Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
7zba89tklZ.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
C:\Users\user\AppData\Local\Microsoft\svcapp.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\svcapp.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
modified
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\7zba89tklZ.exe
|
"C:\Users\user\Desktop\7zba89tklZ.exe"
|
||
C:\Users\user\Desktop\7zba89tklZ.exe
|
"C:\Users\user\Desktop\7zba89tklZ.exe"
|
||
C:\Users\user\AppData\Local\Microsoft\svcapp.exe
|
"C:\Users\user\AppData\Local\Microsoft\svcapp.exe"
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
SystemHandler
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
SystemHandler
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
BC0000
|
heap
|
page read and write
|
||
7D0000
|
heap
|
page read and write
|
||
DC0000
|
heap
|
page read and write
|
||
1615000
|
heap
|
page read and write
|
||
50D000
|
unkown
|
page readonly
|
||
DF0000
|
heap
|
page read and write
|
||
371000
|
unkown
|
page execute read
|
||
30B0000
|
heap
|
page read and write
|
||
384000
|
unkown
|
page readonly
|
||
DF5000
|
heap
|
page read and write
|
||
4F1000
|
unkown
|
page execute read
|
||
504000
|
unkown
|
page readonly
|
||
F80000
|
heap
|
page read and write
|
||
87E000
|
stack
|
page read and write
|
||
12AE000
|
heap
|
page read and write
|
||
4F0000
|
unkown
|
page readonly
|
||
DB0000
|
heap
|
page read and write
|
||
38D000
|
unkown
|
page readonly
|
||
12A0000
|
heap
|
page read and write
|
||
2DE0000
|
heap
|
page read and write
|
||
8D0000
|
heap
|
page read and write
|
||
12AA000
|
heap
|
page read and write
|
||
4F1000
|
unkown
|
page execute read
|
||
38A000
|
unkown
|
page write copy
|
||
25F0000
|
heap
|
page read and write
|
||
CCE000
|
stack
|
page read and write
|
||
6FD000
|
stack
|
page read and write
|
||
4F0000
|
unkown
|
page readonly
|
||
371000
|
unkown
|
page execute read
|
||
8DE000
|
heap
|
page read and write
|
||
ACE000
|
stack
|
page read and write
|
||
FC0000
|
heap
|
page read and write
|
||
DD0000
|
heap
|
page read and write
|
||
38D000
|
unkown
|
page readonly
|
||
504000
|
unkown
|
page readonly
|
||
384000
|
unkown
|
page readonly
|
||
50A000
|
unkown
|
page write copy
|
||
36C000
|
stack
|
page read and write
|
||
8DA000
|
heap
|
page read and write
|
||
7E0000
|
heap
|
page read and write
|
||
50D000
|
unkown
|
page readonly
|
||
1610000
|
heap
|
page read and write
|
||
4F1000
|
unkown
|
page execute read
|
||
504000
|
unkown
|
page readonly
|
||
1180000
|
heap
|
page read and write
|
||
50A000
|
unkown
|
page write copy
|
||
FE0000
|
heap
|
page read and write
|
||
10FC000
|
stack
|
page read and write
|
||
BC5000
|
heap
|
page read and write
|
||
D4C000
|
stack
|
page read and write
|
||
83E000
|
stack
|
page read and write
|
||
38A000
|
unkown
|
page read and write
|
||
4F1000
|
unkown
|
page execute read
|
||
370000
|
unkown
|
page readonly
|
||
F4C000
|
stack
|
page read and write
|
||
504000
|
unkown
|
page readonly
|
||
1390000
|
heap
|
page read and write
|
||
50D000
|
unkown
|
page readonly
|
||
FD0000
|
heap
|
page read and write
|
||
12FD000
|
stack
|
page read and write
|
||
7F0000
|
heap
|
page read and write
|
||
1398000
|
heap
|
page read and write
|
||
4F0000
|
unkown
|
page readonly
|
||
2D7C000
|
stack
|
page read and write
|
||
50D000
|
unkown
|
page readonly
|
||
322F000
|
stack
|
page read and write
|
||
370000
|
unkown
|
page readonly
|
||
50A000
|
unkown
|
page read and write
|
||
3F0000
|
heap
|
page read and write
|
||
4F0000
|
unkown
|
page readonly
|
||
50A000
|
unkown
|
page read and write
|
There are 61 hidden memdumps, click here to show them.