IOC Report
cANdLlHS4N

loading gif

Files

File Path
Type
Category
Malicious
cANdLlHS4N.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Local\Temp\StarBurn.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\obedience.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\handkerchief.dat
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\persuasion.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Thu Mar 10 05:21:32 2022, mtime=Thu Mar 10 05:21:44 2022, atime=Thu Mar 10 05:21:32 2022, length=1616040, window=hide
dropped

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\cANdLlHS4N.exe
"C:\Users\user\Desktop\cANdLlHS4N.exe"
malicious
C:\Users\user\AppData\Local\Temp\obedience.exe
C:\Users\user\AppData\Local\Temp\obedience.exe
malicious
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
malicious
C:\Users\user\AppData\Local\Temp\obedience.exe
"C:\Users\user\AppData\Local\Temp\obedience.exe"
malicious
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
malicious

URLs

Name
IP
Malicious
https://67.205.132.17:443/23I9/index.php
67.205.132.17
malicious
https://67.205.132.17:443/NEZTl2/index.php
67.205.132.17
malicious
https://67.205.132.17:443/hvnqlRD8z/index.php
67.205.132.17
malicious
https://67.205.132.17:443/M2c1Nb/index.php
67.205.132.17
malicious
https://67.205.132.17:443/3T3t/index.php
67.205.132.17
malicious
http://67.205.132.17:443
unknown
http://secure.globalsign.net/cacert/PrimObject.crt0
unknown
http://secure.globalsign.net/cacert/ObjectSign.crt09
unknown
http://www.globalsign.net/repository09
unknown
http://www.audio-tool.net
unknown
http://www.globalsign.net/repository/0
unknown
http://www.globalsign.net/repository/03
unknown
There are 2 hidden URLs, click here to show them.

IPs

IP
Domain
Country
Malicious
67.205.132.17
unknown
United States
malicious
192.168.2.1
unknown
unknown
144.168.45.116
unknown
United States

Memdumps

Base Address
Regiontype
Protect
Malicious
3120000
heap
page read and write
242F3D64000
trusted library allocation
page read and write
1DEF8720000
trusted library allocation
page read and write
2650000
heap
page read and write
1DEF86B0000
trusted library allocation
page read and write
2DB0000
unkown
page readonly
31C5000
heap
page read and write
2880000
trusted library allocation
page read and write
7DF000
stack
page read and write
22E97A46000
unkown
page read and write
9C000
stack
page read and write
2B7F000
stack
page read and write
EAE0F7F000
stack
page read and write
44D7E7F000
stack
page read and write
6EDAF000
unkown
page read and write
44D7D7E000
stack
page read and write
31BB000
heap
page read and write
2DA0000
unkown
page readonly
242EE624000
unkown
page read and write
6A4000
heap
page read and write
242EF000000
unkown
page read and write
1DEF6C6C000
unkown
page read and write
242EFB90000
trusted library allocation
page read and write
242EFBA0000
trusted library allocation
page read and write
2A3F000
stack
page read and write
319C000
heap
page read and write
878000
heap
page read and write
22E97A13000
unkown
page read and write
3188000
heap
page read and write
6D5000
heap
page read and write
2873000
heap
page read and write
22E97A49000
unkown
page read and write
242EFB93000
trusted library allocation
page read and write
EAE10FF000
stack
page read and write
242F3D40000
trusted library allocation
page read and write
257E000
stack
page read and write
900000
unkown
page read and write
1A38BF13000
unkown
page read and write
242EE5D0000
unkown
page read and write
242EF102000
unkown
page read and write
EAE11FE000
stack
page read and write
575000
unkown
page readonly
2DB0000
unkown
page readonly
3160000
heap
page read and write
900000
unkown
page read and write
D16000
unkown
page readonly
31A6000
heap
page read and write