Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_7354ccdc3b64e87b5a757e2e252769fdbcc83bf0_ce23567b_b0197ee0-6474-4a70-9cdb-164f529d71d1\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER677C.tmp.dmp
|
Mini DuMP crash report, 14 streams, Thu Oct 31 16:29:42 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER67CB.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER67EB.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_30rpx5wz.0wy.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5oueypog.m1r.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_azvd350z.zns.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l5fj4kfr.lm0.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 2 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe"
|
|
|
|
C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.AgentTeslaNET.20.15021.21756.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 200
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://www.fontbureau.com
|
unknown
|
||
|
http://www.fontbureau.com/designersG
|
unknown
|
||
|
http://www.fontbureau.com/designers/?
|
unknown
|
||
|
http://www.founder.com.cn/cn/bThe
|
unknown
|
||
|
http://www.fontbureau.com/designers?
|
unknown
|
||
|
http://tempuri.org/Gamee.xsd7PoisonRoulette.GameResource
|
unknown
|
||
|
http://www.tiro.com
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
http://www.fontbureau.com/designers
|
unknown
|
||
|
http://www.goodfont.co.kr
|
unknown
|
||
|
http://www.carterandcone.coml
|
unknown
|
||
|
http://www.sajatypeworks.com
|
unknown
|
||
|
http://www.typography.netD
|
unknown
|
||
|
http://www.fontbureau.com/designers/cabarga.htmlN
|
unknown
|
||
|
http://www.founder.com.cn/cn/cThe
|
unknown
|
||
|
http://www.galapagosdesign.com/staff/dennis.htm
|
unknown
|
||
|
http://www.founder.com.cn/cn
|
unknown
|
||
|
http://www.fontbureau.com/designers/frere-user.html
|
unknown
|
||
|
http://www.jiyu-kobo.co.jp/
|
unknown
|
||
|
http://www.galapagosdesign.com/DPlease
|
unknown
|
||
|
http://www.fontbureau.com/designers8
|
unknown
|
||
|
http://www.fonts.com
|
unknown
|
||
|
http://www.sandoll.co.kr
|
unknown
|
||
|
http://www.urwpp.deDPlease
|
unknown
|
||
|
http://www.zhongyicts.com.cn
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.sakkal.com
|
unknown
|
There are 18 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{bed7a0c2-ef71-2256-0e58-5f0086adad13}\Root\InventoryApplicationFile\securiteinfo.com|12365966f1313492
|
ProgramId
|
||
|
\REGISTRY\A\{bed7a0c2-ef71-2256-0e58-5f0086adad13}\Root\InventoryApplicationFile\securiteinfo.com|12365966f1313492
|
FileId
|
||
|
\REGISTRY\A\{bed7a0c2-ef71-2256-0e58-5f0086adad13}\Root\InventoryApplicationFile\securiteinfo.com|12365966f1313492
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{bed7a0c2-ef71-2256-0e58-5f0086adad13}\Root\InventoryApplicationFile\securiteinfo.com|12365966f1313492
|
LongPathHash
|
||
|
\REGISTRY\A\{bed7a0c2-ef71-2256-0e58-5f0086adad13}\Root\InventoryApplicationFile\securiteinfo.com|12365966f1313492
|
Name
|
||
|
\REGISTRY\A\{bed7a0c2-ef71-2256-0e58-5f0086adad13}\Root\InventoryApplicationFile\securiteinfo.com|12365966f1313492
|
OriginalFileName
|
||
|
\REGISTRY\A\{bed7a0c2-ef71-2256-0e58-5f0086adad13}\Root\InventoryApplicationFile\securiteinfo.com|12365966f1313492
|
Publisher
|
||
|
\REGISTRY\A\{bed7a0c2-ef71-2256-0e58-5f0086adad13}\Root\InventoryApplicationFile\securiteinfo.com|12365966f1313492
|
Version
|
||
|
\REGISTRY\A\{bed7a0c2-ef71-2256-0e58-5f0086adad13}\Root\InventoryApplicationFile\securiteinfo.com|12365966f1313492
|
BinFileVersion
|
||
|
\REGISTRY\A\{bed7a0c2-ef71-2256-0e58-5f0086adad13}\Root\InventoryApplicationFile\securiteinfo.com|12365966f1313492
|
BinaryType
|
||
|
\REGISTRY\A\{bed7a0c2-ef71-2256-0e58-5f0086adad13}\Root\InventoryApplicationFile\securiteinfo.com|12365966f1313492
|
ProductName
|
||
|
\REGISTRY\A\{bed7a0c2-ef71-2256-0e58-5f0086adad13}\Root\InventoryApplicationFile\securiteinfo.com|12365966f1313492
|
ProductVersion
|
||
|
\REGISTRY\A\{bed7a0c2-ef71-2256-0e58-5f0086adad13}\Root\InventoryApplicationFile\securiteinfo.com|12365966f1313492
|
LinkDate
|
||
|
\REGISTRY\A\{bed7a0c2-ef71-2256-0e58-5f0086adad13}\Root\InventoryApplicationFile\securiteinfo.com|12365966f1313492
|
BinProductVersion
|
||
|
\REGISTRY\A\{bed7a0c2-ef71-2256-0e58-5f0086adad13}\Root\InventoryApplicationFile\securiteinfo.com|12365966f1313492
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{bed7a0c2-ef71-2256-0e58-5f0086adad13}\Root\InventoryApplicationFile\securiteinfo.com|12365966f1313492
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{bed7a0c2-ef71-2256-0e58-5f0086adad13}\Root\InventoryApplicationFile\securiteinfo.com|12365966f1313492
|
Size
|
||
|
\REGISTRY\A\{bed7a0c2-ef71-2256-0e58-5f0086adad13}\Root\InventoryApplicationFile\securiteinfo.com|12365966f1313492
|
Language
|
||
|
\REGISTRY\A\{bed7a0c2-ef71-2256-0e58-5f0086adad13}\Root\InventoryApplicationFile\securiteinfo.com|12365966f1313492
|
Usn
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
There are 11 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
765E000
|
stack
|
page read and write
|
||
|
5700000
|
heap
|
page read and write
|
||
|
92FE000
|
stack
|
page read and write
|
||
|
132F000
|
stack
|
page read and write
|
||
|
5738000
|
heap
|
page read and write
|
||
|
572A000
|
heap
|
page read and write
|
||
|
5500000
|
trusted library section
|
page readonly
|
||
|
4D7C000
|
stack
|
page read and write
|
||
|
2B60000
|
heap
|
page read and write
|
||
|
DCF0000
|
heap
|
page read and write
|
||
|
5390000
|
trusted library allocation
|
page read and write
|
||
|
102D000
|
trusted library allocation
|
page execute and read and write
|
||
|
51C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A9D000
|
direct allocation
|
page execute and read and write
|
||
|
2B5E000
|
stack
|
page read and write
|
||
|
5220000
|
trusted library allocation
|
page read and write
|
||
|
7210000
|
heap
|
page read and write
|
||
|
7FA80000
|
trusted library allocation
|
page execute and read and write
|
||
|
14C0000
|
trusted library allocation
|
page read and write
|
||
|
55F0000
|
heap
|
page read and write
|
||
|
7A1D000
|
stack
|
page read and write
|
||
|
5212000
|
trusted library allocation
|
page read and write
|
||
|
6DC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4CC0000
|
trusted library allocation
|
page read and write
|
||
|
1070000
|
heap
|
page read and write
|
||
|
1010000
|
trusted library allocation
|
page read and write
|
||
|
5230000
|
trusted library allocation
|
page read and write
|
||
|
10E8000
|
heap
|
page read and write
|
||
|
93FE000
|
stack
|
page read and write
|
||
|
BE7000
|
stack
|
page read and write
|
||
|
6E0E000
|
stack
|
page read and write
|
||
|
51FE000
|
trusted library allocation
|
page read and write
|
||
|
17D0000
|
direct allocation
|
page execute and read and write
|
||
|
1360000
|
heap
|
page read and write
|
||
|
10E2000
|
heap
|
page read and write
|
||
|
196E000
|
direct allocation
|
page execute and read and write
|
||
|
101D000
|
trusted library allocation
|
page execute and read and write
|
||
|
10CD000
|
heap
|
page read and write
|
||
|
1107000
|
heap
|
page read and write
|
||
|
F9C000
|
stack
|
page read and write
|
||
|
2C90000
|
heap
|
page execute and read and write
|
||
|
E3EC000
|
stack
|
page read and write
|
||
|
FF0000
|
heap
|
page read and write
|
||
|
1058000
|
heap
|
page read and write
|
||
|
1A96000
|
direct allocation
|
page execute and read and write
|
||
|
982000
|
unkown
|
page readonly
|
||
|
E1AE000
|
stack
|
page read and write
|
||
|
52D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
52E0000
|
trusted library allocation
|
page read and write
|
||
|
5255000
|
trusted library allocation
|
page read and write
|
||
|
520D000
|
trusted library allocation
|
page read and write
|
||
|
10A7000
|
heap
|
page read and write
|
||
|
103E000
|
heap
|
page read and write
|
||
|
1520000
|
heap
|
page read and write
|
||
|
1A81000
|
direct allocation
|
page execute and read and write
|
||
|
14D0000
|
trusted library allocation
|
page read and write
|
||
|
FED000
|
stack
|
page read and write
|
||
|
55E5000
|
heap
|
page read and write
|
||
|
5206000
|
trusted library allocation
|
page read and write
|
||
|
10A2000
|
heap
|
page read and write
|
||
|
E2AF000
|
stack
|
page read and write
|
||
|
14C6000
|
trusted library allocation
|
page execute and read and write
|
||
|
51D0000
|
trusted library allocation
|
page read and write
|
||
|
4E7C000
|
stack
|
page read and write
|
||
|
5240000
|
heap
|
page read and write
|
||
|
79DD000
|
stack
|
page read and write
|
||
|
1030000
|
heap
|
page read and write
|
||
|
56FD000
|
stack
|
page read and write
|
||
|
DB4E000
|
stack
|
page read and write
|
||
|
B55B000
|
trusted library allocation
|
page read and write
|
||
|
91FE000
|
stack
|
page read and write
|
||
|
6E10000
|
trusted library allocation
|
page read and write
|
||
|
E9C000
|
stack
|
page read and write
|
||
|
18FD000
|
direct allocation
|
page execute and read and write
|
||
|
14D2000
|
trusted library allocation
|
page read and write
|
||
|
14D7000
|
trusted library allocation
|
page execute and read and write
|
||
|
1023000
|
trusted library allocation
|
page read and write
|
||
|
6DB0000
|
trusted library allocation
|
page read and write
|
||
|
2F27000
|
trusted library allocation
|
page read and write
|
||
|
1065000
|
heap
|
page read and write
|
||
|
572D000
|
heap
|
page read and write
|
||
|
5250000
|
trusted library allocation
|
page read and write
|
||
|
5722000
|
heap
|
page read and write
|
||
|
5280000
|
trusted library allocation
|
page read and write
|
||
|
E50000
|
heap
|
page read and write
|
||
|
44A9000
|
trusted library allocation
|
page read and write
|
||
|
9100000
|
trusted library allocation
|
page execute and read and write
|
||
|
55C0000
|
trusted library allocation
|
page read and write
|
||
|
E60000
|
heap
|
page read and write
|
||
|
6E32000
|
trusted library allocation
|
page read and write
|
||
|
7499000
|
heap
|
page read and write
|
||
|
51E0000
|
trusted library allocation
|
page read and write
|
||
|
1020000
|
trusted library allocation
|
page read and write
|
||
|
2CA1000
|
trusted library allocation
|
page read and write
|
||
|
14DB000
|
trusted library allocation
|
page execute and read and write
|
||
|
FA0000
|
heap
|
page read and write
|
||
|
6DBA000
|
trusted library allocation
|
page read and write
|
||
|
1013000
|
trusted library allocation
|
page execute and read and write
|
||
|
14F0000
|
trusted library allocation
|
page read and write
|
||
|
5243000
|
heap
|
page read and write
|
||
|
5731000
|
heap
|
page read and write
|
||
|
55B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
F7E000
|
stack
|
page read and write
|
||
|
5260000
|
trusted library allocation
|
page read and write
|
||
|
18F9000
|
direct allocation
|
page execute and read and write
|
||
|
AEA000
|
stack
|
page read and write
|
||
|
7460000
|
heap
|
page read and write
|
||
|
44FA000
|
trusted library allocation
|
page read and write
|
||
|
2CF0000
|
trusted library allocation
|
page read and write
|
||
|
1370000
|
heap
|
page read and write
|
||
|
52C0000
|
heap
|
page read and write
|
||
|
51EB000
|
trusted library allocation
|
page read and write
|
||
|
55A0000
|
heap
|
page read and write
|
||
|
E16E000
|
stack
|
page read and write
|
||
|
7990000
|
trusted library allocation
|
page read and write
|
||
|
2C70000
|
heap
|
page read and write
|
||
|
3CA1000
|
trusted library allocation
|
page read and write
|
||
|
5201000
|
trusted library allocation
|
page read and write
|
||
|
1500000
|
heap
|
page read and write
|
||
|
5710000
|
heap
|
page read and write
|
||
|
52E2000
|
trusted library allocation
|
page read and write
|
||
|
4CA0000
|
trusted library allocation
|
page read and write
|
||
|
5750000
|
heap
|
page read and write
|
||
|
5590000
|
heap
|
page read and write
|
||
|
980000
|
unkown
|
page readonly
|
||
|
55E0000
|
heap
|
page read and write
|
||
|
7C90000
|
trusted library section
|
page read and write
|
||
|
E02E000
|
stack
|
page read and write
|
||
|
E66000
|
heap
|
page read and write
|
||
|
1014000
|
trusted library allocation
|
page read and write
|
||
|
DC4E000
|
stack
|
page read and write
|
||
|
1B18000
|
direct allocation
|
page execute and read and write
|
||
|
1507000
|
heap
|
page read and write
|
||
|
4CC3000
|
trusted library allocation
|
page read and write
|
||
|
14C2000
|
trusted library allocation
|
page read and write
|
||
|
122F000
|
stack
|
page read and write
|
||
|
4D0E000
|
stack
|
page read and write
|
||
|
14CA000
|
trusted library allocation
|
page execute and read and write
|
||
|
DF2E000
|
stack
|
page read and write
|
||
|
51E4000
|
trusted library allocation
|
page read and write
|
||
|
DEEF000
|
stack
|
page read and write
|
||
|
7660000
|
trusted library section
|
page read and write
|
||
|
1072000
|
heap
|
page read and write
|
||
|
E40000
|
heap
|
page read and write
|
||
|
E2EB000
|
stack
|
page read and write
|
||
|
2C6E000
|
stack
|
page read and write
|
||
|
E06E000
|
stack
|
page read and write
|
||
|
74A7000
|
heap
|
page read and write
|
||
|
5400000
|
heap
|
page execute and read and write
|
||
|
DD00000
|
heap
|
page read and write
|
||
|
1000000
|
trusted library allocation
|
page read and write
|
||
|
57D2000
|
heap
|
page read and write
|
||
|
53FB000
|
stack
|
page read and write
|
||
|
7680000
|
trusted library allocation
|
page read and write
|
||
|
7E6E000
|
stack
|
page read and write
|
||
|
747E000
|
heap
|
page read and write
|
||
|
3CA9000
|
trusted library allocation
|
page read and write
|
||
|
7787000
|
heap
|
page read and write
|
||
|
573E000
|
heap
|
page read and write
|
||
|
721E000
|
heap
|
page read and write
|
There are 151 hidden memdumps, click here to show them.