IOC Report
MDE_File_Sample_c395ebf186fbad493007a4d0e8228d5ae83c8bc4.zip

loading gifFilesProcessesMemdumps10010Label

Files

File Path
Type
Category
Malicious
Download
MDE_File_Sample_c395ebf186fbad493007a4d0e8228d5ae83c8bc4.zip
Zip archive data, at least v2.0 to extract, compression method=deflate
initial sample
C:\Users\user\AppData\Local\Temp\unarchiver.log
ASCII text, with CRLF line terminators
dropped

Processes

Path
Cmdline
Malicious
C:\Windows\SysWOW64\unarchiver.exe
"C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Desktop\MDE_File_Sample_c395ebf186fbad493007a4d0e8228d5ae83c8bc4.zip"
C:\Windows\SysWOW64\7za.exe
"C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\uhu43pkm.a2x" "C:\Users\user\Desktop\MDE_File_Sample_c395ebf186fbad493007a4d0e8228d5ae83c8bc4.zip"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Memdumps

Base Address
Regiontype
Protect
Malicious
Download
12F0000
heap
page read and write
2FAB000
trusted library allocation
page read and write
10A0000
heap
page read and write
2FAE000
trusted library allocation
page read and write
2F73000
trusted library allocation
page read and write
520D000
stack
page read and write
2FD5000
trusted library allocation
page read and write
FD0000
trusted library allocation
page read and write
2B9E000
stack
page read and write
F80000
heap
page read and write
2F34000
trusted library allocation
page read and write
FA0000
heap
page read and write
E66000
heap
page read and write
2FE3000
trusted library allocation
page read and write
2F37000
trusted library allocation
page read and write
2F45000
trusted library allocation
page read and write
2F59000
trusted library allocation
page read and write
2FE6000
trusted library allocation
page read and write
55EE000
stack
page read and write
F5A000
trusted library allocation
page execute and read and write
9D6000
stack
page read and write
2F95000
trusted library allocation
page read and write
2F15000
trusted library allocation
page read and write
12EF000
stack
page read and write
2F8F000
trusted library allocation
page read and write
2F8A000
trusted library allocation
page read and write
9DB000
stack
page read and write
2FBC000
trusted library allocation
page read and write
2CD0000
heap
page read and write
E4E000
heap
page read and write
11EE000
stack
page read and write
E40000
heap
page read and write
EB4000
heap
page read and write
2FE0000
trusted library allocation
page read and write
2F9D000
trusted library allocation
page read and write
E12000
trusted library allocation
page execute and read and write
530E000
stack
page read and write
12D0000
trusted library allocation
page execute and read and write
7F5A0000
trusted library allocation
page execute and read and write
2F84000
trusted library allocation
page read and write
2FB1000
trusted library allocation
page read and write
2FCA000
trusted library allocation
page read and write
D20000
heap
page read and write
2F6B000
trusted library allocation
page read and write
9D9000
stack
page read and write
2CC5000
heap
page read and write
2FA0000
trusted library allocation
page read and write
3EE1000
trusted library allocation
page read and write
2FC4000
trusted library allocation
page read and write
122E000
stack
page read and write
E3A000
trusted library allocation
page execute and read and write
10D0000
heap
page read and write
2F65000
trusted library allocation
page read and write
2F92000
trusted library allocation
page read and write
2FA8000
trusted library allocation
page read and write
2F48000
trusted library allocation
page read and write
1430000
heap
page read and write
E32000
trusted library allocation
page execute and read and write
2FA3000
trusted library allocation
page read and write
2F81000
trusted library allocation
page read and write
C40000
heap
page read and write
2F79000
trusted library allocation
page read and write
2FE9000
trusted library allocation
page read and write
D95000
heap
page read and write
2FC7000
trusted library allocation
page read and write
2FD2000
trusted library allocation
page read and write
4F1E000
stack
page read and write
F67000
trusted library allocation
page execute and read and write
E3C000
trusted library allocation
page execute and read and write
2F6E000
trusted library allocation
page read and write
2FB6000
trusted library allocation
page read and write
F52000
trusted library allocation
page execute and read and write
2C00000
trusted library allocation
page read and write
2F2F000
trusted library allocation
page read and write
FA0000
heap
page read and write
2FD8000
trusted library allocation
page read and write
2F68000
trusted library allocation
page read and write
2BF0000
heap
page read and write
EAA000
heap
page read and write
E00000
trusted library allocation
page read and write
D90000
heap
page read and write
F5D000
stack
page read and write
EA8000
heap
page read and write
E4A000
heap
page read and write
2FDB000
trusted library allocation
page read and write
FA8000
heap
page read and write
501E000
stack
page read and write
2F10000
trusted library allocation
page read and write
132E000
stack
page read and write
2F7C000
trusted library allocation
page read and write
2F76000
trusted library allocation
page read and write
8DC000
stack
page read and write
54EE000
stack
page read and write
2FCD000
trusted library allocation
page read and write
E5C000
stack
page read and write
2CC0000
heap
page read and write
2F87000
trusted library allocation
page read and write
2F50000
trusted library allocation
page read and write
E1A000
trusted library allocation
page execute and read and write
2EE1000
trusted library allocation
page read and write
2F56000
trusted library allocation
page read and write
E30000
trusted library allocation
page read and write
E7D000
heap
page read and write
2FBF000
trusted library allocation
page read and write
142F000
stack
page read and write
2FB9000
trusted library allocation
page read and write
2F42000
trusted library allocation
page read and write
E20000
heap
page execute and read and write
FE0000
heap
page read and write
2F4A000
trusted library allocation
page read and write
F6B000
trusted library allocation
page execute and read and write
2F60000
trusted library allocation
page read and write
2F98000
trusted library allocation
page read and write
There are 103 hidden memdumps, click here to show them.