Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
BULK HARVEST - VESSEL PARTICULARS.docx.scr.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\BULK HARVEST - VESSEL PARTICULARS.docx.scr.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_c3geqewl.mfc.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_j0yy3yb5.33l.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ti0ec2vn.jab.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xm4obhw3.kei.ps1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\BULK HARVEST - VESSEL PARTICULARS.docx.scr.exe
|
"C:\Users\user\Desktop\BULK HARVEST - VESSEL PARTICULARS.docx.scr.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\BULK HARVEST
- VESSEL PARTICULARS.docx.scr.exe"
|
|
|
|
C:\Users\user\Desktop\BULK HARVEST - VESSEL PARTICULARS.docx.scr.exe
|
"C:\Users\user\Desktop\BULK HARVEST - VESSEL PARTICULARS.docx.scr.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://api.ipify.org/
|
172.67.74.152
|
||
|
https://api.ipify.org
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
https://api.ipify.org/t
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://beirutrest.com
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
beirutrest.com
|
50.87.144.157
|
|
|
|
api.ipify.org
|
172.67.74.152
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
50.87.144.157
|
beirutrest.com
|
United States
|
|
|
|
172.67.74.152
|
api.ipify.org
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BULK HARVEST - VESSEL PARTICULARS_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BULK HARVEST - VESSEL PARTICULARS_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BULK HARVEST - VESSEL PARTICULARS_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BULK HARVEST - VESSEL PARTICULARS_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BULK HARVEST - VESSEL PARTICULARS_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BULK HARVEST - VESSEL PARTICULARS_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BULK HARVEST - VESSEL PARTICULARS_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BULK HARVEST - VESSEL PARTICULARS_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BULK HARVEST - VESSEL PARTICULARS_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BULK HARVEST - VESSEL PARTICULARS_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BULK HARVEST - VESSEL PARTICULARS_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BULK HARVEST - VESSEL PARTICULARS_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BULK HARVEST - VESSEL PARTICULARS_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BULK HARVEST - VESSEL PARTICULARS_RASMANCS
|
FileDirectory
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2CDC000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
34C9000
|
trusted library allocation
|
page read and write
|
|
|
|
2CB1000
|
trusted library allocation
|
page read and write
|
|
|
|
6A6E000
|
stack
|
page read and write
|
||
|
8DC000
|
heap
|
page read and write
|
||
|
107B000
|
heap
|
page read and write
|
||
|
E20000
|
heap
|
page read and write
|
||
|
11FE000
|
stack
|
page read and write
|
||
|
52F3000
|
heap
|
page read and write
|
||
|
EB2000
|
trusted library allocation
|
page read and write
|
||
|
1089000
|
heap
|
page read and write
|
||
|
625E000
|
stack
|
page read and write
|
||
|
2A9E000
|
trusted library allocation
|
page read and write
|
||
|
9FF000
|
stack
|
page read and write
|
||
|
2CA1000
|
trusted library allocation
|
page read and write
|
||
|
F7E000
|
stack
|
page read and write
|
||
|
83D0000
|
heap
|
page read and write
|
||
|
2B50000
|
heap
|
page read and write
|
||
|
465C000
|
stack
|
page read and write
|
||
|
842000
|
heap
|
page read and write
|
||
|
5898000
|
trusted library allocation
|
page read and write
|
||
|
8B4000
|
heap
|
page read and write
|
||
|
2A80000
|
trusted library allocation
|
page read and write
|
||
|
2A8E000
|
trusted library allocation
|
page read and write
|
||
|
834000
|
heap
|
page read and write
|
||
|
69C0000
|
trusted library allocation
|
page read and write
|
||
|
4CA0000
|
trusted library allocation
|
page read and write
|
||
|
4CB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
69DE000
|
stack
|
page read and write
|
||
|
4AA0000
|
heap
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
4C80000
|
trusted library allocation
|
page read and write
|
||
|
4E40000
|
trusted library allocation
|
page read and write
|
||
|
2A86000
|
trusted library allocation
|
page read and write
|
||
|
577000
|
stack
|
page read and write
|
||
|
4C70000
|
trusted library allocation
|
page read and write
|
||
|
BEE000
|
trusted library allocation
|
page read and write
|
||
|
8AC000
|
heap
|
page read and write
|
||
|
2AFC000
|
stack
|
page read and write
|
||
|
252E000
|
trusted library allocation
|
page read and write
|
||
|
6860000
|
trusted library allocation
|
page read and write
|
||
|
58AD000
|
trusted library allocation
|
page read and write
|
||
|
24BF000
|
stack
|
page read and write
|
||
|
7F670000
|
trusted library allocation
|
page execute and read and write
|
||
|
5270000
|
heap
|
page execute and read and write
|
||
|
4A10000
|
trusted library allocation
|
page read and write
|
||
|
8DA000
|
heap
|
page read and write
|
||
|
99A000
|
stack
|
page read and write
|
||
|
B2DC000
|
stack
|
page read and write
|
||
|
EA6000
|
trusted library allocation
|
page execute and read and write
|
||
|
4EC1000
|
heap
|
page read and write
|
||
|
E60000
|
trusted library allocation
|
page read and write
|
||
|
2A9A000
|
trusted library allocation
|
page read and write
|
||
|
B3DC000
|
stack
|
page read and write
|
||
|
6E20000
|
heap
|
page read and write
|
||
|
4A6B000
|
stack
|
page read and write
|
||
|
6528000
|
heap
|
page read and write
|
||
|
7E7000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CE2000
|
trusted library allocation
|
page read and write
|
||
|
49A0000
|
trusted library allocation
|
page read and write
|
||
|
B05E000
|
stack
|
page read and write
|
||
|
F20000
|
trusted library allocation
|
page read and write
|
||
|
2AA1000
|
trusted library allocation
|
page read and write
|
||
|
827000
|
heap
|
page read and write
|
||
|
49B0000
|
trusted library allocation
|
page read and write
|
||
|
12D0000
|
heap
|
page read and write
|
||
|
B29E000
|
stack
|
page read and write
|
||
|
4E60000
|
trusted library allocation
|
page execute and read and write
|
||
|
6F30000
|
heap
|
page read and write
|
||
|
68B0000
|
trusted library allocation
|
page read and write
|
||
|
68C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A8B000
|
trusted library allocation
|
page read and write
|
||
|
F24000
|
trusted library allocation
|
page read and write
|
||
|
69AE000
|
stack
|
page read and write
|
||
|
1000000
|
heap
|
page read and write
|
||
|
2AAD000
|
trusted library allocation
|
page read and write
|
||
|
E74000
|
trusted library allocation
|
page read and write
|
||
|
4EA0000
|
heap
|
page read and write
|
||
|
68D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
C10000
|
heap
|
page read and write
|
||
|
7D2000
|
trusted library allocation
|
page read and write
|
||
|
74E000
|
stack
|
page read and write
|
||
|
52E0000
|
heap
|
page read and write
|
||
|
4AB3000
|
heap
|
page read and write
|
||
|
6BEF000
|
stack
|
page read and write
|
||
|
7DA000
|
trusted library allocation
|
page execute and read and write
|
||
|
B19E000
|
stack
|
page read and write
|
||
|
7D6000
|
trusted library allocation
|
page execute and read and write
|
||
|
7C3000
|
trusted library allocation
|
page read and write
|
||
|
B90000
|
trusted library allocation
|
page execute and read and write
|
||
|
1034000
|
heap
|
page read and write
|
||
|
587E000
|
stack
|
page read and write
|
||
|
7B0000
|
trusted library allocation
|
page read and write
|
||
|
6A1D000
|
stack
|
page read and write
|
||
|
6F2F000
|
stack
|
page read and write
|
||
|
675E000
|
stack
|
page read and write
|
||
|
671E000
|
stack
|
page read and write
|
||
|
ED0000
|
trusted library allocation
|
page read and write
|
||
|
2A92000
|
trusted library allocation
|
page read and write
|
||
|
3C61000
|
trusted library allocation
|
page read and write
|
||
|
4C5E000
|
stack
|
page read and write
|
||
|
BC0000
|
trusted library allocation
|
page read and write
|
||
|
BB0000
|
heap
|
page read and write
|
||
|
4C60000
|
trusted library allocation
|
page read and write
|
||
|
108C000
|
heap
|
page read and write
|
||
|
6890000
|
trusted library allocation
|
page read and write
|
||
|
AEDE000
|
stack
|
page read and write
|
||
|
7E2000
|
trusted library allocation
|
page read and write
|
||
|
4E10000
|
trusted library allocation
|
page read and write
|
||
|
89C000
|
heap
|
page read and write
|
||
|
44C8000
|
trusted library allocation
|
page read and write
|
||
|
102A000
|
heap
|
page read and write
|
||
|
EA2000
|
trusted library allocation
|
page read and write
|
||
|
479000
|
stack
|
page read and write
|
||
|
80B000
|
heap
|
page read and write
|
||
|
4D10000
|
heap
|
page read and write
|
||
|
E85000
|
heap
|
page read and write
|
||
|
4E90000
|
heap
|
page read and write
|
||
|
24C1000
|
trusted library allocation
|
page read and write
|
||
|
7C0000
|
trusted library allocation
|
page read and write
|
||
|
661E000
|
stack
|
page read and write
|
||
|
E90000
|
trusted library allocation
|
page read and write
|
||
|
6D92000
|
trusted library allocation
|
page read and write
|
||
|
4E5E000
|
stack
|
page read and write
|
||
|
4E80000
|
heap
|
page read and write
|
||
|
EA0000
|
trusted library allocation
|
page read and write
|
||
|
AF1E000
|
stack
|
page read and write
|
||
|
2C9F000
|
trusted library allocation
|
page read and write
|
||
|
BA0000
|
heap
|
page execute and read and write
|
||
|
49D0000
|
trusted library allocation
|
page read and write
|
||
|
4E50000
|
trusted library allocation
|
page execute and read and write
|
||
|
685E000
|
stack
|
page read and write
|
||
|
ABCE000
|
stack
|
page read and write
|
||
|
78E000
|
stack
|
page read and write
|
||
|
6B20000
|
trusted library section
|
page read and write
|
||
|
69B7000
|
trusted library allocation
|
page read and write
|
||
|
BFD000
|
trusted library allocation
|
page read and write
|
||
|
80E000
|
heap
|
page read and write
|
||
|
6C8D000
|
stack
|
page read and write
|
||
|
69B0000
|
trusted library allocation
|
page read and write
|
||
|
696F000
|
stack
|
page read and write
|
||
|
675E000
|
stack
|
page read and write
|
||
|
2538000
|
trusted library allocation
|
page read and write
|
||
|
6C20000
|
heap
|
page read and write
|
||
|
F37000
|
heap
|
page read and write
|
||
|
B8B000
|
stack
|
page read and write
|
||
|
6867000
|
trusted library allocation
|
page read and write
|
||
|
EBB000
|
trusted library allocation
|
page execute and read and write
|
||
|
685E000
|
stack
|
page read and write
|
||
|
49C5000
|
trusted library allocation
|
page read and write
|
||
|
4E30000
|
trusted library allocation
|
page read and write
|
||
|
BD0000
|
trusted library allocation
|
page read and write
|
||
|
2C5E000
|
stack
|
page read and write
|
||
|
FBE000
|
stack
|
page read and write
|
||
|
EB5000
|
trusted library allocation
|
page execute and read and write
|
||
|
52F0000
|
heap
|
page read and write
|
||
|
6C30000
|
trusted library allocation
|
page execute and read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
E7D000
|
trusted library allocation
|
page execute and read and write
|
||
|
8427000
|
heap
|
page read and write
|
||
|
2CF0000
|
trusted library allocation
|
page read and write
|
||
|
68DE000
|
stack
|
page read and write
|
||
|
B3F0000
|
trusted library allocation
|
page read and write
|
||
|
4CE0000
|
heap
|
page read and write
|
||
|
4CD0000
|
heap
|
page read and write
|
||
|
E1E000
|
stack
|
page read and write
|
||
|
58A0000
|
trusted library allocation
|
page read and write
|
||
|
83F000
|
heap
|
page read and write
|
||
|
E73000
|
trusted library allocation
|
page execute and read and write
|
||
|
BDB000
|
trusted library allocation
|
page read and write
|
||
|
563C000
|
stack
|
page read and write
|
||
|
C17000
|
heap
|
page read and write
|
||
|
2C97000
|
trusted library allocation
|
page read and write
|
||
|
B4E000
|
stack
|
page read and write
|
||
|
EE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
EF0000
|
trusted library allocation
|
page read and write
|
||
|
5300000
|
heap
|
page read and write
|
||
|
34C1000
|
trusted library allocation
|
page read and write
|
||
|
2AA6000
|
trusted library allocation
|
page read and write
|
||
|
ACCE000
|
stack
|
page read and write
|
||
|
142000
|
unkown
|
page readonly
|
||
|
4D5E000
|
stack
|
page read and write
|
||
|
12D7000
|
heap
|
page read and write
|
||
|
E80000
|
heap
|
page read and write
|
||
|
6870000
|
trusted library allocation
|
page execute and read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
10D2000
|
heap
|
page read and write
|
||
|
83E2000
|
heap
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
2C61000
|
trusted library allocation
|
page read and write
|
||
|
7A0000
|
trusted library allocation
|
page read and write
|
||
|
1208000
|
trusted library allocation
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
6B6E000
|
stack
|
page read and write
|
||
|
2CAD000
|
trusted library allocation
|
page read and write
|
||
|
B00000
|
trusted library allocation
|
page read and write
|
||
|
6860000
|
trusted library allocation
|
page read and write
|
||
|
4AB0000
|
heap
|
page read and write
|
||
|
4E20000
|
trusted library allocation
|
page execute and read and write
|
||
|
3CCC000
|
trusted library allocation
|
page read and write
|
||
|
BF6000
|
trusted library allocation
|
page read and write
|
||
|
F00000
|
heap
|
page execute and read and write
|
||
|
12A0000
|
trusted library allocation
|
page read and write
|
||
|
E9D000
|
trusted library allocation
|
page execute and read and write
|
||
|
8412000
|
heap
|
page read and write
|
||
|
10C9000
|
heap
|
page read and write
|
||
|
2CD8000
|
trusted library allocation
|
page read and write
|
||
|
AFE000
|
stack
|
page read and write
|
||
|
CF9000
|
stack
|
page read and write
|
||
|
140000
|
unkown
|
page readonly
|
||
|
F10000
|
trusted library allocation
|
page read and write
|
||
|
101E000
|
heap
|
page read and write
|
||
|
7CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D15000
|
heap
|
page read and write
|
||
|
E70000
|
trusted library allocation
|
page read and write
|
||
|
4A80000
|
trusted library allocation
|
page execute and read and write
|
||
|
7B4000
|
trusted library allocation
|
page read and write
|
||
|
BF1000
|
trusted library allocation
|
page read and write
|
||
|
4A00000
|
heap
|
page execute and read and write
|
||
|
4CC0000
|
trusted library section
|
page readonly
|
||
|
49C0000
|
trusted library allocation
|
page read and write
|
||
|
EB7000
|
trusted library allocation
|
page execute and read and write
|
||
|
6BF0000
|
trusted library allocation
|
page read and write
|
||
|
109C000
|
heap
|
page read and write
|
||
|
7BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CDA000
|
trusted library allocation
|
page read and write
|
||
|
68AD000
|
stack
|
page read and write
|
||
|
2CD6000
|
trusted library allocation
|
page read and write
|
||
|
64E0000
|
heap
|
page read and write
|
||
|
EAA000
|
trusted library allocation
|
page execute and read and write
|
||
|
5060000
|
trusted library allocation
|
page read and write
|
||
|
7EB000
|
trusted library allocation
|
page execute and read and write
|
||
|
6620000
|
heap
|
page read and write
|
||
|
1036000
|
heap
|
page read and write
|
||
|
630000
|
heap
|
page read and write
|
||
|
ADDE000
|
stack
|
page read and write
|
||
|
B01E000
|
stack
|
page read and write
|
||
|
1008000
|
heap
|
page read and write
|
||
|
7B3000
|
trusted library allocation
|
page execute and read and write
|
||
|
3C89000
|
trusted library allocation
|
page read and write
|
||
|
7D0000
|
trusted library allocation
|
page read and write
|
||
|
5890000
|
trusted library allocation
|
page read and write
|
||
|
5040000
|
trusted library section
|
page read and write
|
||
|
6896000
|
trusted library allocation
|
page read and write
|
||
|
6BAE000
|
stack
|
page read and write
|
||
|
B15F000
|
stack
|
page read and write
|
||
|
FFC000
|
stack
|
page read and write
|
||
|
F30000
|
heap
|
page read and write
|
There are 240 hidden memdumps, click here to show them.