IOC Report
kOiaWLNKXpjayWeM.dll

loading gif

Files

File Path
Type
Category
Malicious
kOiaWLNKXpjayWeM.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
initial sample
 malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_kOi_a748228d1b9ab9a1bb94dae9e0fac923745_f2877757_0d5857e4\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_kOi_a748228d1b9ab9a1bb94dae9e0fac923745_f2877757_14085813\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1F6F.tmp.dmp
Mini DuMP crash report, 15 streams, Mon Nov 21 11:32:49 2022, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2173.tmp.dmp
Mini DuMP crash report, 15 streams, Mon Nov 21 11:32:50 2022, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER222F.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER232A.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2452.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER24EF.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped

Processes

Path
Cmdline
Malicious
C:\Windows\System32\regsvr32.exe
regsvr32.exe /s C:\Users\user\Desktop\kOiaWLNKXpjayWeM.dll
 malicious
C:\Windows\System32\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\kOiaWLNKXpjayWeM.dll",#1
 malicious
C:\Windows\System32\rundll32.exe
rundll32.exe C:\Users\user\Desktop\kOiaWLNKXpjayWeM.dll,?AddArrayString@JKDefragLib@@QEAAPEAPEA_WPEAPEA_WPEA_W@Z
 malicious
C:\Windows\System32\regsvr32.exe
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\WVVZhuligM\KuLiEStglluewHbC.dll"
 malicious
C:\Windows\System32\rundll32.exe
rundll32.exe C:\Users\user\Desktop\kOiaWLNKXpjayWeM.dll,?CallShowStatus@JKDefragLib@@QEAAXPEAUDefragDataStruct@@HH@Z
 malicious
C:\Windows\System32\rundll32.exe
rundll32.exe C:\Users\user\Desktop\kOiaWLNKXpjayWeM.dll,?ColorizeItem@JKDefragLib@@QEAAXPEAUDefragDataStruct@@PEAUItemStruct@@_K2H@Z
 malicious
C:\Windows\System32\regsvr32.exe
C:\Windows\system32\regsvr32.exe" "C:\Windows\system32\WVVZhuligM\KuLiEStglluewHbC.dll
 malicious
C:\Windows\System32\regsvr32.exe
C:\Windows\system32\regsvr32.exe "C:\Users\user\AppData\Local\WrWLj\BwssvzQrG.dll"
 malicious
C:\Windows\System32\loaddll64.exe
loaddll64.exe "C:\Users\user\Desktop\kOiaWLNKXpjayWeM.dll"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\kOiaWLNKXpjayWeM.dll",#1
C:\Windows\System32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 6128 -s 480
C:\Windows\System32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2424 -s 472
There are 3 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://218.38.121.17/
218.38.121.17
 malicious
https://218.38.121.17/$
unknown

IPs

IP
Domain
Country
Malicious
188.165.79.151
unknown
France
malicious
196.44.98.190
unknown
Ghana
malicious
174.138.33.49
unknown
United States
malicious
160.16.143.191
unknown
Japan
malicious
36.67.23.59
unknown
Indonesia
malicious
103.41.204.169
unknown
Indonesia
malicious
103.56.149.105
unknown
Indonesia
malicious
85.214.67.203
unknown
Germany
malicious
83.229.80.93
unknown
United Kingdom
malicious
85.25.120.45
unknown
Germany
malicious
198.199.70.22
unknown
United States
malicious
93.104.209.107
unknown
Germany
malicious
186.250.48.5
unknown
Brazil
malicious
175.126.176.79
unknown
Korea Republic of
malicious
139.196.72.155
unknown
China
malicious
128.199.242.164
unknown
United Kingdom
malicious
103.126.216.86
unknown
Bangladesh
malicious
178.238.225.252
unknown
Germany
malicious
128.199.217.206
unknown
United Kingdom
malicious
190.145.8.4
unknown
Colombia
malicious
46.101.98.60
unknown
Netherlands
malicious
82.98.180.154
unknown
Spain
malicious
114.79.130.68
unknown
India
malicious
103.71.99.57
unknown
India
malicious
103.224.241.74
unknown
India
malicious
210.57.209.142
unknown
Indonesia
malicious
202.28.34.99
unknown
Thailand
malicious
87.106.97.83
unknown
Germany
malicious
103.254.12.236
unknown
Viet Nam
malicious
103.85.95.4
unknown
Indonesia
malicious
80.211.107.116
unknown
Italy
malicious