IOC Report

loading gif

Files

File Path
Type
Category
Malicious
Zr26f1rL6r.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Local\Temp\~DFD789DA64D34966AA.TMP
Composite Document File V2 Document, Cannot read section info
dropped
clean

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\Zr26f1rL6r.exe
"C:\Users\user\Desktop\Zr26f1rL6r.exe"
malicious

URLs

Name
IP
Malicious
https://atseasonals.com/GHrtt/bin_k
malicious

Memdumps

Base Address
Regiontype
Protect
Malicious
2A60000
unkown
page execute and read and write
malicious
2280C423000
unkown
page read and write
clean
1A0000
unkown image
page readonly
clean
2280C340000
unkown image
page readonly
clean
7FF531069000
unkown image
page readonly
clean
7FF5C087B000
unkown image
page readonly
clean
7DF57B810000
unkown image
page readonly
clean
172FF2F0000
unkown image
page readonly
clean
7FF54D11C000
unkown image
page readonly
clean
84936FF000
stack
page read and write
clean
7FF52EEE3000
unkown image
page readonly
clean
1480687D000
unkown
page read and write
clean
16812010000
unkown image
page read and write
clean
7FF5099F9000
unkown image
page readonly
clean
7FF523D84000
unkown image
page readonly
clean
16812030000
unkown image
page readonly
clean
5187CFE000
stack
page read and write
clean
7FF519611000
unkown image
page readonly
clean
99AC577000
stack
page read and write
clean
7DF531D10000
unkown image
page readonly
clean
24A5D64E000
unkown
page read and write
clean
1E418979000
unkown
page read and write
clean
14806902000
unkown
page read and write
clean
7FF5ACC1F000
unkown image
page readonly
clean
23BF0E2A000
unkown
page read and write
clean
23DE0DE0000
unkown image
page readonly
clean
2280CA60000
unkown image
page readonly
clean
23BF0E02000
unkown
page read and write
clean
4F2A67F000
stack
page read and write
clean
7FF54D477000
unkown image
page readonly
clean
1E4189B4000
unkown
page read and write
clean
7FF5C0933000
unkown image
page readonly
clean
7FF530F4B000
unkown image
page readonly
clean
7FFB2000
unkown image
page readonly
clean
670E6FF000
stack
page read and write
clean
1B2F7CE0000
unkown image
page readonly
clean
7FF54D222000
unkown image
page readonly
clean
7FF523FF3000
unkown image
page readonly
clean
7FF56D23F000
unkown image
page readonly
clean
14806861000
unkown
page read and write
clean
7FF52409A000
unkown image
page readonly
clean
1B2F7F13000
unkown
page read and write
clean
7FF5ACD8A000
unkown image
page readonly
clean
1480685F000
unkown
page read and write
clean
7DF5BD5F0000
unkown image
page readonly
clean
7FF509917000
unkown image
page readonly
clean
1E418977000
unkown
page read and write
clean
7FF523DFF000
unkown image
page readonly
clean
7DF57B822000
unkown image
page readonly
clean
25EBBF30000
unkown image
page readonly
clean
7FF54D551000
unkown image
page readonly
clean
7FF524072000
unkown image
page readonly
clean
7DF57B830000
unkown image
page readonly
clean
2280C3D0000
unkown
page read and write
clean
1B2F8700000
unkown
page read and write
clean
14C84FE000
stack
page read and write
clean
7DF53CC32000
unkown image
page readonly
clean
2357CC4F000
unkown
page read and write
clean
16812258000
unkown
page read and write
clean
7FF5ACD8D000
unkown image
page readonly
clean
7FF523FEB000
unkown image
page readonly
clean
7FF530C47000
unkown image
page readonly
clean
7FF54D470000
unkown image
page readonly
clean
1E418958000
unkown
page read and write
clean
7FF54D529000
unkown image
page readonly
clean
7FF5ACB96000
unkown image
page readonly
clean
2357CC46000
unkown
page read and write
clean
7FF5ACDE2000
unkown image
page readonly
clean
2357CC4C000
unkown
page read and write
clean
1480685E000
unkown
page read and write
clean
25EBC029000
unkown
page read and write
clean
7FF5EC4F2000
unkown image
page readonly
clean
7FF52EEB7000
unkown image