IOC Report
MDE_File_Sample_5c36f343639864ca048d9aff98fc24b2e8bfbb7c.zip

loading gifFilesProcessesMemdumps10010Label

Files

File Path
Type
Category
Malicious
Download
MDE_File_Sample_5c36f343639864ca048d9aff98fc24b2e8bfbb7c.zip
Zip archive data, at least v2.0 to extract, compression method=deflate
initial sample
C:\Users\user\AppData\Local\Temp\unarchiver.log
ASCII text, with CRLF line terminators
dropped

Processes

Path
Cmdline
Malicious
C:\Windows\SysWOW64\unarchiver.exe
"C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Desktop\MDE_File_Sample_5c36f343639864ca048d9aff98fc24b2e8bfbb7c.zip"
C:\Windows\SysWOW64\7za.exe
"C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\k5ttgjw3.uqz" "C:\Users\user\Desktop\MDE_File_Sample_5c36f343639864ca048d9aff98fc24b2e8bfbb7c.zip"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Memdumps

Base Address
Regiontype
Protect
Malicious
Download
1110000
trusted library allocation
page read and write
E10000
heap
page read and write
E0A000
trusted library allocation
page execute and read and write
2F29000
trusted library allocation
page read and write
111C000
trusted library allocation
page execute and read and write
2EE5000
trusted library allocation
page read and write
1200000
trusted library allocation
page execute and read and write
11C0000
heap
page read and write
1210000
heap
page read and write
A0E000
stack
page read and write
54CE000
stack
page read and write
2FB6000
trusted library allocation
page read and write
12C0000
heap
page read and write
A70000
heap
page read and write
2FA2000
trusted library allocation
page read and write
2F5F000
trusted library allocation
page read and write
E1A000
heap
page read and write
1147000
trusted library allocation
page execute and read and write
2F7B000
trusted library allocation
page read and write
C30000
heap
page read and write
1132000
trusted library allocation
page execute and read and write
C20000
heap
page read and write
2F06000
trusted library allocation
page read and write
2F3B000
trusted library allocation
page read and write
2640000
heap
page read and write
2F35000
trusted library allocation
page read and write
7FB50000
trusted library allocation
page execute and read and write
CA8000
heap
page read and write
2FB3000
trusted library allocation
page read and write
1140000
trusted library allocation
page read and write
2F94000
trusted library allocation
page read and write
C45000
heap
page read and write
2F97000
trusted library allocation
page read and write
2F1F000
trusted library allocation
page read and write
2F3E000
trusted library allocation
page read and write
2F9A000
trusted library allocation
page read and write
4FEE000
stack
page read and write
51ED000
stack
page read and write
2F57000
trusted library allocation
page read and write
2F89000
trusted library allocation
page read and write
2F62000
trusted library allocation
page read and write
2F30000
trusted library allocation
page read and write
2FA8000
trusted library allocation
page read and write
2F81000
trusted library allocation
page read and write
2F70000
trusted library allocation
page read and write
55CE000
stack
page read and write
2F00000
trusted library allocation
page read and write
BBE000
stack
page read and write
2F4C000
trusted library allocation
page read and write
113A000
trusted library allocation
page execute and read and write
D50000
heap
page read and write
2F14000
trusted library allocation
page read and write
2F43000
trusted library allocation
page read and write
2EE0000
trusted library allocation
page read and write
2F54000
trusted library allocation
page read and write
DF0000
trusted library allocation
page read and write
2F19000
trusted library allocation
page read and write
52EA000
stack
page read and write
2F38000
trusted library allocation
page read and write
BC0000
trusted library allocation
page read and write
2EF8000
trusted library allocation
page read and write
2FA5000
trusted library allocation
page read and write
2F46000
trusted library allocation
page read and write
2F86000
trusted library allocation
page read and write
9B9000
stack
page read and write
11F0000
trusted library allocation
page read and write
2F49000
trusted library allocation
page read and write
3EB1000
trusted library allocation
page read and write
2F65000
trusted library allocation
page read and write
2F51000
trusted library allocation
page read and write
2F7E000
trusted library allocation
page read and write
E4E000
heap
page read and write
E9E000
stack
page read and write
E36000
heap
page read and write
1112000
trusted library allocation
page execute and read and write
E1E000
heap
page read and write
2F8F000
trusted library allocation
page read and write
4EEE000
stack
page read and write
2B6E000
stack
page read and write
2EB1000
trusted library allocation
page read and write
2F6D000
trusted library allocation
page read and write
8BC000
stack
page read and write
2FB0000
trusted library allocation
page read and write
2F9D000
trusted library allocation
page read and write
A4E000
stack
page read and write
CA0000
heap
page read and write
2F73000
trusted library allocation
page read and write
5F0000
heap
page read and write
2F11000
trusted library allocation
page read and write
9B6000
stack
page read and write
C40000
heap
page read and write
9BB000
stack
page read and write
E83000
heap
page read and write
8FD000
stack
page read and write
A95000
heap
page read and write
E7F000
heap
page read and write
A90000
heap
page read and write
111A000
trusted library allocation
page execute and read and write
2F26000
trusted library allocation
page read and write
2F5A000
trusted library allocation
page read and write
AB0000
heap
page read and write
11BE000
stack
page read and write
1170000
heap
page execute and read and write
58C000
stack
page read and write
A50000
heap
page read and write
E02000
trusted library allocation
page execute and read and write
2FAB000
trusted library allocation
page read and write
114B000
trusted library allocation
page execute and read and write
2F68000
trusted library allocation
page read and write
2F8C000
trusted library allocation
page read and write
There are 100 hidden memdumps, click here to show them.