IOC Report
c2b80b8cbd660c3208162ed596e0443ea8f786b6fd1f809f2d2a1e07fe6475cd.exe

loading gif

Files

File Path
Type
Category
Malicious
c2b80b8cbd660c3208162ed596e0443ea8f786b6fd1f809f2d2a1e07fe6475cd.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Local\Temp\AEC4.tmp
ASCII text, with CRLF line terminators
modified

Processes

Path
Cmdline
Malicious
C:\Windows\System32\loaddll64.exe
loaddll64.exe "C:\Users\user\Desktop\c2b80b8cbd660c3208162ed596e0443ea8f786b6fd1f809f2d2a1e07fe6475cd.dll"
 malicious
C:\Windows\System32\regsvr32.exe
regsvr32.exe /s C:\Users\user\Desktop\c2b80b8cbd660c3208162ed596e0443ea8f786b6fd1f809f2d2a1e07fe6475cd.dll
 malicious
C:\Windows\System32\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\c2b80b8cbd660c3208162ed596e0443ea8f786b6fd1f809f2d2a1e07fe6475cd.dll",#1
 malicious
C:\Windows\System32\rundll32.exe
rundll32.exe C:\Users\user\Desktop\c2b80b8cbd660c3208162ed596e0443ea8f786b6fd1f809f2d2a1e07fe6475cd.dll,DllRegisterServer
 malicious
C:\Windows\System32\rundll32.exe
rundll32.exe C:\Users\user\Desktop\c2b80b8cbd660c3208162ed596e0443ea8f786b6fd1f809f2d2a1e07fe6475cd.dll,FgnfMvSNFULXZx
 malicious
C:\Windows\System32\rundll32.exe
rundll32.exe C:\Users\user\Desktop\c2b80b8cbd660c3208162ed596e0443ea8f786b6fd1f809f2d2a1e07fe6475cd.dll,KVpawdrrKTUjeZuk
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\c2b80b8cbd660c3208162ed596e0443ea8f786b6fd1f809f2d2a1e07fe6475cd.dll",#1
C:\Windows\System32\cmd.exe
cmd /c "echo Commands" >> C:\Users\user~1\AppData\Local\Temp\AEC4.tmp
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c "dir" >> C:\Users\user~1\AppData\Local\Temp\AEC4.tmp
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 2 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://higmon.cyou/index.html7b9a
unknown
https://my.tealiumiq.com/urest/legacy/tagcompanion/getProfile?utid=
unknown
https://higmon.cyou/index.html
unknown
https://http://Mozilla/5.0
unknown
https://higmon.cyou
unknown
https://higmon.cyouhttps://prises.cyouR
unknown
https://prises.cyou
unknown
https://higmon.cyou/
unknown

Domains

Name
IP
Malicious
higmon.cyou
45.8.147.179
 malicious

IPs

IP
Domain
Country
Malicious
45.8.147.179
higmon.cyou
Russian Federation
malicious

Memdumps

Base Address
Regiontype
Protect
Malicious
CDFA17C000
stack
page read and write
23DC287F000
heap
page read and write
12C299F0000
remote allocation
page read and write
1E381520000
heap
page read and write
23DC2660000
heap
page read and write
7FFE35482000
unkown
page readonly
134B000
heap
page read and write
12D0000
heap
page read and write
23DC3143000
heap
page read and write
18000B000
direct allocation
page readonly
23DC2800000
heap
page read and write
15E5000
heap
page read and write
98FB4FC000
stack
page read and write
23DC2670000
heap
page read and write
18DE3C10000
heap
page read and write
29783510000
trusted library allocation
page read and write
18000E000
direct allocation
page readonly
1B2FA3A0000
heap
page read and write
1817BD85000
heap
page read and write
12B2F6B0000
heap
page read and write
1330000
direct allocation
page execute and read and write
2074D870000
heap
page read and write
23DC31B1000
heap
page read and write
77C47C000
stack
page read and write
A3254FE000
stack
page read and write
2B8B2FC000
stack
page read and write
12B2F84E000
heap
page read and write
23DC31C1000
heap
page read and write
2978366E000
heap
page read and write
2CDF000
stack
page read and write
2F40000
heap
page read and write
1817BC10000
heap
page read and write
23DC3200000
heap
page read and write
12B2F85A000
heap
page read and write
23DC3122000
heap
page read and write
2448F3A0000
trusted library allocation
page read and write
7FFE35483000
unkown
page write copy
23DC3002000
heap
page read and write
1836E02F000
heap
page read and write
1FF43840000
heap
page read and write
8BD11FF000
stack
page read and write
12B2F861000
heap
page read and write
1E3815E0000
heap
page read and write
12C29A00000
heap
page read and write
A32597F000
stack
page read and write
1C71471F000
heap
page read and write
98FAF8C000
stack
page read and write
CDFA67F000
stack
page read and write
2074D750000
unkown
page readonly
98FB37B000
stack
page read and write
23DC3122000
heap
page read and write
24E2F7F000
stack
page read and write
12B2F844000
heap
page read and write
1B2FA120000
heap
page read and write
12B2F865000
heap
page read and write
12C2A202000
trusted library allocation
page read and write
297836C9000
heap
page read and write
23DC2843000
heap
page read and write
23DC298C000
heap
page read and write
23DC3202000
heap
page read and write
12B2F841000
heap
page read and write
23DC3194000
heap
page read and write
318687F000
stack
page read and write
1C7163B0000
remote allocation
page read and write
A32537F000
stack
page read and write
1C716532000
heap
page read and write
1836E03D000
heap
page read and write
12B2F831000
heap
page read and write
24E29AE000
stack
page read and write
23DC31C9000
heap
page read and write
12C298C0000
heap
page read and write
1FF41C30000
heap
page read and write
12B2F902000
heap
page read and write
8BD0CFB000
stack
page read and write
2074D970000
heap
page read and write
12B2F829000
heap
page read and write
2448ED13000
heap
page read and write
643D7FF000
unkown
page read and write
23DC3154000
heap
page read and write
180001000
direct allocation
page execute read
12B2F863000
heap
page read and write
23DC2843000
heap
page read and write
8BD06CC000
stack
page read and write
CDFA37D000
stack
page read and write
1817DA71000
heap
page read and write
18000B000
direct allocation
page readonly
2E6F000
stack
page read and write
12B2F857000
heap
page read and write
1E381667000
heap
page read and write
8BD0BFE000
stack
page read and write
12B2F85F000
heap
page read and write
2448EC00000
heap
page read and write
1C7149B0000
heap
page read and write
A324CFB000
stack
page read and write
A32527F000
stack
page read and write
2448EC66000
heap
page read and write
2D0947F000
stack
page read and write
1836E102000
heap
page read and write
A32587D000
stack
page read and write
23DC286F000
heap
page read and write
87E22FE000
stack
page read and write
1C7163B0000
remote allocation
page read and write
1817BE4B000
heap
page read and write
1FF41AB0000
heap
page read and write
1FF41CA8000
heap
page read and write
12B2F87E000
heap
page read and write
98FB47C000
stack
page read and write
12B2F875000
heap
page read and write
29783600000
heap
page read and write
87E21FE000
stack
page read and write
2448EC5A000
heap
page read and write
1C71475D000
heap
page read and write
12B30002000
trusted library allocation
page read and write
2978363E000
heap
page read and write
A32557B000
stack
page read and write
29783E02000
heap
page read and write
2C50000
heap
page read and write
A32567D000
stack
page read and write
12B2F867000
heap
page read and write
1836E802000
trusted library allocation
page read and write
12B2F864000
heap
page read and write
1836E013000
heap
page read and write
180000000
direct allocation
page read and write
796C579000
stack
page read and write
1B2FA080000
heap
page read and write
297833A0000
heap
page read and write
297836E2000
heap
page read and write
1C714740000
heap
page read and write
2448EAA0000
heap
page read and write
180000000
direct allocation
page read and write
2B8AF6C000
stack
page read and write
2074DBF0000
heap
page read and write
297836C1000
heap
page read and write
23DC287D000
heap
page read and write
1E381664000
heap
page read and write
12B2F845000
heap
page read and write
7FFE35480000
unkown
page readonly
29783410000
heap
page read and write
12C299F0000
remote allocation
page read and write
1817DA62000
heap
page read and write
23DC3230000
heap
page read and write
1C716270000
heap
page read and write
12C29B02000
heap
page read and write
2074D850000
heap
page read and write
1C714717000
heap
page read and write
18DE3C1B000
heap
page read and write
18DE3BA0000
heap
page read and write
297836E6000
heap
page read and write
2D2B6FD000
stack
page read and write
F00000
heap
page read and write
2448F402000
trusted library allocation
page read and write
8BD0AFA000
stack
page read and write
1E381560000
unkown
page readonly
2074DBF9000
heap
page read and write
2B8B67D000
stack
page read and write
2448EC29000
heap
page read and write
1817BD90000
heap
page read and write
1E381664000
heap
page read and write
12B2F86D000
heap
page read and write
29783713000
heap
page read and write
12F0000
heap
page read and write
180001000
direct allocation
page execute read
1817BE47000
heap
page read and write
2074D760000
unkown
page readonly
12B2F87A000
heap
page read and write
1E381560000
unkown
page readonly
29783F00000
heap
page read and write
2448EC76000
heap
page read and write
2448EC13000
heap
page read and write
23DC27D0000
trusted library allocation
page read and write
29783623000
heap
page read and write
7FFE35481000
unkown
page execute read
12B2F86B000
heap
page read and write
12B2F87B000
heap
page read and write
1C71471B000
heap
page read and write
12C29A02000
heap
page read and write
12B2F85C000
heap
page read and write
FBB000
stack
page read and write
18DE3EE0000
heap
page read and write
CDF9EFA000
stack
page read and write
1836DE60000
heap
page read and write
1836E002000
heap
page read and write
23DC2892000
heap
page read and write
8BD117E000
stack
page read and write
1E381570000
unkown
page readonly
23DC3227000
heap
page read and write
31865AC000
stack
page read and write
643D6FC000
stack
page read and write
29783627000
heap
page read and write
1C714610000
heap
page read and write
1817BE40000
heap
page read and write
1817BD80000
heap
page read and write
23DC3102000
heap
page read and write
1FF43732000
heap
page read and write
23DC2887000
heap
page read and write
2448EA90000
heap
page read and write
23DC3223000
heap
page read and write
A3250FB000
stack
page read and write
1FF41CA0000
heap
page read and write
23DC29E5000
heap
page read and write
29783F32000
heap
page read and write
23DC2FA0000
trusted library allocation
page read and write
23DC2858000
heap
page read and write
2448EB00000
heap
page read and write
23DC26D0000
heap
page read and write
18DE3EE5000
heap
page read and write
8BD0D79000
stack
page read and write
23DC288F000
heap
page read and write
77C57F000
stack
page read and write
8BD0E79000
stack
page read and write
18000B000
direct allocation
page readonly
1E381909000
heap
page read and write
1E381580000
unkown
page read and write
24E292E000
stack
page read and write
2B8B7FD000
stack
page read and write
1836E03B000
heap
page read and write
12B2F813000
heap
page read and write
2074D760000
unkown
page readonly
12B2F874000
heap
page read and write
18DE3C17000
heap
page read and write
CDFA77E000
stack
page read and write
2074DBF9000
heap
page read and write
1E381580000
unkown
page read and write
1817D839000
heap
page read and write
8BD0F7E000
stack
page read and write
7FFE35505000
unkown
page readonly
1836E022000
heap
page read and write
1C716283000
heap
page read and write
1E381909000
heap
page read and write
18000E000
direct allocation
page readonly
23DC3213000
heap
page read and write
A3253FC000
stack
page read and write
12B2F800000
heap
page read and write
1E381905000
heap
page read and write
2448EC66000
heap
page read and write
2448EC02000
heap
page read and write
1C716541000
heap
page read and write
1E381678000
heap
page read and write
1836DEC0000
heap
page read and write
2074D984000
heap
page read and write
23DC2894000
heap
page read and write
12B2F868000
heap
page read and write
12B2F859000
heap
page read and write
29783702000
heap
page read and write
1817DA60000
heap
page read and write
1C7146D0000
heap
page read and write
2D094FF000
stack
page read and write
1E381900000
heap
page read and write
2F60000
heap
page read and write
2F74000
heap
page read and write
1FF43730000
heap
page read and write
180001000
direct allocation
page execute read
1E381590000
heap
page read and write
1FF43545000
heap
page read and write
180000000
direct allocation
page read and write
18000B000
direct allocation
page readonly
12C299C0000
trusted library allocation
page read and write
12B2F7B0000
trusted library allocation
page read and write
12B2F86A000
heap
page read and write
12B2F840000
heap
page read and write
18DE3A60000
heap
page read and write
180000000
direct allocation
page read and write
CDFA87F000
stack
page read and write
1C716184000
heap
page read and write
23DC29B9000
heap
page read and write
18000E000
direct allocation
page readonly
1340000
heap
page read and write
1FF41C20000
direct allocation
page execute and read and write
2448EC71000
heap
page read and write
2F51000
heap
page read and write
1C71470B000
heap
page read and write
CDFA57F000
stack
page read and write
CDFA47F000
stack
page read and write
796BFEB000
stack
page read and write
12B2F862000
heap
page read and write
23DC3171000
heap
page read and write
23DC3100000
heap
page read and write
1FF43854000
heap
page read and write
31868FF000
stack
page read and write
23DC2855000
heap
page read and write
2448ED02000
heap
page read and write
2074D984000
heap
page read and write
12B2F858000
heap
page read and write
24E28AB000
stack
page read and write
12B2F650000
heap
page read and write
2CEE000
heap
page read and write
2448EC3D000
heap
page read and write
24E2E7E000
stack
page read and write
12C29A3D000
heap
page read and write
23DC2813000
heap
page read and write
12C29860000
heap
page read and write
297833B0000
heap
page read and write
1B2FBCC0000
heap
page read and write
2B8B47E000
stack
page read and write
12B2F83A000
heap
page read and write
1C714680000
heap
page read and write
12B2F832000
heap
page read and write
12C299F0000
remote allocation
page read and write
1FF43741000
heap
page read and write
2B8B6FF000
stack
page read and write
77C4FF000
stack
page read and write
2074D770000
unkown
page read and write
87E20FC000
stack
page read and write
1836DFC0000
trusted library allocation
page read and write
297836B8000
heap
page read and write
1C7149B5000
heap
page read and write
2D2B7FF000
unkown
page read and write
1817D940000
heap
page read and write
24E307E000
stack
page read and write
1C716530000
heap
page read and write
8BD107E000
stack
page read and write
A32577E000
stack
page read and write
1836E045000
heap
page read and write
1C7163B0000
remote allocation
page read and write
796C67E000
stack
page read and write
1817BD50000
heap
page read and write
643D6F8000
stack
page read and write
18DE3BC0000
heap
page read and write
23DC2822000
heap
page read and write
1C716170000
heap
page read and write
1817D954000
heap
page read and write
18DE5600000
heap
page read and write
12C29A13000
heap
page read and write
CDFA07E000
stack
page read and write
23DC283C000
heap
page read and write
23DC2913000
heap
page read and write
2D091CC000
stack
page read and write
18000E000
direct allocation
page readonly
1C7146DB000
heap
page read and write
2F42000
heap
page read and write
29783613000
heap
page read and write
1B2FA128000
heap
page read and write
1817BE00000
direct allocation
page execute and read and write
1836E029000
heap
page read and write
1836E024000
heap
page read and write
CDF9ADC000
stack
page read and write
12B2F860000
heap
page read and write
1E381570000
unkown
page readonly
1FF41CB3000
heap
page read and write
1FF41BF0000
heap
page read and write
12B2F83D000
heap
page read and write
12B2F640000
heap
page read and write
1C7146A0000
heap
page read and write
2074D770000
unkown
page read and write
1836DE70000
heap
page read and write
1817D820000
heap
page read and write
1B2FA3A5000
heap
page read and write
796C77E000
stack
page read and write
2448EC69000
heap
page read and write
1B2FA010000
heap
page read and write
1836E000000
heap
page read and write
12B2F842000
heap
page read and write
180001000
direct allocation
page execute read
8BD12FE000
stack
page read and write
15E0000
heap
page read and write
12B2F848000
heap
page read and write
12C29A57000
heap
page read and write
12B2F884000
heap
page read and write
12C29A29000
heap
page read and write
1E381630000
heap
page read and write
1C716160000
direct allocation
page execute and read and write
2074DBF5000
heap
page read and write
12B2F877000
heap
page read and write
2074D984000
heap
page read and write
24E2D7E000
stack
page read and write
1E381800000
heap
page read and write
1C71618E000
heap
page read and write
1FF43830000
heap
page read and write
1B2FA0A0000
heap
page read and write
12B2F846000
heap
page read and write
1E381667000
heap
page read and write
23DC282A000
heap
page read and write
12C29850000
heap
page read and write
2B8B3FE000
stack
page read and write
2074D750000
unkown
page readonly
2074D710000
heap
page read and write
1836E052000
heap
page read and write
There are 367 hidden memdumps, click here to show them.