IOC Report

loading gif

Files

File Path
Type
Category
Malicious
RFQ_TZDQP2110257921.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Local\Temp\~DF87EDA8D7970694A0.TMP
Composite Document File V2 Document, Cannot read section info
dropped
clean

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\RFQ_TZDQP2110257921.exe
"C:\Users\user\Desktop\RFQ_TZDQP2110257921.exe"
malicious

Memdumps

Base Address
Regiontype
Protect
Malicious
2B50000
unkown
page execute and read and write
malicious
7FF5A2C2C000
unkown image
page readonly
clean
40000
unkown image
page readonly
clean
7DF56C3F2000
unkown image
page readonly
clean
189D6E51000
unkown
page read and write
clean
13653FAD000
unkown
page read and write
clean
1E82DF7000
stack
page read and write
clean
13653682000
unkown
page read and write
clean
7FF598B74000
unkown image
page readonly
clean
13653F89000
unkown
page read and write
clean
7FF598AEE000
unkown image
page readonly
clean
2CEEC900000
unkown
page read and write
clean
61A000
heap default
page read and write
clean
7DF51AB20000
unkown image
page readonly
clean
7FF5A2BB3000
unkown image
page readonly
clean
13653653000
unkown
page read and write
clean
7FF5A2BCF000
unkown image
page readonly
clean
7FF556E46000
unkown image
page readonly
clean
7DF5B7D90000
unkown image
page readonly
clean
7FF5A2BFA000
unkown image
page readonly
clean
7FF598B0D000
unkown image
page readonly
clean
7DF5ADC10000
unkown image
page readonly
clean
189D6E13000
unkown
page read and write
clean
13653713000
unkown
page read and write
clean
2D40000
heap private
page read and write
clean
13654402000
unkown
page read and write
clean
27313FC0000
unkown
page read and write
clean
189D6F13000
unkown
page read and write
clean
7FF4FB544000
unkown image
page readonly
clean
2706B508000
unkown
page read and write
clean
27313E50000
unkown image
page read and write
clean
13653F6E000
unkown
page read and write
clean
2731404E000
unkown
page read and write
clean
13653FB1000
unkown
page read and write
clean
13654350000
unkown image
page read and write
clean
7FF5A2A00000
unkown image
page readonly
clean
7DF510910000
unkown image
page readonly
clean
7FF505550000
unkown image
page readonly
clean
136536FA000
unkown
page read and write
clean
7FF5572AC000
unkown image
page readonly
clean
13653F26000
unkown
page read and write
clean
7FF5A2502000
unkown image
page readonly
clean
7FF5572C4000
unkown image
page readonly
clean
7FF5572FD000
unkown image
page readonly
clean
7FF5A2AC1000
unkown image
page readonly
clean
7DF51AB00000
unkown image
page readonly
clean
7FF505851000
unkown image
page readonly
clean
13653C50000
unkown image
page readonly
clean
13653629000
unkown
page read and write
clean
7FF505A7A000
unkown image
page readonly
clean
7DF510900000
unkown image
page readonly
clean
7FF5A2C54000
unkown image
page readonly
clean
1365364B000
unkown
page read and write
clean
13653DD0000
unkown image
page readonly
clean
7DF5ADC20000
unkown image
page readonly
clean
13653600000
unkown
page read and write
clean
21D0000
unkown
page read and write
clean
7FF5059E4000
unkown image
page readonly
clean
13653F8B000
unkown
page read and write
clean
2CEECC85000
heap private
page read and write
clean
7FF5A2C6E000
unkown image
page readonly
clean
7FF4FB6FC000
unkown image
page readonly
clean
7DF5ADC12000
unkown image
page readonly
clean
2CEECAE0000
unkown image
page readonly
clean
189D6E4F000
unkown
page read and write
clean
7FF5A2CF2000
unkown image
page readonly
clean
136536A8000
unkown
page read and write
clean
7DF56C402000
unkown image
page readonly
clean
13653F89000
unkown
page read and write
clean
13653F6E000
unkown
page read and write
clean
1F0000
unkown
page read and write
clean
13653FB1000
unkown
page read and write
clean
7FF4FB365000
unkown image
page readonly
clean
2D70000
heap private
page read and write
clean