Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
al7hCrfLj7.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
initial sample
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_al7hCrfLj7.exe_d0d2628d6ca0711f88c7c65e16127ddd243e2854_03896217_a306d3d2-6964-4f19-b7a7-3e52e0acbb40\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA961.tmp.dmp
|
Mini DuMP crash report, 14 streams, Fri Aug 30 10:46:54 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERAA1E.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERAA3E.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\al7hCrfLj7.exe
|
"C:\Users\user\Desktop\al7hCrfLj7.exe"
|
||
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 6136 -s 1104
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://120.46.149.112:8888/safekey
|
120.46.149.112
|
||
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
|
unknown
|
||
http://120.46.149.112/
|
unknown
|
||
https://sectigo.com/CPS0
|
unknown
|
||
http://ocsp.sectigo.com0
|
unknown
|
||
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
|
unknown
|
||
https://sectigo.com/CPS0D
|
unknown
|
||
http://120.46.149.112:8888/safekey#
|
unknown
|
||
http://120.46.149.112:8888/safekeyb
|
unknown
|
||
http://upx.sf.net
|
unknown
|
||
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
|
unknown
|
||
http://120.46.149.112/a81-46d0-b6b6-535557bcc5faP
|
unknown
|
||
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
|
unknown
|
||
http://120.46.149.112:8888/safekeyl
|
unknown
|
||
http://120.46.149.112:8888/safekeyj
|
unknown
|
There are 5 hidden URLs, click here to show them.
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
120.46.149.112
|
unknown
|
China
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
\REGISTRY\A\{e1144ef1-9359-39f7-ee1d-c24e9add6d5c}\Root\InventoryApplicationFile\al7hcrflj7.exe|2497cd09952cf343
|
ProgramId
|
||
\REGISTRY\A\{e1144ef1-9359-39f7-ee1d-c24e9add6d5c}\Root\InventoryApplicationFile\al7hcrflj7.exe|2497cd09952cf343
|
FileId
|
||
\REGISTRY\A\{e1144ef1-9359-39f7-ee1d-c24e9add6d5c}\Root\InventoryApplicationFile\al7hcrflj7.exe|2497cd09952cf343
|
LowerCaseLongPath
|
||
\REGISTRY\A\{e1144ef1-9359-39f7-ee1d-c24e9add6d5c}\Root\InventoryApplicationFile\al7hcrflj7.exe|2497cd09952cf343
|
LongPathHash
|
||
\REGISTRY\A\{e1144ef1-9359-39f7-ee1d-c24e9add6d5c}\Root\InventoryApplicationFile\al7hcrflj7.exe|2497cd09952cf343
|
Name
|
||
\REGISTRY\A\{e1144ef1-9359-39f7-ee1d-c24e9add6d5c}\Root\InventoryApplicationFile\al7hcrflj7.exe|2497cd09952cf343
|
OriginalFileName
|
||
\REGISTRY\A\{e1144ef1-9359-39f7-ee1d-c24e9add6d5c}\Root\InventoryApplicationFile\al7hcrflj7.exe|2497cd09952cf343
|
Publisher
|
||
\REGISTRY\A\{e1144ef1-9359-39f7-ee1d-c24e9add6d5c}\Root\InventoryApplicationFile\al7hcrflj7.exe|2497cd09952cf343
|
Version
|
||
\REGISTRY\A\{e1144ef1-9359-39f7-ee1d-c24e9add6d5c}\Root\InventoryApplicationFile\al7hcrflj7.exe|2497cd09952cf343
|
BinFileVersion
|
||
\REGISTRY\A\{e1144ef1-9359-39f7-ee1d-c24e9add6d5c}\Root\InventoryApplicationFile\al7hcrflj7.exe|2497cd09952cf343
|
BinaryType
|
||
\REGISTRY\A\{e1144ef1-9359-39f7-ee1d-c24e9add6d5c}\Root\InventoryApplicationFile\al7hcrflj7.exe|2497cd09952cf343
|
ProductName
|
||
\REGISTRY\A\{e1144ef1-9359-39f7-ee1d-c24e9add6d5c}\Root\InventoryApplicationFile\al7hcrflj7.exe|2497cd09952cf343
|
ProductVersion
|
||
\REGISTRY\A\{e1144ef1-9359-39f7-ee1d-c24e9add6d5c}\Root\InventoryApplicationFile\al7hcrflj7.exe|2497cd09952cf343
|
LinkDate
|
||
\REGISTRY\A\{e1144ef1-9359-39f7-ee1d-c24e9add6d5c}\Root\InventoryApplicationFile\al7hcrflj7.exe|2497cd09952cf343
|
BinProductVersion
|
||
\REGISTRY\A\{e1144ef1-9359-39f7-ee1d-c24e9add6d5c}\Root\InventoryApplicationFile\al7hcrflj7.exe|2497cd09952cf343
|
AppxPackageFullName
|
||
\REGISTRY\A\{e1144ef1-9359-39f7-ee1d-c24e9add6d5c}\Root\InventoryApplicationFile\al7hcrflj7.exe|2497cd09952cf343
|
AppxPackageRelativeId
|
||
\REGISTRY\A\{e1144ef1-9359-39f7-ee1d-c24e9add6d5c}\Root\InventoryApplicationFile\al7hcrflj7.exe|2497cd09952cf343
|
Size
|
||
\REGISTRY\A\{e1144ef1-9359-39f7-ee1d-c24e9add6d5c}\Root\InventoryApplicationFile\al7hcrflj7.exe|2497cd09952cf343
|
Language
|
||
\REGISTRY\A\{e1144ef1-9359-39f7-ee1d-c24e9add6d5c}\Root\InventoryApplicationFile\al7hcrflj7.exe|2497cd09952cf343
|
Usn
|
There are 9 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
2194F583000
|
heap
|
page read and write
|
||
4D17AF8000
|
stack
|
page read and write
|
||
219512C0000
|
heap
|
page execute and read and write
|
||
7FF6776B1000
|
unkown
|
page execute read
|
||
2194F480000
|
heap
|
page read and write
|
||
4D175FE000
|
stack
|
page read and write
|
||
7FF6776B2000
|
unkown
|
page readonly
|
||
4D177FE000
|
stack
|
page read and write
|
||
7FF6776B4000
|
unkown
|
page readonly
|
||
2194F4CD000
|
heap
|
page read and write
|
||
4D174FE000
|
stack
|
page read and write
|
||
7FF6776B2000
|
unkown
|
page readonly
|
||
7FF6776B0000
|
unkown
|
page readonly
|
||
21951270000
|
heap
|
page execute and read and write
|
||
4D172FE000
|
stack
|
page read and write
|
||
4D17AFA000
|
stack
|
page read and write
|
||
4D176FE000
|
stack
|
page read and write
|
||
7FF6776B1000
|
unkown
|
page execute read
|
||
2194F705000
|
heap
|
page read and write
|
||
2194F55E000
|
heap
|
page read and write
|
||
2194F51C000
|
heap
|
page read and write
|
||
4D179FD000
|
stack
|
page read and write
|
||
2194F57B000
|
heap
|
page read and write
|
||
7FF6776B4000
|
unkown
|
page readonly
|
||
2194F460000
|
heap
|
page read and write
|
||
2194F450000
|
heap
|
page read and write
|
||
2194F4C0000
|
heap
|
page read and write
|
||
2194F700000
|
heap
|
page read and write
|
||
4D16F4A000
|
stack
|
page read and write
|
||
4D178FF000
|
stack
|
page read and write
|
||
2194F543000
|
heap
|
page read and write
|
||
7FF6776B0000
|
unkown
|
page readonly
|
||
4D173FE000
|
stack
|
page read and write
|
There are 23 hidden memdumps, click here to show them.