IOC Report
SecuriteInfo.com.Win32.PWSX-gen.18868.10449.exe

loading gif

Files

File Path
Type
Category
Malicious
SecuriteInfo.com.Win32.PWSX-gen.18868.10449.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.PWSX-gen.18868.10449.exe.log
ASCII text, with CRLF line terminators
dropped
 malicious
C:\Users\user\AppData\Local\Temp\tmp2885.tmp
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\IwUNvHNy.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\IwUNvHNy.exe.log
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\tmpD8CA.tmp
XML 1.0 document, ASCII text, with CRLF line terminators
dropped

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.18868.10449.exe
C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.18868.10449.exe
 malicious
C:\Windows\SysWOW64\schtasks.exe
C:\Windows\System32\schtasks.exe" /Create /TN "Updates\IwUNvHNy" /XML "C:\Users\user\AppData\Local\Temp\tmp2885.tmp
 malicious
C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.18868.10449.exe
{path}
 malicious
C:\Users\user\AppData\Roaming\IwUNvHNy.exe
C:\Users\user\AppData\Roaming\IwUNvHNy.exe
 malicious
C:\Windows\SysWOW64\schtasks.exe
C:\Windows\System32\schtasks.exe" /Create /TN "Updates\IwUNvHNy" /XML "C:\Users\user\AppData\Local\Temp\tmpD8CA.tmp
 malicious
C:\Users\user\AppData\Roaming\IwUNvHNy.exe
{path}
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

URLs

Name
IP
Malicious
https://api.ipify.org/
3.220.57.224
http://127.0.0.1:HTTP/1.1
unknown
http://www.apache.org/licenses/LICENSE-2.0
unknown
http://www.fontbureau.com
unknown
http://www.fontbureau.com/designersG
unknown
http://mail.strictfacilityservices.com
unknown
http://www.fontbureau.com/designers/?
unknown
http://UrUbMY.com
unknown
http://www.founder.com.cn/cn/bThe
unknown
http://www.fontbureau.com/designers?
unknown
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.ziphttps://www
unknown
https://LwV7dxVvQwzS29UTCu.com
unknown
http://strictfacilityservices.com
unknown
http://www.tiro.com
unknown
https://api.ipify.orgmail.strictfacilityservices.comaccounts
unknown
http://www.fontbureau.com/designers
unknown
http://www.goodfont.co.kr
unknown
http://www.carterandcone.coml
unknown
http://www.sajatypeworks.com
unknown
http://www.typography.netD
unknown
http://www.fontbureau.com/designers/cabarga.htmlN
unknown
http://www.founder.com.cn/cn/cThe
unknown
http://www.galapagosdesign.com/staff/dennis.htm
unknown
https://api.ipify.org
unknown
http://fontfabrik.com
unknown
http://www.founder.com.cn/cn
unknown
http://www.fontbureau.com/designers/frere-jones.html
unknown
http://www.jiyu-kobo.co.jp/
unknown
http://DynDns.comDynDNSnamejidpasswordPsi/Psi
unknown
http://www.galapagosdesign.com/DPlease
unknown
http://www.fontbureau.com/designers8
unknown
http://www.fonts.com
unknown
http://www.sandoll.co.kr
unknown
http://www.urwpp.deDPlease
unknown
http://www.zhongyicts.com.cn
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
http://www.sakkal.com
unknown
There are 27 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
strictfacilityservices.com
111.118.212.38
 malicious
mail.strictfacilityservices.com
unknown
 malicious
api.ipify.org.herokudns.com
3.220.57.224
api.ipify.org
unknown

IPs

IP
Domain
Country
Malicious
111.118.212.38
strictfacilityservices.com
India
malicious
3.232.242.170
unknown
United States