Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Week13.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
modified
|
|
|
|
\Device\ConDrv
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Week13.exe
|
"C:\Users\user\Desktop\Week13.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe
|
"C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN oneetx.exe /TR "C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe"
/F
|
|
|
|
C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe
|
C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe
|
|
|
|
C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe
|
C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe
|
|
|
|
C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe
|
C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe
|
|
|
|
C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe
|
C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe
|
|
|
|
C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe
|
C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "oneetx.exe" /P "user:N"&&CACLS "oneetx.exe" /P "user:R" /E&&echo Y|CACLS "..\cb7ae701b3"
/P "user:N"&&CACLS "..\cb7ae701b3" /P "user:R" /E&&Exit
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /S /D /c" echo Y"
|
||
|
C:\Windows\SysWOW64\cacls.exe
|
CACLS "oneetx.exe" /P "user:N"
|
||
|
C:\Windows\SysWOW64\cacls.exe
|
CACLS "oneetx.exe" /P "user:R" /E
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /S /D /c" echo Y"
|
||
|
C:\Windows\SysWOW64\cacls.exe
|
CACLS "..\cb7ae701b3" /P "user:N"
|
||
|
C:\Windows\SysWOW64\cacls.exe
|
CACLS "..\cb7ae701b3" /P "user:R" /E
|
There are 7 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://193.3.19.154/store/games/index.php
|
193.3.19.154
|
|
|
|
http://193.3.19.154/store/games/index.php1mb3JtLXVybGVuY29kZWQ=N
|
unknown
|
||
|
http://193.3.19.154/store/games/index.phpe5a2ab05
|
unknown
|
||
|
http://193.3.19.154/store/games/Plugins/cred64.dllx
|
unknown
|
||
|
http://193.3.19.154/store/games/Plugins/cred64.dll
|
unknown
|
||
|
http://193.3.19.154/store/games/index.phppd
|
unknown
|
||
|
http://193.3.19.154/store/games/index.phpc
|
unknown
|
||
|
http://193.3.19.154/store/games/index.php1mb3JtLXVybGVuY29kZWQ=
|
unknown
|
||
|
http://193.3.19.154/store/games/index.phpd
|
unknown
|
||
|
http://193.3.19.154/store/games/index.phppdR
|
unknown
|
||
|
http://193.3.19.154/store/games/Plugins/clip64.dllYS2
|
unknown
|
||
|
http://193.3.19.154/store/games/index.phpded
|
unknown
|
||
|
http://193.3.19.154/store/games/Plugins/clip64.dll
|
unknown
|
||
|
http://193.3.19.154/store/games/index.phpt
|
unknown
|
There are 4 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
193.3.19.154
|
unknown
|
Denmark
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
|
Startup
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
611000
|
unkown
|
page execute read
|
|
|
|
891000
|
unkown
|
page execute read
|
|
|
|
611000
|
unkown
|
page execute read
|
|
|
|
CE0000
|
heap
|
page read and write
|
|
|
|
891000
|
unkown
|
page execute read
|
|
|
|
891000
|
unkown
|
page execute read
|
|
|
|
891000
|
unkown
|
page execute read
|
|
|
|
891000
|
unkown
|
page execute read
|
|
|
|
891000
|
unkown
|
page execute read
|
|
|
|
D21000
|
heap
|
page read and write
|
|
|
|
891000
|
unkown
|
page execute read
|
|
|
|
D36000
|
heap
|
page read and write
|
|
|
|
891000
|
unkown
|
page execute read
|
|
|
|
CC8000
|
heap
|
page read and write
|
|
|
|
891000
|
unkown
|
page execute read
|
|
|
|
891000
|
unkown
|
page execute read
|
|
|
|
891000
|
unkown
|
page execute read
|
|
|
|
891000
|
unkown
|
page execute read
|
|
|
|
1183000
|
heap
|
page read and write
|
||
|
13C000
|
stack
|
page read and write
|
||
|
F20000
|
heap
|
page read and write
|
||
|
D53000
|
heap
|
page read and write
|
||
|
11A9000
|
heap
|
page read and write
|
||
|
140F000
|
stack
|
page read and write
|
||
|
11EE000
|
heap
|
page read and write
|
||
|
618000
|
heap
|
page read and write
|
||
|
10BE000
|
stack
|
page read and write
|
||
|
6EE000
|
stack
|
page read and write
|
||
|
8C1000
|
unkown
|
page write copy
|
||
|
890000
|
unkown
|
page readonly
|
||
|
310B000
|
stack
|
page read and write
|
||
|
8B9000
|
unkown
|
page readonly
|
||
|
820000
|
heap
|
page read and write
|
||
|
66E000
|
stack
|
page read and write
|
||
|
C3E000
|
stack
|
page read and write
|
||
|
639000
|
unkown
|
page readonly
|
||
|
450000
|
heap
|
page read and write
|
||
|
1BD000
|
stack
|
page read and write
|
||
|
F30000
|
heap
|
page read and write
|
||
|
A30000
|
heap
|
page read and write
|
||
|
77F000
|
stack
|
page read and write
|
||
|
301C000
|
stack
|
page read and write
|
||
|
440000
|
heap
|
page read and write
|
||
|
1165000
|
heap
|
page read and write
|
||
|
E1F000
|
stack
|
page read and write
|
||
|
87C000
|
stack
|
page read and write
|
||
|
8B9000
|
unkown
|
page readonly
|
||
|
428E000
|
stack
|
page read and write
|
||
|
B6E000
|
stack
|
page read and write
|
||
|
10FC000
|
stack
|
page read and write
|
||
|
319E000
|
stack
|
page read and write
|
||
|
11F2000
|
heap
|
page read and write
|
||
|
D32000
|
heap
|
page read and write
|
||
|
6A2C000
|
stack
|
page read and write
|
||
|
890000
|
unkown
|
page readonly
|
||
|
11CE000
|
heap
|
page read and write
|
||
|
36CE000
|
stack
|
page read and write
|
||
|
5550000
|
heap
|
page read and write
|
||
|
8C4000
|
unkown
|
page readonly
|
||
|
610000
|
unkown
|
page readonly
|
||
|
840000
|
heap
|
page read and write
|
||
|
130E000
|
stack
|
page read and write
|
||
|
74F000
|
stack
|
page read and write
|
||
|
F1F000
|
stack
|
page read and write
|
||
|
C90000
|
heap
|
page read and write
|
||
|
CB0000
|
heap
|
page read and write
|
||
|
5560000
|
heap
|
page read and write
|
||
|
915000
|
heap
|
page read and write
|
||
|
8C4000
|
unkown
|
page readonly
|
||
|
11F1000
|
heap
|
page read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
13C0000
|
heap
|
page read and write
|
||
|
9CE000
|
stack
|
page read and write
|
||
|
760000
|
heap
|
page read and write
|
||
|
639000
|
unkown
|
page readonly
|
||
|
1FC000
|
stack
|
page read and write
|
||
|
11FA000
|
heap
|
page read and write
|
||
|
53E000
|
stack
|
page read and write
|
||
|
9CD000
|
stack
|
page read and write
|
||
|
6DEC000
|
stack
|
page read and write
|
||
|
114D000
|
heap
|
page read and write
|
||
|
692B000
|
stack
|
page read and write
|
||
|
8C1000
|
unkown
|
page read and write
|
||
|
46C0000
|
trusted library allocation
|
page read and write
|
||
|
1173000
|
heap
|
page read and write
|
||
|
A50000
|
heap
|
page read and write
|
||
|
11E1000
|
heap
|
page read and write
|
||
|
910000
|
heap
|
page read and write
|
||
|
CEE000
|
stack
|
page read and write
|
||
|
730000
|
heap
|
page read and write
|
||
|
1410000
|
heap
|
page read and write
|
||
|
BAE000
|
stack
|
page read and write
|
||
|
2F1D000
|
stack
|
page read and write
|
||
|
FC0000
|
heap
|
page read and write
|
||
|
8C1000
|
unkown
|
page read and write
|
||
|
5560000
|
heap
|
page read and write
|
||
|
13BE000
|
stack
|
page read and write
|
||
|
11E4000
|
heap
|
page read and write
|
||
|
57C000
|
stack
|
page read and write
|
||
|
88E000
|
stack
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
11DB000
|
heap
|
page read and write
|
||
|
11F1000
|
heap
|
page read and write
|
||
|
A9A000
|
heap
|
page read and write
|
||
|
8B9000
|
unkown
|
page readonly
|
||
|
644000
|
unkown
|
page readonly
|
||
|
890000
|
unkown
|
page readonly
|
||
|
890000
|
unkown
|
page readonly
|
||
|
1110000
|
heap
|
page read and write
|
||
|
11DA000
|
heap
|
page read and write
|
||
|
73E000
|
stack
|
page read and write
|
||
|
890000
|
unkown
|
page readonly
|
||
|
F60000
|
heap
|
page read and write
|
||
|
A20000
|
heap
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
6AF000
|
stack
|
page read and write
|
||
|
480000
|
heap
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
BBB000
|
stack
|
page read and write
|
||
|
1DD000
|
stack
|
page read and write
|
||
|
1ED000
|
stack
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
114B000
|
heap
|
page read and write
|
||
|
460F000
|
stack
|
page read and write
|
||
|
9E8000
|
heap
|
page read and write
|
||
|
D46000
|
heap
|
page read and write
|
||
|
37CF000
|
stack
|
page read and write
|
||
|
8C4000
|
unkown
|
page readonly
|
||
|
8C1000
|
unkown
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
1520000
|
heap
|
page read and write
|
||
|
160F000
|
stack
|
page read and write
|
||
|
4630000
|
heap
|
page read and write
|
||
|
114D000
|
heap
|
page read and write
|
||
|
9CF000
|
stack
|
page read and write
|
||
|
14B6000
|
heap
|
page read and write
|
||
|
11F1000
|
heap
|
page read and write
|
||
|
890000
|
unkown
|
page readonly
|
||
|
641000
|
unkown
|
page write copy
|
||
|
11D5000
|
heap
|
page read and write
|
||
|
D3B000
|
heap
|
page read and write
|
||
|
890000
|
unkown
|
page readonly
|
||
|
A90000
|
heap
|
page read and write
|
||
|
C60000
|
heap
|
page read and write
|
||
|
11E1000
|
heap
|
page read and write
|
||
|
5F8000
|
heap
|
page read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
641000
|
unkown
|
page read and write
|
||
|
11F1000
|
heap
|
page read and write
|
||
|
6CEC000
|
stack
|
page read and write
|
||
|
14A0000
|
heap
|
page read and write
|
||
|
8C1000
|
unkown
|
page write copy
|
||
|
11FA000
|
heap
|
page read and write
|
||
|
383D000
|
stack
|
page read and write
|
||
|
11D5000
|
heap
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
C20000
|
heap
|
page read and write
|
||
|
77C000
|
stack
|
page read and write
|
||
|
53D000
|
stack
|
page read and write
|
||
|
5551000
|
heap
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
11C4000
|
heap
|
page read and write
|
||
|
900000
|
heap
|
page read and write
|
||
|
11C4000
|
heap
|
page read and write
|
||
|
2C7E000
|
stack
|
page read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
2D90000
|
heap
|
page read and write
|
||
|
8B9000
|
unkown
|
page readonly
|
||
|
11A9000
|
heap
|
page read and write
|
||
|
930000
|
heap
|
page read and write
|
||
|
107E000
|
stack
|
page read and write
|
||
|
1417000
|
heap
|
page read and write
|
||
|
11FA000
|
heap
|
page read and write
|
||
|
850000
|
heap
|
page read and write
|
||
|
8C4000
|
unkown
|
page readonly
|
||
|
438F000
|
stack
|
page read and write
|
||
|
53B000
|
heap
|
page read and write
|
||
|
98E000
|
stack
|
page read and write
|
||
|
1260000
|
heap
|
page read and write
|
||
|
6DF6000
|
heap
|
page read and write
|
||
|
610000
|
unkown
|
page readonly
|
||
|
11F1000
|
heap
|
page read and write
|
||
|
11DA000
|
heap
|
page read and write
|
||
|
ACE000
|
stack
|
page read and write
|
||
|
644000
|
unkown
|
page readonly
|
||
|
11E7000
|
heap
|
page read and write
|
||
|
8C4000
|
unkown
|
page readonly
|
||
|
A0F000
|
stack
|
page read and write
|
||
|
8C1000
|
unkown
|
page read and write
|
||
|
EEC000
|
stack
|
page read and write
|
||
|
890000
|
unkown
|
page readonly
|
||
|
8B9000
|
unkown
|
page readonly
|
||
|
14D0000
|
heap
|
page read and write
|
||
|
5AC000
|
stack
|
page read and write
|
||
|
8B9000
|
unkown
|
page readonly
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
8C4000
|
unkown
|
page readonly
|
||
|
1165000
|
heap
|
page read and write
|
||
|
152A000
|
heap
|
page read and write
|
||
|
11E7000
|
heap
|
page read and write
|
||
|
13F0000
|
heap
|
page read and write
|
||
|
1182000
|
heap
|
page read and write
|
||
|
8B9000
|
unkown
|
page readonly
|
||
|
11DB000
|
heap
|
page read and write
|
||
|
8C4000
|
unkown
|
page readonly
|
||
|
11FE000
|
heap
|
page read and write
|
||
|
8B9000
|
unkown
|
page readonly
|
||
|
6DF0000
|
heap
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
52E000
|
stack
|
page read and write
|
||
|
6E28000
|
heap
|
page read and write
|
||
|
EFA000
|
stack
|
page read and write
|
||
|
FED000
|
stack
|
page read and write
|
||
|
D6C000
|
stack
|
page read and write
|
||
|
11A9000
|
heap
|
page read and write
|
||
|
114D000
|
heap
|
page read and write
|
||
|
4620000
|
heap
|
page read and write
|
||
|
530000
|
heap
|
page read and write
|
||
|
6FE000
|
stack
|
page read and write
|
||
|
11B9000
|
heap
|
page read and write
|
||
|
1A0000
|
heap
|
page read and write
|
||
|
1176000
|
heap
|
page read and write
|
||
|
1165000
|
heap
|
page read and write
|
||
|
8C1000
|
unkown
|
page write copy
|
||
|
11E4000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
8C4000
|
unkown
|
page readonly
|
||
|
460000
|
heap
|
page read and write
|
||
|
8B9000
|
unkown
|
page readonly
|
||
|
8C1000
|
unkown
|
page read and write
|
||
|
98F000
|
stack
|
page read and write
|
||
|
880000
|
heap
|
page read and write
|
||
|
11CD000
|
heap
|
page read and write
|
||
|
11DA000
|
heap
|
page read and write
|
||
|
11AD000
|
heap
|
page read and write
|
||
|
4FD000
|
stack
|
page read and write
|
||
|
393E000
|
stack
|
page read and write
|
||
|
2C3D000
|
stack
|
page read and write
|
||
|
8C1000
|
unkown
|
page write copy
|
||
|
11BA000
|
heap
|
page read and write
|
||
|
72F000
|
stack
|
page read and write
|
||
|
1358000
|
heap
|
page read and write
|
||
|
890000
|
unkown
|
page readonly
|
||
|
DEF000
|
stack
|
page read and write
|
||
|
14D4000
|
heap
|
page read and write
|
||
|
4230000
|
heap
|
page read and write
|
||
|
11B9000
|
heap
|
page read and write
|
||
|
11FE000
|
heap
|
page read and write
|
||
|
94E000
|
stack
|
page read and write
|
||
|
137E000
|
stack
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
14B0000
|
heap
|
page read and write
|
||
|
890000
|
unkown
|
page readonly
|
||
|
8C4000
|
unkown
|
page readonly
|
||
|
8C4000
|
unkown
|
page readonly
|
||
|
8C4000
|
unkown
|
page readonly
|
||
|
450E000
|
stack
|
page read and write
|
||
|
F30000
|
heap
|
page read and write
|
||
|
555E000
|
heap
|
page read and write
|
||
|
8B9000
|
unkown
|
page readonly
|
||
|
9CD000
|
stack
|
page read and write
|
||
|
8C1000
|
unkown
|
page write copy
|
||
|
1DC000
|
stack
|
page read and write
|
||
|
11EE000
|
heap
|
page read and write
|
||
|
11FA000
|
heap
|
page read and write
|
||
|
48B000
|
heap
|
page read and write
|
||
|
8C1000
|
unkown
|
page read and write
|
||
|
14B5000
|
heap
|
page read and write
|
||
|
44CF000
|
stack
|
page read and write
|
||
|
1526000
|
heap
|
page read and write
|
||
|
940000
|
heap
|
page read and write
|
||
|
43CE000
|
stack
|
page read and write
|
||
|
43C000
|
stack
|
page read and write
|
||
|
C28000
|
heap
|
page read and write
|
||
|
8B9000
|
unkown
|
page readonly
|
||
|
8C4000
|
unkown
|
page readonly
|
||
|
5CE000
|
stack
|
page read and write
|
||
|
890000
|
unkown
|
page readonly
|
||
|
111A000
|
heap
|
page read and write
|
||
|
F65000
|
heap
|
page read and write
|
||
|
11A6000
|
heap
|
page read and write
|
||
|
4AE000
|
stack
|
page read and write
|
||
|
1350000
|
heap
|
page read and write
|
||
|
53C0000
|
heap
|
page read and write
|
||
|
8B9000
|
unkown
|
page readonly
|
||
|
11C3000
|
heap
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
F5F000
|
stack
|
page read and write
|
||
|
1160000
|
heap
|
page read and write
|
||
|
1180000
|
heap
|
page read and write
|
||
|
11F1000
|
heap
|
page read and write
|
||
|
11D8000
|
heap
|
page read and write
|
||
|
810000
|
heap
|
page read and write
|
||
|
890000
|
unkown
|
page readonly
|
||
|
4EE000
|
stack
|
page read and write
|
||
|
CAF000
|
stack
|
page read and write
|
||
|
87D000
|
stack
|
page read and write
|
||
|
10F9000
|
stack
|
page read and write
|
||
|
170F000
|
stack
|
page read and write
|
||
|
8C1000
|
unkown
|
page write copy
|
||
|
530000
|
heap
|
page read and write
|
||
|
1220000
|
heap
|
page read and write
|
||
|
111E000
|
heap
|
page read and write
|
||
|
6B6F000
|
stack
|
page read and write
|
||
|
329F000
|
stack
|
page read and write
|
||
|
11EE000
|
heap
|
page read and write
|
||
|
6A6E000
|
stack
|
page read and write
|
||
|
11A9000
|
heap
|
page read and write
|
||
|
2D7E000
|
stack
|
page read and write
|
||
|
C9E000
|
heap
|
page read and write
|
There are 302 hidden memdumps, click here to show them.