IOC Report

loading gif

Files

File Path
Type
Category
Malicious
pago del 20.01.2022.PDF______________________________________.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Local\Temp\~DFFEBBC1DFDEDF80CA.TMP
Composite Document File V2 Document, Cannot read section info
dropped

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\pago del 20.01.2022.PDF______________________________________.exe
"C:\Users\user\Desktop\pago del 20.01.2022.PDF______________________________________.exe"
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
"C:\Users\user\Desktop\pago del 20.01.2022.PDF______________________________________.exe"
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
"C:\Users\user\Desktop\pago del 20.01.2022.PDF______________________________________.exe"
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
"C:\Users\user\Desktop\pago del 20.01.2022.PDF______________________________________.exe"
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
"C:\Users\user\Desktop\pago del 20.01.2022.PDF______________________________________.exe"
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
"C:\Users\user\Desktop\pago del 20.01.2022.PDF______________________________________.exe"
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
"C:\Users\user\Desktop\pago del 20.01.2022.PDF______________________________________.exe"
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
"C:\Users\user\Desktop\pago del 20.01.2022.PDF______________________________________.exe"
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

URLs

Name
IP
Malicious
https://doc-00-6k-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/t5k36709iuadumo1ammtf5pl877g3aab/1642928325000/08383092466185559033/*/1BKTAGEWv-q5Ke_0MnBa_Ml90CTgLrdi9?e=download
216.58.198.33
http://mglNPC.com
unknown
http://127.0.0.1:HTTP/1.1
unknown
http://DynDns.comDynDNS
unknown
https://doc-00-6k-docs.googleusercontent.com/d
unknown
https://drive.google.com/h
unknown
https://doc-00-6k-docs.googleusercontent.com/icrosoft
unknown
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
unknown
https://doc-00-6k-docs.googleusercontent.com/
unknown
https://doc-00-6k-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/t5k36709
unknown
https://drive.google.com/
unknown
https://csp.withgoogle.com/csp/report-to/gse_l9ocaq
unknown
There are 2 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
drive.google.com
216.58.205.78
googlehosted.l.googleusercontent.com
216.58.198.33
doc-00-6k-docs.googleusercontent.com
unknown

IPs

IP
Domain
Country
Malicious
216.58.198.33
googlehosted.l.googleusercontent.com
United States
216.58.205.78
drive.google.com
United States

Memdumps

Base Address
Regiontype
Protect
Malicious
11B0000
unkown
page execute and read and write
malicious
1E151000
unkown
page read and write
malicious
26944C3F000
unkown
page read and write
7F662000
unkown image
page readonly
7FF5A7C7A000
unkown image
page readonly
100000
unkown image
page readonly
6BA000
heap default
page read and write
1E120000
unkown
page read and write
7DF587C00000
unkown image
page readonly
1150000
unkown
page read and write
160000
unkown image
page readonly
62F2C77000
stack
page read and write
12657DBE000
unkown
page read and write
530000
unkown image
page readonly
7DF56CA62000
unkown image
page readonly
7FF5620C7000
unkown image
page readonly
12657D88000
unkown
page read and write
7DF5C0170000
unkown image
page readonly
1FA6A590000
unkown image
page readonly
7DF5A1720000
unkown image
page readonly
20790000
unkown
page read and write
7FC30000
unkown image
page readonly
7FF5A7BB0000
unkown image
page readonly
7FF561F2F000
unkown image
page readonly
A00000
unkown
page read and write
7FF5B2327000
unkown image
page readonly
1265744A000
unkown
page read and write
7FF579F62000
unkown image
page readonly
232957C0000
unkown image
page readonly
20415000
unkown
page read and write
12657D8E000
unkown
page read and write
20403690000
unkown image
page readonly
2AA0000
unkown
page read and write
7FB72000
unkown image
page readonly
1D171000
unkown
page read and write
7DF512FE0000
unkown image
page readonly
411000
unkown image
page execute read
24B2B849000
unkown
page read and write
E83E8FB000
stack
page read and write
23FF3ED0000
unkown image
page readonly
1150000
unkown
page read and write
100000
unkown image
page readonly
24B2B87B000
unkown
page read and write
12658203000
unkown
page read and write
23FF4049000
unkown
page read and write
7DF587C02000
unkown image
page readonly
7FC20000
unkown image
page readonly
7FF55ED43000
unkown image
page readonly
2130E84F000
unkown
page read and write
2132622A000
unkown
page read and write
7FF50522F000
unkown image
page readonly
7FF593C4C000
unkown image
page readonly
680000
unkown image
page readonly
1E1FA000
unkown
page read and write
1D171000
unkown
page read and write
12658202000
unkown
page read and write
7FF593BCB000
unkown image
page readonly
12657D83000
unkown
page read and write
7FF5050C6000
unkown image
page readonly
12657BB0000
unkown
page read and write
12657453000
unkown
page read and write
7F320000
unkown image
page readonly
2130E5E0000
unkown image
page readonly
1D91E000
stack
page read and write
1D171000
unkown
page read and write
208F0000
unkown
page read and write
7FF596A3B000
unkown image
page readonly
204A0000
unkown
page read and write
E80F7B000
stack
page read and write
1020000
unkown image
page readonly
16DC000
unkown
page read and write
7FF5DFDA5000
unkown image
page readonly
7F420000
unkown image
page readonly
1450000
heap default
page read and write
26DE37F000
stack
page read and write
1DA9E000
stack
page read and write
20403800000
unkown
page read and write
12657330000
heap private
page read and write
14F07002000
unkown
page read and write
1D171000
unkown
page read and write
126573A0000
unkown image
page readonly