D9E000
|
heap
|
page read and write
|
![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAppJREFUeNqsVkFoU0EQnZ/W2haM0R71kIAe4sWKB70ULLSei3oRBI13bXMQD1rSoD3b1LuNIPQiGgQvWjDgxR5EvZiDQnOoRzV80dRqrPOWP5/9m92ftOnAsvt358/beTOzux455Gv6yBx3BdqZFEfqn+dsC54DLM3dO24p2rlkGLRuTiYcyvdcYInDh6xjhw3qCMjeneFuyqY8ePUK7b1wPvweODup5hwyFdjq6KF1Z8nlR9SXzVJzYTGc23hQVnNYc8hSbAx5RzMuwINrn+hb5ihtd40lz7FcaPOQwVI9ZGWcFALbbZQWusnKPadPKQrRMO5CUjprXuDdaFAGTgFtiBmS5N/6lzBLfz9+wol0Lo5SkRNM7ftEXKLoXkmWbvk+/bpzl37euKnGANN1OpWJx96hBJ66gIamr1F/d9TR3zer1Czdpz/cOyQHwDUepM3iHpq+rnYPL7b8H5Eih1EINiMCmr3kPm5JRXOztBhSr0ndetKkXlcVGH5sjI3zj+tM43wA7qtaRJNvrEEHuhJT2LCepTZKD3x4S/7FS9T6WIvUGbwcnr1N/ceyCqjFHiCe8ESvRejtf/6Mvh8/2UZpgjOnwoPIdjZfrIRgIsOzt4LjbEIZ7GNQjPU1nV7YMKTKWGWhNB8J/mo06IiZ0KRvBIaFfomry4ZgeNpJg7SdUZMceFAW4Z7nYHhgciLMWmTl5ssVFTebvjZXZu9y5klT5NbAwPxZ4iJgWId3GKs5ptcUzUZDZ9B5eKPIcRO0ajXVS4lsLD1UJ47oDOYuh6UguuhFxzy8Pct9iCNu1KxHV2110KkzWCb2iRFcmq926aYYZ8Bq7AUcKFR2AaxigsW9afKSQD1Ivqs3TeAlXlulHsCKthcb5L8AAwCehEsTSl88KQAAAABJRU5ErkJggg==) |
|
|
Name: |
00000003.00000002.1884035836.0000000000D9E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
D9E000
|
Size: |
180224
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected Stealc |
Stealing of Sensitive Information, Remote Access Functionality |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
SQL strings found in memory and binary data |
System Summary |
|
URLs found in memory or binary data |
Networking |
|
|
9EB000
|
unkown
|
page readonly
|
![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAppJREFUeNqsVkFoU0EQnZ/W2haM0R71kIAe4sWKB70ULLSei3oRBI13bXMQD1rSoD3b1LuNIPQiGgQvWjDgxR5EvZiDQnOoRzV80dRqrPOWP5/9m92ftOnAsvt358/beTOzux455Gv6yBx3BdqZFEfqn+dsC54DLM3dO24p2rlkGLRuTiYcyvdcYInDh6xjhw3qCMjeneFuyqY8ePUK7b1wPvweODup5hwyFdjq6KF1Z8nlR9SXzVJzYTGc23hQVnNYc8hSbAx5RzMuwINrn+hb5ihtd40lz7FcaPOQwVI9ZGWcFALbbZQWusnKPadPKQrRMO5CUjprXuDdaFAGTgFtiBmS5N/6lzBLfz9+wol0Lo5SkRNM7ftEXKLoXkmWbvk+/bpzl37euKnGANN1OpWJx96hBJ66gIamr1F/d9TR3zer1Czdpz/cOyQHwDUepM3iHpq+rnYPL7b8H5Eih1EINiMCmr3kPm5JRXOztBhSr0ndetKkXlcVGH5sjI3zj+tM43wA7qtaRJNvrEEHuhJT2LCepTZKD3x4S/7FS9T6WIvUGbwcnr1N/ceyCqjFHiCe8ESvRejtf/6Mvh8/2UZpgjOnwoPIdjZfrIRgIsOzt4LjbEIZ7GNQjPU1nV7YMKTKWGWhNB8J/mo06IiZ0KRvBIaFfomry4ZgeNpJg7SdUZMceFAW4Z7nYHhgciLMWmTl5ssVFTebvjZXZu9y5klT5NbAwPxZ4iJgWId3GKs5ptcUzUZDZ9B5eKPIcRO0ajXVS4lsLD1UJ47oDOYuh6UguuhFxzy8Pct9iCNu1KxHV2110KkzWCb2iRFcmq926aYYZ8Bq7AUcKFR2AaxigsW9afKSQD1Ivqs3TeAlXlulHsCKthcb5L8AAwCehEsTSl88KQAAAABJRU5ErkJggg==) |
|
|
Name: |
00000003.00000002.1883530976.00000000009EB000.00000002.00000001.01000000.00000004.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
9EB000
|
Size: |
49152
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected Stealc |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
9EB000
|
unkown
|
page readonly
|
![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAppJREFUeNqsVkFoU0EQnZ/W2haM0R71kIAe4sWKB70ULLSei3oRBI13bXMQD1rSoD3b1LuNIPQiGgQvWjDgxR5EvZiDQnOoRzV80dRqrPOWP5/9m92ftOnAsvt358/beTOzux455Gv6yBx3BdqZFEfqn+dsC54DLM3dO24p2rlkGLRuTiYcyvdcYInDh6xjhw3qCMjeneFuyqY8ePUK7b1wPvweODup5hwyFdjq6KF1Z8nlR9SXzVJzYTGc23hQVnNYc8hSbAx5RzMuwINrn+hb5ihtd40lz7FcaPOQwVI9ZGWcFALbbZQWusnKPadPKQrRMO5CUjprXuDdaFAGTgFtiBmS5N/6lzBLfz9+wol0Lo5SkRNM7ftEXKLoXkmWbvk+/bpzl37euKnGANN1OpWJx96hBJ66gIamr1F/d9TR3zer1Czdpz/cOyQHwDUepM3iHpq+rnYPL7b8H5Eih1EINiMCmr3kPm5JRXOztBhSr0ndetKkXlcVGH5sjI3zj+tM43wA7qtaRJNvrEEHuhJT2LCepTZKD3x4S/7FS9T6WIvUGbwcnr1N/ceyCqjFHiCe8ESvRejtf/6Mvh8/2UZpgjOnwoPIdjZfrIRgIsOzt4LjbEIZ7GNQjPU1nV7YMKTKWGWhNB8J/mo06IiZ0KRvBIaFfomry4ZgeNpJg7SdUZMceFAW4Z7nYHhgciLMWmTl5ssVFTebvjZXZu9y5klT5NbAwPxZ4iJgWId3GKs5ptcUzUZDZ9B5eKPIcRO0ajXVS4lsLD1UJ47oDOYuh6UguuhFxzy8Pct9iCNu1KxHV2110KkzWCb2iRFcmq926aYYZ8Bq7AUcKFR2AaxigsW9afKSQD1Ivqs3TeAlXlulHsCKthcb5L8AAwCehEsTSl88KQAAAABJRU5ErkJggg==) |
|
|
Name: |
00000003.00000000.1280826697.00000000009EB000.00000002.00000001.01000000.00000004.sdmp
|
TargetID: |
3
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
9EB000
|
Size: |
49152
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected Stealc |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
6CDD1000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000003.00000002.1891875094.000000006CDD1000.00000020.00000001.01000000.00000009.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
6CDD1000
|
Size: |
1695744
|
|
9C0000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000003.00000000.1280774228.00000000009C0000.00000002.00000001.01000000.00000004.sdmp
|
TargetID: |
3
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
9C0000
|
Size: |
4096
|
|
9449000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1803085743.0000000009449000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9449000
|
Size: |
24576
|
|
9C1000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000003.00000000.1280793225.00000000009C1000.00000020.00000001.01000000.00000004.sdmp
|
TargetID: |
3
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
9C1000
|
Size: |
172032
|
|
955A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1887829878.000000000955A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
955A000
|
Size: |
450560
|
|
9420000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1541842072.0000000009420000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9420000
|
Size: |
57344
|
|
941F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1662544570.000000000941F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
941F000
|
Size: |
61440
|
|
6CFAE000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1892237682.000000006CFAE000.00000004.00000001.01000000.00000009.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
6CFAE000
|
Size: |
4096
|
|
2FAC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1884653460.0000000002FAC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2FAC000
|
Size: |
16384
|
|
33B0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1884821814.00000000033B0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
33B0000
|
Size: |
233472
|
|
941D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1661107489.000000000941D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
941D000
|
Size: |
4096
|
|
B27000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1883610538.0000000000B27000.00000004.00000001.01000000.00000004.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
B27000
|
Size: |
675840
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
|
9440000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1661905322.0000000009440000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9440000
|
Size: |
12288
|
|
943F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1656521322.000000000943F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
943F000
|
Size: |
16384
|
|
9440000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1662823930.0000000009440000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9440000
|
Size: |
12288
|
|
941F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1662084554.000000000941F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
941F000
|
Size: |
61440
|
|
31EB000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1884736395.00000000031EB000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
31EB000
|
Size: |
20480
|
|
61ED4000
|
direct allocation
|
page readonly
|
|
|
|
Name: |
00000003.00000002.1891798741.0000000061ED4000.00000002.00001000.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page readonly
|
Base address: |
61ED4000
|
Size: |
126976
|
|
CF7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1469713382.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
CF7000
|
Size: |
4096
|
|
9F7000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000003.00000000.1280846826.00000000009F7000.00000008.00000001.01000000.00000004.sdmp
|
TargetID: |
3
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
9F7000
|
Size: |
4096
|
|
109DF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1859172962.00000000109DF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
109DF000
|
Size: |
5242880
|
|
9600000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1544326025.0000000009600000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
9600000
|
Size: |
176128
|
|
2F6E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1884625695.0000000002F6E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2F6E000
|
Size: |
8192
|
|
700C1000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000003.00000002.1892404532.00000000700C1000.00000020.00000001.01000000.0000000A.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
700C1000
|
Size: |
507904
|
|
1080000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1884444688.0000000001080000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1080000
|
Size: |
8192
|
|
99FB000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1888374971.00000000099FB000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
99FB000
|
Size: |
20480
|
|
CF7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1469595649.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
CF7000
|
Size: |
4096
|
|
9587000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1661505737.0000000009587000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9587000
|
Size: |
8192
|
|
941F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1656543390.000000000941F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
941F000
|
Size: |
61440
|
|
CF7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1470754169.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
CF7000
|
Size: |
8192
|
|
942A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1662395166.000000000942A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
942A000
|
Size: |
4096
|
|
2D5F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000013.00000002.1929216611.0000000002D5F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
19
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2D5F000
|
Size: |
4096
|
|
61ED3000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1891736322.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
61ED3000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
30EC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1884705260.00000000030EC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
30EC000
|
Size: |
16384
|
|
61ED0000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1891736322.0000000061ED0000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
61ED0000
|
Size: |
4096
|
|
9433000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1661905322.0000000009433000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9433000
|
Size: |
24576
|
|
E08000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1293467378.0000000000E08000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
E08000
|
Size: |
32768
|
|
9411000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1662629908.0000000009411000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9411000
|
Size: |
16384
|
|
941D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1541628424.000000000941D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
941D000
|
Size: |
4096
|
|
9A16000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1803243522.0000000009A16000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9A16000
|
Size: |
4096
|
|
942C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1803188071.000000000942C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
942C000
|
Size: |
8192
|
|
9433000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1662734119.0000000009433000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9433000
|
Size: |
24576
|
|
33A1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1415520464.00000000033A1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
33A1000
|
Size: |
237568
|
|
CF7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1415749003.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
CF7000
|
Size: |
4096
|
|
9440000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1662186121.0000000009440000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9440000
|
Size: |
12288
|
|
9420000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1662186121.0000000009420000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9420000
|
Size: |
57344
|
|
930000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1883277740.0000000000930000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
930000
|
Size: |
4096
|
|
DFA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1293888719.0000000000DFA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
DFA000
|
Size: |
12288
|
|
D3E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1883981240.0000000000D3E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
D3E000
|
Size: |
8192
|
|
27AC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000013.00000002.1928836707.00000000027AC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
19
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
27AC000
|
Size: |
16384
|
|
9540000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1887829878.0000000009540000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9540000
|
Size: |
53248
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
61E01000
|
direct allocation
|
page execute read
|
|
|
|
Name: |
00000003.00000002.1891496709.0000000061E01000.00000020.00001000.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page execute read
|
Base address: |
61E01000
|
Size: |
733184
|
|
104CA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1862853060.00000000104CA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
104CA000
|
Size: |
8192
|
|
2B7E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000013.00000002.1929061926.0000000002B7E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
19
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2B7E000
|
Size: |
8192
|
|
941F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1662305607.000000000941F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
941F000
|
Size: |
4096
|
|
941F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1662440937.000000000941F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
941F000
|
Size: |
61440
|
|
105EB000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1891395912.00000000105EB000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
105EB000
|
Size: |
20480
|
|
CF7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1469566712.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
CF7000
|
Size: |
4096
|
|
108C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1884444688.000000000108C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
108C000
|
Size: |
12288
|
|
9440000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1662358417.0000000009440000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9440000
|
Size: |
4096
|
|
CF7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1415667174.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
CF7000
|
Size: |
4096
|
|
941D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1887503668.000000000941D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
941D000
|
Size: |
4096
|
|
CF5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1883918128.0000000000CF5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
CF5000
|
Size: |
12288
|
|
61ECC000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1891659982.0000000061ECC000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
61ECC000
|
Size: |
4096
|
|
33A0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1884821814.00000000033A0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
33A0000
|
Size: |
36864
|
|
9C1000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000003.00000002.1883483911.00000000009C1000.00000020.00000001.01000000.00000004.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
9C1000
|
Size: |
172032
|
|
941D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1662823930.000000000941D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
941D000
|
Size: |
4096
|
|
95EA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1887829878.00000000095EA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95EA000
|
Size: |
77824
|
|
DFF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1884035836.0000000000DFF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
DFF000
|
Size: |
335872
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
URLs found in memory or binary data |
Networking |
|
|
A94000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1883610538.0000000000A94000.00000004.00000001.01000000.00000004.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
A94000
|
Size: |
212992
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
URLs found in memory or binary data |
Networking |
|
|
9449000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1803313438.0000000009449000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9449000
|
Size: |
24576
|
|
8FE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1882953409.00000000008FE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
8FE000
|
Size: |
8192
|
|
9449000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1810610235.0000000009449000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9449000
|
Size: |
24576
|
|
942C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1803138203.000000000942C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
942C000
|
Size: |
8192
|
|
322E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1884756796.000000000322E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
322E000
|
Size: |
8192
|
|
CF7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1415731063.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
CF7000
|
Size: |
4096
|
|
CF7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1470186295.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
CF7000
|
Size: |
4096
|
|
700C0000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000003.00000002.1892371553.00000000700C0000.00000002.00000001.01000000.0000000A.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
700C0000
|
Size: |
4096
|
|
944E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1887680972.000000000944E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
944E000
|
Size: |
4096
|
|
957E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1661505737.000000000957E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
957E000
|
Size: |
8192
|
|
CF7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1470135945.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
CF7000
|
Size: |
4096
|
|
941D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1662629908.000000000941D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
941D000
|
Size: |
4096
|
|
A75000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1883610538.0000000000A75000.00000004.00000001.01000000.00000004.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
A75000
|
Size: |
77824
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
941D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1661793230.000000000941D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
941D000
|
Size: |
4096
|
|
9433000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1662544570.0000000009433000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9433000
|
Size: |
24576
|
|
6CFB0000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1892302011.000000006CFB0000.00000004.00000001.01000000.00000009.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
6CFB0000
|
Size: |
4096
|
|
9433000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1661987159.0000000009433000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9433000
|
Size: |
24576
|
|
CF7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1469930058.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
CF7000
|
Size: |
4096
|
|
941D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1661905322.000000000941D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
941D000
|
Size: |
4096
|
|
9970000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1821133095.0000000009970000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
9970000
|
Size: |
172032
|
|
941F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1541728479.000000000941F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
941F000
|
Size: |
61440
|
|
61E00000
|
direct allocation
|
page execute and read and write
|
|
|
|
Name: |
00000003.00000002.1891463895.0000000061E00000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
61E00000
|
Size: |
4096
|
|
CF7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1415646587.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
CF7000
|
Size: |
4096
|
|
942C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1810698293.000000000942C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
942C000
|
Size: |
8192
|
|
9440000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1662734119.0000000009440000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9440000
|
Size: |
12288
|
|
CF7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1415709602.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
CF7000
|
Size: |
4096
|
|
9433000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1662358417.0000000009433000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9433000
|
Size: |
24576
|
|
2D6F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1884575881.0000000002D6F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2D6F000
|
Size: |
4096
|
|
CF7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1470706959.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
CF7000
|
Size: |
4096
|
|
8F2000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1882953409.00000000008F2000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
8F2000
|
Size: |
8192
|
|
E55000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1884035836.0000000000E55000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
E55000
|
Size: |
4096
|
|
9438000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1803085743.0000000009438000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9438000
|
Size: |
4096
|
|
70152000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000003.00000002.1892557235.0000000070152000.00000002.00000001.01000000.0000000A.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
70152000
|
Size: |
24576
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
|
3390000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1884799251.0000000003390000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3390000
|
Size: |
4096
|
|
CF7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1470204803.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
CF7000
|
Size: |
4096
|
|
9500000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1887829878.0000000009500000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9500000
|
Size: |
126976
|
|
941F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1662823930.000000000941F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
941F000
|
Size: |
61440
|
|
7013D000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000003.00000002.1892482104.000000007013D000.00000002.00000001.01000000.0000000A.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
7013D000
|
Size: |
69632
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
9433000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1661107489.0000000009433000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9433000
|
Size: |
24576
|
|
941F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1662629908.000000000941F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
941F000
|
Size: |
61440
|
|
2E6F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1884603605.0000000002E6F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2E6F000
|
Size: |
4096
|
|
1042B000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1891358387.000000001042B000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1042B000
|
Size: |
20480
|
|
61EB4000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1891599838.0000000061EB4000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
61EB4000
|
Size: |
12288
|
|
33A1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1336051776.00000000033A1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
33A1000
|
Size: |
65536
|
|
94A7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1828219269.00000000094A7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
94A7000
|
Size: |
65536
|
|
5DB000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1882909874.00000000005DB000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5DB000
|
Size: |
20480
|
|
34A0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1336194035.00000000034A0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
34A0000
|
Size: |
180224
|
|
9441000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1662237173.0000000009441000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9441000
|
Size: |
8192
|
|
941D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1662734119.000000000941D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
941D000
|
Size: |
4096
|
|
61EB7000
|
direct allocation
|
page readonly
|
|
|
|
Name: |
00000003.00000002.1891629520.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page readonly
|
Base address: |
61EB7000
|
Size: |
86016
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
SQL strings found in memory and binary data |
System Summary |
|
|
941F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1661107489.000000000941F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
941F000
|
Size: |
61440
|
|
942A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1541862873.000000000942A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
942A000
|
Size: |
16384
|
|
942B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1662253143.000000000942B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
942B000
|
Size: |
12288
|
|
9440000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1803085743.0000000009440000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9440000
|
Size: |
12288
|
|
940C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1662440937.000000000940C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
940C000
|
Size: |
36864
|
|
D9A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1884035836.0000000000D9A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
D9A000
|
Size: |
8192
|
|
958F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1661505737.000000000958F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
958F000
|
Size: |
8192
|
|
954E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1887829878.000000000954E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
954E000
|
Size: |
16384
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
9412000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1662305607.0000000009412000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9412000
|
Size: |
8192
|
|
9433000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1662928962.0000000009433000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9433000
|
Size: |
24576
|
|
941F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1887503668.000000000941F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
941F000
|
Size: |
45056
|
|
9A0D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1810733291.0000000009A0D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9A0D000
|
Size: |
4096
|
|
9441000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1810979776.0000000009441000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9441000
|
Size: |
8192
|
|
2BE0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000013.00000002.1929128026.0000000002BE0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
19
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2BE0000
|
Size: |
24576
|
|
F8F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1884249320.0000000000F8F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
F8F000
|
Size: |
4096
|
|
CF0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1883918128.0000000000CF0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
CF0000
|
Size: |
16384
|
|
941F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1661905322.000000000941F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
941F000
|
Size: |
61440
|
|
7014E000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1892519920.000000007014E000.00000004.00000001.01000000.0000000A.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
7014E000
|
Size: |
8192
|
|
9426000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1811031528.0000000009426000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9426000
|
Size: |
16384
|
|
940000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1883335270.0000000000940000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
940000
|
Size: |
8192
|
|
9A05000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1810733291.0000000009A05000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9A05000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
9433000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1662253143.0000000009433000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9433000
|
Size: |
24576
|
|
9593000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1661505737.0000000009593000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9593000
|
Size: |
4096
|
|
CF7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1469994481.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
CF7000
|
Size: |
4096
|
|
9400000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1415132695.0000000009400000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
9400000
|
Size: |
176128
|
|
46E0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000013.00000002.1929242789.00000000046E0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
19
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46E0000
|
Size: |
20480
|
|
941D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1803138203.000000000941D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
941D000
|
Size: |
4096
|
|
61ECD000
|
direct allocation
|
page readonly
|
|
|
|
Name: |
00000003.00000002.1891693478.0000000061ECD000.00000002.00001000.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page readonly
|
Base address: |
61ECD000
|
Size: |
12288
|
|
99B0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1888346175.00000000099B0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
99B0000
|
Size: |
4096
|
|
9407000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1661107489.0000000009407000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9407000
|
Size: |
4096
|
|
957C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1661505737.000000000957C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
957C000
|
Size: |
4096
|
|
942A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1810883369.000000000942A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
942A000
|
Size: |
4096
|
|
9440000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1887680972.0000000009440000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9440000
|
Size: |
12288
|
|
9449000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1810851373.0000000009449000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9449000
|
Size: |
24576
|
|
9438000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1887680972.0000000009438000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9438000
|
Size: |
4096
|
|
34A0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1884917487.00000000034A0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
34A0000
|
Size: |
1110016
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
SQL strings found in memory and binary data |
System Summary |
|
URLs found in memory or binary data |
Networking |
|
|
9400000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1511143797.0000000009400000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
9400000
|
Size: |
188416
|
|
100E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1884360753.000000000100E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
100E000
|
Size: |
8192
|
|
CF7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1469524728.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
CF7000
|
Size: |
4096
|
|
9520000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1887829878.0000000009520000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9520000
|
Size: |
126976
|
|
9F7000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000003.00000002.1883563651.00000000009F7000.00000008.00000001.01000000.00000004.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
9F7000
|
Size: |
4096
|
|
9A13000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1810733291.0000000009A13000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9A13000
|
Size: |
12288
|
|
BF8000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1883610538.0000000000BF8000.00000004.00000001.01000000.00000004.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BF8000
|
Size: |
8192
|
|
9427000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1541087920.0000000009427000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9427000
|
Size: |
28672
|
|
942B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1661310790.000000000942B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
942B000
|
Size: |
12288
|
|
9427000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1541153751.0000000009427000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9427000
|
Size: |
28672
|
|
942C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1662395166.000000000942C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
942C000
|
Size: |
8192
|
|
6CDD0000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000003.00000002.1891842272.000000006CDD0000.00000002.00000001.01000000.00000009.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
6CDD0000
|
Size: |
4096
|
|
9A1E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1803243522.0000000009A1E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9A1E000
|
Size: |
4096
|
|
E00000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1293832333.0000000000E00000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
E00000
|
Size: |
32768
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
DDC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1884035836.0000000000DDC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
DDC000
|
Size: |
135168
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
URLs found in memory or binary data |
Networking |
|
|
941F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1661987159.000000000941F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
941F000
|
Size: |
61440
|
|
9424000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1511809099.0000000009424000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9424000
|
Size: |
40960
|
|
E0D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1293855052.0000000000E0D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
E0D000
|
Size: |
12288
|
|
9770000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1888249857.0000000009770000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9770000
|
Size: |
425984
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
|
9404000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1887426351.0000000009404000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9404000
|
Size: |
12288
|
|
941D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1662084554.000000000941D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
941D000
|
Size: |
4096
|
|
9440000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1662440937.0000000009440000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9440000
|
Size: |
12288
|
|
118E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1884553233.000000000118E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
118E000
|
Size: |
8192
|
|
2A50000
|
heap
|
page read and write
|
|
|
|
Name: |
00000013.00000002.1928895284.0000000002A50000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
19
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2A50000
|
Size: |
4096
|
|
9433000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1662823930.0000000009433000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9433000
|
Size: |
24576
|
|
941D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1662440937.000000000941D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
941D000
|
Size: |
4096
|
|
966E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1888176664.000000000966E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
966E000
|
Size: |
8192
|
|
940D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1541628424.000000000940D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
940D000
|
Size: |
24576
|
|
9427000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1541692918.0000000009427000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9427000
|
Size: |
28672
|
|
942C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1887614785.000000000942C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
942C000
|
Size: |
8192
|
|
9440000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1662544570.0000000009440000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9440000
|
Size: |
12288
|
|
2D1E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000013.00000002.1929189690.0000000002D1E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
19
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2D1E000
|
Size: |
8192
|
|
2BE8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000013.00000002.1929128026.0000000002BE8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
19
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2BE8000
|
Size: |
45056
|
|
30AC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1884679468.00000000030AC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
30AC000
|
Size: |
16384
|
|
27ED000
|
stack
|
page read and write
|
|
|
|
Name: |
00000013.00000002.1928869140.00000000027ED000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
19
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
27ED000
|
Size: |
12288
|
|
941A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1541798807.000000000941A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
941A000
|
Size: |
16384
|
|
941D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1662544570.000000000941D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
941D000
|
Size: |
4096
|
|
9413000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1662823930.0000000009413000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9413000
|
Size: |
8192
|
|
9440000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1810610235.0000000009440000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9440000
|
Size: |
12288
|
|
9433000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1662629908.0000000009433000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9433000
|
Size: |
24576
|
|
CF7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1469735986.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
CF7000
|
Size: |
4096
|
|
6CF6F000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000003.00000002.1892171917.000000006CF6F000.00000002.00000001.01000000.00000009.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
6CF6F000
|
Size: |
258048
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
SQL strings found in memory and binary data |
System Summary |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
941F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1661793230.000000000941F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
941F000
|
Size: |
61440
|
|
DCB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1884035836.0000000000DCB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
DCB000
|
Size: |
57344
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
URLs found in memory or binary data |
Networking |
|
|
CF7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1336085197.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
CF7000
|
Size: |
12288
|
|
940C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1661793230.000000000940C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
940C000
|
Size: |
32768
|
|
9422000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1541771522.0000000009422000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9422000
|
Size: |
49152
|
|
9442000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1661107489.0000000009442000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9442000
|
Size: |
4096
|
|
1083000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1884444688.0000000001083000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1083000
|
Size: |
8192
|
|
942B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1662966659.000000000942B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
942B000
|
Size: |
12288
|
|
6CFAF000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000003.00000002.1892272659.000000006CFAF000.00000008.00000001.01000000.00000009.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
6CFAF000
|
Size: |
4096
|
|
941D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1656543390.000000000941D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
941D000
|
Size: |
4096
|
|
97D8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1882520018.00000000097D8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
97D8000
|
Size: |
167936
|
|
CF7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1415688852.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
CF7000
|
Size: |
4096
|
|
95DB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1887829878.00000000095DB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95DB000
|
Size: |
53248
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
941B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1541087920.000000000941B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
941B000
|
Size: |
12288
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
SQL strings found in memory and binary data |
System Summary |
|
|
1087000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1884444688.0000000001087000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1087000
|
Size: |
4096
|
|
9433000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1661239751.0000000009433000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9433000
|
Size: |
24576
|
|
9433000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1661286084.0000000009433000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9433000
|
Size: |
24576
|
|
9438000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1810610235.0000000009438000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9438000
|
Size: |
4096
|
|
2BBE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000013.00000002.1929090593.0000000002BBE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
19
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2BBE000
|
Size: |
8192
|
|
942C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1810883369.000000000942C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
942C000
|
Size: |
8192
|
|
9440000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1662084554.0000000009440000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9440000
|
Size: |
12288
|
|
104C0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1862853060.00000000104C0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
104C0000
|
Size: |
20480
|
|
CF7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1470405928.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
CF7000
|
Size: |
4096
|
|
C0A000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000003.00000000.1280927434.0000000000C0A000.00000002.00000001.01000000.00000004.sdmp
|
TargetID: |
3
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
C0A000
|
Size: |
16384
|
|
E59000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1884035836.0000000000E59000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
E59000
|
Size: |
180224
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
8F8000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1882953409.00000000008F8000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
8F8000
|
Size: |
20480
|
|
33ED000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1884821814.00000000033ED000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
33ED000
|
Size: |
12288
|
|
941D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1662305607.000000000941D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
941D000
|
Size: |
4096
|
|
332F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1884777419.000000000332F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
332F000
|
Size: |
4096
|
|
2B30000
|
heap
|
page read and write
|
|
|
|
Name: |
00000013.00000002.1928947692.0000000002B30000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
19
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2B30000
|
Size: |
20480
|
|
D40000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1884008966.0000000000D40000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
D40000
|
Size: |
4096
|
|
104E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1884403052.000000000104E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
104E000
|
Size: |
8192
|
|
9400000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1887426351.0000000009400000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9400000
|
Size: |
8192
|
|
9433000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1662440937.0000000009433000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9433000
|
Size: |
24576
|
|
9440000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1662629908.0000000009440000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9440000
|
Size: |
12288
|
|
941F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1662734119.000000000941F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
941F000
|
Size: |
61440
|
|
C0A000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000003.00000002.1883888160.0000000000C0A000.00000002.00000001.01000000.00000004.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
C0A000
|
Size: |
16384
|
|
9440000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1661987159.0000000009440000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9440000
|
Size: |
12288
|
|
D90000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1884035836.0000000000D90000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
D90000
|
Size: |
36864
|
|
A90000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1883610538.0000000000A90000.00000004.00000001.01000000.00000004.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
A90000
|
Size: |
12288
|
|
9553000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1887829878.0000000009553000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9553000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
9411000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1661987159.0000000009411000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9411000
|
Size: |
12288
|
|
940D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1661107489.000000000940D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
940D000
|
Size: |
24576
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
SQL strings found in memory and binary data |
System Summary |
|
|
9427000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1541628424.0000000009427000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9427000
|
Size: |
28672
|
|
CF7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1469504948.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
CF7000
|
Size: |
4096
|
|
95C9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1887829878.00000000095C9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
95C9000
|
Size: |
4096
|
|
9412000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1662165861.0000000009412000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9412000
|
Size: |
8192
|
|
FCE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1884278288.0000000000FCE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
FCE000
|
Size: |
8192
|
|
106EC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1891431320.00000000106EC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
106EC000
|
Size: |
16384
|
|
941F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1541798807.000000000941F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
941F000
|
Size: |
61440
|
|
9581000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1661505737.0000000009581000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9581000
|
Size: |
4096
|
|
942A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1661239751.000000000942A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
942A000
|
Size: |
16384
|
|
CF7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1469679077.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
CF7000
|
Size: |
4096
|
|
9440000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1662253143.0000000009440000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9440000
|
Size: |
4096
|
|
9442000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1661221205.0000000009442000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9442000
|
Size: |
4096
|
|
9433000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1661793230.0000000009433000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9433000
|
Size: |
24576
|
|
2BC0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000013.00000002.1929110692.0000000002BC0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
19
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2BC0000
|
Size: |
4096
|
|
CF7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1470039812.0000000000CF7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
CF7000
|
Size: |
4096
|
|
9433000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1662084554.0000000009433000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9433000
|
Size: |
24576
|
|
9440000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1661793230.0000000009440000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9440000
|
Size: |
12288
|
|
6CFB5000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000003.00000002.1892333410.000000006CFB5000.00000002.00000001.01000000.00000009.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
6CFB5000
|
Size: |
73728
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
|
9598000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1661505737.0000000009598000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9598000
|
Size: |
8192
|
|
9433000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1662186121.0000000009433000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9433000
|
Size: |
24576
|
|
941F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1803138203.000000000941F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
941F000
|
Size: |
49152
|
|
9440000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1662928962.0000000009440000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9440000
|
Size: |
12288
|
|
941A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1541728479.000000000941A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
941A000
|
Size: |
16384
|
|
A44000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1883610538.0000000000A44000.00000004.00000001.01000000.00000004.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
A44000
|
Size: |
196608
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
DFF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1293888719.0000000000DFF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
DFF000
|
Size: |
4096
|
|
98E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1883398210.000000000098E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
98E000
|
Size: |
8192
|
|
9C0000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000003.00000002.1883447905.00000000009C0000.00000002.00000001.01000000.00000004.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
9C0000
|
Size: |
4096
|
|
976F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.1888213018.000000000976F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
976F000
|
Size: |
4096
|
|
941D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.1661987159.000000000941D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
941D000
|
Size: |
4096
|
|