Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Walls.cmd
|
ASCII text, with very long lines (873), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\Desktop\459250\Spa.com
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
\Device\ConDrv
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\Walls.cmd" "
|
|
|
|
C:\Windows\System32\findstr.exe
|
findstr /I "opssvc wrsa"
|
|
|
|
C:\Windows\System32\findstr.exe
|
findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
|
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c md 459250
|
|
|
|
C:\Windows\System32\findstr.exe
|
findstr /V "Sorry" Branches
|
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c copy /b ..\Penalties + ..\Let + ..\No + ..\Giant + ..\Instance + ..\Reed + ..\Hawk y
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\tasklist.exe
|
tasklist
|
||
|
C:\Windows\System32\tasklist.exe
|
tasklist
|
||
|
C:\Windows\System32\choice.exe
|
choice /d y /t 5
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://upx.sf.net
|
unknown
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1E5B3DEC000
|
heap
|
page read and write
|
||
|
1E5B3DBC000
|
heap
|
page read and write
|
||
|
3EF6BFF000
|
stack
|
page read and write
|
||
|
1A0079CD000
|
heap
|
page read and write
|
||
|
1E5B3DEC000
|
heap
|
page read and write
|
||
|
1A0079F5000
|
heap
|
page read and write
|
||
|
260FCD20000
|
heap
|
page read and write
|
||
|
1E5B3DB6000
|
heap
|
page read and write
|
||
|
1A007870000
|
heap
|
page read and write
|
||
|
1A0079FA000
|
heap
|
page read and write
|
||
|
1E5B3DCB000
|
heap
|
page read and write
|
||
|
1E5B3D60000
|
heap
|
page read and write
|
||
|
1E5B3D80000
|
heap
|
page read and write
|
||
|
1A007970000
|
heap
|
page read and write
|
||
|
1A0079C7000
|
heap
|
page read and write
|
||
|
1A0079FE000
|
heap
|
page read and write
|
||
|
1A0079EC000
|
heap
|
page read and write
|
||
|
419EFF000
|
stack
|
page read and write
|
||
|
1A007C4A000
|
heap
|
page read and write
|
||
|
1E5B3E90000
|
heap
|
page read and write
|
||
|
1A0079F6000
|
heap
|
page read and write
|
||
|
260FCA59000
|
heap
|
page read and write
|
||
|
419F7F000
|
stack
|
page read and write
|
||
|
1E5B3DDE000
|
heap
|
page read and write
|
||
|
1E5B3DE8000
|
heap
|
page read and write
|
||
|
1A007C44000
|
heap
|
page read and write
|
||
|
1E5B3DE5000
|
heap
|
page read and write
|
||
|
1A0079C8000
|
heap
|
page read and write
|
||
|
1A0079D9000
|
heap
|
page read and write
|
||
|
41A07E000
|
stack
|
page read and write
|
||
|
1E5B3DB7000
|
heap
|
page read and write
|
||
|
3EF6A7B000
|
stack
|
page read and write
|
||
|
1A0079C7000
|
heap
|
page read and write
|
||
|
1E5B3DEC000
|
heap
|
page read and write
|
||
|
1E5B3DDF000
|
heap
|
page read and write
|
||
|
419BAB000
|
stack
|
page read and write
|
||
|
1E5B3D90000
|
heap
|
page read and write
|
||
|
1A007950000
|
heap
|
page read and write
|
||
|
1E5B3D84000
|
heap
|
page read and write
|
||
|
1E5B3DEA000
|
heap
|
page read and write
|
||
|
CE04D3C000
|
stack
|
page read and write
|
||
|
3EF6B7E000
|
stack
|
page read and write
|
||
|
1E5B3DE8000
|
heap
|
page read and write
|
||
|
1A0079EC000
|
heap
|
page read and write
|
||
|
1A0079EC000
|
heap
|
page read and write
|
||
|
1A0079FD000
|
heap
|
page read and write
|
||
|
CE0507F000
|
stack
|
page read and write
|
||
|
1E5B3DE7000
|
heap
|
page read and write
|
||
|
260FC890000
|
heap
|
page read and write
|
||
|
1A0079E6000
|
heap
|
page read and write
|
||
|
1A0079EC000
|
heap
|
page read and write
|
||
|
3EF6AFE000
|
stack
|
page read and write
|
||
|
1A0079EC000
|
heap
|
page read and write
|
||
|
1A0079A8000
|
heap
|
page read and write
|
||
|
419FFF000
|
stack
|
page read and write
|
||
|
3EF6C7F000
|
stack
|
page read and write
|
||
|
1E5B3DE1000
|
heap
|
page read and write
|
||
|
260FC970000
|
heap
|
page read and write
|
||
|
1A0079D8000
|
heap
|
page read and write
|
||
|
1E5B3C80000
|
heap
|
page read and write
|
||
|
1E5B3DBC000
|
heap
|
page read and write
|
||
|
1E5B3DB6000
|
heap
|
page read and write
|
||
|
1E5B3DCC000
|
heap
|
page read and write
|
||
|
1A0079A0000
|
heap
|
page read and write
|
||
|
260FCA50000
|
heap
|
page read and write
|
||
|
1E5B3DDE000
|
heap
|
page read and write
|
||
|
1E5B3D8A000
|
heap
|
page read and write
|
||
|
1A0079E5000
|
heap
|
page read and write
|
||
|
260FC990000
|
heap
|
page read and write
|
||
|
1E5B3DEC000
|
heap
|
page read and write
|
||
|
1E5B3DEC000
|
heap
|
page read and write
|
||
|
1E5B3DF2000
|
heap
|
page read and write
|
||
|
1E5B3DDE000
|
heap
|
page read and write
|
||
|
1E5B3DDE000
|
heap
|
page read and write
|
||
|
419E7F000
|
stack
|
page read and write
|
||
|
1E5B3DEF000
|
heap
|
page read and write
|
||
|
1E5B3DDE000
|
heap
|
page read and write
|
||
|
CE04DBE000
|
stack
|
page read and write
|
||
|
260FCD24000
|
heap
|
page read and write
|
||
|
1A0079FD000
|
heap
|
page read and write
|
||
|
3EF6CFF000
|
stack
|
page read and write
|
||
|
1A007C40000
|
heap
|
page read and write
|
||
|
1A0079FD000
|
heap
|
page read and write
|
There are 73 hidden memdumps, click here to show them.