IOC Report
TedarikciSiparisi_83613 .xlsx

loading gif

Files

File Path
Type
Category
Malicious
TedarikciSiparisi_83613 .xlsx
CDFV2 Encrypted
initial sample
malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
downloaded
malicious
C:\Users\user\Desktop\~$TedarikciSiparisi_83613 .xlsx
data
dropped
malicious
C:\Users\Public\vbc.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\13820A74.png
PNG image data, 413 x 220, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2A09A689.jpeg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 160x160, frames 3
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2DC1A5DE.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3E390AF6.png
PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\51ABE6A8.png
PNG image data, 139 x 180, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\57CFF8ED.png
PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\71BAD9C.jpeg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 160x160, frames 3
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\74B1E683.png
PNG image data, 413 x 220, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A1E3120A.png
PNG image data, 458 x 211, 8-bit/color RGB, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\AD99E047.png
PNG image data, 139 x 180, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\F549927F.png
PNG image data, 458 x 211, 8-bit/color RGB, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\~DF154F786FDBAE324B.TMP
data
dropped
C:\Users\user\AppData\Local\Temp\~DF299AB401C235ABC6.TMP
data
dropped
C:\Users\user\AppData\Local\Temp\~DFDCEA4DA1BBD5FBBA.TMP
CDFV2 Encrypted
dropped
C:\Users\user\AppData\Local\Temp\~DFE8FF70B607AC6E32.TMP
data
dropped
There are 9 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
malicious
C:\Users\Public\vbc.exe
"C:\Users\Public\vbc.exe"
malicious
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe

URLs

Name
IP
Malicious
http://180.214.238.224/__cloud_for_file/vbc.exe95C:
unknown
malicious
http://180.214.238.224/__cloud_for_file/vbc.exeu
unknown
malicious
http://180.214.238.224/__cloud_for_file/vbc.exe
180.214.238.224
malicious
http://180.214.238.224/__cloud_for_file/vbc.exeX
unknown
malicious
http://180.214.238.224/__cloud_for_file/vbc.exehhC:
unknown
malicious
www.mentalnayaarifmetika.online/ocgr/
malicious
http://180.214.238.224/__cloud_for_file/vbc.exej
unknown
malicious

IPs

IP
Domain
Country
Malicious
180.214.238.224
unknown
Viet Nam
malicious

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
0w)
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
MTTT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
ReviewToken
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\66519
66519
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
VBAFiles
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
;!)
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\6B145
6B145
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\6D0B7
6D0B7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 4
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 5
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 6
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 8
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 9
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 10
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 11
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 12
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 13
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 14
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 15
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 16
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 17
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 18
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 19
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 21
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
LastPurgeTime
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
EXCELFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\6B145
6B145
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
EquationEditorFilesIntl_1033
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
There are 30 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
3667000
trusted library allocation
page read and write
malicious
23FA000
trusted library allocation
page read and write
629000
trusted library section
page readonly
70D0000
heap
page read and write
6AEF000
trusted library allocation
page read and write
197000
trusted library allocation
page execute and read and write
33C000
unkown
page readonly
22DA000
trusted library allocation
page read and write
2400000
trusted library allocation
page read and write
24FC000
trusted library allocation
page read and write
2702000
trusted library allocation
page read and write
24F6000
trusted library allocation
page read and write
23C8000
trusted library allocation
page read and write
23E5000
trusted library allocation
page read and write
697E000
stack
page read and write
2C40000
heap
page read and write
2305000
trusted library allocation
page read and write
89000
stack
page read and write
71DD000
stack
page read and write
2504000
trusted library allocation
page read and write
7870000
trusted library allocation
page read and write
6CEC000
stack
page read and write
253A000
trusted library allocation
page read and write
6B4000
heap
page read and write
35F6000
trusted library allocation
page read and write
64E000
stack
page read and write
5AE000
stack
page read and write
2370000
trusted library allocation
page read and write
710000
heap
page read and write
870000
heap
page execute and read and write
150000
trusted library allocation
page read and write
6E2D000
stack
page read and write
250B000
trusted library allocation
page read and write
1E70000
direct allocation
page read and write
25D6000
trusted library allocation
page read and write
26E1000
trusted library allocation
page read and write
173000
trusted library allocation
page execute and read and write
26E5000
trusted library allocation
page read and write
23C6000
trusted library allocation
page read and write
589000
heap
page read and write
2A5F000
stack
page read and write
6AB0000
trusted library allocation
page read and write
26C6000
trusted library allocation
page read and write
24F8000
trusted library allocation
page read and write
504E000
stack
page read and write
26FE000
trusted library allocation
page read and write
26E3000
trusted library allocation
page read and write
22FF000
trusted library allocation
page read and write
19A000
trusted library allocation
page execute and read and write
49BF000
stack
page read and write
300000
unkown
page readonly
2700000
trusted library allocation
page read and write
23CA000
trusted library allocation
page read and write
2214000
trusted library allocation
page read and write
26F6000
trusted library allocation
page read and write
25B3000
trusted library allocation
page read and write
47A0000
trusted library allocation
page read and write
174000
trusted library allocation
page read and write
3514000
trusted library allocation
page read and write
220F000
trusted library allocation
page read and write
55F000
heap
page read and write
2314000
trusted library allocation
page read and write
3388000
trusted library allocation
page read and write
184000
trusted library allocation
page read and write
2472000
heap
page read and write
674000
heap
page read and write
29F000
stack
page read and write
2500000
trusted library allocation
page read and write
546000
heap
page read and write
531E000
stack
page read and write
26EA000
trusted library allocation
page read and write
71C000
heap
page read and write
25BB000
trusted library allocation
page read and write
251B000
trusted library allocation
page read and write
2E0000
trusted library allocation
page execute and read and write
4D0000
trusted library allocation
page read and write
23CC000
trusted library allocation
page read and write
6A70000
heap
page read and write
33C000
unkown
page readonly
711000
heap
page read and write
6F2D000
stack
page read and write
302000
unkown
page execute read
23C2000
trusted library allocation
page read and write
4ABE000
stack
page read and write
71C000
heap
page read and write
2C0000
heap
page read and write
69BE000
stack
page read and write
2CBE000
stack
page read and write
600000
trusted library allocation
page read and write
696000
heap
page read and write
25B1000
trusted library allocation
page read and write
25AF000
trusted library allocation
page read and write
25B7000
trusted library allocation
page read and write
251D000
trusted library allocation
page read and write
25BE000
trusted library allocation
page read and write
251F000
trusted library allocation
page read and write
7870000
trusted library allocation
page read and write
25D0000
trusted library allocation
page read and write
340000
trusted library allocation
page read and write
2523000
trusted library allocation
page read and write
728000
trusted library allocation
page read and write
23F2000
trusted library allocation
page read and write
22F7000
trusted library allocation
page read and write
48E000
stack
page read and write
597000
heap
page read and write
702D000
stack
page read and write
7870000
trusted library allocation
page read and write
25CE000
trusted library allocation
page read and write
2CC4000
heap
page read and write
72F000
heap
page read and write
4D0000
trusted library section
page read and write
31E1000
trusted library allocation
page read and write
699000
heap
page read and write
520000
heap
page read and write
324A000
trusted library allocation
page read and write
6CAF000
stack
page read and write
2454000
heap
page read and write
2536000
trusted library allocation
page read and write
68E000
stack
page read and write
380000
heap
page read and write
25B5000
trusted library allocation
page read and write
728000
heap
page read and write
302000
unkown
page execute read
3309000
trusted library allocation
page read and write
22FD000
trusted library allocation
page read and write
250000
heap
page read and write
600000
trusted library allocation
page read and write
22E0000
trusted library allocation
page read and write
30E000
stack
page read and write
6B0000
heap
page read and write
6E9000
heap
page read and write
22DE000
trusted library allocation
page read and write
71C000
heap
page read and write
6CF3000
heap
page read and write
2508000
trusted library allocation
page read and write
25CC000
trusted library allocation
page read and write
86E000
stack
page read and write
519F000
stack
page read and write
2527000
trusted library allocation
page read and write
6F0000
trusted library allocation
page read and write
23EB000
trusted library allocation
page read and write
4370000
heap
page read and write
2C1F000
stack
page read and write
22D3000
trusted library allocation
page read and write
23FE000
trusted library allocation
page read and write
24FE000
trusted library allocation
page read and write
6A0000
trusted library allocation
page read and write
10000
heap
page read and write
26CA000
trusted library allocation
page read and write
295F000
stack
page read and write
26CD000
trusted library allocation
page read and write
25A1000
trusted library allocation
page read and write
6E9000
heap
page read and write
2CC0000
heap
page read and write
21E1000
trusted library allocation
page read and write
62F000
trusted library section
page readonly
22E4000
trusted library allocation
page read and write
504000
heap
page read and write
72DE000
stack
page read and write
4B10000
heap
page execute and read and write
2402000
trusted library allocation
page read and write
26FA000
trusted library allocation
page read and write
25D4000
trusted library allocation
page read and write
18A000
stack
page read and write
180000
trusted library allocation
page read and write
2CCB000
heap
page read and write
6ACD000
trusted library allocation
page read and write
44CE000
stack
page read and write
709000
heap
page read and write
205D000
stack
page read and write
2515000
trusted library allocation
page read and write
344000
trusted library allocation
page read and write
25D2000
trusted library allocation
page read and write
20AE000
stack
page read and write
21DF000
stack
page read and write
25E3000
trusted library allocation
page read and write
5EE000
stack
page read and write
26DD000
trusted library allocation
page read and write
620000
trusted library section
page readonly
52A000
heap
page read and write
26DB000
trusted library allocation
page read and write
23E1000
trusted library allocation
page read and write
624000
trusted library section
page readonly
25B9000
trusted library allocation
page read and write
4E0000
heap
page read and write
2301000
trusted library allocation
page read and write
690000
trusted library allocation
page read and write
4A0000
trusted library allocation
page read and write
3D0000
heap
page read and write
490000
trusted library section
page read and write
69FC000
stack
page read and write
160000
heap
page read and write
6CF000
heap
page read and write
71E000
heap
page read and write
26E7000
trusted library allocation
page read and write
26C8000
trusted library allocation
page read and write
490000
trusted library allocation
page read and write
6CD000
heap
page read and write
23DD000
trusted library allocation
page read and write
6F1000
heap
page read and write
3482000
trusted library allocation
page read and write
23E7000
trusted library allocation
page read and write
300000
unkown
page readonly
600000
trusted library allocation
page read and write
705000
heap
page read and write
23FC000
trusted library allocation
page read and write
22EF000
trusted library allocation
page read and write
725000
heap
page read and write
34D000
stack
page read and write
3585000
trusted library allocation
page read and write
1A7000
trusted library allocation
page execute and read and write
259F000
trusted library allocation
page read and write
220D000
trusted library allocation
page read and write
2B5000
stack
page read and write
2CC8000
heap
page read and write
26DF000
trusted library allocation
page read and write
CB000
stack
page read and write
242E000
stack
page read and write
25AB000
trusted library allocation
page read and write
6AF4000
trusted library allocation
page read and write
23E9000
trusted library allocation
page read and write
22E6000
trusted library allocation
page read and write
22E8000
trusted library allocation
page read and write
25AD000
trusted library allocation
page read and write
26FC000
trusted library allocation
page read and write
2519000
trusted library allocation
page read and write
2525000
trusted library allocation
page read and write
2450000
heap
page read and write
69D000
heap
page read and write
2506000
trusted library allocation
page read and write
617000
heap
page read and write
6ADF000
trusted library allocation
page read and write
600000
trusted library allocation
page read and write
2502000
trusted library allocation
page read and write
657000
heap
page read and write
6CF0000
heap
page read and write
23C4000
trusted library allocation
page read and write
47A0000
trusted library allocation
page read and write
1AB000
trusted library allocation
page execute and read and write
3245000
trusted library allocation
page read and write
23CF000
trusted library allocation
page read and write
22F9000
trusted library allocation
page read and write
4E7000
heap
page read and write
4374000
heap
page read and write
52C000
heap
page read and write
22DC000
trusted library allocation
page read and write
4392000
heap
page read and write
706D000
stack
page read and write
258F000
stack
page read and write
347D000
trusted library allocation
page read and write
650000
heap
page read and write
705000
heap
page read and write
490000
trusted library allocation
page read and write
26F8000
trusted library allocation
page read and write
6A3D000
stack
page read and write
350000
trusted library allocation
page execute and read and write
236F000
stack
page read and write
23E3000
trusted library allocation
page read and write
21DE000
stack
page read and write | page guard
610000
heap
page read and write
340000
trusted library allocation
page read and write
23DF000
trusted library allocation
page read and write
10000
heap
page read and write
7E0000
heap
page execute and read and write
2303000
trusted library allocation
page read and write
7440000
heap
page read and write
431E000
stack
page read and write
6F2000
heap
page read and write
2F0000
trusted library allocation
page read and write
3630000
trusted library allocation
page read and write
690000
trusted library allocation
page read and write
22E2000
trusted library allocation
page read and write
There are 262 hidden memdumps, click here to show them.