IOC Report
os.exe_

loading gif

Files

File Path
Type
Category
Malicious
os.exe
PE32+ executable (console) x86-64, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Local\Temp\kbuhkupik.exe
PE32+ executable (console) x86-64, for MS Windows
dropped
malicious
C:\Users\user\Desktop\09F81D2E.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
malicious
C:\Users\user\Desktop\6E8422DB.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
malicious
\Device\ConDrv
ASCII text, with CRLF line terminators
dropped

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\os.exe
C:\Users\user\Desktop\os.exe
malicious
C:\Users\user\AppData\Local\Temp\kbuhkupik.exe
C:\Users\user\AppData\Local\Temp\\kbuhkupik.exe" "C:\Users\user\AppData\Local\Temp\DB61.tmp
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

URLs

Name
IP
Malicious
https://%ws/%ws_%ws_%ws/service.svc/%wsADPolicyProviderSCEP
unknown
https://login.microsoftonline.com/%s/oauth2/authorizeStringCchPrintfWhttps://login.microsoftonline.c
unknown

Memdumps

Base Address
Regiontype
Protect
Malicious
1ACDC960000
direct allocation
page read and write
malicious
7FF88EDF1000
unkown
page execute read
malicious
1ACDCB40000
direct allocation
page read and write
malicious
268DF3A0000
heap
page read and write
1F36A710000
trusted library allocation
page read and write
1ACDE45E000
heap
page read and write
1ACDCA48000
heap
page read and write
268DF310000
heap
page read and write
7FF6D40EC000
unkown
page write copy
1F369B6D000
heap
page read and write
1F369B6F000
heap
page read and write
7FF6D410D000
unkown
page readonly
7FF6D40EB000
unkown
page read and write
7FF6D4071000
unkown
page execute read
1F369A10000
heap
page read and write
7FF7E47D0000
remote allocation
page execute and read and write
7FF7E47D1000
unkown
page execute read
7FF7E47D0000
unkown
page readonly
7FF6D40EB000
unkown
page write copy
1F369B8F000
heap
page read and write
1ACDCA30000
heap
page read and write
1F369AB5000
heap
page read and write
7FF6D4070000
unkown
page readonly
1F3698E0000
trusted library allocation
page read and write
7FF7E4947000
unkown
page readonly
7FF88EE11000
unkown
page readonly
7FF7E4950000
unkown
page readonly
1F369A30000
heap
page read and write
46AABF9000
stack
page read and write
7FF7E47D1000
unkown
page execute read
1F36A9E0000
trusted library allocation
page read and write
268DF370000
remote allocation
page read and write
46AAC7E000
stack
page read and write
1F369C20000
trusted library allocation
page read and write
7FF7E4934000
unkown
page write copy
7FF7E47D0000
remote allocation
page execute and read and write
1F36A980000
trusted library allocation
page read and write
268DF370000
remote allocation
page read and write
1F36A960000
trusted library allocation
page read and write
7FF7E4934000
unkown
page write copy
46AACF9000
stack
page read and write
268DF370000
remote allocation
page read and write
7FF7E4934000
unkown
page write copy
46AAAFE000
stack
page read and write
7FF7E47F0000
remote allocation
page execute and read and write
7FF7E47D0000
unkown
page readonly
1ACDCA35000
heap
page read and write
7FF88EE2E000
unkown
page read and write
7FF7E494F000
unkown
page write copy
1ACDE2EE000
heap
page read and write
1ACDC920000
heap
page read and write
1ACDCA6A000
heap
page read and write
1F36A970000
heap
page readonly
268DF380000
heap
page read and write
46AAB79000
stack
page read and write
7FF6D410D000
unkown
page readonly
7FF7E48D9000
unkown
page readonly
7FF88EE12000
unkown
page write copy
7FF7E4947000
unkown
page readonly
268DF725000
heap
page read and write
7FF7E4942000
unkown
page write copy
7FF88EE2F000
unkown
page readonly
1F36A990000
trusted library allocation
page read and write
1F369B85000
heap
page read and write
46AAD7E000
stack
page read and write
7FF7E48D9000
unkown
page readonly
B480EFE000
stack
page read and write
7FF6D410A000
unkown
page read and write
7FF7E47D1000
unkown
page execute read
7FF7E494F000
unkown
page write copy
268DF3D0000
heap
page read and write
7FF7E4950000
unkown
page readonly
1ACDCA6E000
heap
page read and write
1F369AB0000
heap
page read and write
1F369B6D000
heap
page read and write
1F36A720000
trusted library allocation
page read and write
7FF7E4950000
unkown
page readonly
1F369B6D000
heap
page read and write
7FF7E4942000
unkown
page write copy
268DF720000
heap
page read and write
7FF6D40D2000
unkown
page readonly
B480BFC000
stack
page read and write
4A2B5FB000
stack
page read and write
268DF370000
remote allocation
page read and write
1F369B65000
heap
page read and write
7FF7E494F000
unkown
page write copy
46AA7FB000
stack
page read and write
1ACDC940000
heap
page read and write
1F369B20000
heap
page read and write
7FF6D4071000
unkown
page execute read
1ACDC990000
direct allocation
page execute and read and write
1ACDCA6D000
heap
page read and write
7FF7E47D0000
remote allocation
page execute and read and write
1ACDC7E0000
heap
page read and write
7FF6D40D2000
unkown
page readonly
7FF7E47F0000
remote allocation
page execute and read and write
268DF370000
remote allocation
page read and write
7FF7E48D9000
unkown
page readonly
46AAA7D000
stack
page read and write
1F369AB9000
heap
page read and write
1F369AC0000
trusted library allocation
page read and write
1F3698D0000
heap
page read and write
1F369B28000
heap
page read and write
7FF7E4942000
unkown
page write copy
7FF88EDF0000
unkown
page readonly
1ACDC970000
direct allocation
page execute and read and write
7FF6D4070000
unkown
page readonly
7FF7E47D0000
unkown
page readonly
7FF7E4947000
unkown
page readonly
268DF3DA000
heap
page read and write
1F369B8B000
heap
page read and write
B480FFE000
stack
page read and write
1ACDCA40000
heap
page read and write
1F369AA0000
trusted library allocation
page read and write
There are 104 hidden memdumps, click here to show them.