IOC Report
je9t0bDEVN

loading gif

Files

File Path
Type
Category
Malicious
je9t0bDEVN.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_je9t0bDEVN.exe_648ca4123cddb9edd345697083aaa0e61a1f192b_cdffa1af_d84b65e4-ae86-4cb4-b099-e9f07225f6bb\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8404.tmp.dmp
Mini DuMP crash report, 14 streams, Sat May 4 22:01:50 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8FEC.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9135.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Windows\appcompat\Programs\Amcache.hve
MS Windows registry file, NT/2000 or above
dropped

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\je9t0bDEVN.exe
"C:\Users\user\Desktop\je9t0bDEVN.exe"
 malicious
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5992 -s 356

URLs

Name
IP
Malicious
keewoolas.pw
malicious
revivalsecularas.pw
malicious
killredls.pw
malicious
bloockflad.pw
malicious
barbecueappledos.pw
malicious
steycools.pw
malicious
bookgames.pw
malicious
moskhoods.pw
malicious
dayzilons.pw
malicious
http://upx.sf.net
unknown

Registry

Path
Value
Malicious
\REGISTRY\A\{32beee66-7fc2-a5a7-4d0f-cc3cb9a089d3}\Root\InventoryApplicationFile\je9t0bdevn.exe|924d8f732b277fb2
ProgramId
\REGISTRY\A\{32beee66-7fc2-a5a7-4d0f-cc3cb9a089d3}\Root\InventoryApplicationFile\je9t0bdevn.exe|924d8f732b277fb2
FileId
\REGISTRY\A\{32beee66-7fc2-a5a7-4d0f-cc3cb9a089d3}\Root\InventoryApplicationFile\je9t0bdevn.exe|924d8f732b277fb2
LowerCaseLongPath
\REGISTRY\A\{32beee66-7fc2-a5a7-4d0f-cc3cb9a089d3}\Root\InventoryApplicationFile\je9t0bdevn.exe|924d8f732b277fb2
LongPathHash
\REGISTRY\A\{32beee66-7fc2-a5a7-4d0f-cc3cb9a089d3}\Root\InventoryApplicationFile\je9t0bdevn.exe|924d8f732b277fb2
Name
\REGISTRY\A\{32beee66-7fc2-a5a7-4d0f-cc3cb9a089d3}\Root\InventoryApplicationFile\je9t0bdevn.exe|924d8f732b277fb2
OriginalFileName
\REGISTRY\A\{32beee66-7fc2-a5a7-4d0f-cc3cb9a089d3}\Root\InventoryApplicationFile\je9t0bdevn.exe|924d8f732b277fb2
Publisher
\REGISTRY\A\{32beee66-7fc2-a5a7-4d0f-cc3cb9a089d3}\Root\InventoryApplicationFile\je9t0bdevn.exe|924d8f732b277fb2
Version
\REGISTRY\A\{32beee66-7fc2-a5a7-4d0f-cc3cb9a089d3}\Root\InventoryApplicationFile\je9t0bdevn.exe|924d8f732b277fb2
BinFileVersion
\REGISTRY\A\{32beee66-7fc2-a5a7-4d0f-cc3cb9a089d3}\Root\InventoryApplicationFile\je9t0bdevn.exe|924d8f732b277fb2
BinaryType
\REGISTRY\A\{32beee66-7fc2-a5a7-4d0f-cc3cb9a089d3}\Root\InventoryApplicationFile\je9t0bdevn.exe|924d8f732b277fb2
ProductName
\REGISTRY\A\{32beee66-7fc2-a5a7-4d0f-cc3cb9a089d3}\Root\InventoryApplicationFile\je9t0bdevn.exe|924d8f732b277fb2
ProductVersion
\REGISTRY\A\{32beee66-7fc2-a5a7-4d0f-cc3cb9a089d3}\Root\InventoryApplicationFile\je9t0bdevn.exe|924d8f732b277fb2
LinkDate
\REGISTRY\A\{32beee66-7fc2-a5a7-4d0f-cc3cb9a089d3}\Root\InventoryApplicationFile\je9t0bdevn.exe|924d8f732b277fb2
BinProductVersion
\REGISTRY\A\{32beee66-7fc2-a5a7-4d0f-cc3cb9a089d3}\Root\InventoryApplicationFile\je9t0bdevn.exe|924d8f732b277fb2
AppxPackageFullName
\REGISTRY\A\{32beee66-7fc2-a5a7-4d0f-cc3cb9a089d3}\Root\InventoryApplicationFile\je9t0bdevn.exe|924d8f732b277fb2
AppxPackageRelativeId
\REGISTRY\A\{32beee66-7fc2-a5a7-4d0f-cc3cb9a089d3}\Root\InventoryApplicationFile\je9t0bdevn.exe|924d8f732b277fb2
Size
\REGISTRY\A\{32beee66-7fc2-a5a7-4d0f-cc3cb9a089d3}\Root\InventoryApplicationFile\je9t0bdevn.exe|924d8f732b277fb2
Language
\REGISTRY\A\{32beee66-7fc2-a5a7-4d0f-cc3cb9a089d3}\Root\InventoryApplicationFile\je9t0bdevn.exe|924d8f732b277fb2
Usn
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
TickCount
There are 11 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
A1000
stack
page read and write
474000
unkown
page readonly
574000
unkown
page read and write
A3F000
stack
page read and write
486000
unkown
page execute read
401000
unkown
page execute read
A7E000
heap
page read and write
575000
unkown
page execute read
481000
unkown
page write copy
574000
unkown
page write copy
A70000
heap
page read and write
8E0000
heap
page read and write
9C000
stack
page read and write
7D7000
unkown
page readonly
93E000
stack
page read and write
BAE000
stack
page read and write
24A0000
heap
page read and write
7D7000
unkown
page readonly
575000
unkown
page execute read
CAF000
stack
page read and write
A7A000
heap
page read and write
800000
heap
page read and write
8F0000
heap
page read and write
401000
unkown
page execute read
400000
unkown
page readonly
400000
unkown
page readonly
481000
unkown
page write copy
486000
unkown
page execute read
474000
unkown
page readonly
There are 19 hidden memdumps, click here to show them.