IOC Report

loading gif

Files

File Path
Type
Category
Malicious
pago12_14299038859.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Local\Temp\~DF56158A8C389C0AF7.TMP
Composite Document File V2 Document, Cannot read section info
dropped
 clean

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\pago12_14299038859.exe
"C:\Users\user\Desktop\pago12_14299038859.exe"
malicious

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\subideal\Eyeliners
HARNISKKLDT
 clean

Memdumps

Base Address
Regiontype
Protect
Malicious
4D20000
unkown
page execute and read and write
 malicious
20E14CE1000
unkown
page read and write
 clean
7FF5AB560000
unkown image
page readonly
 clean
7DF5E91F2000
unkown image
page readonly
 clean
210F5113000
unkown
page read and write
 clean
18C757A0000
unkown image
page readonly
 clean
7DF5C06E0000
unkown image
page readonly
 clean
2100000
heap private
page read and write
 clean
7FF5AB5C8000
unkown image
page readonly
 clean
22135E4D000
unkown
page read and write
 clean
7FFC0000
unkown image
page readonly
 clean
22135E58000
unkown
page read and write
 clean
2462E850000
unkown image
page readonly
 clean
20E15561000
unkown
page read and write
 clean
7FF5AB175000
unkown image
page readonly
 clean
2462EBA0000
unkown image
page readonly
 clean
7FF58B3FE000
unkown image
page readonly
 clean
7DF5C06F0000
unkown image
page readonly
 clean
7FF53EE65000
unkown image
page readonly
 clean
7FF5AB513000
unkown image
page readonly
 clean
1A0000
unkown image
page readonly
 clean
7FFC2000
unkown image
page readonly
 clean
3C2A4FF000
stack
page read and write
 clean
7FF53EF51000
unkown image
page readonly
 clean
7FF5AB0CE000
unkown image
page readonly
 clean
7FF58B417000
unkown image
page readonly
 clean
2462E8E0000
unkown
page read and write
 clean
7FF5AB58F000
unkown image
page readonly
 clean
20E155A4000
unkown
page read and write
 clean
20E155A2000
unkown
page read and write
 clean
2EB0000
unkown image
page readonly
 clean
7FF5AB5D9000
unkown image
page readonly
 clean
7DF5C06D0000
unkown image
page readonly
 clean
D318C7F000
stack
page read and write
 clean
210F505F000
unkown
page read and write
 clean
210F5100000
unkown
page read and write
 clean
9EA487F000
stack
page read and write
 clean
7DF506AE0000
unkown image
page readonly
 clean
210F5000000
unkown
page read and write
 clean
2462E8D0000
unkown
page read and write
 clean
210F5013000
unkown
page read and write
 clean
20E15A02000
unkown
page read and write
 clean
7FF4F1851000
unkown image
page readonly
 clean
20E15A6A000
unkown
page read and write
 clean
1F0000
unkown
page read and write
 clean
2462E810000
heap private
page read and write
 clean
3C2AAF7000
stack
page read and write
 clean
2462E8DF000
unkown
page read and write
 clean
7FF4F199C000
unkown image
page readonly
 clean
20E14C4D000
unkown
page read and write
 clean
20E15530000
unkown
page read and write
 clean
7DF5C06D0000
unkown image
page readonly
 clean
22135CA0000
unkown image
page read and write
 clean
7FF4F19E6000
unkown image
page readonly
 clean
7FF4F196E000
unkown image
page readonly
 clean
7FF58B2A3000
unkown image
page readonly
 clean
2120000
unkown image
page read and write
 clean
22135CB0000
heap private
page read and write
 clean
210F5102000
unkown
page read and write
 clean
20E1555F000
unkown
page read and write
 clean
210F4F60000
unkown image
page readonly
 clean
22136602000
unkown
page read and write
 clean
7FFB0000
unkown image
page readonly
 clean
20E155C4000
unkown
page read and write
 clean
7FF5D40E6000
unkown image
page readonly
 clean
21E5000
heap private
page read and write
 clean
2070000
unkown
page execute read
 clean
40000
unkown image
page readonly
 clean
20F0000
unkown image
page readonly
 clean
20E14CA7000
unkown
page read and write
 clean
7FF5D3F51000
unkown image
page readonly
 clean
7FF5AB360000
unkown image
page readonly
 clean
7FF53EF4A000
unkown image
page readonly
 clean