Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
OneDrive.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\OneDrive.exe.log
|
CSV text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Onedrive\Onedrive.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\OneDrive.exe
|
"C:\Users\user\Desktop\OneDrive.exe"
|
|
|
|
C:\Windows\System32\schtasks.exe
|
"schtasks" /create /tn "Microsoft OneDrive" /sc ONLOGON /tr "C:\Users\user\AppData\Roaming\Onedrive\Onedrive.exe" /rl HIGHEST
/f
|
|
|
|
C:\Users\user\AppData\Roaming\Onedrive\Onedrive.exe
|
"C:\Users\user\AppData\Roaming\Onedrive\Onedrive.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\Onedrive\Onedrive.exe
|
C:\Users\user\AppData\Roaming\Onedrive\Onedrive.exe
|
|
|
|
C:\Windows\System32\schtasks.exe
|
"schtasks" /create /tn "Microsoft OneDrive" /sc ONLOGON /tr "C:\Users\user\AppData\Roaming\Onedrive\Onedrive.exe" /rl HIGHEST
/f
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
147.185.221.22
|
|
||
|
https://api.ipify.org/
|
unknown
|
||
|
https://stackoverflow.com/q/14436606/23354
|
unknown
|
||
|
https://stackoverflow.com/q/2152978/23354sCannot
|
unknown
|
||
|
https://ipwho.is/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://stackoverflow.com/q/11564914/23354;
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
147.185.221.22
|
unknown
|
United States
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
C22000
|
unkown
|
page readonly
|
|
|
|
7FF848D36000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F63000
|
trusted library allocation
|
page read and write
|
||
|
1C34E000
|
stack
|
page read and write
|
||
|
E61000
|
heap
|
page read and write
|
||
|
7FF848C7D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1820000
|
heap
|
page read and write
|
||
|
1B5DD000
|
stack
|
page read and write
|
||
|
7FF848D10000
|
trusted library allocation
|
page execute and read and write
|
||
|
2940000
|
heap
|
page read and write
|
||
|
D95000
|
heap
|
page read and write
|
||
|
353A000
|
trusted library allocation
|
page read and write
|
||
|
1780000
|
trusted library allocation
|
page read and write
|
||
|
1B5A0000
|
heap
|
page read and write
|
||
|
7FF848E80000
|
trusted library allocation
|
page read and write
|
||
|
1B6D0000
|
heap
|
page execute and read and write
|
||
|
7FF848FE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E58000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E1C000
|
trusted library allocation
|
page read and write
|
||
|
1200000
|
heap
|
page read and write
|
||
|
1BAEC000
|
heap
|
page read and write
|
||
|
895FAFF000
|
unkown
|
page read and write
|
||
|
14E1000
|
heap
|
page read and write
|
||
|
7FF848D26000
|
trusted library allocation
|
page read and write
|
||
|
1BDF3000
|
heap
|
page read and write
|
||
|
7FF848E10000
|
trusted library allocation
|
page read and write
|
||
|
31A9000
|
trusted library allocation
|
page read and write
|
||
|
7FF8490C0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E84000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E60000
|
trusted library allocation
|
page read and write
|
||
|
F40000
|
heap
|
page read and write
|
||
|
7FF848E65000
|
trusted library allocation
|
page read and write
|
||
|
1B5E2000
|
heap
|
page read and write
|
||
|
1B3DE000
|
heap
|
page read and write
|
||
|
1305E000
|
trusted library allocation
|
page read and write
|
||
|
106E000
|
stack
|
page read and write
|
||
|
1260000
|
heap
|
page read and write
|
||
|
1B920000
|
heap
|
page read and write
|
||
|
1428000
|
heap
|
page read and write
|
||
|
7FF848F90000
|
trusted library allocation
|
page read and write
|
||
|
2CCE000
|
stack
|
page read and write
|
||
|
1BA9E000
|
stack
|
page read and write
|
||
|
7FF848EE0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D0C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BC23000
|
heap
|
page read and write
|
||
|
22DCCE70000
|
heap
|
page read and write
|
||
|
12F3000
|
stack
|
page read and write
|
||
|
7FF848F50000
|
trusted library allocation
|
page read and write
|
||
|
3051000
|
trusted library allocation
|
page read and write
|
||
|
1BD50000
|
heap
|
page read and write
|
||
|
7FF848E70000
|
trusted library allocation
|
page read and write
|
||
|
22DCCF30000
|
heap
|
page read and write
|
||
|
17C0000
|
heap
|
page read and write
|
||
|
1100000
|
trusted library allocation
|
page read and write
|
||
|
7FF848C83000
|
trusted library allocation
|
page read and write
|
||
|
1195000
|
heap
|
page read and write
|
||
|
27493230000
|
heap
|
page read and write
|
||
|
7FF8490AC000
|
trusted library allocation
|
page read and write
|
||
|
7FF849062000
|
trusted library allocation
|
page read and write
|
||
|
7FF848C90000
|
trusted library allocation
|
page read and write
|
||
|
F51000
|
unkown
|
page readonly
|
||
|
1321E000
|
trusted library allocation
|
page read and write
|
||
|
1BB70000
|
heap
|
page read and write
|
||
|
F60000
|
heap
|
page read and write
|
||
|
7FF848E41000
|
trusted library allocation
|
page read and write
|
||
|
1296000
|
heap
|
page read and write
|
||
|
1400000
|
heap
|
page read and write
|
||
|
6DA58FF000
|
unkown
|
page read and write
|
||
|
14DF000
|
heap
|
page read and write
|
||
|
1BD10000
|
heap
|
page read and write
|
||
|
1BE6F000
|
stack
|
page read and write
|
||
|
29C0000
|
heap
|
page read and write
|
||
|
7FF848D90000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BD44000
|
heap
|
page read and write
|
||
|
1090000
|
heap
|
page read and write
|
||
|
1210000
|
heap
|
page read and write
|
||
|
7FF848E5C000
|
trusted library allocation
|
page read and write
|
||
|
6DA5879000
|
stack
|
page read and write
|
||
|
143E000
|
heap
|
page read and write
|
||
|
146D000
|
heap
|
page read and write
|
||
|
1870000
|
heap
|
page execute and read and write
|
||
|
1B7A0000
|
heap
|
page read and write
|
||
|
126B000
|
heap
|
page read and write
|
||
|
7FF848C9D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B59A000
|
heap
|
page read and write
|
||
|
7FF848DF0000
|
trusted library allocation
|
page read and write
|
||
|
895FA79000
|
stack
|
page read and write
|
||
|
2FA0000
|
heap
|
page execute and read and write
|
||
|
3086000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EC0000
|
trusted library allocation
|
page read and write
|
||
|
1407000
|
heap
|
page read and write
|
||
|
13211000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E15000
|
trusted library allocation
|
page read and write
|
||
|
1070000
|
heap
|
page read and write
|
||
|
1B259000
|
stack
|
page read and write
|
||
|
7FF848E93000
|
trusted library allocation
|
page read and write
|
||
|
7FF848C54000
|
trusted library allocation
|
page read and write
|
||
|
7FF848C83000
|
trusted library allocation
|
page read and write
|
||
|
124F000
|
heap
|
page read and write
|
||
|
7FF848E15000
|
trusted library allocation
|
page read and write
|
||
|
22DCCF38000
|
heap
|
page read and write
|
||
|
1BB9F000
|
stack
|
page read and write
|
||
|
7FF848E5B000
|
trusted library allocation
|
page read and write
|
||
|
7FF848C70000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F70000
|
trusted library allocation
|
page read and write
|
||
|
1BC9E000
|
stack
|
page read and write
|
||
|
1BD50000
|
heap
|
page read and write
|
||
|
7FF848E89000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E90000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BA73000
|
heap
|
page read and write
|
||
|
22DCD175000
|
heap
|
page read and write
|
||
|
1307D000
|
trusted library allocation
|
page read and write
|
||
|
C20000
|
unkown
|
page readonly
|
||
|
2BC0000
|
heap
|
page execute and read and write
|
||
|
7FF848C63000
|
trusted library allocation
|
page read and write
|
||
|
7FF848C74000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F30000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D70000
|
trusted library allocation
|
page execute and read and write
|
||
|
D60000
|
heap
|
page read and write
|
||
|
1238000
|
heap
|
page read and write
|
||
|
1490000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FB0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F80000
|
trusted library allocation
|
page read and write
|
||
|
336E000
|
trusted library allocation
|
page read and write
|
||
|
3020000
|
heap
|
page execute and read and write
|
||
|
7FF848E90000
|
trusted library allocation
|
page read and write
|
||
|
7FF4754C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E80000
|
trusted library allocation
|
page read and write
|
||
|
13D0000
|
heap
|
page read and write
|
||
|
7FF848E45000
|
trusted library allocation
|
page read and write
|
||
|
1BD9E000
|
stack
|
page read and write
|
||
|
7FF8490D0000
|
trusted library allocation
|
page read and write
|
||
|
2F60000
|
trusted library allocation
|
page read and write
|
||
|
27492E70000
|
heap
|
page read and write
|
||
|
7FF848C74000
|
trusted library allocation
|
page read and write
|
||
|
1880000
|
heap
|
page read and write
|
||
|
DAA000
|
heap
|
page read and write
|
||
|
FB1000
|
stack
|
page read and write
|
||
|
D8F000
|
heap
|
page read and write
|
||
|
3089000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D56000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B080000
|
trusted library allocation
|
page read and write
|
||
|
337A000
|
trusted library allocation
|
page read and write
|
||
|
12CD3000
|
trusted library allocation
|
page read and write
|
||
|
1190000
|
heap
|
page read and write
|
||
|
1550000
|
heap
|
page read and write
|
||
|
1230000
|
heap
|
page read and write
|
||
|
7FF849087000
|
trusted library allocation
|
page read and write
|
||
|
1BAE0000
|
heap
|
page read and write
|
||
|
1BF6E000
|
stack
|
page read and write
|
||
|
7FF848E70000
|
trusted library allocation
|
page read and write
|
||
|
2FF4000
|
trusted library allocation
|
page read and write
|
||
|
1B843000
|
heap
|
page read and write
|
||
|
7FF848E40000
|
trusted library allocation
|
page read and write
|
||
|
DAD000
|
heap
|
page read and write
|
||
|
16B5000
|
heap
|
page read and write
|
||
|
146B000
|
heap
|
page read and write
|
||
|
7FF848F60000
|
trusted library allocation
|
page read and write
|
||
|
16B0000
|
heap
|
page read and write
|
||
|
895FB7F000
|
stack
|
page read and write
|
||
|
7FF848C7D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1500000
|
heap
|
page read and write
|
||
|
1258000
|
heap
|
page read and write
|
||
|
7FF848E6A000
|
trusted library allocation
|
page read and write
|
||
|
1400000
|
heap
|
page read and write
|
||
|
3092000
|
trusted library allocation
|
page read and write
|
||
|
13225000
|
trusted library allocation
|
page read and write
|
||
|
1B05E000
|
heap
|
page read and write
|
||
|
D78000
|
heap
|
page read and write
|
||
|
175E000
|
stack
|
page read and write
|
||
|
7FF848D26000
|
trusted library allocation
|
page read and write
|
||
|
D8B000
|
heap
|
page read and write
|
||
|
1885000
|
heap
|
page read and write
|
||
|
2FF6000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E90000
|
trusted library allocation
|
page read and write
|
||
|
C20000
|
unkown
|
page readonly
|
||
|
13219000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D30000
|
trusted library allocation
|
page execute and read and write
|
||
|
D70000
|
heap
|
page read and write
|
||
|
1420000
|
heap
|
page read and write
|
||
|
17C3000
|
heap
|
page read and write
|
||
|
22DCCE50000
|
heap
|
page read and write
|
||
|
7FF848D20000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
F43000
|
unkown
|
page readonly
|
||
|
7FF848C76000
|
trusted library allocation
|
page read and write
|
||
|
7FF848C8D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1520000
|
heap
|
page read and write
|
||
|
1255000
|
heap
|
page read and write
|
||
|
7FF848EA4000
|
trusted library allocation
|
page read and write
|
||
|
10E0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848C50000
|
trusted library allocation
|
page read and write
|
||
|
7FF848C72000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FD0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FA0000
|
trusted library allocation
|
page read and write
|
||
|
1AD00000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E10000
|
trusted library allocation
|
page read and write
|
||
|
13069000
|
trusted library allocation
|
page read and write
|
||
|
7FF848C73000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BB22000
|
heap
|
page read and write
|
||
|
1C24F000
|
stack
|
page read and write
|
||
|
7FF848D2C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1298000
|
heap
|
page read and write
|
||
|
DD9000
|
heap
|
page read and write
|
||
|
7FF848E60000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EA0000
|
trusted library allocation
|
page read and write
|
||
|
F65000
|
heap
|
page read and write
|
||
|
1BC50000
|
heap
|
page execute and read and write
|
||
|
7FF848E8F000
|
trusted library allocation
|
page read and write
|
||
|
1BA70000
|
heap
|
page read and write
|
||
|
14A0000
|
heap
|
page read and write
|
||
|
1B79A000
|
stack
|
page read and write
|
||
|
7FF848C94000
|
trusted library allocation
|
page read and write
|
||
|
7FF848C5D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848F00000
|
trusted library allocation
|
page read and write
|
||
|
12CD9000
|
trusted library allocation
|
page read and write
|
||
|
367B000
|
trusted library allocation
|
page read and write
|
||
|
312F000
|
stack
|
page read and write
|
||
|
7FF848CCC000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848C94000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E50000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EF0000
|
trusted library allocation
|
page read and write
|
||
|
D9F000
|
heap
|
page read and write
|
||
|
7FF849070000
|
trusted library allocation
|
page read and write
|
||
|
142F000
|
heap
|
page read and write
|
||
|
12CDE000
|
trusted library allocation
|
page read and write
|
||
|
13213000
|
trusted library allocation
|
page read and write
|
||
|
12DA000
|
heap
|
page read and write
|
||
|
7FF8490B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848EB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
D97000
|
heap
|
page read and write
|
||
|
1470000
|
trusted library allocation
|
page read and write
|
||
|
7FF848CCC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B240000
|
trusted library allocation
|
page read and write
|
||
|
1C433000
|
stack
|
page read and write
|
||
|
7FF848CAC000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CD1000
|
trusted library allocation
|
page read and write
|
||
|
13051000
|
trusted library allocation
|
page read and write
|
||
|
7FF849060000
|
trusted library allocation
|
page read and write
|
||
|
D9B000
|
heap
|
page read and write
|
||
|
7FF848E38000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E58000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F40000
|
trusted library allocation
|
page read and write
|
||
|
7FF848C6D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848C9D000
|
trusted library allocation
|
page execute and read and write
|
||
|
3538000
|
trusted library allocation
|
page read and write
|
||
|
12CD1000
|
trusted library allocation
|
page read and write
|
||
|
22DCCD70000
|
heap
|
page read and write
|
||
|
3040000
|
heap
|
page read and write
|
||
|
7FF848D30000
|
trusted library allocation
|
page execute and read and write
|
||
|
F40000
|
unkown
|
page readonly
|
||
|
2ACE000
|
stack
|
page read and write
|
||
|
7FF848EA0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848C7B000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C06E000
|
stack
|
page read and write
|
||
|
22DCD170000
|
heap
|
page read and write
|
||
|
1B962000
|
heap
|
page read and write
|
||
|
7FF848C90000
|
trusted library allocation
|
page read and write
|
||
|
1B5A4000
|
heap
|
page read and write
|
||
|
6DA597F000
|
stack
|
page read and write
|
||
|
7FF848D90000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848D00000
|
trusted library allocation
|
page read and write
|
||
|
DD7000
|
heap
|
page read and write
|
||
|
14A5000
|
heap
|
page read and write
|
||
|
1441000
|
heap
|
page read and write
|
||
|
3060000
|
trusted library allocation
|
page read and write
|
||
|
27492D90000
|
heap
|
page read and write
|
||
|
7FF848D06000
|
trusted library allocation
|
page read and write
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
1555000
|
heap
|
page read and write
|
||
|
7FF848C53000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E41000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F20000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EA0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F10000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EA4000
|
trusted library allocation
|
page read and write
|
||
|
7FF848C74000
|
trusted library allocation
|
page read and write
|
||
|
12CE5000
|
trusted library allocation
|
page read and write
|
||
|
7FF848C7D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848C52000
|
trusted library allocation
|
page read and write
|
||
|
1C14F000
|
stack
|
page read and write
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
125C000
|
heap
|
page read and write
|
||
|
7FF848FC0000
|
trusted library allocation
|
page read and write
|
||
|
1B793000
|
heap
|
page read and write
|
||
|
165E000
|
stack
|
page read and write
|
||
|
27492F70000
|
heap
|
page read and write
|
||
|
27492F78000
|
heap
|
page read and write
|
||
|
7FF848EB0000
|
trusted library allocation
|
page read and write
|
||
|
1B930000
|
heap
|
page read and write
|
||
|
7FF8490A5000
|
trusted library allocation
|
page read and write
|
||
|
3200000
|
heap
|
page read and write
|
||
|
2F5F000
|
stack
|
page read and write
|
||
|
D13000
|
stack
|
page read and write
|
||
|
7FF849082000
|
trusted library allocation
|
page read and write
|
||
|
7FF848C73000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF8490A0000
|
trusted library allocation
|
page read and write
|
||
|
27492E90000
|
heap
|
page read and write
|
||
|
27493235000
|
heap
|
page read and write
|
||
|
1C04E000
|
stack
|
page read and write
|
||
|
1B790000
|
heap
|
page read and write
|
||
|
1BD0E000
|
heap
|
page read and write
|
||
|
7FF848ED0000
|
trusted library allocation
|
page read and write
|
||
|
1760000
|
trusted library allocation
|
page read and write
|
||
|
1B862000
|
heap
|
page read and write
|
||
|
7FF848C8D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848D56000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E65000
|
trusted library allocation
|
page read and write
|
||
|
3211000
|
trusted library allocation
|
page read and write
|
There are 299 hidden memdumps, click here to show them.