Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
MDE_File_Sample_23cd0d899ada82527bfb8461d6df5489f19e8359.zip
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_23cd0d899ada82527bfb8461d6df5489f19e8359.zip\ResourceHacker.ini
|
Generic INItialization configuration [MonospaceFont]
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\rundll32.exe
|
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6}
-Embedding
|
||
|
C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_23cd0d899ada82527bfb8461d6df5489f19e8359.zip\ResourceHacker.exe
|
"C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_23cd0d899ada82527bfb8461d6df5489f19e8359.zip\ResourceHacker.exe"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.greenfishsoftware.org/
|
unknown
|
||
|
http://www.angusj.com/resourcehacker/
|
unknown
|
||
|
http://www.angusj.com
|
unknown
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
4780000
|
trusted library allocation
|
page read and write
|
||
|
C1B000
|
heap
|
page read and write
|
||
|
791000
|
unkown
|
page readonly
|
||
|
78A000
|
unkown
|
page write copy
|
||
|
2FEC000
|
direct allocation
|
page read and write
|
||
|
773000
|
unkown
|
page read and write
|
||
|
28E1000
|
direct allocation
|
page read and write
|
||
|
BDC000
|
heap
|
page read and write
|
||
|
1196000
|
heap
|
page read and write
|
||
|
47CA6FE000
|
stack
|
page read and write
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
4780000
|
trusted library allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
8F3000
|
unkown
|
page readonly
|
||
|
47CA67C000
|
stack
|
page read and write
|
||
|
2882000
|
direct allocation
|
page read and write
|
||
|
119B000
|
heap
|
page read and write
|
||
|
27EB000
|
direct allocation
|
page read and write
|
||
|
28E8000
|
direct allocation
|
page read and write
|
||
|
2864000
|
direct allocation
|
page read and write
|
||
|
1190000
|
heap
|
page read and write
|
||
|
280A000
|
direct allocation
|
page read and write
|
||
|
B5E000
|
stack
|
page read and write
|
||
|
27F3000
|
direct allocation
|
page read and write
|
||
|
831000
|
unkown
|
page readonly
|
||
|
2B93000
|
heap
|
page read and write
|
||
|
315E000
|
stack
|
page read and write
|
||
|
285D000
|
direct allocation
|
page read and write
|
||
|
288A000
|
direct allocation
|
page read and write
|
||
|
C19000
|
heap
|
page read and write
|
||
|
17D78AC5000
|
heap
|
page read and write
|
||
|
BC7000
|
heap
|
page read and write
|
||
|
C18000
|
heap
|
page read and write
|
||
|
BBD000
|
heap
|
page read and write
|
||
|
B1E000
|
stack
|
page read and write
|
||
|
311F000
|
stack
|
page read and write
|
||
|
1150000
|
direct allocation
|
page execute and read and write
|
||
|
C07000
|
heap
|
page read and write
|
||
|
853000
|
unkown
|
page readonly
|
||
|
76A000
|
unkown
|
page read and write
|
||
|
17D78800000
|
heap
|
page read and write
|
||
|
BF8000
|
heap
|
page read and write
|
||
|
91E000
|
unkown
|
page readonly
|
||
|
27DD000
|
direct allocation
|
page read and write
|
||
|
A70000
|
heap
|
page read and write
|
||
|
C12000
|
heap
|
page read and write
|
||
|
28A8000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
BCB000
|
heap
|
page read and write
|
||
|
BA8000
|
heap
|
page read and write
|
||
|
17D788B0000
|
heap
|
page read and write
|
||
|
BE9000
|
heap
|
page read and write
|
||
|
A96000
|
heap
|
page read and write
|
||
|
17D787E0000
|
heap
|
page read and write
|
||
|
4DE0000
|
trusted library allocation
|
page read and write
|
||
|
28C4000
|
direct allocation
|
page read and write
|
||
|
27CE000
|
direct allocation
|
page read and write
|
||
|
17D78A60000
|
heap
|
page read and write
|
||
|
BF3000
|
heap
|
page read and write
|
||
|
2B6E000
|
stack
|
page read and write
|
||
|
33A0000
|
heap
|
page read and write
|
||
|
78F000
|
unkown
|
page readonly
|
||
|
4780000
|
trusted library allocation
|
page read and write
|
||
|
287B000
|
direct allocation
|
page read and write
|
||
|
28BD000
|
direct allocation
|
page read and write
|
||
|
2898000
|
direct allocation
|
page read and write
|
||
|
BD8000
|
heap
|
page read and write
|
||
|
8C2000
|
unkown
|
page readonly
|
||
|
4780000
|
trusted library allocation
|
page read and write
|
||
|
4780000
|
trusted library allocation
|
page read and write
|
||
|
BDE000
|
heap
|
page read and write
|
||
|
C05000
|
heap
|
page read and write
|
||
|
17D788B8000
|
heap
|
page read and write
|
||
|
2FCD000
|
direct allocation
|
page read and write
|
||
|
281A000
|
direct allocation
|
page read and write
|
||
|
BD1000
|
heap
|
page read and write
|
||
|
867000
|
unkown
|
page readonly
|
||
|
768000
|
unkown
|
page write copy
|
||
|
3002000
|
direct allocation
|
page read and write
|
||
|
47CA7FE000
|
stack
|
page read and write
|
||
|
27D5000
|
direct allocation
|
page read and write
|
||
|
3009000
|
direct allocation
|
page read and write
|
||
|
BDB000
|
heap
|
page read and write
|
||
|
968000
|
unkown
|
page readonly
|
||
|
C01000
|
heap
|
page read and write
|
||
|
BD7000
|
heap
|
page read and write
|
||
|
BE5000
|
heap
|
page read and write
|
||
|
17D78AC0000
|
heap
|
page read and write
|
||
|
4780000
|
trusted library allocation
|
page read and write
|
||
|
283A000
|
direct allocation
|
page read and write
|
||
|
C10000
|
heap
|
page read and write
|
||
|
325F000
|
stack
|
page read and write
|
||
|
1140000
|
heap
|
page read and write
|
||
|
BD9000
|
heap
|
page read and write
|
||
|
2874000
|
direct allocation
|
page read and write
|
||
|
329E000
|
stack
|
page read and write
|
||
|
990000
|
heap
|
page read and write
|
||
|
E9F000
|
stack
|
page read and write
|
||
|
2B10000
|
heap
|
page read and write
|
||
|
286C000
|
direct allocation
|
page read and write
|
||
|
BF5000
|
heap
|
page read and write
|
||
|
27B0000
|
direct allocation
|
page read and write
|
||
|
76F000
|
unkown
|
page read and write
|
||
|
2B90000
|
heap
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
BED000
|
heap
|
page read and write
|
||
|
C19000
|
heap
|
page read and write
|
||
|
2813000
|
direct allocation
|
page read and write
|
||
|
C05000
|
heap
|
page read and write
|
||
|
4780000
|
trusted library allocation
|
page read and write
|
||
|
95000
|
stack
|
page read and write
|
||
|
BFA000
|
heap
|
page read and write
|
||
|
768000
|
unkown
|
page read and write
|
||
|
2811000
|
direct allocation
|
page read and write
|
||
|
778000
|
unkown
|
page read and write
|
||
|
27FA000
|
direct allocation
|
page read and write
|
||
|
3010000
|
direct allocation
|
page read and write
|
||
|
4780000
|
trusted library allocation
|
page read and write
|
||
|
BDB000
|
heap
|
page read and write
|
||
|
28CC000
|
direct allocation
|
page read and write
|
||
|
ADE000
|
stack
|
page read and write
|
||
|
47CA77F000
|
stack
|
page read and write
|
||
|
339F000
|
stack
|
page read and write
|
||
|
2854000
|
direct allocation
|
page read and write
|
||
|
BD8000
|
heap
|
page read and write
|
||
|
27E4000
|
direct allocation
|
page read and write
|
||
|
BC8000
|
heap
|
page read and write
|
||
|
BD4000
|
heap
|
page read and write
|
||
|
BFE000
|
heap
|
page read and write
|
||
|
2FFA000
|
direct allocation
|
page read and write
|
||
|
28D3000
|
direct allocation
|
page read and write
|
||
|
BE2000
|
heap
|
page read and write
|
||
|
28DA000
|
direct allocation
|
page read and write
|
||
|
7FA000
|
unkown
|
page readonly
|
||
|
F9F000
|
stack
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
A90000
|
heap
|
page read and write
|
||
|
4780000
|
trusted library allocation
|
page read and write
|
||
|
D9E000
|
stack
|
page read and write
|
||
|
17D78700000
|
heap
|
page read and write
|
||
|
BDB000
|
heap
|
page read and write
|
||
|
C1C000
|
heap
|
page read and write
|
||
|
27BE000
|
direct allocation
|
page read and write
|
||
|
2822000
|
direct allocation
|
page read and write
|
||
|
BCF000
|
heap
|
page read and write
|
||
|
BCB000
|
heap
|
page read and write
|
There are 136 hidden memdumps, click here to show them.