IOC Report
Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe

loading gif

Files

File Path
Type
Category
Malicious
Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe.log
ASCII text, with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
Non-ISO extended-ASCII text, with no line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\catalog.dat
data
dropped
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\settings.bin
data
dropped
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\storage.dat
data
dropped

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe
"C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe"
malicious
C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe
C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe
malicious
C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe
C:\Users\user\Desktop\Circular PSSB Parts Disc Credit Term (Dlr) May12 2022 (1).exe
malicious

URLs

Name
IP
Malicious
malicious
deranano2.ddns.net
malicious
http://www.fontbureau.com/designersG
unknown
http://www.sajatypeworks.comiv;b
unknown
http://www.fontbureau.com/designers/?
unknown
http://www.founder.com.cn/cn/bThe
unknown
http://www.fontbureau.com/designers?
unknown
http://www.fontbureau.com/designersB
unknown
http://www.founder.com.cn/cn?
unknown
http://www.sajatypeworks.com=
unknown
http://www.tiro.com
unknown
http://www.fontbureau.comdko
unknown
http://www.fontbureau.com/designers
unknown
http://www.founder.com.cn/cn=
unknown
http://www.goodfont.co.kr
unknown
http://www.jiyu-kobo.co.jp/jp/;N
unknown
http://www.sajatypeworks.com
unknown
http://www.typography.netD
unknown
http://www.founder.com.cn/cn/cThe
unknown
http://www.jiyu-kobo.co.jp/&N
unknown
http://www.galapagosdesign.com/staff/dennis.htm
unknown
http://fontfabrik.com
unknown
http://www.fontbureau.comgrita
unknown
http://www.galapagosdesign.com/n
unknown
http://www.jiyu-kobo.co.jp/CN
unknown
http://www.fontbureau.comessedqN
unknown
http://www.galapagosdesign.com/DPlease
unknown
http://www.fonts.com
unknown
http://www.sandoll.co.kr
unknown
http://www.urwpp.deDPlease
unknown
http://www.fontbureau.comasva0N
unknown
http://www.zhongyicts.com.cn
unknown
http://www.fontbureau.comoJN
unknown
http://www.sajatypeworks.come
unknown
http://www.sakkal.com
unknown
http://www.jiyu-kobo.co.jp/qN
unknown
http://www.fontbureau.comalsd
unknown
http://www.jiyu-kobo.co.jp/gN
unknown
http://www.apache.org/licenses/LICENSE-2.0
unknown
http://www.fontbureau.com
unknown
http://www.jiyu-kobo.co.jp/)N
unknown
http://www.fontbureau.comF
unknown
http://www.fontbureau.comnN7
unknown
http://www.sajatypeworks.comt
unknown
http://www.jiyu-kobo.co.jp/jp/
unknown
http://en.w
unknown
http://www.carterandcone.coml
unknown
http://www.fontbureau.comFgN
unknown
http://www.fontbureau.com/designers/cabarga.htmlN
unknown
http://www.founder.com.cn/cn
unknown
http://www.fontbureau.com/designers/frere-jones.html
unknown
http://www.jiyu-kobo.co.jp/nN7
unknown
http://www.jiyu-kobo.co.jp/
unknown
http://www.fontbureau.como
unknown
http://www.fontbureau.com/designers8
unknown
http://www.jiyu-kobo.co.jp/JN
unknown
There are 46 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
deranano2.ddns.net
212.193.30.204
malicious

IPs

IP
Domain
Country
Malicious
212.193.30.204
deranano2.ddns.net
Russian Federation
malicious
192.168.2.1
unknown
unknown

Memdumps

Base Address
Regiontype
Protect
Malicious
402000
remote allocation
page execute and read and write
malicious
2E71000