Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
inject.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\inject.exe.log
|
CSV text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\VSREDIST.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\tmpA40.tmp.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VSREDIST.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Mon Jul 1 21:30:00
2024, mtime=Mon Jul 1 21:30:00 2024, atime=Mon Jul 1 21:30:00 2024, length=135168, window=hide
|
dropped
|
||
|
\Device\Null
|
ASCII text, with CRLF line terminators, with overstriking
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\inject.exe
|
"C:\Users\user\Desktop\inject.exe"
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\tmpA40.tmp.bat""
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\timeout.exe
|
timeout 3
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
79.110.49.233
|
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
79.110.49.233
|
unknown
|
Germany
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
VSREDIST
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
492000
|
unkown
|
page readonly
|
|
|
|
273C000
|
trusted library allocation
|
page read and write
|
|
|
|
7FFB4B054000
|
trusted library allocation
|
page read and write
|
||
|
EDB6CFE000
|
unkown
|
page read and write
|
||
|
7FFB4B200000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BE2A000
|
stack
|
page read and write
|
||
|
7FFB4B07D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B060000
|
trusted library allocation
|
page read and write
|
||
|
1B55D000
|
stack
|
page read and write
|
||
|
BB0000
|
heap
|
page read and write
|
||
|
7FFB4B070000
|
trusted library allocation
|
page read and write
|
||
|
1BF2E000
|
stack
|
page read and write
|
||
|
490000
|
unkown
|
page readonly
|
||
|
EDB6DFE000
|
stack
|
page read and write
|
||
|
CC0000
|
trusted library allocation
|
page read and write
|
||
|
1B701000
|
heap
|
page read and write
|
||
|
224528C0000
|
heap
|
page read and write
|
||
|
5F4000
|
stack
|
page read and write
|
||
|
7FF496940000
|
trusted library allocation
|
page execute and read and write
|
||
|
956000
|
heap
|
page read and write
|
||
|
7FFB4B06D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C02B000
|
stack
|
page read and write
|
||
|
1C325000
|
stack
|
page read and write
|
||
|
26AA000
|
trusted library allocation
|
page read and write
|
||
|
284CA090000
|
heap
|
page read and write
|
||
|
98F000
|
heap
|
page read and write
|
||
|
22452631000
|
heap
|
page read and write
|
||
|
950000
|
heap
|
page read and write
|
||
|
B4D000
|
stack
|
page read and write
|
||
|
1B6ED000
|
heap
|
page read and write
|
||
|
97B000
|
heap
|
page read and write
|
||
|
1B150000
|
heap
|
page read and write
|
||
|
1B65E000
|
stack
|
page read and write
|
||
|
284CBC55000
|
heap
|
page read and write
|
||
|
D85000
|
heap
|
page read and write
|
||
|
840000
|
heap
|
page read and write
|
||
|
7FFB4B050000
|
trusted library allocation
|
page read and write
|
||
|
22452632000
|
heap
|
page read and write
|
||
|
7FFB4B110000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B062000
|
trusted library allocation
|
page read and write
|
||
|
22452632000
|
heap
|
page read and write
|
||
|
7FFB4B10C000
|
trusted library allocation
|
page execute and read and write
|
||
|
2660000
|
heap
|
page read and write
|
||
|
262F000
|
stack
|
page read and write
|
||
|
284CA158000
|
heap
|
page read and write
|
||
|
284CA0E0000
|
heap
|
page read and write
|
||
|
7FFB4B211000
|
trusted library allocation
|
page read and write
|
||
|
EDB697C000
|
stack
|
page read and write
|
||
|
7FFB4B053000
|
trusted library allocation
|
page execute and read and write
|
||
|
22452520000
|
heap
|
page read and write
|
||
|
9C1000
|
heap
|
page read and write
|
||
|
1B25E000
|
stack
|
page read and write
|
||
|
22452621000
|
heap
|
page read and write
|
||
|
B70000
|
heap
|
page read and write
|
||
|
1B660000
|
heap
|
page read and write
|
||
|
284CA0A0000
|
heap
|
page read and write
|
||
|
224525F0000
|
heap
|
page read and write
|
||
|
2738000
|
trusted library allocation
|
page read and write
|
||
|
2691000
|
trusted library allocation
|
page read and write
|
||
|
22452621000
|
heap
|
page read and write
|
||
|
1B10E000
|
stack
|
page read and write
|
||
|
2680000
|
heap
|
page read and write
|
||
|
98A02FF000
|
stack
|
page read and write
|
||
|
269C000
|
trusted library allocation
|
page read and write
|
||
|
CE0000
|
trusted library allocation
|
page read and write
|
||
|
991000
|
heap
|
page read and write
|
||
|
CBE000
|
stack
|
page read and write
|
||
|
1B6AF000
|
heap
|
page read and write
|
||
|
1BA5F000
|
stack
|
page read and write
|
||
|
1C12E000
|
stack
|
page read and write
|
||
|
7FFB4B05D000
|
trusted library allocation
|
page execute and read and write
|
||
|
284CBC50000
|
heap
|
page read and write
|
||
|
98A037F000
|
stack
|
page read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
7FFB4B074000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B1F0000
|
trusted library allocation
|
page read and write
|
||
|
CF0000
|
heap
|
page execute and read and write
|
||
|
1B85A000
|
stack
|
page read and write
|
||
|
1BA9E000
|
stack
|
page read and write
|
||
|
224525FB000
|
heap
|
page read and write
|
||
|
7FFB4B136000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B6DD000
|
heap
|
page read and write
|
||
|
12698000
|
trusted library allocation
|
page read and write
|
||
|
490000
|
unkown
|
page readonly
|
||
|
A12000
|
heap
|
page read and write
|
||
|
1B35F000
|
stack
|
page read and write
|
||
|
1B954000
|
stack
|
page read and write
|
||
|
920000
|
heap
|
page read and write
|
||
|
BB5000
|
heap
|
page read and write
|
||
|
22452550000
|
heap
|
page read and write
|
||
|
1B6AD000
|
heap
|
page read and write
|
||
|
22452530000
|
heap
|
page read and write
|
||
|
9BD000
|
heap
|
page read and write
|
||
|
1269E000
|
trusted library allocation
|
page read and write
|
||
|
1B153000
|
heap
|
page read and write
|
||
|
284CA150000
|
heap
|
page read and write
|
||
|
983000
|
heap
|
page read and write
|
||
|
273A000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B0AC000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B106000
|
trusted library allocation
|
page read and write
|
||
|
98A027C000
|
stack
|
page read and write
|
||
|
7FFB4B170000
|
trusted library allocation
|
page execute and read and write
|
||
|
224528B0000
|
heap
|
page read and write
|
||
|
7FFB4B100000
|
trusted library allocation
|
page read and write
|
||
|
12691000
|
trusted library allocation
|
page read and write
|
||
|
95C000
|
heap
|
page read and write
|
||
|
9BB000
|
heap
|
page read and write
|
||
|
B50000
|
heap
|
page read and write
|
||
|
126A1000
|
trusted library allocation
|
page read and write
|
||
|
1C22A000
|
stack
|
page read and write
|
||
|
1B45E000
|
stack
|
page read and write
|
||
|
1AC1C000
|
stack
|
page read and write
|
||
|
1B120000
|
heap
|
page execute and read and write
|
||
|
1BB30000
|
heap
|
page read and write
|
There are 104 hidden memdumps, click here to show them.