Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SecuriteInfo.com.Win32.MalwareX-gen.31904.27419.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.MalwareX-gen.31904.27419.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fbgschxn.kih.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_h1dar5yr.bdu.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lngavjba.apm.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zxo0n2ij.imt.psm1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.31904.27419.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.31904.27419.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.31904.27419.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://api.ipify.org/
|
104.26.13.205
|
||
|
http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#
|
unknown
|
||
|
https://api.ipify.org
|
unknown
|
||
|
https://sectigo.com/CPS0
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
https://api.ipify.org/t
|
unknown
|
||
|
http://phoenixblowers.com
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://ocsp.sectigo.com05
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
phoenixblowers.com
|
43.255.154.55
|
|
|
|
api.ipify.org
|
104.26.13.205
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
43.255.154.55
|
phoenixblowers.com
|
Singapore
|
|
|
|
104.26.13.205
|
api.ipify.org
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
FileDirectory
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
28F1000
|
trusted library allocation
|
page read and write
|
|
|
|
2917000
|
trusted library allocation
|
page read and write
|
|
|
|
3736000
|
trusted library allocation
|
page read and write
|
|
|
|
5D54000
|
heap
|
page read and write
|
||
|
7FAF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
623D000
|
stack
|
page read and write
|
||
|
24A0000
|
trusted library allocation
|
page read and write
|
||
|
629E000
|
stack
|
page read and write
|
||
|
4E12000
|
trusted library allocation
|
page read and write
|
||
|
EF2000
|
trusted library allocation
|
page read and write
|
||
|
66BE000
|
stack
|
page read and write
|
||
|
68F0000
|
trusted library allocation
|
page read and write
|
||
|
70C0000
|
trusted library allocation
|
page read and write
|
||
|
3ED5000
|
trusted library allocation
|
page read and write
|
||
|
28ED000
|
trusted library allocation
|
page read and write
|
||
|
C8A000
|
heap
|
page read and write
|
||
|
2981000
|
trusted library allocation
|
page read and write
|
||
|
2530000
|
trusted library allocation
|
page execute and read and write
|
||
|
F05000
|
trusted library allocation
|
page execute and read and write
|
||
|
2890000
|
heap
|
page execute and read and write
|
||
|
F02000
|
trusted library allocation
|
page read and write
|
||
|
FC0000
|
heap
|
page read and write
|
||
|
D2C000
|
heap
|
page read and write
|
||
|
362000
|
unkown
|
page execute and read and write
|
||
|
F0B000
|
trusted library allocation
|
page execute and read and write
|
||
|
9DE000
|
heap
|
page read and write
|
||
|
7100000
|
trusted library allocation
|
page execute and read and write
|
||
|
7570000
|
trusted library allocation
|
page read and write
|
||
|
5D2C000
|
heap
|
page read and write
|
||
|
A7E000
|
heap
|
page read and write
|
||
|
24BA000
|
trusted library allocation
|
page execute and read and write
|
||
|
24C7000
|
trusted library allocation
|
page execute and read and write
|
||
|
7096000
|
trusted library allocation
|
page read and write
|
||
|
26CE000
|
stack
|
page read and write
|
||
|
25A0000
|
trusted library allocation
|
page read and write
|
||
|
AA6B000
|
heap
|
page read and write
|
||
|
7110000
|
trusted library allocation
|
page read and write
|
||
|
7360000
|
heap
|
page read and write
|
||
|
249D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7350000
|
trusted library allocation
|
page read and write
|
||
|
36D1000
|
trusted library allocation
|
page read and write
|
||
|
8CD0000
|
heap
|
page read and write
|
||
|
26D9000
|
trusted library allocation
|
page read and write
|
||
|
5DC6000
|
heap
|
page read and write
|
||
|
6BF0000
|
trusted library allocation
|
page read and write
|
||
|
7BE0000
|
heap
|
page read and write
|
||
|
642C000
|
trusted library allocation
|
page read and write
|
||
|
8F20000
|
trusted library allocation
|
page read and write
|
||
|
709D000
|
trusted library allocation
|
page read and write
|
||
|
ED0000
|
trusted library allocation
|
page read and write
|
||
|
FB4000
|
trusted library allocation
|
page read and write
|
||
|
810000
|
heap
|
page read and write
|
||
|
6470000
|
trusted library allocation
|
page read and write
|
||
|
FAE000
|
stack
|
page read and write
|
||
|
A3E000
|
heap
|
page read and write
|
||
|
27B3000
|
trusted library allocation
|
page read and write
|
||
|
7BA000
|
stack
|
page read and write
|
||
|
C7E000
|
heap
|
page read and write
|
||
|
4F8C000
|
stack
|
page read and write
|
||
|
4E32000
|
trusted library allocation
|
page read and write
|
||
|
38A1000
|
trusted library allocation
|
page read and write
|
||
|
C68000
|
heap
|
page read and write
|
||
|
EC3000
|
trusted library allocation
|
page execute and read and write
|
||
|
EC4000
|
trusted library allocation
|
page read and write
|
||
|
4E26000
|
trusted library allocation
|
page read and write
|
||
|
2590000
|
trusted library allocation
|
page read and write
|
||
|
7540000
|
heap
|
page read and write
|
||
|
7160000
|
heap
|
page read and write
|
||
|
A05000
|
heap
|
page read and write
|
||
|
25C0000
|
heap
|
page read and write
|
||
|
9B7000
|
heap
|
page read and write
|
||
|
8E0E000
|
stack
|
page read and write
|
||
|
8FA6000
|
trusted library allocation
|
page read and write
|
||
|
AA9B000
|
heap
|
page read and write
|
||
|
7091000
|
trusted library allocation
|
page read and write
|
||
|
68E0000
|
trusted library allocation
|
page read and write
|
||
|
410000
|
unkown
|
page readonly
|
||
|
28A1000
|
trusted library allocation
|
page read and write
|
||
|
633D000
|
stack
|
page read and write
|
||
|
4E1A000
|
trusted library allocation
|
page read and write
|
||
|
4A9000
|
stack
|
page read and write
|
||
|
24CB000
|
trusted library allocation
|
page execute and read and write
|
||
|
F40000
|
trusted library allocation
|
page read and write
|
||
|
CDD000
|
heap
|
page read and write
|
||
|
F30000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E0E000
|
trusted library allocation
|
page read and write
|
||
|
74BE000
|
stack
|
page read and write
|
||
|
7150000
|
heap
|
page execute and read and write
|
||
|
A12000
|
heap
|
page read and write
|
||
|
6410000
|
trusted library allocation
|
page execute and read and write
|
||
|
93D2000
|
trusted library allocation
|
page read and write
|
||
|
8F10000
|
trusted library section
|
page read and write
|
||
|
60BE000
|
stack
|
page read and write
|
||
|
E70000
|
heap
|
page read and write
|
||
|
66FE000
|
stack
|
page read and write
|
||
|
7070000
|
trusted library allocation
|
page read and write
|
||
|
ECD000
|
trusted library allocation
|
page execute and read and write
|
||
|
29EC000
|
trusted library allocation
|
page read and write
|
||
|
61FE000
|
stack
|
page read and write
|
||
|
8F30000
|
trusted library allocation
|
page read and write
|
||
|
497C000
|
stack
|
page read and write
|
||
|
4E1E000
|
trusted library allocation
|
page read and write
|
||
|
6420000
|
trusted library allocation
|
page read and write
|
||
|
67FE000
|
stack
|
page read and write
|
||
|
252E000
|
stack
|
page read and write
|
||
|
6550000
|
trusted library allocation
|
page execute and read and write
|
||
|
CCE000
|
stack
|
page read and write
|
||
|
63EE000
|
stack
|
page read and write
|
||
|
EE0000
|
heap
|
page read and write
|
||
|
C60000
|
heap
|
page read and write
|
||
|
5D4D000
|
heap
|
page read and write
|
||
|
6C00000
|
trusted library allocation
|
page read and write
|
||
|
657E000
|
stack
|
page read and write
|
||
|
28DF000
|
trusted library allocation
|
page read and write
|
||
|
73BB000
|
stack
|
page read and write
|
||
|
2490000
|
trusted library allocation
|
page read and write
|
||
|
48A8000
|
trusted library allocation
|
page read and write
|
||
|
6477000
|
trusted library allocation
|
page read and write
|
||
|
646E000
|
stack
|
page read and write
|
||
|
6560000
|
trusted library allocation
|
page read and write
|
||
|
24B0000
|
trusted library allocation
|
page read and write
|
||
|
62A0000
|
heap
|
page read and write
|
||
|
9DB000
|
heap
|
page read and write
|
||
|
4E21000
|
trusted library allocation
|
page read and write
|
||
|
CED000
|
heap
|
page read and write
|
||
|
543E000
|
stack
|
page read and write
|
||
|
7BD0000
|
heap
|
page read and write
|
||
|
474E000
|
stack
|
page read and write
|
||
|
70D0000
|
trusted library allocation
|
page read and write
|
||
|
FC7000
|
heap
|
page read and write
|
||
|
707B000
|
trusted library allocation
|
page read and write
|
||
|
7560000
|
heap
|
page read and write
|
||
|
24B6000
|
trusted library allocation
|
page execute and read and write
|
||
|
7C04000
|
heap
|
page read and write
|
||
|
5DBC000
|
heap
|
page read and write
|
||
|
647D000
|
stack
|
page read and write
|
||
|
2494000
|
trusted library allocation
|
page read and write
|
||
|
ABD000
|
heap
|
page read and write
|
||
|
4E40000
|
heap
|
page read and write
|
||
|
6930000
|
trusted library allocation
|
page execute and read and write
|
||
|
7340000
|
trusted library section
|
page readonly
|
||
|
6BDE000
|
stack
|
page read and write
|
||
|
292F000
|
trusted library allocation
|
page read and write
|
||
|
25B0000
|
heap
|
page read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
C96000
|
heap
|
page read and write
|
||
|
486C000
|
stack
|
page read and write
|
||
|
68D0000
|
trusted library allocation
|
page read and write
|
||
|
820000
|
heap
|
page read and write
|
||
|
7370000
|
heap
|
page read and write
|
||
|
70E0000
|
trusted library allocation
|
page read and write
|
||
|
D39000
|
heap
|
page read and write
|
||
|
6400000
|
trusted library allocation
|
page read and write
|
||
|
6408000
|
trusted library allocation
|
page read and write
|
||
|
4FB0000
|
heap
|
page execute and read and write
|
||
|
60FE000
|
stack
|
page read and write
|
||
|
258C000
|
stack
|
page read and write
|
||
|
24E0000
|
trusted library allocation
|
page read and write
|
||
|
52FE000
|
stack
|
page read and write
|
||
|
7330000
|
trusted library allocation
|
page execute and read and write
|
||
|
70B0000
|
trusted library allocation
|
page read and write
|
||
|
7590000
|
trusted library allocation
|
page execute and read and write
|
||
|
D2F000
|
heap
|
page read and write
|
||
|
5D40000
|
heap
|
page read and write
|
||
|
4E43000
|
heap
|
page read and write
|
||
|
650E000
|
stack
|
page read and write
|
||
|
B45000
|
heap
|
page read and write
|
||
|
286E000
|
stack
|
page read and write
|
||
|
25B3000
|
heap
|
page read and write
|
||
|
6340000
|
heap
|
page read and write
|
||
|
F20000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
51FE000
|
stack
|
page read and write
|
||
|
4E06000
|
trusted library allocation
|
page read and write
|
||
|
699B000
|
stack
|
page read and write
|
||
|
AB7000
|
heap
|
page read and write
|
||
|
C94000
|
heap
|
page read and write
|
||
|
27B5000
|
trusted library allocation
|
page read and write
|
||
|
24C0000
|
trusted library allocation
|
page read and write
|
||
|
619E000
|
stack
|
page read and write
|
||
|
F07000
|
trusted library allocation
|
page execute and read and write
|
||
|
2540000
|
heap
|
page execute and read and write
|
||
|
9F8000
|
heap
|
page read and write
|
||
|
2870000
|
trusted library allocation
|
page read and write
|
||
|
4CEE000
|
stack
|
page read and write
|
||
|
B40000
|
heap
|
page read and write
|
||
|
5D2E000
|
heap
|
page read and write
|
||
|
F50000
|
trusted library allocation
|
page read and write
|
||
|
B30000
|
heap
|
page read and write
|
||
|
8FA0000
|
trusted library allocation
|
page read and write
|
||
|
F60000
|
heap
|
page read and write
|
||
|
3FF000
|
unkown
|
page execute and read and write
|
||
|
26D1000
|
trusted library allocation
|
page read and write
|
||
|
8F0E000
|
stack
|
page read and write
|
||
|
BBF0000
|
trusted library allocation
|
page read and write
|
||
|
8F50000
|
trusted library allocation
|
page read and write
|
||
|
EF0000
|
trusted library allocation
|
page read and write
|
||
|
EDD000
|
trusted library allocation
|
page execute and read and write
|
||
|
AF8000
|
stack
|
page read and write
|
||
|
8F40000
|
trusted library section
|
page read and write
|
||
|
36F5000
|
trusted library allocation
|
page read and write
|
||
|
7580000
|
trusted library allocation
|
page execute and read and write
|
||
|
40E000
|
unkown
|
page execute and read and write
|
||
|
24C2000
|
trusted library allocation
|
page read and write
|
||
|
2493000
|
trusted library allocation
|
page execute and read and write
|
||
|
900000
|
heap
|
page read and write
|
||
|
4A7E000
|
stack
|
page read and write
|
||
|
5C1E000
|
stack
|
page read and write
|
||
|
360000
|
unkown
|
page readonly
|
||
|
4BEE000
|
stack
|
page read and write
|
||
|
B20000
|
heap
|
page read and write
|
||
|
FB0000
|
trusted library allocation
|
page read and write
|
||
|
6ADD000
|
stack
|
page read and write
|
||
|
65BD000
|
stack
|
page read and write
|
||
|
D23000
|
heap
|
page read and write
|
||
|
3ED9000
|
trusted library allocation
|
page read and write
|
||
|
EC0000
|
trusted library allocation
|
page read and write
|
||
|
AA12000
|
heap
|
page read and write
|
||
|
BCE000
|
stack
|
page read and write
|
||
|
A89000
|
heap
|
page read and write
|
||
|
24B2000
|
trusted library allocation
|
page read and write
|
||
|
5A7000
|
stack
|
page read and write
|
||
|
554D000
|
stack
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
4E2D000
|
trusted library allocation
|
page read and write
|
||
|
51BC000
|
stack
|
page read and write
|
||
|
360000
|
unkown
|
page execute and read and write
|
||
|
A85000
|
heap
|
page read and write
|
||
|
28D6000
|
trusted library allocation
|
page read and write
|
||
|
7565000
|
heap
|
page read and write
|
||
|
5D20000
|
heap
|
page read and write
|
||
|
7F780000
|
trusted library allocation
|
page execute and read and write
|
||
|
2480000
|
trusted library allocation
|
page read and write
|
||
|
70A2000
|
trusted library allocation
|
page read and write
|
||
|
4FC0000
|
heap
|
page read and write
|
||
|
AB9000
|
heap
|
page read and write
|
||
|
6AF0000
|
heap
|
page read and write
|
||
|
68D7000
|
trusted library allocation
|
page read and write
|
||
|
7550000
|
trusted library allocation
|
page read and write
|
||
|
24AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
94E000
|
stack
|
page read and write
|
||
|
38C9000
|
trusted library allocation
|
page read and write
|
||
|
547D000
|
stack
|
page read and write
|
||
|
708E000
|
trusted library allocation
|
page read and write
|
||
|
5FBE000
|
stack
|
page read and write
|
||
|
6920000
|
heap
|
page read and write
|
||
|
7300000
|
trusted library allocation
|
page read and write
|
||
|
4E00000
|
trusted library allocation
|
page read and write
|
||
|
6A9C000
|
stack
|
page read and write
|
||
|
EB0000
|
trusted library allocation
|
page read and write
|
||
|
98E000
|
stack
|
page read and write
|
||
|
AB30000
|
trusted library section
|
page read and write
|
||
|
AA71000
|
heap
|
page read and write
|
||
|
990000
|
heap
|
page read and write
|
||
|
362000
|
unkown
|
page readonly
|
||
|
AA10000
|
heap
|
page read and write
|
||
|
70D5000
|
trusted library allocation
|
page read and write
|
||
|
62EE000
|
stack
|
page read and write
|
||
|
EF6000
|
trusted library allocation
|
page execute and read and write
|
||
|
470E000
|
stack
|
page read and write
|
||
|
615F000
|
stack
|
page read and write
|
||
|
5DEE000
|
heap
|
page read and write
|
||
|
4E0B000
|
trusted library allocation
|
page read and write
|
||
|
EFA000
|
trusted library allocation
|
page execute and read and write
|
||
|
533E000
|
stack
|
page read and write
|
||
|
390A000
|
trusted library allocation
|
page read and write
|
||
|
8F90000
|
trusted library allocation
|
page execute and read and write
|
||
|
7302000
|
trusted library allocation
|
page read and write
|
There are 259 hidden memdumps, click here to show them.