Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
ATT00004.zip
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Temp\unarchiver.log
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\unarchiver.exe
|
"C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Desktop\ATT00004.zip"
|
||
|
C:\Windows\SysWOW64\7za.exe
|
"C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\b22xvwxz.elc" "C:\Users\user\Desktop\ATT00004.zip"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
198.187.3.20.in-addr.arpa
|
unknown
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
323B000
|
trusted library allocation
|
page read and write
|
||
|
322D000
|
trusted library allocation
|
page read and write
|
||
|
3254000
|
trusted library allocation
|
page read and write
|
||
|
3235000
|
trusted library allocation
|
page read and write
|
||
|
3269000
|
trusted library allocation
|
page read and write
|
||
|
324E000
|
trusted library allocation
|
page read and write
|
||
|
2870000
|
heap
|
page read and write
|
||
|
3243000
|
trusted library allocation
|
page read and write
|
||
|
32BD000
|
trusted library allocation
|
page read and write
|
||
|
FDE000
|
heap
|
page read and write
|
||
|
1422000
|
trusted library allocation
|
page execute and read and write
|
||
|
2875000
|
heap
|
page read and write
|
||
|
3251000
|
trusted library allocation
|
page read and write
|
||
|
329E000
|
trusted library allocation
|
page read and write
|
||
|
327F000
|
trusted library allocation
|
page read and write
|
||
|
1410000
|
trusted library allocation
|
page read and write
|
||
|
3248000
|
trusted library allocation
|
page read and write
|
||
|
327A000
|
trusted library allocation
|
page read and write
|
||
|
328D000
|
trusted library allocation
|
page read and write
|
||
|
142A000
|
trusted library allocation
|
page execute and read and write
|
||
|
3240000
|
trusted library allocation
|
page read and write
|
||
|
16F0000
|
heap
|
page read and write
|
||
|
3225000
|
trusted library allocation
|
page read and write
|
||
|
32D6000
|
trusted library allocation
|
page read and write
|
||
|
32AC000
|
trusted library allocation
|
page read and write
|
||
|
C90000
|
heap
|
page read and write
|
||
|
CA0000
|
heap
|
page read and write
|
||
|
1430000
|
trusted library allocation
|
page read and write
|
||
|
26D0000
|
heap
|
page read and write
|
||
|
F90000
|
trusted library allocation
|
page read and write
|
||
|
32DC000
|
trusted library allocation
|
page read and write
|
||
|
32E4000
|
trusted library allocation
|
page read and write
|
||
|
FF6000
|
heap
|
page read and write
|
||
|
EF6000
|
stack
|
page read and write
|
||
|
FC0000
|
heap
|
page read and write
|
||
|
572E000
|
stack
|
page read and write
|
||
|
32C0000
|
trusted library allocation
|
page read and write
|
||
|
32D3000
|
trusted library allocation
|
page read and write
|
||
|
10E5000
|
heap
|
page read and write
|
||
|
143A000
|
trusted library allocation
|
page execute and read and write
|
||
|
15C0000
|
heap
|
page read and write
|
||
|
32B2000
|
trusted library allocation
|
page read and write
|
||
|
146B000
|
trusted library allocation
|
page execute and read and write
|
||
|
32CE000
|
trusted library allocation
|
page read and write
|
||
|
3210000
|
trusted library allocation
|
page read and write
|
||
|
C70000
|
heap
|
page read and write
|
||
|
DAF000
|
stack
|
page read and write
|
||
|
F20000
|
heap
|
page read and write
|
||
|
3257000
|
trusted library allocation
|
page read and write
|
||
|
1460000
|
trusted library allocation
|
page read and write
|
||
|
1452000
|
trusted library allocation
|
page execute and read and write
|
||
|
1590000
|
trusted library allocation
|
page read and write
|
||
|
EF9000
|
stack
|
page read and write
|
||
|
3293000
|
trusted library allocation
|
page read and write
|
||
|
3282000
|
trusted library allocation
|
page read and write
|
||
|
BBC000
|
stack
|
page read and write
|
||
|
143C000
|
trusted library allocation
|
page execute and read and write
|
||
|
F30000
|
heap
|
page read and write
|
||
|
32AF000
|
trusted library allocation
|
page read and write
|
||
|
7EC000
|
stack
|
page read and write
|
||
|
32B7000
|
trusted library allocation
|
page read and write
|
||
|
14A0000
|
heap
|
page execute and read and write
|
||
|
B50000
|
heap
|
page read and write
|
||
|
3296000
|
trusted library allocation
|
page read and write
|
||
|
3271000
|
trusted library allocation
|
page read and write
|
||
|
12C0000
|
heap
|
page read and write
|
||
|
32A9000
|
trusted library allocation
|
page read and write
|
||
|
1467000
|
trusted library allocation
|
page execute and read and write
|
||
|
1432000
|
trusted library allocation
|
page execute and read and write
|
||
|
321E000
|
trusted library allocation
|
page read and write
|
||
|
32CB000
|
trusted library allocation
|
page read and write
|
||
|
32C5000
|
trusted library allocation
|
page read and write
|
||
|
AFD000
|
stack
|
page read and write
|
||
|
3288000
|
trusted library allocation
|
page read and write
|
||
|
562E000
|
stack
|
page read and write
|
||
|
145A000
|
trusted library allocation
|
page execute and read and write
|
||
|
32A1000
|
trusted library allocation
|
page read and write
|
||
|
32D9000
|
trusted library allocation
|
page read and write
|
||
|
3263000
|
trusted library allocation
|
page read and write
|
||
|
325E000
|
trusted library allocation
|
page read and write
|
||
|
31E1000
|
trusted library allocation
|
page read and write
|
||
|
3277000
|
trusted library allocation
|
page read and write
|
||
|
100D000
|
heap
|
page read and write
|
||
|
3274000
|
trusted library allocation
|
page read and write
|
||
|
41E1000
|
trusted library allocation
|
page read and write
|
||
|
329B000
|
trusted library allocation
|
page read and write
|
||
|
EFB000
|
stack
|
page read and write
|
||
|
C6E000
|
stack
|
page read and write
|
||
|
32E1000
|
trusted library allocation
|
page read and write
|
||
|
10E0000
|
heap
|
page read and write
|
||
|
531F000
|
stack
|
page read and write
|
||
|
32BA000
|
trusted library allocation
|
page read and write
|
||
|
32A4000
|
trusted library allocation
|
page read and write
|
||
|
586F000
|
stack
|
page read and write
|
||
|
FDB000
|
heap
|
page read and write
|
||
|
7F2D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
521E000
|
stack
|
page read and write
|
||
|
3232000
|
trusted library allocation
|
page read and write
|
||
|
16CE000
|
stack
|
page read and write
|
||
|
3290000
|
trusted library allocation
|
page read and write
|
||
|
32C8000
|
trusted library allocation
|
page read and write
|
||
|
576E000
|
stack
|
page read and write
|
||
|
15A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
FD0000
|
heap
|
page read and write
|
||
|
3266000
|
trusted library allocation
|
page read and write
|
||
|
326C000
|
trusted library allocation
|
page read and write
|
||
|
14EE000
|
stack
|
page read and write
|
||
|
FC8000
|
heap
|
page read and write
|
||
|
13D0000
|
heap
|
page read and write
|
||
|
3285000
|
trusted library allocation
|
page read and write
|
There are 100 hidden memdumps, click here to show them.