Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
ib.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Program Files (x86)\AutoIt3\Examples\Helpfile\Extras\MyProg.exe
|
MS-DOS executable PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
|
|
|
C:\Program Files\7-Zip\Uninstall.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\hjErac.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_hjErac.exe_b65444b1671fa348e7a4bd9321329eb10a53_61410b6e_7b740b91-304c-499d-98da-40c0ab07024e\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6DD7.tmp.dmp
|
Mini DuMP crash report, 14 streams, Sat Oct 26 11:52:08 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6F01.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6F21.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\k1[1].rar
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\1F7369D7.exe
|
ASCII text
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 2 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\ib.exe
|
"C:\Users\user\Desktop\ib.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\hjErac.exe
|
C:\Users\user\AppData\Local\Temp\hjErac.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6996 -s 1428
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://ddos.dnsnb8.net:799/cj//k1.rar
|
44.221.84.105
|
|
|
|
http://ddos.dnsnb8.net/cH
|
unknown
|
||
|
http://www.scintilla.org/scite.rng
|
unknown
|
||
|
http://www.rftp.comJosiah
|
unknown
|
||
|
http://www.activestate.com
|
unknown
|
||
|
http://www.activestate.comHolger
|
unknown
|
||
|
http://%s:%d/%s/%sZwQuerySystemInformationntdll.dllNtSystemDebugControlSeDebugPrivilege%s%.8x.bat:DE
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
http://www.rftp.com
|
unknown
|
||
|
http://www.baanboard.comBrendon
|
unknown
|
||
|
http://ddos.dnsnb8.net:799/cj//k1.rarGsf
|
unknown
|
||
|
https://www.smartsharesystems.com/
|
unknown
|
||
|
http://www.scintilla.org
|
unknown
|
||
|
http://www.spaceblue.comMathias
|
unknown
|
||
|
http://ddos.dnsnb8.net:799/cj//k1.rarGv
|
unknown
|
||
|
https://www.smartsharesystems.com/Morten
|
unknown
|
||
|
http://www.develop.com
|
unknown
|
||
|
http://www.lua.org
|
unknown
|
||
|
http://ddos.dnsnb8.net/
|
unknown
|
||
|
http://ddos.dnsnb8.net:799/cj//k1.rarR
|
unknown
|
||
|
http://ddos.dnsnb8.net:799/cj//k1.rarq
|
unknown
|
||
|
http://www.spaceblue.com
|
unknown
|
||
|
http://ddos.dnsnb8.net:799/cj//k1.rarp
|
unknown
|
||
|
http://www.baanboard.com
|
unknown
|
||
|
http://www.develop.comDeepak
|
unknown
|
||
|
http://ddos.dnsnb8.net:799/cj//k1.rarg
|
unknown
|
There are 16 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ddos.dnsnb8.net
|
44.221.84.105
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
44.221.84.105
|
ddos.dnsnb8.net
|
United States
|
|
|
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{90e28e63-9b2c-3fa3-395f-4601afe366a9}\Root\InventoryApplicationFile\hjerac.exe|1b210518b3c7f7c8
|
ProgramId
|
||
|
\REGISTRY\A\{90e28e63-9b2c-3fa3-395f-4601afe366a9}\Root\InventoryApplicationFile\hjerac.exe|1b210518b3c7f7c8
|
FileId
|
||
|
\REGISTRY\A\{90e28e63-9b2c-3fa3-395f-4601afe366a9}\Root\InventoryApplicationFile\hjerac.exe|1b210518b3c7f7c8
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{90e28e63-9b2c-3fa3-395f-4601afe366a9}\Root\InventoryApplicationFile\hjerac.exe|1b210518b3c7f7c8
|
LongPathHash
|
||
|
\REGISTRY\A\{90e28e63-9b2c-3fa3-395f-4601afe366a9}\Root\InventoryApplicationFile\hjerac.exe|1b210518b3c7f7c8
|
Name
|
||
|
\REGISTRY\A\{90e28e63-9b2c-3fa3-395f-4601afe366a9}\Root\InventoryApplicationFile\hjerac.exe|1b210518b3c7f7c8
|
OriginalFileName
|
||
|
\REGISTRY\A\{90e28e63-9b2c-3fa3-395f-4601afe366a9}\Root\InventoryApplicationFile\hjerac.exe|1b210518b3c7f7c8
|
Publisher
|
||
|
\REGISTRY\A\{90e28e63-9b2c-3fa3-395f-4601afe366a9}\Root\InventoryApplicationFile\hjerac.exe|1b210518b3c7f7c8
|
Version
|
||
|
\REGISTRY\A\{90e28e63-9b2c-3fa3-395f-4601afe366a9}\Root\InventoryApplicationFile\hjerac.exe|1b210518b3c7f7c8
|
BinFileVersion
|
||
|
\REGISTRY\A\{90e28e63-9b2c-3fa3-395f-4601afe366a9}\Root\InventoryApplicationFile\hjerac.exe|1b210518b3c7f7c8
|
BinaryType
|
||
|
\REGISTRY\A\{90e28e63-9b2c-3fa3-395f-4601afe366a9}\Root\InventoryApplicationFile\hjerac.exe|1b210518b3c7f7c8
|
ProductName
|
||
|
\REGISTRY\A\{90e28e63-9b2c-3fa3-395f-4601afe366a9}\Root\InventoryApplicationFile\hjerac.exe|1b210518b3c7f7c8
|
ProductVersion
|
||
|
\REGISTRY\A\{90e28e63-9b2c-3fa3-395f-4601afe366a9}\Root\InventoryApplicationFile\hjerac.exe|1b210518b3c7f7c8
|
LinkDate
|
||
|
\REGISTRY\A\{90e28e63-9b2c-3fa3-395f-4601afe366a9}\Root\InventoryApplicationFile\hjerac.exe|1b210518b3c7f7c8
|
BinProductVersion
|
||
|
\REGISTRY\A\{90e28e63-9b2c-3fa3-395f-4601afe366a9}\Root\InventoryApplicationFile\hjerac.exe|1b210518b3c7f7c8
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{90e28e63-9b2c-3fa3-395f-4601afe366a9}\Root\InventoryApplicationFile\hjerac.exe|1b210518b3c7f7c8
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{90e28e63-9b2c-3fa3-395f-4601afe366a9}\Root\InventoryApplicationFile\hjerac.exe|1b210518b3c7f7c8
|
Size
|
||
|
\REGISTRY\A\{90e28e63-9b2c-3fa3-395f-4601afe366a9}\Root\InventoryApplicationFile\hjerac.exe|1b210518b3c7f7c8
|
Language
|
||
|
\REGISTRY\A\{90e28e63-9b2c-3fa3-395f-4601afe366a9}\Root\InventoryApplicationFile\hjerac.exe|1b210518b3c7f7c8
|
Usn
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
There are 11 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
A63000
|
heap
|
page read and write
|
||
|
2B20000
|
heap
|
page read and write
|
||
|
98E000
|
stack
|
page read and write
|
||
|
A63000
|
heap
|
page read and write
|
||
|
315B000
|
stack
|
page read and write
|
||
|
3E9000
|
unkown
|
page execute and read and write
|
||
|
2700000
|
heap
|
page read and write
|
||
|
3E0000
|
unkown
|
page readonly
|
||
|
80E000
|
stack
|
page read and write
|
||
|
DC0000
|
heap
|
page read and write
|
||
|
830000
|
direct allocation
|
page read and write
|
||
|
3E4000
|
unkown
|
page readonly
|
||
|
A4C000
|
heap
|
page read and write
|
||
|
32BE000
|
stack
|
page read and write
|
||
|
4C90000
|
heap
|
page read and write
|
||
|
38C000
|
stack
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
C5E000
|
stack
|
page read and write
|
||
|
CB3000
|
unkown
|
page write copy
|
||
|
985000
|
heap
|
page read and write
|
||
|
266F000
|
stack
|
page read and write
|
||
|
A7A000
|
heap
|
page read and write
|
||
|
284B000
|
stack
|
page read and write
|
||
|
820000
|
direct allocation
|
page read and write
|
||
|
3E0000
|
unkown
|
page readonly
|
||
|
CB0000
|
unkown
|
page readonly
|
||
|
C1E000
|
stack
|
page read and write
|
||
|
CB6000
|
unkown
|
page execute and read and write
|
||
|
3F0000
|
heap
|
page read and write
|
||
|
2FBF000
|
stack
|
page read and write
|
||
|
2C30000
|
heap
|
page read and write
|
||
|
5BB000
|
stack
|
page read and write
|
||
|
8FC000
|
stack
|
page read and write
|
||
|
830000
|
direct allocation
|
page read and write
|
||
|
3E1000
|
unkown
|
page execute read
|
||
|
3E7000
|
unkown
|
page readonly
|
||
|
3E4000
|
unkown
|
page readonly
|
||
|
26DC000
|
stack
|
page read and write
|
||
|
3E6000
|
unkown
|
page write copy
|
||
|
2D3F000
|
stack
|
page read and write
|
||
|
280F000
|
stack
|
page read and write
|
||
|
A63000
|
heap
|
page read and write
|
||
|
C60000
|
heap
|
page read and write
|
||
|
325C000
|
stack
|
page read and write
|
||
|
A4C000
|
heap
|
page read and write
|
||
|
CB1000
|
unkown
|
page execute read
|
||
|
A0B000
|
heap
|
page read and write
|
||
|
6FC000
|
stack
|
page read and write
|
||
|
33BE000
|
stack
|
page read and write
|
||
|
A87000
|
heap
|
page read and write
|
||
|
CB0000
|
unkown
|
page readonly
|
||
|
2C2E000
|
stack
|
page read and write
|
||
|
DC7000
|
heap
|
page read and write
|
||
|
311E000
|
stack
|
page read and write
|
||
|
820000
|
direct allocation
|
page read and write
|
||
|
A7A000
|
heap
|
page read and write
|
||
|
CB4000
|
unkown
|
page read and write
|
||
|
CB1000
|
unkown
|
page execute and write copy
|
||
|
9EE000
|
heap
|
page read and write
|
||
|
4CA0000
|
heap
|
page read and write
|
||
|
2C34000
|
heap
|
page read and write
|
||
|
301E000
|
stack
|
page read and write
|
||
|
3E6000
|
unkown
|
page read and write
|
||
|
3E9000
|
unkown
|
page execute and write copy
|
||
|
840000
|
heap
|
page read and write
|
||
|
9FE000
|
heap
|
page read and write
|
||
|
830000
|
direct allocation
|
page read and write
|
||
|
3E0000
|
heap
|
page read and write
|
||
|
294E000
|
stack
|
page read and write
|
||
|
930000
|
heap
|
page read and write
|
||
|
2768000
|
stack
|
page read and write
|
||
|
A86000
|
heap
|
page read and write
|
||
|
26E0000
|
heap
|
page read and write
|
||
|
3EA000
|
unkown
|
page execute and write copy
|
||
|
A83000
|
heap
|
page read and write
|
||
|
A86000
|
heap
|
page read and write
|
||
|
2AEE000
|
stack
|
page read and write
|
||
|
845000
|
heap
|
page read and write
|
||
|
3E7000
|
unkown
|
page readonly
|
||
|
BDE000
|
stack
|
page read and write
|
||
|
830000
|
direct allocation
|
page read and write
|
||
|
3E1000
|
unkown
|
page execute read
|
||
|
2C2F000
|
stack
|
page read and write
|
||
|
94E000
|
stack
|
page read and write
|
||
|
A4F000
|
heap
|
page read and write
|
||
|
9CA000
|
stack
|
page read and write
|
||
|
2D7D000
|
stack
|
page read and write
|
||
|
CB3000
|
unkown
|
page readonly
|
||
|
2ACE000
|
stack
|
page read and write
|
||
|
9EA000
|
heap
|
page read and write
|
||
|
A77000
|
heap
|
page read and write
|
||
|
2EBE000
|
stack
|
page read and write
|
||
|
9FA000
|
heap
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
2E7F000
|
stack
|
page read and write
|
||
|
A77000
|
heap
|
page read and write
|
||
|
2BEF000
|
stack
|
page read and write
|
||
|
DBA000
|
stack
|
page read and write
|
||
|
CB6000
|
unkown
|
page execute and write copy
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
920000
|
heap
|
page read and write
|
There are 91 hidden memdumps, click here to show them.