IOC Report

loading gif

Files

File Path
Type
Category
Malicious
Hong Tak Engineering SB Payment Receipt 241121_PDF.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Local\Temp\~DFEBA196672956C021.TMP
Composite Document File V2 Document, Cannot read section info
dropped
clean

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\Hong Tak Engineering SB Payment Receipt 241121_PDF.exe
"C:\Users\user\Desktop\Hong Tak Engineering SB Payment Receipt 241121_PDF.exe"
malicious
C:\Program Files (x86)\Internet Explorer\ieinstal.exe
"C:\Users\user\Desktop\Hong Tak Engineering SB Payment Receipt 241121_PDF.exe"
malicious
C:\Program Files (x86)\Internet Explorer\ieinstal.exe
"C:\Users\user\Desktop\Hong Tak Engineering SB Payment Receipt 241121_PDF.exe"
malicious

URLs

Name
IP
Malicious
https://onedrive.live.com/download?cid=7FA6B3
clean

Memdumps

Base Address
Regiontype
Protect
Malicious
560000
unkown
page execute and read and write
malicious
750000
unkown
page execute and read and write
malicious
560000
unkown
page execute and read and write
malicious
7F790000
unkown image
page readonly
clean
25B25F60000
unkown image
page write copy
clean
7F292000
unkown image
page readonly
clean
7FF4FD929000
unkown image
page readonly
clean
EA06A7C000
stack
page read and write
clean
198E7430000
heap default
page read and write
clean
2889BDC0000
unkown image
page readonly
clean
7FF55742E000
unkown image
page readonly
clean
25B2617C000
unkown
page read and write
clean
7FF4FE01A000
unkown image
page readonly
clean
7FF4FDF0C000
unkown image
page readonly
clean
7FF591473000
unkown image
page readonly
clean
25B261A9000
unkown
page read and write
clean
25B2614A000
unkown
page read and write
clean
7FF5573D9000
unkown image
page readonly
clean
7FF557407000
unkown image
page readonly
clean
7FF4FE072000
unkown image
page readonly
clean
7FF51E947000
unkown image
page readonly
clean
165D1390000
unkown
page read and write
clean
25B26180000
unkown
page read and write
clean
25B261C4000
unkown
page read and write
clean
7FF5BA3E7000
unkown image
page readonly
clean
7FF5562DB000
unkown image
page readonly
clean
7FFB0000
unkown image
page readonly
clean
2889BE10000
heap default
page read and write
clean
7FF51EA1A000
unkown image
page readonly
clean
165D0E02000
unkown
page read and write
clean
7F680000
unkown image
page readonly
clean
3B0377000
stack
page read and write
clean
25B26180000
unkown
page read and write
clean
7FF51E929000
unkown image
page readonly
clean
7DF50BD00000
unkown image
page readonly
clean
7DF461EC0000
unkown image
page readonly
clean
198E7300000
unkown
page read and write
clean
7FF51E39C000
unkown image
page readonly
clean
25B26603000
unkown
page read and write
clean
25B25829000
unkown
page read and write
clean
25B26183000
unkown
page read and write
clean
7DF5C8122000
unkown image
page readonly
clean
25B26002000
unkown
page read and write
clean
15862600000
unkown image
page readonly
clean
25B258AA000
unkown
page read and write
clean
7F790000
unkown image
page readonly
clean
198E7310000
unkown image
page readonly
clean
25B25CD0000
unkown image
page readonly
clean
15862489000
unkown
page read and write
clean
242C9F1D000
unkown
page read and write
clean
1DCAC7C000
stack
page read and write
clean
5D111F9000
stack
page read and write
clean
7FF556141000
unkown image
page readonly
clean
25B2584B000
unkown
page read and write
clean
25B2584F000
unkown
page read and write
clean
160000
unkown image
page readonly
clean
7FF5573DF000
unkown image
page readonly
clean
165D0E29000
unkown
page read and write
clean
7FF555E77000
unkown image
page readonly
clean
7FF55744A000
unkown image
page readonly
clean
7FF5BA261000
unkown image
page readonly
clean
2C27000
unkown image
page readonly
clean
7FF4FDFC0000
unkown image
page readonly
clean
7FF557325000
unkown image
page readonly
clean
1DCAB7E000
stack
page read and write
clean
15862466000
unkown
page read and write
clean
EA066FF000
stack
page read and write
clean
7FF51E7C6000