Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Dokument_2024-10-24_135211.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\Log.tmp
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nonagglutinant
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\AYT.exe
|
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AYT.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Fri Oct 25 06:16:02
2024, mtime=Fri Oct 25 06:16:02 2024, atime=Fri Oct 25 06:16:02 2024, length=45984, window=hide
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Dokument_2024-10-24_135211.exe
|
"C:\Users\user\Desktop\Dokument_2024-10-24_135211.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Users\user\Desktop\Dokument_2024-10-24_135211.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
154.216.18.238
|
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
154.216.18.238
|
unknown
|
Seychelles
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1710000
|
direct allocation
|
page read and write
|
|
|
|
2381000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
system
|
page execute and read and write
|
|
|
|
3EA0000
|
direct allocation
|
page read and write
|
||
|
3EA0000
|
direct allocation
|
page read and write
|
||
|
704000
|
trusted library allocation
|
page read and write
|
||
|
4F90000
|
trusted library allocation
|
page read and write
|
||
|
4F89000
|
stack
|
page read and write
|
||
|
9CE000
|
stack
|
page read and write
|
||
|
3BB0000
|
heap
|
page read and write
|
||
|
5290000
|
heap
|
page read and write
|
||
|
73B000
|
trusted library allocation
|
page execute and read and write
|
||
|
510D000
|
stack
|
page read and write
|
||
|
3D55000
|
heap
|
page read and write
|
||
|
5250000
|
trusted library allocation
|
page read and write
|
||
|
5EDF000
|
stack
|
page read and write
|
||
|
795000
|
heap
|
page read and write
|
||
|
3381000
|
trusted library allocation
|
page read and write
|
||
|
4AEE000
|
stack
|
page read and write
|
||
|
4F96000
|
trusted library allocation
|
page read and write
|
||
|
41DE000
|
direct allocation
|
page read and write
|
||
|
553E000
|
stack
|
page read and write
|
||
|
33E7000
|
trusted library allocation
|
page read and write
|
||
|
940000
|
heap
|
page read and write
|
||
|
3D60000
|
heap
|
page read and write
|
||
|
966000
|
heap
|
page read and write
|
||
|
4169000
|
direct allocation
|
page read and write
|
||
|
713000
|
trusted library allocation
|
page read and write
|
||
|
4388000
|
trusted library allocation
|
page read and write
|
||
|
520000
|
heap
|
page read and write
|
||
|
960000
|
heap
|
page read and write
|
||
|
703000
|
trusted library allocation
|
page execute and read and write
|
||
|
3FC3000
|
direct allocation
|
page read and write
|
||
|
416D000
|
direct allocation
|
page read and write
|
||
|
3CDD000
|
heap
|
page read and write
|
||
|
A20000
|
heap
|
page read and write
|
||
|
A2A000
|
heap
|
page read and write
|
||
|
6DE000
|
stack
|
page read and write
|
||
|
5F1E000
|
stack
|
page read and write
|
||
|
527000
|
heap
|
page read and write
|
||
|
4169000
|
direct allocation
|
page read and write
|
||
|
4940000
|
heap
|
page read and write
|
||
|
56E000
|
stack
|
page read and write
|
||
|
41DE000
|
direct allocation
|
page read and write
|
||
|
65DC000
|
stack
|
page read and write
|
||
|
41DE000
|
direct allocation
|
page read and write
|
||
|
3D5F000
|
heap
|
page execute and read and write
|
||
|
3EA0000
|
direct allocation
|
page read and write
|
||
|
2190000
|
heap
|
page read and write
|
||
|
416D000
|
direct allocation
|
page read and write
|
||
|
5E5D000
|
stack
|
page read and write
|
||
|
6F0000
|
trusted library allocation
|
page read and write
|
||
|
5F5F000
|
stack
|
page read and write
|
||
|
23BA000
|
trusted library allocation
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
41DE000
|
direct allocation
|
page read and write
|
||
|
4AF0000
|
trusted library allocation
|
page read and write
|
||
|
236E000
|
stack
|
page read and write
|
||
|
9A000
|
stack
|
page read and write
|
||
|
A15000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
524C000
|
stack
|
page read and write
|
||
|
726000
|
trusted library allocation
|
page execute and read and write
|
||
|
5C19000
|
heap
|
page read and write
|
||
|
768000
|
heap
|
page read and write
|
||
|
722000
|
trusted library allocation
|
page read and write
|
||
|
4F9B000
|
trusted library allocation
|
page read and write
|
||
|
4169000
|
direct allocation
|
page read and write
|
||
|
41DE000
|
direct allocation
|
page read and write
|
||
|
48E0000
|
trusted library allocation
|
page read and write
|
||
|
5460000
|
trusted library allocation
|
page execute and read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
4FBD000
|
trusted library allocation
|
page read and write
|
||
|
2320000
|
heap
|
page read and write
|
||
|
416D000
|
direct allocation
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
482000
|
unkown
|
page readonly
|
||
|
4AB000
|
unkown
|
page readonly
|
||
|
3EA0000
|
direct allocation
|
page read and write
|
||
|
4040000
|
direct allocation
|
page read and write
|
||
|
4169000
|
direct allocation
|
page read and write
|
||
|
760000
|
heap
|
page read and write
|
||
|
4169000
|
direct allocation
|
page read and write
|
||
|
3D6E000
|
heap
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
161F000
|
stack
|
page read and write
|
||
|
843000
|
heap
|
page read and write
|
||
|
857000
|
heap
|
page read and write
|
||
|
4943000
|
heap
|
page read and write
|
||
|
700000
|
trusted library allocation
|
page read and write
|
||
|
4D4E000
|
stack
|
page read and write
|
||
|
21B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4040000
|
direct allocation
|
page read and write
|
||
|
1660000
|
heap
|
page read and write
|
||
|
9E5000
|
heap
|
page read and write
|
||
|
4040000
|
direct allocation
|
page read and write
|
||
|
3064000
|
heap
|
page read and write
|
||
|
649C000
|
stack
|
page read and write
|
||
|
A2E000
|
heap
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
8AF000
|
stack
|
page read and write
|
||
|
71D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4AB000
|
unkown
|
page readonly
|
||
|
93E000
|
stack
|
page read and write
|
||
|
22EE000
|
stack
|
page read and write
|
||
|
720000
|
trusted library allocation
|
page read and write
|
||
|
3FC3000
|
direct allocation
|
page read and write
|
||
|
3D63000
|
heap
|
page read and write
|
||
|
4B00000
|
heap
|
page execute and read and write
|
||
|
5110000
|
heap
|
page read and write
|
||
|
95E000
|
stack
|
page read and write
|
||
|
3060000
|
heap
|
page read and write
|
||
|
839000
|
heap
|
page read and write
|
||
|
4FB6000
|
trusted library allocation
|
page read and write
|
||
|
2F00000
|
heap
|
page read and write
|
||
|
3BAF000
|
stack
|
page read and write
|
||
|
797000
|
heap
|
page read and write
|
||
|
2FA8000
|
heap
|
page read and write
|
||
|
416D000
|
direct allocation
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
732000
|
trusted library allocation
|
page read and write
|
||
|
52A1000
|
trusted library allocation
|
page read and write
|
||
|
451D000
|
stack
|
page read and write
|
||
|
165E000
|
stack
|
page read and write
|
||
|
4930000
|
trusted library allocation
|
page read and write
|
||
|
7F3D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
492D000
|
trusted library allocation
|
page read and write
|
||
|
4FA2000
|
trusted library allocation
|
page read and write
|
||
|
121E000
|
stack
|
page read and write
|
||
|
5BE0000
|
heap
|
page read and write
|
||
|
5F9C000
|
stack
|
page read and write
|
||
|
A10000
|
heap
|
page read and write
|
||
|
4040000
|
direct allocation
|
page read and write
|
||
|
48DE000
|
stack
|
page read and write
|
||
|
22F0000
|
trusted library allocation
|
page read and write
|
||
|
635C000
|
stack
|
page read and write
|
||
|
4FB1000
|
trusted library allocation
|
page read and write
|
||
|
2FAB000
|
heap
|
page read and write
|
||
|
3FC3000
|
direct allocation
|
page read and write
|
||
|
4E4E000
|
stack
|
page read and write
|
||
|
4920000
|
trusted library allocation
|
page read and write
|
||
|
659D000
|
stack
|
page read and write
|
||
|
5AE000
|
stack
|
page read and write
|
||
|
5D5000
|
heap
|
page read and write
|
||
|
218C000
|
stack
|
page read and write
|
||
|
3C0A000
|
heap
|
page read and write
|
||
|
3FC3000
|
direct allocation
|
page read and write
|
||
|
78A000
|
heap
|
page read and write
|
||
|
3D7E000
|
heap
|
page read and write
|
||
|
A5A000
|
heap
|
page read and write
|
||
|
70D000
|
trusted library allocation
|
page execute and read and write
|
||
|
645E000
|
stack
|
page read and write
|
||
|
4169000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2370000
|
heap
|
page execute and read and write
|
||
|
BB000
|
stack
|
page read and write
|
||
|
214E000
|
stack
|
page read and write
|
||
|
5280000
|
trusted library allocation
|
page execute and read and write
|
||
|
5449000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
482000
|
unkown
|
page readonly
|
||
|
8FE000
|
stack
|
page read and write
|
||
|
4040000
|
direct allocation
|
page read and write
|
||
|
4040000
|
direct allocation
|
page read and write
|
||
|
416D000
|
direct allocation
|
page read and write
|
||
|
37AE000
|
stack
|
page read and write
|
||
|
1700000
|
heap
|
page read and write
|
||
|
89F000
|
stack
|
page read and write
|
||
|
3FC3000
|
direct allocation
|
page read and write
|
||
|
3C8D000
|
heap
|
page read and write
|
||
|
1B7000
|
stack
|
page read and write
|
||
|
54B0000
|
trusted library allocation
|
page read and write
|
||
|
5E9D000
|
stack
|
page read and write
|
||
|
21E0000
|
heap
|
page read and write
|
||
|
4FAE000
|
trusted library allocation
|
page read and write
|
||
|
609D000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
4E8A000
|
stack
|
page read and write
|
||
|
4FC2000
|
trusted library allocation
|
page read and write
|
||
|
72A000
|
trusted library allocation
|
page execute and read and write
|
||
|
4A7000
|
unkown
|
page read and write
|
||
|
490000
|
unkown
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
3D55000
|
heap
|
page read and write
|
||
|
490000
|
unkown
|
page write copy
|
||
|
3EA0000
|
direct allocation
|
page read and write
|
||
|
3BDB000
|
heap
|
page read and write
|
||
|
737000
|
trusted library allocation
|
page execute and read and write
|
||
|
500E000
|
stack
|
page read and write
|
||
|
3EA0000
|
direct allocation
|
page read and write
|
||
|
66DE000
|
stack
|
page read and write
|
||
|
8B4000
|
stack
|
page read and write
|
||
|
33A9000
|
trusted library allocation
|
page read and write
|
||
|
416D000
|
direct allocation
|
page read and write
|
||
|
100000
|
heap
|
page read and write
|
||
|
40C000
|
system
|
page execute and read and write
|
||
|
48E9000
|
trusted library allocation
|
page read and write
|
||
|
1750000
|
heap
|
page read and write
|
||
|
3CDC000
|
heap
|
page read and write
|
||
|
21C0000
|
trusted library allocation
|
page read and write
|
||
|
750000
|
trusted library allocation
|
page read and write
|
||
|
4F9E000
|
trusted library allocation
|
page read and write
|
||
|
710000
|
trusted library allocation
|
page read and write
|
||
|
3FC3000
|
direct allocation
|
page read and write
|
||
|
54C0000
|
heap
|
page read and write
|
||
|
54F0000
|
heap
|
page read and write
|
||
|
77E000
|
heap
|
page read and write
|
||
|
41DE000
|
direct allocation
|
page read and write
|
||
|
489E000
|
stack
|
page read and write
|
There are 199 hidden memdumps, click here to show them.