Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
Rebina.exe
|
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
||
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Rebina.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_RegAsm.exe_cdf1f590d4d1aeb836bb3e9d80b6b2ec3c893ae1_80aeb773_14a7aa62-d666-4161-b5bb-c20704d60ba3\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER71BA.tmp.dmp
|
Mini DuMP crash report, 15 streams, Wed Aug 28 09:17:02 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER72A5.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER72D5.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\Rebina.exe
|
"C:\Users\user\Desktop\Rebina.exe"
|
||
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
||
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
||
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 5232 -s 1624
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
stamppreewntnq.shop
|
|||
condedqpwqm.shop
|
|||
https://assumptionflattyou.shop/api
|
104.21.66.182
|
||
evoliutwoqm.shop
|
|||
assumptionflattyou.shop
|
|||
locatedblsoqp.shop
|
|||
caffegclasiqwp.shop
|
|||
https://assumptionflattyou.shop/
|
unknown
|
||
https://assumptionflattyou.shop/api:
|
unknown
|
||
millyscroqwp.shop
|
|||
https://assumptionflattyou.shop/pic
|
unknown
|
||
stagedchheiqwo.shop
|
|||
traineiwnqo.shop
|
|||
http://upx.sf.net
|
unknown
|
There are 4 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
assumptionflattyou.shop
|
104.21.66.182
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
104.21.66.182
|
assumptionflattyou.shop
|
United States
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
\REGISTRY\A\{3e0ed85b-c290-1f97-f4b3-01854d41006b}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
ProgramId
|
||
\REGISTRY\A\{3e0ed85b-c290-1f97-f4b3-01854d41006b}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
FileId
|
||
\REGISTRY\A\{3e0ed85b-c290-1f97-f4b3-01854d41006b}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
LowerCaseLongPath
|
||
\REGISTRY\A\{3e0ed85b-c290-1f97-f4b3-01854d41006b}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
LongPathHash
|
||
\REGISTRY\A\{3e0ed85b-c290-1f97-f4b3-01854d41006b}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
Name
|
||
\REGISTRY\A\{3e0ed85b-c290-1f97-f4b3-01854d41006b}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
OriginalFileName
|
||
\REGISTRY\A\{3e0ed85b-c290-1f97-f4b3-01854d41006b}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
Publisher
|
||
\REGISTRY\A\{3e0ed85b-c290-1f97-f4b3-01854d41006b}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
Version
|
||
\REGISTRY\A\{3e0ed85b-c290-1f97-f4b3-01854d41006b}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
BinFileVersion
|
||
\REGISTRY\A\{3e0ed85b-c290-1f97-f4b3-01854d41006b}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
BinaryType
|
||
\REGISTRY\A\{3e0ed85b-c290-1f97-f4b3-01854d41006b}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
ProductName
|
||
\REGISTRY\A\{3e0ed85b-c290-1f97-f4b3-01854d41006b}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
ProductVersion
|
||
\REGISTRY\A\{3e0ed85b-c290-1f97-f4b3-01854d41006b}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
LinkDate
|
||
\REGISTRY\A\{3e0ed85b-c290-1f97-f4b3-01854d41006b}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
BinProductVersion
|
||
\REGISTRY\A\{3e0ed85b-c290-1f97-f4b3-01854d41006b}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
AppxPackageFullName
|
||
\REGISTRY\A\{3e0ed85b-c290-1f97-f4b3-01854d41006b}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
AppxPackageRelativeId
|
||
\REGISTRY\A\{3e0ed85b-c290-1f97-f4b3-01854d41006b}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
Size
|
||
\REGISTRY\A\{3e0ed85b-c290-1f97-f4b3-01854d41006b}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
Language
|
||
\REGISTRY\A\{3e0ed85b-c290-1f97-f4b3-01854d41006b}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
IsOsComponent
|
||
\REGISTRY\A\{3e0ed85b-c290-1f97-f4b3-01854d41006b}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
Usn
|
There are 10 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
1046000
|
heap
|
page read and write
|
||
E62000
|
heap
|
page read and write
|
||
105E000
|
stack
|
page read and write
|
||
2C2F000
|
stack
|
page read and write
|
||
2AB0000
|
heap
|
page execute and read and write
|
||
C80000
|
trusted library allocation
|
page read and write
|
||
286E000
|
stack
|
page read and write
|
||
2AC1000
|
trusted library allocation
|
page read and write
|
||
2A4E000
|
stack
|
page read and write
|
||
E10000
|
heap
|
page read and write
|
||
28AD000
|
stack
|
page read and write
|
||
CB0000
|
trusted library allocation
|
page read and write
|
||
9CC000
|
stack
|
page read and write
|
||
29AE000
|
stack
|
page read and write
|
||
E2E000
|
heap
|
page read and write
|
||
E46000
|
heap
|
page read and write
|
||
E2A000
|
heap
|
page read and write
|
||
2B2E000
|
stack
|
page read and write
|
||
30EF000
|
stack
|
page read and write
|
||
682000
|
unkown
|
page readonly
|
||
2AED000
|
stack
|
page read and write
|
||
312E000
|
stack
|
page read and write
|
||
CDB000
|
trusted library allocation
|
page execute and read and write
|
||
FF0000
|
heap
|
page read and write
|
||
C4E000
|
stack
|
page read and write
|
||
C93000
|
trusted library allocation
|
page execute and read and write
|
||
10A0000
|
trusted library allocation
|
page read and write
|
||
11A0000
|
heap
|
page read and write
|
||
2FEE000
|
stack
|
page read and write
|
||
3AC5000
|
trusted library allocation
|
page read and write
|
||
109D000
|
stack
|
page read and write
|
||
680000
|
unkown
|
page readonly
|
||
E54000
|
heap
|
page read and write
|
||
C50000
|
heap
|
page read and write
|
||
DFF000
|
stack
|
page read and write
|
||
D30000
|
heap
|
page read and write
|
||
105A000
|
heap
|
page read and write
|
||
101F000
|
stack
|
page read and write
|
||
C94000
|
trusted library allocation
|
page read and write
|
||
7C0000
|
heap
|
page read and write
|
||
44C000
|
remote allocation
|
page execute and read and write
|
||
1074000
|
heap
|
page read and write
|
||
2AC3000
|
trusted library allocation
|
page read and write
|
||
10DD000
|
heap
|
page read and write
|
||
4BBE000
|
stack
|
page read and write
|
||
E30000
|
heap
|
page read and write
|
||
322E000
|
stack
|
page read and write
|
||
102A000
|
heap
|
page read and write
|
||
E50000
|
heap
|
page read and write
|
||
E35000
|
heap
|
page read and write
|
||
CFC000
|
stack
|
page read and write
|
||
1020000
|
heap
|
page read and write
|
||
10DB000
|
heap
|
page read and write
|
||
CB4000
|
trusted library allocation
|
page read and write
|
||
400000
|
remote allocation
|
page execute and read and write
|
||
276E000
|
stack
|
page read and write
|
||
1053000
|
heap
|
page read and write
|
||
6CA000
|
unkown
|
page readonly
|
||
CF0000
|
heap
|
page read and write
|
||
1071000
|
heap
|
page read and write
|
||
104F000
|
heap
|
page read and write
|
||
CF5000
|
heap
|
page read and write
|
||
2AC2000
|
trusted library allocation
|
page execute and read and write
|
||
10E0000
|
heap
|
page read and write
|
||
3AC1000
|
trusted library allocation
|
page read and write
|
||
CA0000
|
heap
|
page read and write
|
||
E4C000
|
heap
|
page read and write
|
||
29ED000
|
stack
|
page read and write
|
||
AFB000
|
stack
|
page read and write
|
||
E10000
|
trusted library allocation
|
page execute and read and write
|
||
C0E000
|
stack
|
page read and write
|
||
7D0000
|
heap
|
page read and write
|
||
75C000
|
stack
|
page read and write
|
||
E20000
|
heap
|
page read and write
|
There are 64 hidden memdumps, click here to show them.