IOC Report

loading gif

Files

File Path
Type
Category
Malicious
request-0132311.xlsb
Microsoft Excel 2007+
initial sample
malicious
C:\ProgramData\vULADISfrveNTj.rtf
HTML document, ASCII text, with very long lines, with CRLF line terminators
dropped
malicious
C:\Users\user\Desktop\~$request-0132311.xlsb
data
dropped
malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2A714D2F.png
PNG image data, 224 x 317, 8-bit/color RGBA, non-interlaced
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C7F83466.png
PNG image data, 284 x 58, 8-bit/color RGB, non-interlaced
dropped
clean

Processes

Path
Cmdline
Malicious
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
malicious
C:\Windows\System32\wbem\WMIC.exe
wmic process call create "mshta C:\ProgramData\vULADISfrveNTj.rtf"
malicious
C:\Windows\System32\mshta.exe
mshta C:\ProgramData\vULADISfrveNTj.rtf
clean

URLs

Name
IP
Malicious
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
unknown
clean
http://www.windows.com/pctv.
unknown
clean
http://investor.msn.com
unknown
clean
http://www.msnbc.com/news/ticker.txt
unknown
clean
http://www.%s.comPA
unknown
clean
http://www.icra.org/vocabulary/.
unknown
clean
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
unknown
clean
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
unknown
clean
http://www.hotmail.com/oe
unknown
clean
http://servername/isapibackend.dll
unknown
clean
http://investor.msn.com/
unknown
clean
There are 1 hidden URLs, click here to show them.

IPs

IP
Domain
Country
Malicious
136.144.181.174
unknown
Netherlands
clean

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
aw'
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
MTTT
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
ReviewToken
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\2CA51
2CA51
clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
VBAFiles
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
r~'
clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
ProductNonBootFilesIntl_1033
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
LastPurgeTime
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
EXCELFiles
clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
ProductNonBootFilesIntl_1033
clean
There are 4 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
2260000
unkown
page read and write
clean
3417000
unkown image
page readonly
clean
7FFFFFD0000
unkown image
page readonly
clean
4807000
unkown
page read and write
clean
2D5C000
unkown
page read and write
clean
2D5A000
unkown
page read and write
clean
46F000
unkown
page read and write
clean
35C000
unkown
page read and write
clean
21DC000
unkown
page read and write
clean
29FF000
stack
page read and write
clean
1BA000
heap private
page read and write
clean
7FFFFFB0000
unkown image
page readonly
clean
46A000
unkown
page read and write
clean
1F94000
heap private
page read and write
clean
47F6000
unkown
page read and write
clean
2D5B000
unkown
page read and write
clean
7FFFFFC2000
unkown image
page readonly
clean
2230000
unkown
page read and write
clean
48B000
unkown
page read and write
clean
5B0000
heap private
page read and write
clean
47F0000
unkown
page read and write
clean
30000
unkown image
page readonly
clean
324000
unkown
page read and write
clean
46F000
unkown
page read and write
clean
2240000
unkown
page read and write
clean
2CD0000
heap private
page read and write
clean
1B0000
heap private
page read and write
clean
567000
heap default
page read and write
clean
43B000
unkown
page read and write
clean
430000
unkown
page read and write
clean
7FFFFFB0000
unkown image
page readonly
clean
300000
unkown image
page read and write
clean
46F000
unkown
page read and write
clean
1FA000
unkown
page read and write
clean
2284000
unkown
page read and write
clean
2800000
unkown
page read and write
clean
4FAF000
stack
page read and write
clean
4C7000
heap default
page read and write
clean
2580000
heap private
page read and write
clean
2214000
unkown
page read and write
clean
32D000
unkown
page read and write
clean
2090000
unkown image
page readonly
clean
582000
heap default
page read and write
clean
46A000
unkown
page read and write
clean
10000
unkown image
page read and write
clean
33C000
unkown
page read and write
clean
21F4000
unkown
page read and write
clean
21CC000
unkown
page read and write
clean
6CEF000
stack
page read and write
clean
46A000
unkown
page read and write
clean
7FFFFFC0000
unkown image
page readonly
clean
BE0000
unkown image
page readonly
clean
236000
unkown
page read and write
clean
2210000
unkown
page read and write
clean
306000
unkown
page read and write
clean
1F9B000
heap private
page read and write
clean
2D52000
unkown
page read and write
clean
20A5000
heap private
page read and write
clean
2208000
unkown
page read and write
clean
20000
unkown image
page read and write
clean
7FFFFFB2000
unkown image
page readonly
clean
1F90000
heap private
page read and write
clean
1BD000
heap private
page read and write
clean
7FFFFFC0000
unkown image
page readonly
clean
21EC000
unkown
page read and write
clean
46F000
unkown
page read and write
clean
3DF000
stack
page read and write
clean
376000
unkown
page read and write
clean
3E0000
heap default
page read and write
clean
27D0000
unkown image
page readonly
clean
A50000
unkown image
page readonly
clean
439000
unkown
page read and write
clean
7FFFFFB2000
unkown image
page readonly
clean
319000
unkown
page read and write
clean
A40000
unkown image
page readonly
clean
225C000
unkown
page read and write
clean
4770000
heap private
page read and write
clean
2C4F000
stack
page read and write
clean
2268000
unkown
page read and write
clean
4FE000
heap default
page read and write
clean
2AFF000
stack
page read and write
clean
480F000
unkown
page read and write
clean
49E0000
heap private
page read and write
clean
46F000
unkown
page read and write
clean
47FD000
unkown
page read and write
clean
3BF9000
heap private
page read and write
clean
4C0000
heap default
page read and write
clean
2860000
heap private
page read and write
clean
550000
heap default
page read and write
clean
7FFFFFC2000
unkown image
page readonly
clean
2D50000
unkown
page read and write
clean
350000
heap private
page read and write
clean
21C8000
unkown
page read and write
clean
2D56000
unkown
page read and write
clean
2264000
unkown
page read and write
clean
30000
unkown image
page readonly
clean
41E000
heap default
page read and write
clean
1F35000
heap private
page read and write
clean
332000
unkown
page read and write
clean
20A0000
heap private
page read and write
clean
21E4000
unkown
page read and write
clean
32C6000
unkown
page read and write
clean
1FF0000
unkown image
page read and write
clean
22C0000
unkown image
page readonly
clean
2D53000
unkown
page read and write
clean
5FD2000
unkown image
page read and write
clean
223C000
unkown
page read and write
clean
379000
unkown
page read and write
clean
21D0000
unkown
page read and write
clean
1B4000
heap private
page read and write
clean
7EFE0000
unkown image
page readonly
clean
40000
unkown image
page readonly
clean
448000
unkown
page read and write
clean
379000
unkown
page read and write
clean
1F7F000
heap private
page read and write
clean
2930000
heap private
page read and write
clean
E0000
unkown image
page read and write
clean
2238000
unkown
page read and write
clean
2229000
unkown
page read and write
clean
27FE000
stack
page read and write
clean
7FFFFFB2000
unkown image
page readonly
clean
224C000
unkown
page read and write
clean
7FFFFFB0000
unkown image
page readonly
clean
7FFFFFC0000
unkown image
page readonly
clean
448000
unkown
page read and write
clean
267B000
heap private
page read and write
clean
20A0000
heap private
page read and write
clean
2750000
heap private
page read and write
clean
42B000
unkown
page read and write
clean
7FFFFFB2000
unkown image
page readonly
clean
4801000
unkown
page read and write
clean
354000
heap private
page read and write
clean
670000
unkown image
page readonly
clean
7FFFFFB0000
unkown image
page readonly
clean
4803000
unkown
page read and write
clean
63C2000
unkown image
page readonly
clean
360000
unkown
page read and write
clean
483E000
unkown
page read and write
clean
10000
unkown image
page read and write
clean
33F000
unkown
page read and write
clean
7FFFFFB2000
unkown image
page readonly
clean
8C0000
unkown image
page readonly
clean
2D59000
unkown
page read and write
clean
30A5000
heap private
page read and write
clean
4E0000
unkown image
page readonly
clean
2219000
unkown
page read and write
clean
2B30000
heap private
page read and write
clean
4811000
unkown
page read and write
clean
3455000
heap private
page read and write
clean
43A000
unkown
page read and write
clean
2010000
unkown
page read and write
clean
1F76000
heap private
page read and write
clean
2E7000
heap default
page read and write
clean
31D000
heap default
page read and write
clean
326000
heap default
page read and write
clean
48B000
unkown
page read and write
clean
1F6B000
heap private
page read and write
clean
4816000
unkown
page read and write
clean
7FFFFFC0000
unkown image
page readonly
clean
7FFFFFD0000
unkown image
page readonly
clean
2C6000
unkown
page read and write
clean
7FFFFFD0000
unkown image
page readonly
clean
3450000
heap private
page read and write
clean
2D54000
unkown
page read and write
clean
7FFFFFD0000
unkown image
page readonly
clean
2DC0000
heap private
page read and write
clean
360000
unkown
page read and write
clean
5A7000
heap default
page read and write
clean
2E0000
heap default
page read and write
clean
561000
heap default
page read and write
clean
343000
unkown
page read and write
clean
2200000
unkown
page read and write
clean
7FFFFFC2000
unkown image
page readonly
clean
1FE0000
unkown image
page readonly
clean
7FFFFFD0000
unkown image
page readonly
clean
494000
unkown
page read and write
clean
328E000
stack
page read and write
clean
2D57000
unkown
page read and write
clean
2120000
unkown image
page readonly
clean
21F0000
unkown
page read and write
clean
150000
unkown
page read and write
clean
3BF0000
heap private
page read and write
clean
480D000
unkown
page read and write
clean
483000
unkown
page read and write
clean
30A0000
heap private
page read and write
clean
48B000
unkown
page read and write
clean
2D51000
unkown
page read and write
clean
2270000
unkown
page read and write
clean
7EFE0000
unkown image
page readonly
clean
2144000
heap private
page read and write
clean
21D8000
unkown
page read and write
clean
2204000
unkown
page read and write
clean
482D000
unkown
page read and write
clean
7FFFFFC2000
unkown image
page readonly
clean
448000
unkown
page read and write
clean
30000
unkown image
page readonly
clean
2140000
heap private
page read and write
clean
7FFFFFC2000
unkown image
page readonly
clean
2645000
heap private
page read and write
clean
3610000
unkown image
page readonly
clean
3BF5000
heap private
page read and write
clean
23F0000
heap private
page read and write
clean
220C000
unkown
page read and write
clean
2BFD000
stack
page read and write
clean
4818000
unkown
page read and write
clean
21E0000
unkown
page read and write
clean
1B0000
unkown
page read and write
clean
10000
unkown image
page read and write
clean
1FF0000
heap private
page read and write
clean
277F000
stack
page read and write
clean
35D000
unkown
page read and write
clean
2274000
unkown
page read and write
clean
21E8000
unkown
page read and write
clean
2D0000
unkown
page read and write
clean
2D55000
unkown
page read and write
clean
2F40000
unkown
page read and write
clean
1E6000
unkown
page read and write
clean
2248000
unkown
page read and write
clean
7FFFFFD0000
unkown image
page readonly
clean
1C00000
unkown image
page readonly
clean
4813000
unkown
page read and write
clean
3A90000
heap private
page read and write
clean
7EFE0000
unkown image
page readonly
clean
5B4000
heap private
page read and write
clean
D0000
unkown image
page readonly
clean
2640000
heap private
page read and write
clean
F0000
unkown
page read and write
clean
360000
unkown
page read and write
clean
4650000
heap private
page read and write
clean
438000
unkown
page read and write
clean
40000
unkown image
page readonly
clean
40000
unkown image
page readonly
clean
2D58000
unkown
page read and write
clean
2F3E000
stack
page read and write
clean
4DF000
stack
page read and write
clean
7FFFFFB0000
unkown image
page readonly
clean
32D000
heap default
page read and write
clean
481F000
unkown
page read and write
clean
2280000
unkown
page read and write
clean
3230000
unkown image
page readonly
clean
4A60000
unkown
page read and write
clean
20DB000
heap private
page read and write
clean
497000
unkown
page read and write
clean
1F30000
heap private
page read and write
clean
200000
unkown
page read and write
clean
4825000
unkown
page read and write
clean
482000
unkown
page read and write
clean
13D000
unkown
page read and write
clean
7FFFFFC0000
unkown image
page readonly
clean
46F000
unkown
page read and write
clean
2B1F000
stack
page read and write
clean
448000
unkown
page read and write
clean
21F8000
unkown
page read and write
clean
3290000
unkown
page read and write
clean
322000
unkown
page read and write
clean
4844000
unkown
page read and write
clean
3E7000
heap default
page read and write
clean
7FFFFFC2000
unkown image
page readonly
clean
C0F000
stack
page read and write
clean
7FFFFFC0000
unkown image
page readonly
clean
660000
unkown image
page readonly
clean
55E000
stack
page read and write
clean
7FFFFFB2000
unkown image
page readonly
clean
336000
unkown
page read and write
clean
7FFFFFB0000
unkown image
page readonly
clean
There are 255 hidden memdumps, click here to show them.