Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Windows\System32\loaddll32.exe

loaddll32.exe "C:\Users\user\Desktop\oOo.dat.dll"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /C rundll32.exe "C:\Users\user\Desktop\oOo.dat.dll",#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\user\Desktop\oOo.dat.dll,m?0?$_SpinWait@$00@details@Concurrency@@QAE@P6AXXZ@Z

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\user\Desktop\oOo.dat.dll",#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 660

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 652

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\user\Desktop\oOo.dat.dll,m?0?$_SpinWait@$0A@@details@Concurrency@@QAE@P6AXXZ@Z

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5140 -s 652

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\user\Desktop\oOo.dat.dll,m?0SchedulerPolicy@Concurrency@@QAA@IZZ

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7224 -s 648

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\user\Desktop\oOo.dat.dll",m?0?$_SpinWait@$00@details@Concurrency@@QAE@P6AXXZ@Z

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\user\Desktop\oOo.dat.dll",m?0?$_SpinWait@$0A@@details@Concurrency@@QAE@P6AXXZ@Z

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\user\Desktop\oOo.dat.dll",m?0SchedulerPolicy@Concurrency@@QAA@IZZ

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\user\Desktop\oOo.dat.dll",next

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\user\Desktop\oOo.dat.dll",mwait_for_multiple@event@Concurrency@@SAIPAPAV12@I_NI@Z

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\user\Desktop\oOo.dat.dll",mwait_for_all@agent@Concurrency@@SAXIPAPAV12@PAW4agent_status@2@I@Z

C:\Windows\SysWOW64\wermgr.exe

C:\Windows\SysWOW64\ipconfig.exe

ipconfig /all

C:\Windows\SysWOW64\whoami.exe

whoami /all

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

There are 13 hidden processes, click here to show them.

URLs

Name

Malicious

https://www.linkedin.com/talent/post-a-job?trk=homepage-basic_talent-finder-cta

unknown

https://sg.linkedin.com/

unknown

https://nz.linkedin.com/

unknown

https://www.linkedin.com/jobs/quality-assurance-jobs-h

unknown

https://www.linkedin.com/pulse/topics/marketing-s2461/

unknown

https://bo.linkedin.com/

unknown

https://cn.linkedin.com/

unknown

https://kr.linkedin.com/

unknown

https://sv.linkedin.com/

unknown

https://www.linkedin.com/signup?trk=guest_homepage-basic_directory

unknown

https://www.linkedin.com/legal/copyright-policy?trk=homepage-basic_footer-copyright-policy

unknown

https://static.licdn.com/aero-v1/sc/h/e12h2cd8ac580qen9qdd0qks8

unknown

https://about.linkedin.com/?trk=homepage-basic_directory_aboutUrl

unknown

https://www.linkedin.com/jobs/search?trk=guest_homepage-basic_guest_nav_menu_jobs

unknown

https://ec.linkedin.com/

unknown

https://about.linkedin.com?trk=homepage-basic_footer-about

unknown

https://ie.linkedin.com/

unknown

https://www.linkedin.com/learning/topics/business-software-and-tools?trk=homepage-basic_learning-cta

unknown

https://ae.linkedin.com/

unknown

https://uk.linkedin.com/

unknown

https://www.linkedin.com/salary/?trk=homepage-basic_directory_salaryHomeUrl

unknown

https://static.licdn.com/aero-v1/sc/h/75y9ng27ydl2d46fam5nanne5

unknown

https://developer.linkedin.com/?trk=homepage-basic_directory_developerMicrositeUrl

unknown

https://www.linkedin.com/directory/posts?trk=homepage-basic_directory_postsDirectoryUrl

unknown

https://www.linkedin.com/jobs/operations-jobs-h

unknown

https://www.linkedin.com/learning/topics/artificial-intelligence?trk=homepage-basic_learning-cta

unknown

https://www.linkedin.com/pulse/topics/healthcare-s282/

unknown

https://in.linkedin.com/

unknown

https://www.linkedin.com/directory/featured?trk=homepage-basic_directory_featuredDirectoryUrl

unknown

https://www.linkedin.com/learning/topics/audio-and-music?trk=homepage-basic_learning-cta

unknown

https://www.linkedin.com/learning/topics/training-and-education?trk=homepage-basic_learning-cta

unknown

https://hk.linkedin.com/

unknown

https://www.linkedin.com/learning/topics/visualization-and-real-time?trk=homepage-basic_learning-cta

unknown

https://at.linkedin.com/

unknown

https://www.linkedin.com/pulse/topics/construction-management-s831/

unknown

https://www.linkedin.com/jobs/education-jobs-h

unknown

https://www.linkedin.com/learning/topics/project-management?trk=homepage-basic_learning-cta

unknown

https://www.linkedin.com/directory/articles?trk=homepage-basic_directory_articlesDirectoryUrl

unknown

https://www.linkedin.com/pulse/topics/public-administration-s3697/

unknown

https://za.linkedin.com/

unknown

https://www.linkedin.com/directory/services?trk=homepage-basic_directory_servicesDirectoryUrl

unknown

https://jm.linkedin.com/

unknown

https://no.linkedin.com/

unknown

https://www.linkedin.com/directory/learning?trk=homepage-basic_directory_learningDirectoryUrl

unknown

https://www.linkedin.com/jobs/entrepreneurship-jobs-h

unknown

https://pe.linkedin.com/

unknown

https://www.linkedin.com/directory/advice?trk=homepage-basic_directory_adviceDirectoryUrl

unknown

https://au.linkedin.com/

unknown

https://static.licdn.com/aero-v1/sc/h/ddi43qwelxeqjxdd45pe3fvs1

unknown

https://www.linkedin.com/jobs/administrative-assistant-jobs-h

unknown

https://www.linkedin.com/legal/professional-community-policies?trk=homepage-basic_footer-community-g

unknown

https://www.linkedin.com/legal/cookie-policy?trk=homepage-basic_footer-cookie-policy

unknown

https://www.linkedin.com/signup?trk=guest_homepage-basic_nav-header-join

unknown

https://www.linkedin.com/signup?trk=homepage-basic_join-cta

unknown

https://www.linkedin.com/learning/topics/sales-3?trk=homepage-basic_learning-cta

unknown

https://www.linkedin.com/legal/cookie-policy

unknown

https://static.licdn.com/aero-v1/sc/h/51t74mlo1ty7vakn3a80a9jcp

unknown

https://static.licdn.com/aero-v1/sc/h/8fkga714vy9b2wk5auqo5reeb

unknown

https://www.linkedin.com/learning/topics/data-science?trk=homepage-basic_learning-cta

unknown

https://cr.linkedin.com/

unknown

https://www.linkedin.com/learning/topics/mobile-development?trk=homepage-basic_learning-cta

unknown

https://gt.linkedin.com/

unknown

https://ph.linkedin.com/

unknown

https://www.linkedin.com/learning/topics/leadership-and-management?trk=homepage-basic_learning-cta

unknown

https://www.linkedin.com/learning/topics/network-and-system-administration?trk=homepage-basic_learni

unknown

https://www.linkedin.com/learning/search?trk=guest_homepage-basic_guest_nav_menu_learning

unknown

https://www.linkedin.com/learning/topics/customer-service-3?trk=homepage-basic_learning-cta

unknown

https://www.linkedin.com/jobs/jobs-in-h

unknown

https://fr.linkedin.com/

unknown

https://mobile.linkedin.com/?trk=homepage-basic_directory_mobileMicrositeUrl

unknown

https://www.linkedin.com/jobs/purchasing-jobs-h

unknown

https://www.linkedin.com/learning/topics/security-3?trk=homepage-basic_learning-cta

unknown

https://www.linkedin.com/learning/search?trk=homepage-basic_brand-discovery_intent-module-thirdBtn

unknown

https://www.linkedin.com/learning/topics/it-help-desk-5?trk=homepage-basic_learning-cta

unknown

https://www.linkedin.com/jobs/arts-and-design-jobs-h

unknown

https://www.linkedin.com/directory/products?trk=homepage-basic_directory_productsDirectoryUrl

unknown

https://business.linkedin.com/talent-solutions?src=li-footer&utm_source=linkedin&utm_medium=

unknown

https://www.linkedin.com/directory/news?trk=homepage-basic_directory_newsDirectoryUrl

unknown

https://zw.linkedin.com/

unknown

https://co.linkedin.com/

unknown

https://ru.linkedin.com/

unknown

https://ca.linkedin.com/

unknown

https://ke.linkedin.com/

unknown

https://www.linkedin.com/learning/topics/career-development-5?trk=homepage-basic_learning-cta

unknown

https://www.linkedin.com/mypreferences/g/guest-cookies

unknown

https://www.linkedin.com/products?trk=homepage-basic_directory_productsHomeUrl

unknown

https://static.licdn.com/aero-v1/sc/h/7kb6sn3tm4cx918cx9a5jlb0

unknown

https://static.licdn.com/aero-v1/sc/h/8wykgzgbqy0t3fnkgborvz54u

unknown

https://de.linkedin.com/

unknown

https://static.licdn.com/aero-v1/sc/h/2r8kd5zqpi905lkzsshdlvvn5

unknown

https://www.linkedin.com/jobs/retail-associate-jobs-h

unknown

https://www.linkedin.com/learning/topics/product-and-manufacturing?trk=homepage-basic_learning-cta

unknown

https://www.linkedin.com/psettings/guest-controls?trk=homepage-basic_footer-guest-controls

unknown

https://business.linkedin.com/marketing-solutions?src=li-footer&utm_source=linkedin&utm_medi

unknown

https://www.linkedin.com/help/linkedin?lang=en&trk=homepage-basic_directory_helpCenterUrl

unknown

https://pk.linkedin.com/

unknown

https://jp.linkedin.com/

unknown

https://www.linkedin.com/learning/topics/human-resources-3?trk=homepage-basic_learning-cta

unknown

https://static.licdn.com/aero-v1/sc/h/al2o9zrvru7aqj8e1x2rzsrca

unknown

https://www.linkedin.com/jobs/real-estate-jobs-h

unknown

There are 90 hidden URLs, click here to show them.

Domains

Name

Malicious

linkedin.com

13.107.42.14

Details

Name:	linkedin.com
IP:	13.107.42.14
TargetID:	27
Current Path:	C:\Windows\SysWOW64\wermgr.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Sample uses string decryption to hide its real strings	AV Detection
Found strings which match to known social media urls	Networking
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

www.linkedin.com

unknown

IPs

Domain

Country

Malicious

91.165.188.74

unknown

France

2.82.8.80

unknown

Portugal

70.160.67.203

unknown

United States

75.143.236.149

unknown

United States

83.110.223.61

unknown

United Arab Emirates

84.215.202.8

unknown

Norway

184.182.66.109

unknown

United States

161.129.37.43

unknown

United States

92.186.69.229

unknown

France

174.4.89.3

unknown

Canada

161.142.103.187

unknown

Malaysia

116.74.164.144

unknown

India

76.185.109.16

unknown

United States

114.143.176.236

unknown

India

24.234.220.88

unknown

United States

14.192.241.76

unknown

Malaysia

123.3.240.16

unknown

Australia

173.88.135.179

unknown

United States

47.34.30.133

unknown

United States

183.87.163.165

unknown

India

70.49.205.198

unknown

Canada

184.181.75.148

unknown

United States

124.149.143.189

unknown

Australia

84.35.26.14

unknown

Netherlands

37.14.229.220

unknown

Spain

102.159.223.197

unknown

Tunisia

165.120.169.171

unknown

United States

79.92.15.6

unknown

France

68.203.69.96

unknown

United States

64.121.161.102

unknown

United States

96.56.197.26

unknown

United States

178.175.187.254

unknown

Moldova Republic of

186.64.67.30

unknown

Argentina

188.28.19.84

unknown

United Kingdom

125.99.76.102

unknown

India

103.87.128.228

unknown

India

86.248.228.57

unknown

France

59.28.84.65

unknown

Korea Republic of

76.86.31.59

unknown

United States

147.147.30.126

unknown

United Kingdom

96.87.28.170

unknown

United States

75.109.111.89

unknown

United States

78.92.133.215

unknown

Hungary

88.126.94.4

unknown

France

124.122.47.148

unknown

Thailand

85.57.212.13

unknown

Spain

47.205.25.170

unknown

United States

95.45.50.93

unknown

Ireland

80.12.88.148

unknown

France

69.133.162.35

unknown

United States

151.62.238.176

unknown

Italy

205.237.67.69

unknown

Canada

201.143.215.69

unknown

Mexico

94.30.98.134

unknown

United Kingdom

76.178.148.107

unknown

United States

69.242.31.249

unknown

United States

85.104.105.67

unknown

Turkey

92.239.81.124

unknown

United Kingdom

76.16.49.134

unknown

United States

201.244.108.183

unknown

Colombia

103.42.86.42

unknown

India

103.144.201.56

unknown

116.120.145.170

unknown

Korea Republic of

103.139.242.6

unknown

India

70.28.50.223

unknown

Canada

98.145.23.67

unknown

United States

81.229.117.95

unknown

Sweden

89.129.109.27

unknown

Spain

45.51.102.225

unknown

United States

27.109.19.90

unknown

India

122.186.210.254

unknown

India

79.77.142.22

unknown

United Kingdom

122.184.143.86

unknown

India

50.68.186.195

unknown

Canada

213.55.33.103

unknown

France

180.151.229.230

unknown

India

12.172.173.82

unknown

United States

47.199.241.39

unknown

United States

79.168.224.165

unknown

Portugal

199.27.66.213

unknown

United States

176.142.207.63

unknown

France

90.29.86.138

unknown

France

149.74.159.67

unknown

United States

174.58.146.57

unknown

United States

78.160.146.127

unknown

Turkey

223.166.13.95

unknown

China

58.186.75.42

unknown

Viet Nam

65.95.141.84

unknown

Canada

50.68.204.71

unknown

Canada

71.38.155.217

unknown

United States

117.195.29.126

unknown

India

220.240.164.182

unknown

Australia

103.123.223.133

unknown

India

198.2.51.242

unknown

United States

27.99.32.26

unknown

Australia

94.204.232.135

unknown

United Arab Emirates

109.50.149.241

unknown

Portugal

69.123.4.221

unknown

United States

74.136.224.98

unknown

United States

192.168.2.1

unknown

There are 90 hidden IPs, click here to show them.

Registry

Path

Value

Malicious

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData

ClockTimeSeconds

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData

TickCount

HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property

0018000C9B156F66

HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}

DeviceTicket

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags

AmiHivePermissionsCorrect

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags

AmiHiveOwnerCorrect

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager

PendingFileRenameOperations

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags

AmiOverridePath

\REGISTRY\A\{dea1b943-ce85-ce24-1c0a-a12544ea6c4b}\Root\InventoryApplicationFile

WritePermissionsCheck

\REGISTRY\A\{dea1b943-ce85-ce24-1c0a-a12544ea6c4b}\Root\InventoryApplicationFile

ProviderSyncId