IOC Report

loading gif

Files

File Path
Type
Category
Malicious
210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Local\Temp\~DF66A3895C75D2E9C9.TMP
Composite Document File V2 Document, Cannot read section info
dropped
clean

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe
"C:\Users\user\Desktop\210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe"
malicious

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\subideal\Eyeliners
HARNISKKLDT
clean

Memdumps

Base Address
Regiontype
Protect
Malicious
4E10000
unkown
page execute and read and write
malicious
7FF508AE7000
unkown image
page readonly
clean
1DB00650000
unkown
page read and write
clean
1DB00E02000
unkown
page read and write
clean
7FF541C17000
unkown image
page readonly
clean
2EFCC702000
unkown
page read and write
clean
7FF4F95C8000
unkown image
page readonly
clean
7FF573C6F000
unkown image
page readonly
clean
7FF508AAF000
unkown image
page readonly
clean
18537E3D000
unkown
page read and write
clean
7FF5A653E000
unkown image
page readonly
clean
1A5B517A000
unkown
page read and write
clean
7FF50835F000
unkown image
page readonly
clean
24E1F664000
unkown
page read and write
clean
1A5B5763000
unkown
page read and write
clean
8431FE000
stack
page read and write
clean
7FF573FC3000
unkown image
page readonly
clean
1A0000
unkown image
page readonly
clean
7FF508AAB000
unkown image
page readonly
clean
7DF5B4280000
unkown image
page readonly
clean
199D1424000
unkown
page read and write
clean
1A5B51BA000
unkown
page read and write
clean
7FF541787000
unkown image
page readonly
clean
DA356C000
unkown
page read and write
clean
29D0000
unkown image
page readonly
clean
1DB00658000
unkown
page read and write
clean
2EFCC651000
unkown
page read and write
clean
7DF507A30000
unkown image
page readonly
clean
7FF541AB2000
unkown image
page readonly
clean
7FF508BB5000
unkown image
page readonly
clean
1A5B5700000
unkown
page read and write
clean
1A5B47F0000
unkown
page read and write
clean
7FF573ADC000
unkown image
page readonly
clean
1A5B5190000
unkown
page read and write
clean
1A5B51B0000
unkown
page read and write
clean
16F0BD30000
unkown image
page readonly
clean
2EFCC4D0000
unkown image
page readonly
clean
1A5B4852000
unkown
page read and write
clean
2EFCC700000
unkown
page read and write
clean
1A5B48C6000
unkown
page read and write
clean
7FF5A65E9000
unkown image
page readonly
clean
7FF50895F000
unkown image
page readonly
clean
84307C000
stack
page read and write
clean
FAA10FF000
stack
page read and write
clean
7FF508713000
unkown image
page readonly
clean
7FF573349000
unkown image
page readonly
clean
7DF47FBA0000
unkown image
page readonly
clean
199D1350000
unkown image
page readonly
clean
7FFB0000
unkown image
page readonly
clean
7FF573A3D000
unkown image
page readonly
clean
18539DD0000
unkown image
page write copy
clean
1DB00647000
unkown
page read and write
clean
7FF541B4F000
unkown image
page readonly
clean
7FF541A6D000
unkown image
page readonly
clean
1A5B4859000
unkown
page read and write
clean
1A5B4630000
unkown image
page readonly
clean
21D0000
unkown image
page readonly
clean
15345EE0000
heap default
page read and write
clean
7FF5089D7000
unkown image
page readonly
clean
7FF54160B000
unkown image
page readonly
clean
7DF5818F0000
unkown image
page readonly
clean
7FF5A63C1000
unkown image
page readonly
clean
7FF5A658A000
unkown image
page readonly
clean
1A5B51CA000
unkown
page read and write
clean
7DF5818E0000
unkown image
page readonly
clean
18537C90000
unkown image
page readonly
clean
7FF541B25000
unkown image
page readonly
clean
84357D000
stack
page read and write
clean
15345D50000
unkown image
page readonly
clean
7FFD0000
unkown image
page readonly
clean
7FF57406A000
unkown image
page readonly
clean
7DF5B4270000
unkown image
page readonly
clean
7FF5A620F000
unkown image
page readonly
clean