IOC Report
SecuriteInfo.com.Variant.Babar.54324.15185.5956

loading gif

Files

File Path
Type
Category
Malicious
SecuriteInfo.com.Variant.Babar.54324.15185.exe
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
initial sample
 malicious
C:\Users\user\AppData\Local\Temp\Adventure_17.bmp
JPEG image data, JFIF standard 1.01, resolution (DPI), density 100x100, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=3], baseline, precision 8, 110x110, frames 3
dropped
C:\Users\user\AppData\Local\Temp\Gtk-3.0.typelib
HTML document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Kartotekiseredes227.ini
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Lib.Platform.Windows.dll
PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Snkeklenes.shi
data
dropped
C:\Users\user\AppData\Local\Temp\atheros Outlook Addin.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\closure.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\emblem-urgent.png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\hmmapi.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\libshishi-0.dll
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\mail-unread-symbolic.symbolic.png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\nso144E.tmp\System.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\pan-end-symbolic-rtl.svg
XML 1.0 document text
modified
There are 4 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\SecuriteInfo.com.Variant.Babar.54324.15185.exe
"C:\Users\user\Desktop\SecuriteInfo.com.Variant.Babar.54324.15185.exe"
malicious

URLs

Name
IP
Malicious
http://185.222.57.79/SALES/NEW%20SERVER_KeqToKFS234.bin
malicious
http://creativecommons.org/ns#DerivativeWorks
unknown
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
unknown
https://sectigo.com/CPS0
unknown
http://creativecommons.org/licenses/by-sa/4.0/
unknown
http://creativecommons.org/ns#Distribution
unknown
http://ocsp.sectigo.com0
unknown
https://eddie.website
unknown
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
unknown
http://creativecommons.org/ns#Attribution
unknown
https://sectigo.com/CPS0D
unknown
http://creativecommons.org/ns#ShareAlike
unknown
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
unknown
http://nsis.sf.net/NSIS_ErrorError
unknown
http://creativecommons.org/ns#Notice
unknown
http://creativecommons.org/ns#Reproduction
unknown
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
unknown
https://eddie.websiteX
unknown
https://eddie.website/windows-runtime/
unknown
http://creativecommons.org/ns#
unknown
There are 10 hidden URLs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Intrigeredes
Kagemndene190

Memdumps

Base Address
Regiontype
Protect
Malicious
30E1000
direct allocation
page execute and read and write
 malicious
35DD000
stack
page read and write
2123FC90000
heap
page read and write
2123FBB0000
heap
page read and write
288C4E60000
remote allocation
page read and write
288C4E40000
trusted library allocation
page read and write
197AFF40000
trusted library allocation
page read and write
288BF4A5000
heap
page read and write
30000
heap
page read and write
14C81C54000
heap
page read and write
9CE000
stack
page read and write
2D6E9FB000
stack
page read and write
18B96059000
heap
page read and write
520000
heap
page read and write
99000
stack
page read and write
288C0520000
trusted library allocation
page read and write
288C4B24000
trusted library allocation
page read and write
288C4C61000
heap
page read and write
288C4BD0000
trusted library allocation
page read and write
2D6ECFD000
stack
page read and write
19A000
stack
page read and write
288BF429000
heap
page read and write
400000
unkown
page readonly
288C4B21000
trusted library allocation
page read and write
288BFF18000
heap
page read and write
14C81C4C000
heap
page read and write
2656E465000
heap
page read and write
288C4CF3000
heap
page read and write
51A0CBB000
stack
page read and write
E85487F000
stack
page read and write
36DE000
stack
page read and write
90A9279000
stack
page read and write
197B0063000
heap
page read and write
288C4C5D000
heap
page read and write
14C81C70000
heap
page read and write
14C81B20000
trusted library allocation
page read and write
14C81A20000
heap
page read and write
2EEE67F000
stack
page read and write
288BF413000
heap
page read and write
18B95F00000
heap
page read and write
288BF400000
heap
page read and write
E8540FB000
stack
page read and write
18B96086000
heap
page read and write
E85467F000
stack
page read and write
18B9605E000
heap
page read and write
18B9603C000
heap
page read and write
288C4BF0000
trusted library allocation
page read and write
2656E290000
heap
page read and write
77F000
heap
page read and write
14C81D00000
heap
page read and write
51A127B000
stack
page read and write
2123FB40000
heap
page read and write
435000
unkown
page read and write
2656E4E8000
heap
page read and write
2270000
heap
page read and write
197B0063000
heap
page read and write
14C81C69000
heap
page read and write
288BF4FD000
heap
page read and write
14C81C47000
heap
page read and write
537D4FB000
stack
page read and write
51A0DBE000
stack
page read and write
9D6000
heap
page read and write
18B95EA0000
heap
page read and write
95E000
stack
page read and write
51A147D000
stack
page read and write
14C819C0000
heap
page read and write
2656E544000
heap
page read and write
18B96113000
heap
page read and write
14C81C48000
heap
page read and write
2656E52E000
heap
page read and write
288C4C8E000
heap
page read and write
26BF000
stack
page read and write
288C4C60000
trusted library allocation
page read and write
288C4D02000
heap
page read and write
2D6EBFE000
stack
page read and write
2656E3F0000
heap
page read and write
784000
heap
page read and write
2123FD13000
heap
page read and write
18B96048000
heap
page read and write
2656E52E000
heap
page read and write
288C4C1F000
heap
page read and write
2EEE8FB000
stack
page read and write
288C0410000
trusted library allocation
page read and write
14C81C74000
heap
page read and write
197AFDE0000
heap
page read and write
E853CFB000
stack
page read and write
2D6E67B000
stack
page read and write
288C4C2D000
heap
page read and write
197B0002000
heap
page read and write
455000
unkown
page readonly
14C81C13000
heap
page read and write
2656F320000
trusted library allocation
page read and write
980000
heap
page read and write
27CF000
trusted library allocation
page read and write
197AFE40000
heap
page read and write
2656E5E0000
trusted library allocation
page read and write
2123FC3C000
heap
page read and write
288BF390000
trusted library allocation
page read and write
2123FD08000
heap
page read and write
288C4CF1000
heap
page read and write
14C81C00000
heap
page read and write
288C4BD0000
trusted library allocation
page read and write
288C4CF3000
heap
page read and write
288BFE02000
heap
page read and write
288C09A0000
trusted library allocation
page read and write
537D27E000
stack
page read and write
3000000
trusted library allocation
page read and write
2123FC62000
heap
page read and write
51A157F000
stack
page read and write
288C4D08000
heap
page read and write
90A907B000
stack
page read and write
288BFF00000
heap
page read and write
288BFF59000
heap
page read and write
288BFE00000
heap
page read and write
288C4BD0000
trusted library allocation
page read and write
2123FD00000
heap
page read and write
40A000
unkown
page read and write
51A1377000
stack
page read and write
75B000
heap
page read and write
197B0056000
heap
page read and write
2123FD02000
heap
page read and write
537D6FE000
stack
page read and write
401000
unkown
page execute read
21240602000
trusted library allocation
page read and write
288C4CE7000
heap
page read and write
14C81C7D000
heap
page read and write
288C4B30000
trusted library allocation
page read and write
288C4E20000
trusted library allocation
page read and write
288C4C3C000
heap
page read and write
3020000
trusted library allocation
page read and write
18B9605F000
heap
page read and write
2656F0E0000
trusted library allocation
page read and write
14C819B0000
heap
page read and write
4E0000
trusted library allocation
page read and write
288BF474000
heap
page read and write
288C4C00000
heap
page read and write
427000
unkown
page read and write
2656F340000
trusted library allocation
page read and write
51A117F000
stack
page read and write
288C4CED000
heap
page read and write
288C4B0E000
trusted library allocation
page read and write
2656E469000
heap
page read and write
9D0000
heap
page read and write
773000
heap
page read and write
14C81C29000
heap
page read and write
E853DFA000
stack
page read and write
18B96061000
heap
page read and write
288C4CAC000
heap
page read and write
18B96002000
heap
page read and write
90A947F000
stack
page read and write
760000
heap
page read and write
90A91F9000
stack
page read and write
2123FC00000
heap
page read and write
18B9608B000
heap
page read and write
2656E460000
heap
page read and write
90A9379000
stack
page read and write
2123FC52000
heap
page read and write
197B0102000
heap
page read and write
14C82402000
trusted library allocation
page read and write
18B9605B000
heap
page read and write
731D6000
unkown
page readonly
288C4C87000
heap
page read and write
288BF507000
heap
page read and write
14C81C3C000
heap
page read and write
197B003C000
heap
page read and write
731D4000
unkown
page readonly
408000
unkown
page readonly
2656E4E0000
heap
page read and write
E853BF7000
stack
page read and write
E85379C000
stack
page read and write
288BFE15000
heap
page read and write
2EEEAFB000
stack
page read and write
288C4E30000
trusted library allocation
page read and write
288BF492000
heap
page read and write
288BF4FD000
heap
page read and write
197B0100000
heap
page read and write
14C81D13000
heap
page read and write
537D2FF000
stack
page read and write
400000
unkown
page readonly
288C49E0000
trusted library allocation
page read and write
288BF360000
heap
page read and write
537CF8B000
stack
page read and write
2123FC8E000
heap
page read and write
76D000
heap
page read and write
51A0D3E000
stack
page read and write
2EEE3CB000
stack
page read and write
2EEEBFF000
stack
page read and write
18B96047000
heap
page read and write
288BFF02000
heap
page read and write
288C4B00000
trusted library allocation
page read and write
2D6E77E000
stack
page read and write
3010000
trusted library allocation
page read and write
288C4CB8000
heap
page read and write
2656E54C000
heap
page read and write
288BF48B000
heap
page read and write
197B0802000
trusted library allocation
page read and write
288C4D00000
heap
page read and write
2656F0D0000
trusted library allocation
page read and write
2D6EDFF000
stack
page read and write
14C81C7F000
heap
page read and write
2656E480000
trusted library allocation
page read and write
776000
heap
page read and write
288BFF58000
heap
page read and write
18B96108000
heap
page read and write
197B0028000
heap
page read and write
14C81C69000
heap
page read and write
18B96013000
heap
page read and write
2123FC81000
heap
page read and write
2EEE9FB000
stack
page read and write
288C4CAC000
heap
page read and write
288C4B00000
trusted library allocation
page read and write
197B0113000
heap
page read and write
288BFF13000
heap
page read and write
E8544FA000
stack
page read and write
E853FFA000
stack
page read and write
197B0063000
heap
page read and write
288C4B08000
trusted library allocation
page read and write
2656F3A0000
trusted library allocation
page read and write
14C81D08000
heap
page read and write
288BF476000
heap
page read and write
455000
unkown
page readonly
288C4F90000
trusted library allocation
page read and write
537D7FF000
stack
page read and write
2123FC5C000
heap
page read and write
2D6E8FF000
stack
page read and write
40A000
unkown
page write copy
764000
heap
page read and write
288C4C49000
heap
page read and write
14C81C50000
heap
page read and write
288BF514000
heap
page read and write
288BF479000
heap
page read and write
288C4E60000
remote allocation
page read and write
731D0000
unkown
page readonly
E853A7F000
stack
page read and write
778000
heap
page read and write
288BF49D000
heap
page read and write
18B96102000
heap
page read and write
197B0013000
heap
page read and write
288C0400000
trusted library allocation
page read and write
2656E3D0000
heap
page read and write
18B95E90000
heap
page read and write
288BF300000
heap
page read and write
197AFDD0000
heap
page read and write
288C4B40000
trusted library allocation
page read and write
2656E2A0000
trusted library allocation
page read and write
2123FC13000
heap
page read and write
288C4E10000
trusted library allocation
page read and write
18B9605A000
heap
page read and write
27E6000
trusted library allocation
page read and write
18B96029000
heap
page read and write
288BF455000
heap
page read and write
288C4E60000
remote allocation
page read and write
288BFDF3000
trusted library allocation
page read and write
288C4C0E000
heap
page read and write
2123FC5F000
heap
page read and write
537D5F7000
stack
page read and write
2656E4F0000
heap
page read and write
2656E52E000
heap
page read and write
408000
unkown
page readonly
288C4B44000
trusted library allocation
page read and write
720000
heap
page read and write
2123FBE0000
trusted library allocation
page read and write
288BFF04000
heap
page read and write
2D6EAF7000
stack
page read and write
288BF43E000
heap
page read and write
288BF502000
heap
page read and write
2D6E6FE000
stack
page read and write
2123FC29000
heap
page read and write
288BF458000
heap
page read and write
288C49F0000
trusted library allocation
page read and write
288C4CB5000
heap
page read and write
401000
unkown
page execute read
288BFDD1000
trusted library allocation
page read and write
2656E470000
trusted library allocation
page read and write
197B0000000
heap
page read and write
288C4F50000
trusted library allocation
page read and write
288BF502000
heap
page read and write
288BF46F000
heap
page read and write
14C81C88000
heap
page read and write
2123FB50000
heap
page read and write
14C81D02000
heap
page read and write
18B9605D000
heap
page read and write
2656F330000
heap
page readonly
18B96100000
heap
page read and write
288C4C50000
trusted library allocation
page read and write
288BFF18000
heap
page read and write
18B9607B000
heap
page read and write
18B9602E000
heap
page read and write
288BF2F0000
heap
page read and write
288BFDF0000
trusted library allocation
page read and write
288C4B30000
trusted library allocation
page read and write
90A92FE000
stack
page read and write
288C4B20000
trusted library allocation
page read and write
18B96000000
heap
page read and write
984000
heap
page read and write
727000
heap
page read and write
18B96802000
trusted library allocation
page read and write
E853EFE000
stack
page read and write
731D1000
unkown
page execute read
27BF000
stack
page read and write
288C4C90000
heap
page read and write
288C4CE0000
heap
page read and write
2656F350000
trusted library allocation
page read and write
197B006F000
heap
page read and write
18B967A0000
trusted library allocation
page read and write
There are 295 hidden memdumps, click here to show them.