IOC Report

loading gif

Files

File Path
Type
Category
Malicious
CI_PL_BL_ 4100675407_xls.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Local\Temp\~DF3A963BF3568977ED.TMP
Composite Document File V2 Document, Cannot read section info
dropped
 clean

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\CI_PL_BL_ 4100675407_xls.exe
"C:\Users\user\Desktop\CI_PL_BL_ 4100675407_xls.exe"
malicious
C:\Users\user\Desktop\CI_PL_BL_ 4100675407_xls.exe
"C:\Users\user\Desktop\CI_PL_BL_ 4100675407_xls.exe"
malicious

URLs

Name
IP
Malicious
https://bgreenidaho.com/
unknown
 malicious
https://bgreenidaho.com/Crur/bin_TLiGMZYC180.bin
malicious
https://bgreenidaho.com/Crur/bin_TLiGMZYC180.binF
unknown
 clean
https://bgreenidaho.com/R
unknown
 clean
https://bgreenidaho.com/ocal
unknown
 clean
https://bgreenidaho.com/v
unknown
 clean
https://bgreenidaho.com/3
unknown
 clean
https://bgreenidaho.com/Crur/bin_TLiGMZYC180.bin#
unknown
 clean
https://bgreenidaho.com/Crur/bin_TLiGMZY6
unknown
 clean
https://bgreenidaho.com/Crur/bin_TLiGMZYC180.binws
unknown
 clean
https://bgreenidaho.com/Crur/bin_TLiGMZYC180.binLMEMH
unknown
 clean
https://bgreenidaho.com/Crur/bin_TLiGMZYC180.bins
unknown
 clean
https://bgreenidaho.com/Hostbgre
unknown
 clean
https://bgreenidaho.com/Crur/bin_TLiGMZYC180.binn
unknown
 clean
https://bgreenidaho.com/1e03818b-e8b8-45f4-bd74-707e0f15a35d
unknown
 clean
https://bgreenidaho.com/Crur/bin_TLiGMZYC180.bindvmbusRFCOMM
unknown
 clean
https://bgreenidaho.com/g
unknown
 clean
https://bgreenidaho.com/8-45f4-bd74-707e0f15a35d0
unknown
 clean
https://bgreenidaho.com/Crur/bin_TLiGMZYC180.binJ
unknown
 clean
https://bgreenidaho.com/N
unknown
 clean
https://bgreenidaho.com/n
unknown
 clean
https://bgreenidaho.com/-
unknown
 clean
https://bgreenidaho.com/nidaho.com/:
unknown
 clean
There are 13 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
bgreenidaho.com
20.124.109.2
 malicious

IPs

IP
Domain
Country
Malicious
20.124.109.2
bgreenidaho.com
United States
malicious

Memdumps

Base Address
Regiontype
Protect
Malicious
2510000
unkown
page execute and read and write
 malicious
560000
unkown
page execute and read and write
 malicious
8588E8B000
unkown
page read and write
 clean
24BB73E0000
unkown image
page readonly
 clean
881000
unkown
page read and write
 clean
8A3000
unkown
page read and write
 clean
560000
heap default
page read and write
 clean
8B3000
unkown
page read and write
 clean
1A0000
unkown image
page readonly
 clean
8AF000
unkown
page read and write
 clean
7EE000
stack
page read and write
 clean
1D0000
unkown image
page readonly
 clean
7FF561DCB000
unkown image
page readonly
 clean
8AF000
unkown
page read and write
 clean
24BB73D0000
unkown image
page readonly
 clean
22D0000
unkown image
page readonly
 clean
8AF000
unkown
page read and write
 clean
7DF56F5D0000
unkown image
page readonly
 clean
7FF561969000
unkown image
page readonly
 clean
40000
unkown image
page readonly
 clean
89F000
unkown
page read and write
 clean
1E0000
heap default
page read and write
 clean
24BB7400000
unkown image
page readonly
 clean
858957E000
stack
page read and write
 clean
24BB7410000
unkown image
page readonly
 clean
337000
unkown
page read and write
 clean
8AD000
unkown
page read and write
 clean
A1E000
stack
page read and write
 clean
8B3000
unkown
page read and write
 clean
8A1000
unkown
page read and write
 clean
2400000
unkown
page read and write
 clean
400000
unkown image
page readonly
 clean
9C000
unkown
page read and write
 clean
7FFD0000
unkown image
page readonly
 clean
401000
unkown image
page execute read
 clean
630000
unkown
page execute read
 clean
7FF561D70000
unkown image
page readonly
 clean
8B3000
unkown
page read and write
 clean
89F000
unkown
page read and write
 clean
7FFD0000
unkown image
page readonly
 clean
879000
unkown
page read and write
 clean
7FF561D82000
unkown image
page readonly
 clean
8B3000
unkown
page read and write
 clean
2D30000
unkown image
page readonly
 clean
7FF561D7E000
unkown image
page readonly
 clean
7FF561DFE000
unkown image
page readonly
 clean
76E000
stack
page read and write
 clean
C1F000
stack
page read and write
 clean
1DF40000
unkown
page read and write
 clean
8A3000
unkown
page read and write
 clean
86F000
unkown
page read and write
 clean
24BB764E000
unkown
page read and write
 clean
7FFB0000
unkown image
page readonly
 clean
7FFC2000
unkown image
page readonly
 clean
8A3000
unkown
page read and write
 clean
7FF561DE8000
unkown image
page readonly
 clean
7FFC2000
unkown image
page readonly
 clean
7DF56F5C2000
unkown image
page readonly
 clean
7FF561D60000
unkown image
page readonly
 clean
7FF561CE1000
unkown image
page readonly
 clean
83B000
unkown
page read and write
 clean
7FFC0000
unkown image
page readonly
 clean
22E0000
unkown image
page readonly
 clean
8AA000
unkown
page read and write
 clean
89F000
unkown
page read and write
 clean
24BB7648000
unkown
page read and write
 clean
421000
unkown image
page read and write
 clean
25F0000
unkown
page read and write
 clean
7DF56F5B0000
unkown image
page readonly
 clean
8A1000
unkown
page read and write
 clean
7FFD0000
unkown image
page readonly
 clean
7FFB0000
unkown image
page readonly
 clean
7FFC0000
unkown image
page readonly
 clean
8AD000
unkown
page read and write
 clean
8AF000
unkown
page read and write
 clean
564000
unkown
page read and write
 clean
7FFC0000
unkown image
page readonly
 clean
8AA000
unkown
page read and write
 clean
86B000
unkown
page read and write
 clean
401000
unkown image
page execute read
 clean
2F04000
heap private
page read and write
 clean
2550000
unkown
page read and write
 clean
24BB7590000
unkown
page read and write
 clean
86F000
unkown
page read and write
 clean
8AF000
unkown
page read and write
 clean
E10000
unkown image
page readonly
 clean
3359000
unkown
page read and write
 clean
8AA000
unkown
page read and write
 clean
7AE000
stack
page read and write
 clean
1E290000
unkown
page read and write
 clean
7FFD0000
unkown image
page readonly
 clean
1C0000
unkown image
page readonly
 clean
86B000
unkown
page read and write
 clean
7FFD0000
unkown image
page readonly
 clean
400000
unkown image
page readonly
 clean
7DF46D470000
unkown image
page readonly
 clean
24BB767D000
unkown
page read and write
 clean
24BB7520000
unkown image
page readonly
 clean
24BB7640000
unkown
page read and write
 clean
7FF561C59000
unkown image
page readonly
 clean
7FFD0000
unkown image
page readonly
 clean
400000
unkown image
page readonly
 clean
E60000
unkown image
page readonly
 clean
7FF561DC4000
unkown image
page readonly
 clean
881000
unkown
page read and write
 clean
8AD000
unkown
page read and write
 clean
400000
unkown image
page readonly
 clean
7DF56F5D0000
unkown image
page readonly
 clean
1A0000
unkown image
page readonly
 clean
7FFC2000
unkown image
page readonly
 clean
858967A000
stack
page read and write
 clean
40000
unkown image
page readonly
 clean
24BB7702000
unkown
page read and write
 clean
7FF561DA8000
unkown image
page readonly
 clean
7FF561E08000
unkown image
page readonly
 clean
A8F000
stack
page read and write
 clean
10000
unkown image
page readonly
 clean
89F000
unkown
page read and write
 clean
87A000
unkown
page read and write
 clean
7FFD0000
unkown image
page readonly
 clean
1E290000
unkown
page read and write
 clean
8A1000
unkown
page read and write
 clean
400000
unkown image
page readonly
 clean
7FF561D18000
unkown image
page readonly
 clean
8AA000
unkown
page read and write
 clean
24BB7530000
unkown image
page readonly
 clean
7FFC0000
unkown image
page readonly
 clean
7F0000
unkown image
page readonly
 clean
7FFB2000
unkown image
page readonly
 clean
62E000
stack
page read and write
 clean
40000
unkown image
page readonly
 clean
88F000
stack
page read and write
 clean
41C000
unkown image
page execute read
 clean
7FFB0000
unkown image
page readonly
 clean
3320000
unkown
page read and write
 clean
7FFC2000
unkown image
page readonly
 clean
7FF561DAF000
unkown image
page readonly
 clean
1F0000
unkown image
page readonly
 clean
1B0000
unkown
page read and write
 clean
40000
unkown image
page readonly
 clean
7FF561DB6000
unkown image
page readonly
 clean
1DF2F000
stack
page read and write
 clean
8A3000
unkown
page read and write
 clean
401000
unkown image
page execute read
 clean
24BB7645000
unkown
page read and write
 clean
8A3000
unkown
page read and write
 clean
1DB8E000
stack
page read and write
 clean
871000
unkown
page read and write
 clean
8A3000
unkown
page read and write
 clean
881000
unkown
page read and write
 clean
41C000
unkown image
page execute read
 clean
8B3000
unkown
page read and write
 clean
33B000
unkown
page read and write
 clean
20000
unkown image
page readonly
 clean
8AF000
unkown
page read and write
 clean
7FFB2000
unkown image
page readonly
 clean
7FFB2000
unkown image
page readonly
 clean
24BB767F000
unkown
page read and write
 clean
423000
unkown image
page readonly
 clean
7FFC2000
unkown image
page readonly
 clean
8AA000
unkown
page read and write
 clean
8AD000
unkown
page read and write
 clean
1E0000
unkown image
page readonly
 clean
852000
unkown
page read and write
 clean
8A3000
unkown
page read and write
 clean
889000
unkown
page read and write
 clean
20000
unkown image
page readonly
 clean
7FFB0000
unkown image
page readonly
 clean
401000
unkown image
page execute read
 clean
1A0000
unkown image
page readonly
 clean
24CE000
stack
page read and write
 clean
2300000
unkown
page read and write
 clean
423000
unkown image
page readonly
 clean
8AA000
unkown
page read and write
 clean
7FFC0000
unkown image
page readonly
 clean
19B000
unkown
page read and write
 clean
2530000
heap private
page read and write
 clean
22F9000
heap private
page read and write
 clean
2589000
unkown
page read and write
 clean
7FE50000
unkown image
page readonly
 clean
1DE2E000
stack
page read and write
 clean
41C000
unkown image
page execute read
 clean
7DF56F5C0000
unkown image
page readonly
 clean
564000
unkown
page read and write
 clean
1A0000
unkown image
page readonly
 clean
89F000
unkown
page read and write
 clean
400000
unkown image
page readonly
 clean
2400000
heap private
page read and write
 clean
8A1000
unkown
page read and write
 clean
1C0000
unkown image
page readonly
 clean
423000
unkown image
page readonly
 clean
10000
unkown image
page readonly
 clean
423000
unkown image
page readonly
 clean
400000
unkown image
page readonly
 clean
820000
heap default
page read and write
 clean
7FF561D97000
unkown image
page readonly
 clean
24BB7690000
unkown
page read and write
 clean
89F000
unkown
page read and write
 clean
24BB7540000
heap private
page read and write
 clean
40000
unkown image
page readonly
 clean
89F000
unkown
page read and write
 clean
1A0000
unkown image
page readonly
 clean
401000
unkown image
page execute read
 clean
7FFC2000
unkown image
page readonly
 clean
7FFB2000
unkown image
page readonly
 clean
89F000
unkown
page read and write
 clean
24BB766D000
unkown
page read and write
 clean
8B0000
unkown
page read and write
 clean
7DF56F5C0000
unkown image
page readonly
 clean
800000
unkown image
page readonly
 clean
1F0000
unkown image
page readonly
 clean
7FFB0000
unkown image
page readonly
 clean
7FF561C18000
unkown image
page readonly
 clean
89E000
unkown
page read and write
 clean
24BB7A00000
unkown image
page readonly
 clean
24BB73E0000
unkown image
page readonly
 clean
8AF000
unkown
page read and write
 clean
560000
unkown
page execute and read and write
 clean
24BB7571000
unkown image
page readonly
 clean
889000
unkown
page read and write
 clean
24BB7B80000
unkown image
page readonly
 clean
690000
heap default
page read and write
 clean
1A0000
unkown image
page readonly
 clean
8AA000
unkown
page read and write
 clean
7FF561D87000
unkown image
page readonly
 clean
8A1000
unkown
page read and write
 clean
7FFB0000
unkown image
page readonly
 clean
40000
unkown image
page readonly
 clean
881000
unkown
page read and write
 clean
7FFB2000
unkown image
page readonly
 clean
5AE000
stack
page read and write
 clean
89E000
unkown
page read and write
 clean
7FFC0000
unkown image
page readonly
 clean
6B4000
heap default
page read and write
 clean
7FFC2000
unkown image
page readonly
 clean
2F10000
unkown image
page read and write
 clean
7FF561D65000
unkown image
page readonly
 clean
541000
unkown image
page readonly
 clean
25E0000
heap private
page read and write
 clean
2380000
unkown image
page readonly
 clean
22B0000
unkown image
page readonly
 clean
1E290000
unkown
page read and write
 clean
86F000
unkown
page read and write
 clean
650000
unkown
page read and write
 clean
500000
unkown
page read and write
 clean
858947F000
stack
page read and write
 clean
86F000
unkown
page read and write
 clean
423000
unkown image
page readonly
 clean
7FFB2000
unkown image
page readonly
 clean
86E000
unkown
page read and write
 clean
24BB768C000
unkown
page read and write
 clean
1A0000
unkown image
page readonly
 clean
3AC000
unkown
page read and write
 clean
8A6000
unkown
page read and write
 clean
83C000
unkown
page read and write
 clean
40000
unkown image
page readonly
 clean
401000
unkown image
page execute read
 clean
7FFB2000
unkown image
page readonly
 clean
8A3000
unkown
page read and write
 clean
7FF561D8A000
unkown image
page readonly
 clean
86F000
unkown
page read and write
 clean
30000
unkown image
page read and write
 clean
7FFD0000
unkown image
page readonly
 clean
83C000
unkown
page read and write
 clean
24BB7420000
heap default
page read and write
 clean
24BB7632000
unkown
page read and write
 clean
400000
unkown image
page readonly
 clean
2230000
unkown image
page read and write
 clean
8A6000
unkown
page read and write
 clean
889000
unkown
page read and write
 clean
550000
unkown
page read and write
 clean
8B0000
unkown
page read and write
 clean
871000
unkown
page read and write
 clean
7DF56F5B0000
unkown image
page readonly
 clean
B1E000
stack
page read and write
 clean
853000
unkown
page read and write
 clean
41C000
unkown image
page execute read
 clean
8B0000
unkown
page read and write
 clean
30000
unkown image
page read and write
 clean
7FFC0000
unkown image
page readonly
 clean
8A1000
unkown
page read and write
 clean
8A3000
unkown
page read and write
 clean
83C000
heap default
page read and write
 clean
89F000
unkown
page read and write
 clean
7FF561DA5000
unkown image
page readonly
 clean
7FF561E08000
unkown image
page readonly
 clean
8A3000
unkown
page read and write
 clean
FF1000
unkown image
page readonly
 clean
2410000
unkown
page read and write
 clean
1A0000
unkown image
page readonly
 clean
1E13E000
stack
page read and write
 clean
8AF000
unkown
page read and write
 clean
24BB7688000
unkown
page read and write
 clean
89E000
unkown
page read and write
 clean
828000
heap default
page read and write
 clean
24BB73C0000
unkown image
page read and write
 clean
C60000
unkown image
page readonly
 clean
7FFB0000
unkown image
page readonly
 clean
7FF561D4A000
unkown image
page readonly
 clean
8A6000
unkown
page read and write
 clean
1E421000
unkown
page read and write
 clean
8A3000
unkown
page read and write
 clean
1D651000
unkown
page read and write
 clean
19B000
unkown
page read and write
 clean
7FFB2000
unkown image
page readonly
 clean
8A1000
unkown
page read and write
 clean
7FFC2000
unkown image
page readonly
 clean
7FFC2000
unkown image
page readonly
 clean
97000
unkown
page read and write
 clean
810000
unkown image
page readonly
 clean
8AC000
unkown
page read and write
 clean
8A1000
unkown
page read and write
 clean
41C000
unkown image
page execute read
 clean
FE0000
unkown image
page readonly
 clean
89F000
unkown
page read and write
 clean
C90000
unkown image
page readonly
 clean
1D1000
unkown image
page readonly
 clean
7FFD0000
unkown image
page readonly
 clean
24BB7600000
unkown
page read and write
 clean
7FFB2000
unkown image
page readonly
 clean
24BB7800000
unkown image
page readonly
 clean
22F0000
heap private
page read and write
 clean
89F000
unkown
page read and write
 clean
40000
unkown image
page readonly
 clean
8A6000
unkown
page read and write
 clean
86B000
unkown
page read and write
 clean
7DF56F5C2000
unkown image
page readonly
 clean
871000
unkown
page read and write
 clean
24BB7684000
unkown
page read and write
 clean
7FE50000
unkown image
page readonly
 clean
853000
unkown
page read and write
 clean
1E23E000
stack
page read and write
 clean
1E4000
unkown
page read and write
 clean
2530000
unkown
page read and write
 clean
7FFD0000
unkown image
page readonly
 clean
8AA000
unkown
page read and write
 clean
7FFC0000
unkown image
page readonly
 clean
87F000
unkown
page read and write
 clean
69A000
heap default
page read and write
 clean
1E420000
unkown
page read and write
 clean
8A1000
unkown
page read and write
 clean
24BB7613000
unkown
page read and write
 clean
7FFB0000
unkown image
page readonly
 clean
8A1000
unkown
page read and write
 clean
8AF000
unkown
page read and write
 clean
8A1000
unkown
page read and write
 clean
83C000
unkown
page read and write
 clean
8AF000
unkown
page read and write
 clean
8AA000
unkown
page read and write
 clean
8A6000
unkown
page read and write
 clean
7FFC0000
unkown image
page readonly
 clean
3B0000
unkown
page read and write
 clean
40000
unkown image
page readonly
 clean
7DF56F5B2000
unkown image
page readonly
 clean
23E0000
heap private
page read and write
 clean
1E421000
unkown
page read and write
 clean
889000
unkown
page read and write
 clean
2F00000
heap private
page read and write
 clean
1D650000
unkown
page read and write
 clean
8A3000
unkown
page read and write
 clean
8B3000
unkown
page read and write
 clean
7DF56F5B2000
unkown image
page readonly
 clean
24BB7E02000
unkown
page read and write
 clean
A90000
unkown image
page readonly
 clean
89F000
unkown
page read and write
 clean
24BB762A000
unkown
page read and write
 clean
7FF561C4B000
unkown image
page readonly
 clean
7FFC0000
unkown image
page readonly
 clean
41C000
unkown image
page execute read
 clean
2390000
unkown
page read and write
 clean
423000
unkown image
page readonly
 clean
7FFB2000
unkown image
page readonly
 clean
69D000
heap default
page read and write
 clean
24BB766F000
unkown
page read and write
 clean
C20000
unkown
page read and write
 clean
24BB7654000
unkown
page read and write
 clean
40000
unkown image
page readonly
 clean
7FFB0000
unkown image
page readonly
 clean
7FFC2000
unkown image
page readonly
 clean
7FFB0000
unkown image
page readonly
 clean
24BB763C000
unkown
page read and write
 clean
86B000
unkown
page read and write
 clean
There are 372 hidden memdumps, click here to show them.