Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
BWuMwnE7tw.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
C:\Users\user\AppData\Local\Temp\deldll.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\gentee72\chromeum.bat
|
Unicode text, UTF-8 text, with very long lines (56071), with CRLF, CR line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\gentee72\guig.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\gentee72\libeay32.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\gentee72\setup_temp.gea
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\gentee72\ssleay32.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\genteert.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
\Device\Null
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\BWuMwnE7tw.exe
|
"C:\Users\user\Desktop\BWuMwnE7tw.exe"
|
||
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\gentee72\chromeum.bat""
|
||
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c deldll.bat
|
||
C:\Windows\SysWOW64\PING.EXE
|
ping -n 2 -w 1000 127.0.0.1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://repository.certum.pl/ctnca.cer09
|
unknown
|
||
http://repository.certum.pl/cscasha2.cer0
|
unknown
|
||
http://crl.thawte.com/ThawteTimestampingCA.crl0
|
unknown
|
||
http://www.gentee.comB
|
unknown
|
||
http://82.115.223.189/chromeum.bat#tempinstpath#chromeum.bat0
|
unknown
|
||
http://crl.certum.pl/ctnca.crl0k
|
unknown
|
||
http://ocsp.thawte.com0
|
unknown
|
||
http://subca.ocsp-certum.com01
|
unknown
|
||
http://82.115.223.189/chromeum.bat
|
unknown
|
||
https://www.certum.pl/CPS0
|
unknown
|
||
http://www.openssl.org/f
|
unknown
|
||
http://crl.certum.pl/cscasha2.crl0q
|
unknown
|
||
http://www.certum.pl/CPS0
|
unknown
|
||
http://cscasha2.ocsp-certum.com04
|
unknown
|
||
http://www.openssl.org/support/faq.html
|
unknown
|
There are 5 hidden URLs, click here to show them.
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
127.0.0.1
|
unknown
|
unknown
|
||
82.115.223.189
|
unknown
|
Russian Federation
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
3040000
|
direct allocation
|
page read and write
|
||
31F4000
|
heap
|
page read and write
|
||
2B64000
|
heap
|
page read and write
|
||
401000
|
unkown
|
page execute read
|
||
34B7000
|
heap
|
page read and write
|
||
7F0000
|
direct allocation
|
page read and write
|
||
2E7D000
|
heap
|
page read and write
|
||
6B0000
|
heap
|
page read and write
|
||
7F0000
|
direct allocation
|
page read and write
|
||
30C0000
|
heap
|
page read and write
|
||
2240000
|
heap
|
page read and write
|
||
22C3000
|
heap
|
page read and write
|
||
36C4000
|
heap
|
page read and write
|
||
7F0000
|
direct allocation
|
page read and write
|
||
7F0000
|
direct allocation
|
page read and write
|
||
7F0000
|
direct allocation
|
page read and write
|
||
7C0000
|
direct allocation
|
page read and write
|
||
2218000
|
heap
|
page read and write
|
||
2E3E000
|
stack
|
page read and write
|
||
402000
|
unkown
|
page readonly
|
||
22CB000
|
heap
|
page read and write
|
||
7F0000
|
direct allocation
|
page read and write
|
||
22C8000
|
heap
|
page read and write
|
||
21F0000
|
heap
|
page read and write
|
||
34BF000
|
stack
|
page read and write
|
||
404000
|
unkown
|
page readonly
|
||
7F0000
|
direct allocation
|
page read and write
|
||
83B000
|
heap
|
page read and write
|
||
1000A000
|
unkown
|
page readonly
|
||
8A2000
|
heap
|
page read and write
|
||
7F0000
|
direct allocation
|
page read and write
|
||
307E000
|
unkown
|
page read and write
|
||
2CFE000
|
unkown
|
page read and write
|
||
7C0000
|
heap
|
page read and write
|
||
7F0000
|
direct allocation
|
page read and write
|
||
820000
|
heap
|
page read and write
|
||
31B0000
|
heap
|
page read and write
|
||
7F0000
|
direct allocation
|
page read and write
|
||
1000E000
|
unkown
|
page readonly
|
||
2345000
|
heap
|
page read and write
|
||
22C9000
|
heap
|
page read and write
|
||
81E000
|
stack
|
page read and write
|
||
876000
|
heap
|
page read and write
|
||
7F0000
|
direct allocation
|
page read and write
|
||
404000
|
unkown
|
page readonly
|
||
86D000
|
heap
|
page read and write
|
||
8A2000
|
heap
|
page read and write
|
||
2370000
|
heap
|
page read and write
|
||
2575000
|
heap
|
page read and write
|
||
3040000
|
direct allocation
|
page read and write
|
||
32A0000
|
heap
|
page read and write
|
||
7F0000
|
direct allocation
|
page read and write
|
||
400000
|
unkown
|
page readonly
|
||
304F000
|
stack
|
page read and write
|
||
2874000
|
heap
|
page read and write
|
||
6B5000
|
heap
|
page read and write
|
||
2344000
|
heap
|
page read and write
|
||
2340000
|
heap
|
page read and write
|
||
A1F000
|
stack
|
page read and write
|
||
86A000
|
heap
|
page read and write
|
||
2689000
|
heap
|
page read and write
|
||
4F0000
|
heap
|
page read and write
|
||
650000
|
heap
|
page read and write
|
||
2CB0000
|
heap
|
page read and write
|
||
2FEE000
|
stack
|
page read and write
|
||
32A0000
|
direct allocation
|
page read and write
|
||
31C0000
|
heap
|
page read and write
|
||
30E0000
|
heap
|
page read and write
|
||
259F000
|
heap
|
page read and write
|
||
7F0000
|
direct allocation
|
page read and write
|
||
7F0000
|
direct allocation
|
page read and write
|
||
2E5B000
|
heap
|
page read and write
|
||
234A000
|
heap
|
page read and write
|
||
2B5D000
|
stack
|
page read and write
|
||
3030000
|
trusted library allocation
|
page read and write
|
||
2E50000
|
heap
|
page read and write
|
||
400000
|
unkown
|
page readonly
|
||
7F0000
|
direct allocation
|
page read and write
|
||
403000
|
unkown
|
page read and write
|
||
30BE000
|
stack
|
page read and write
|
||
1000C000
|
unkown
|
page read and write
|
||
2348000
|
heap
|
page read and write
|
||
876000
|
heap
|
page read and write
|
||
21EA000
|
heap
|
page read and write
|
||
2380000
|
direct allocation
|
page read and write
|
||
32A2000
|
heap
|
page read and write
|
||
64E000
|
stack
|
page read and write
|
||
3090000
|
heap
|
page read and write
|
||
10001000
|
unkown
|
page execute read
|
||
403000
|
unkown
|
page write copy
|
||
329F000
|
stack
|
page read and write
|
||
33BF000
|
unkown
|
page read and write
|
||
22C1000
|
heap
|
page read and write
|
||
21CB000
|
heap
|
page read and write
|
||
31E7000
|
heap
|
page read and write
|
||
690000
|
direct allocation
|
page read and write
|
||
319E000
|
stack
|
page read and write
|
||
2CCD000
|
stack
|
page read and write
|
||
31F3000
|
heap
|
page read and write
|
||
2347000
|
heap
|
page read and write
|
||
34C0000
|
heap
|
page read and write
|
||
10000000
|
unkown
|
page readonly
|
||
2DFF000
|
unkown
|
page read and write
|
||
680000
|
direct allocation
|
page read and write
|
||
828000
|
heap
|
page read and write
|
||
7F0000
|
direct allocation
|
page read and write
|
||
32A0000
|
direct allocation
|
page read and write
|
||
7F0000
|
direct allocation
|
page read and write
|
||
19A000
|
stack
|
page read and write
|
||
2373000
|
heap
|
page read and write
|
||
2A5D000
|
stack
|
page read and write
|
||
3030000
|
heap
|
page read and write
|
||
22C6000
|
heap
|
page read and write
|
||
86B000
|
heap
|
page read and write
|
||
31E2000
|
heap
|
page read and write
|
||
2202000
|
heap
|
page read and write
|
||
8A2000
|
heap
|
page read and write
|
||
876000
|
heap
|
page read and write
|
||
31F4000
|
heap
|
page read and write
|
||
2BA0000
|
heap
|
page read and write
|
||
2DCC000
|
stack
|
page read and write
|
||
60E000
|
stack
|
page read and write
|
||
7F0000
|
direct allocation
|
page read and write
|
||
31F4000
|
heap
|
page read and write
|
||
31CB000
|
heap
|
page read and write
|
||
402000
|
unkown
|
page readonly
|
||
21C0000
|
heap
|
page read and write
|
||
30D0000
|
heap
|
page read and write
|
||
2241000
|
heap
|
page read and write
|
||
2C80000
|
heap
|
page read and write
|
||
7F0000
|
direct allocation
|
page read and write
|
||
9B000
|
stack
|
page read and write
|
||
2342000
|
heap
|
page read and write
|
||
401000
|
unkown
|
page execute read
|
||
30F0000
|
heap
|
page read and write
|
||
839000
|
heap
|
page read and write
|
||
2206000
|
heap
|
page read and write
|
||
32A1000
|
heap
|
page read and write
|
||
22C5000
|
heap
|
page read and write
|
||
7BF000
|
stack
|
page read and write
|
There are 130 hidden memdumps, click here to show them.