IOC Report

loading gif

Files

File Path
Type
Category
Malicious
EzCOXP6oxy.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log
Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
modified
clean

Processes

Path
Cmdline
Malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p
malicious
C:\Windows\System32\svchost.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
malicious
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\user\Desktop\EzCOXP6oxy.dll,Control_RunDLL
malicious
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\EzCOXP6oxy.dll",#1
malicious
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\EzCOXP6oxy.dll",Control_RunDLL
malicious
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Nqaukzzzqxw\injbvoyze.mwd",xjdXnltVst
malicious
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\Nqaukzzzqxw\injbvoyze.mwd",Control_RunDLL
malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
malicious
C:\Windows\System32\loaddll32.exe
loaddll32.exe "C:\Users\user\Desktop\EzCOXP6oxy.dll"
clean
C:\Windows\System32\SgrmBroker.exe
C:\Windows\system32\SgrmBroker.exe
clean
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\EzCOXP6oxy.dll",#1
clean
C:\Program Files\Windows Defender\MpCmdRun.exe
"C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
clean
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
clean
There are 6 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://51.178.61.60/icsZGkxVGlJGXERpNMAkbBhZsRBvNu
51.178.61.60
malicious
https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx
unknown
clean
https://www.disneyplus.com/legal/your-california-privacy-rights
unknown
clean
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=
unknown
clean
https://dev.ditu.live.com/REST/v1/Routes/
unknown
clean
https://dev.virtualearth.net/REST/v1/Routes/Driving
unknown
clean
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
unknown
clean
https://dev.ditu.live.com/REST/v1/Traffic/Incidents/
unknown
clean
https://t0.tiles.ditu.live.com/tiles/gen
unknown
clean
https://dev.virtualearth.net/REST/v1/Routes/
unknown
clean
https://dev.virtualearth.net/REST/v1/Traffic/Incidents/
unknown
clean
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
unknown
clean
https://dev.virtualearth.net/REST/v1/Routes/Walking
unknown
clean
http://crl.ver)
unknown
clean
http://www.yahoo.com
unknown
clean
https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
unknown
clean
https://www.tiktok.com/legal/report/feedback
unknown
clean
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
unknown
clean
https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n=
unknown
clean
https://dev.ditu.live.com/mapcontrol/mapconfiguration.ashx?name=native&v=
unknown
clean
https://dev.virtualearth.net/REST/v1/Locations
unknown
clean
https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v=
unknown
clean
https://dev.virtualearth.net/mapcontrol/logging.ashx
unknown
clean
https://dev.ditu.live.com/mapcontrol/logging.ashx
unknown
clean
https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
unknown
clean
https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?entry=
unknown
clean
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
unknown
clean
https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
unknown
clean
https://www.disneyplus.com/legal/privacy-policy
unknown
clean
https://dev.virtualearth.net/REST/v1/JsonFilter/VenueMaps/data/
unknown
clean
https://dev.virtualearth.net/REST/v1/Transit/Schedules/
unknown
clean
https://dynamic.t
unknown
clean
https://dev.virtualearth.net/REST/v1/Routes/Transit
unknown
clean
https://disneyplus.com/legal.
unknown
clean
https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen
unknown
clean
https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
unknown
clean
http://www.bingmapsportal.com
unknown
clean
https://dev.ditu.live.com/REST/v1/Locations
unknown
clean
http://help.disneyplus.com.
unknown
clean
https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
unknown
clean
https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/
unknown
clean
https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
unknown
clean
There are 32 hidden URLs, click here to show them.

IPs

IP
Domain
Country
Malicious
207.148.81.119
unknown
United States
malicious
196.44.98.190
unknown
Ghana
malicious
78.46.73.125
unknown
Germany
malicious
37.59.209.141
unknown
France
malicious
85.214.67.203
unknown
Germany
malicious
191.252.103.16
unknown
Brazil
malicious
45.79.33.48
unknown
United States
malicious
54.37.228.122
unknown
France
malicious
185.148.169.10
unknown
Germany