown
page read and write
clean
23DBA072000
unkown
page read and write
clean
1FFC0000
unkown
page read and write
clean
1FFC5000
unkown
page read and write
clean
9E0000
unkown
page read and write
clean
EF0000
stack
page read and write
clean
7FF4FFA6A000
unkown image
page readonly
clean
1CC71000
unkown
page read and write
clean
EF1000
stack
page read and write
clean
2128E000
stack
page read and write
clean
7FF55C8FF000
unkown image
page readonly
clean
1CDD62A0000
unkown
page read and write
clean
1CDD5C54000
unkown
page read and write
clean
11A0000
stack
page read and write
clean
1CC71000
unkown
page read and write
clean