Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Stub.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Stub.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\gang.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\gang.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmpAD4A.tmp.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
|
\Device\Null
|
ASCII text, with CRLF line terminators, with overstriking
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Stub.exe
|
"C:\Users\user\Desktop\Stub.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "gang" /tr '"C:\Users\user\AppData\Roaming\gang.exe"'
& exit
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\tmpAD4A.tmp.bat""
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
schtasks /create /f /sc onlogon /rl highest /tn "gang" /tr '"C:\Users\user\AppData\Roaming\gang.exe"'
|
|
|
|
C:\Users\user\AppData\Roaming\gang.exe
|
C:\Users\user\AppData\Roaming\gang.exe
|
|
|
|
C:\Users\user\AppData\Roaming\gang.exe
|
"C:\Users\user\AppData\Roaming\gang.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\timeout.exe
|
timeout 3
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
com-distinct.gl.at.ply.gg
|
147.185.221.22
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
147.185.221.22
|
com-distinct.gl.at.ply.gg
|
United States
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
E81000
|
heap
|
page read and write
|
||
|
33B7000
|
heap
|
page read and write
|
||
|
2EAC000
|
stack
|
page read and write
|
||
|
3208000
|
trusted library allocation
|
page read and write
|
||
|
5A46000
|
heap
|
page read and write
|
||
|
546D000
|
stack
|
page read and write
|
||
|
DFF000
|
stack
|
page read and write
|
||
|
E1F000
|
heap
|
page read and write
|
||
|
2C8A000
|
trusted library allocation
|
page read and write
|
||
|
506D000
|
stack
|
page read and write
|
||
|
F5C000
|
heap
|
page read and write
|
||
|
E4E000
|
stack
|
page read and write
|
||
|
7F1F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2778000
|
trusted library allocation
|
page read and write
|
||
|
2D1A000
|
trusted library allocation
|
page read and write
|
||
|
CB4000
|
trusted library allocation
|
page read and write
|
||
|
CBC000
|
stack
|
page read and write
|
||
|
D60000
|
heap
|
page read and write
|
||
|
CA3000
|
trusted library allocation
|
page execute and read and write
|
||
|
61A0000
|
heap
|
page read and write
|
||
|
52AD000
|
stack
|
page read and write
|
||
|
2840000
|
trusted library allocation
|
page read and write
|
||
|
2EC0000
|
heap
|
page execute and read and write
|
||
|
5666000
|
heap
|
page read and write
|
||
|
CC7000
|
trusted library allocation
|
page execute and read and write
|
||
|
4EF0000
|
heap
|
page read and write
|
||
|
C4E000
|
stack
|
page read and write
|
||
|
5D8E000
|
stack
|
page read and write
|
||
|
542D000
|
stack
|
page read and write
|
||
|
11E7000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BD0000
|
heap
|
page read and write
|
||
|
DE4000
|
trusted library allocation
|
page read and write
|
||
|
E96000
|
heap
|
page read and write
|
||
|
59CD000
|
stack
|
page read and write
|
||
|
100A000
|
trusted library allocation
|
page execute and read and write
|
||
|
C50000
|
heap
|
page read and write
|
||
|
5C4E000
|
stack
|
page read and write
|
||
|
2BFE000
|
heap
|
page read and write
|
||
|
107E000
|
stack
|
page read and write
|
||
|
2ED1000
|
trusted library allocation
|
page read and write
|
||
|
53ED000
|
stack
|
page read and write
|
||
|
E2A000
|
heap
|
page read and write
|
||
|
5BCE000
|
stack
|
page read and write
|
||
|
2CEA000
|
trusted library allocation
|
page read and write
|
||
|
2DCF000
|
unkown
|
page read and write
|
||
|
10B7000
|
heap
|
page read and write
|
||
|
101B000
|
trusted library allocation
|
page execute and read and write
|
||
|
E38000
|
heap
|
page read and write
|
||
|
FFF000
|
stack
|
page read and write
|
||
|
2CB4000
|
trusted library allocation
|
page read and write
|
||
|
E08000
|
heap
|
page read and write
|
||
|
5A7A000
|
heap
|
page read and write
|
||
|
2C97000
|
trusted library allocation
|
page read and write
|
||
|
2C88000
|
trusted library allocation
|
page read and write
|
||
|
320A000
|
trusted library allocation
|
page read and write
|
||
|
11FB000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C4C000
|
trusted library allocation
|
page read and write
|
||
|
29F5000
|
trusted library allocation
|
page read and write
|
||
|
11F0000
|
trusted library allocation
|
page read and write
|
||
|
11E0000
|
trusted library allocation
|
page read and write
|
||
|
54ED000
|
stack
|
page read and write
|
||
|
3F31000
|
trusted library allocation
|
page read and write
|
||
|
5EDB000
|
stack
|
page read and write
|
||
|
2C9C000
|
trusted library allocation
|
page read and write
|
||
|
11A0000
|
heap
|
page read and write
|
||
|
4C9D000
|
stack
|
page read and write
|
||
|
501D000
|
stack
|
page read and write
|
||
|
5710000
|
heap
|
page read and write
|
||
|
2CB1000
|
trusted library allocation
|
page read and write
|
||
|
2C91000
|
trusted library allocation
|
page read and write
|
||
|
2B6C000
|
stack
|
page read and write
|
||
|
317E000
|
trusted library allocation
|
page read and write
|
||
|
CCA000
|
trusted library allocation
|
page execute and read and write
|
||
|
5D30000
|
heap
|
page read and write
|
||
|
54F0000
|
heap
|
page read and write
|
||
|
594E000
|
stack
|
page read and write
|
||
|
1278000
|
heap
|
page read and write
|
||
|
3170000
|
trusted library allocation
|
page read and write
|
||
|
ED0000
|
heap
|
page read and write
|
||
|
2A80000
|
heap
|
page read and write
|
||
|
2980000
|
heap
|
page execute and read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
11C4000
|
trusted library allocation
|
page read and write
|
||
|
5E8E000
|
stack
|
page read and write
|
||
|
3BC5000
|
trusted library allocation
|
page read and write
|
||
|
568D000
|
stack
|
page read and write
|
||
|
10B0000
|
heap
|
page read and write
|
||
|
802000
|
unkown
|
page readonly
|
||
|
11C3000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D6E000
|
stack
|
page read and write
|
||
|
C90000
|
trusted library allocation
|
page read and write
|
||
|
63DC000
|
stack
|
page read and write
|
||
|
2CE5000
|
trusted library allocation
|
page read and write
|
||
|
3BA1000
|
trusted library allocation
|
page read and write
|
||
|
D90000
|
heap
|
page read and write
|
||
|
1002000
|
trusted library allocation
|
page read and write
|
||
|
60DD000
|
stack
|
page read and write
|
||
|
528D000
|
stack
|
page read and write
|
||
|
502D000
|
stack
|
page read and write
|
||
|
CB5000
|
heap
|
page read and write
|
||
|
F04000
|
heap
|
page read and write
|
||
|
DF0000
|
trusted library allocation
|
page read and write
|
||
|
550D000
|
stack
|
page read and write
|
||
|
2C42000
|
trusted library allocation
|
page read and write
|
||
|
2CD1000
|
trusted library allocation
|
page read and write
|
||
|
1007000
|
trusted library allocation
|
page execute and read and write
|
||
|
11B0000
|
trusted library allocation
|
page read and write
|
||
|
2CA6000
|
trusted library allocation
|
page read and write
|
||
|
588D000
|
stack
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
3180000
|
trusted library allocation
|
page read and write
|
||
|
2BFE000
|
heap
|
page read and write
|
||
|
59D0000
|
heap
|
page read and write
|
||
|
11E2000
|
trusted library allocation
|
page read and write
|
||
|
5B8E000
|
stack
|
page read and write
|
||
|
2C5A000
|
trusted library allocation
|
page read and write
|
||
|
29A0000
|
heap
|
page execute and read and write
|
||
|
5480000
|
heap
|
page execute and read and write
|
||
|
2F70000
|
heap
|
page read and write
|
||
|
2CCE000
|
trusted library allocation
|
page read and write
|
||
|
5A4F000
|
stack
|
page read and write
|
||
|
2C8C000
|
trusted library allocation
|
page read and write
|
||
|
1017000
|
trusted library allocation
|
page execute and read and write
|
||
|
1230000
|
trusted library allocation
|
page read and write
|
||
|
53ED000
|
stack
|
page read and write
|
||
|
6AD000
|
stack
|
page read and write
|
||
|
526D000
|
stack
|
page read and write
|
||
|
2E0E000
|
stack
|
page read and write
|
||
|
E8E000
|
stack
|
page read and write
|
||
|
54CD000
|
stack
|
page read and write
|
||
|
2EDF000
|
stack
|
page read and write
|
||
|
516D000
|
stack
|
page read and write
|
||
|
2EE0000
|
heap
|
page read and write
|
||
|
2F6F000
|
stack
|
page read and write
|
||
|
1210000
|
trusted library allocation
|
page read and write
|
||
|
2C74000
|
trusted library allocation
|
page read and write
|
||
|
89C000
|
stack
|
page read and write
|
||
|
560D000
|
stack
|
page read and write
|
||
|
53CD000
|
stack
|
page read and write
|
||
|
5040000
|
heap
|
page execute and read and write
|
||
|
E8E000
|
stack
|
page read and write
|
||
|
2D03000
|
trusted library allocation
|
page read and write
|
||
|
710000
|
heap
|
page read and write
|
||
|
FF0000
|
heap
|
page read and write
|
||
|
3182000
|
trusted library allocation
|
page read and write
|
||
|
7F0000
|
unkown
|
page readonly
|
||
|
E78000
|
heap
|
page read and write
|
||
|
2CE3000
|
trusted library allocation
|
page read and write
|
||
|
C3E000
|
stack
|
page read and write
|
||
|
10D0000
|
heap
|
page read and write
|
||
|
CDB000
|
trusted library allocation
|
page execute and read and write
|
||
|
E36000
|
heap
|
page read and write
|
||
|
3EF5000
|
trusted library allocation
|
page read and write
|
||
|
10C0000
|
trusted library allocation
|
page read and write
|
||
|
2CF5000
|
trusted library allocation
|
page read and write
|
||
|
CFC000
|
stack
|
page read and write
|
||
|
11EA000
|
trusted library allocation
|
page execute and read and write
|
||
|
3ED1000
|
trusted library allocation
|
page read and write
|
||
|
55F0000
|
heap
|
page read and write
|
||
|
2C71000
|
trusted library allocation
|
page read and write
|
||
|
2CC0000
|
trusted library allocation
|
page read and write
|
||
|
DE0000
|
trusted library allocation
|
page read and write
|
||
|
5610000
|
heap
|
page read and write
|
||
|
EFA000
|
heap
|
page read and write
|
||
|
512D000
|
stack
|
page read and write
|
||
|
10C7000
|
trusted library allocation
|
page read and write
|
||
|
2CB6000
|
trusted library allocation
|
page read and write
|
||
|
F89000
|
stack
|
page read and write
|
||
|
2CC9000
|
trusted library allocation
|
page read and write
|
||
|
2BDB000
|
heap
|
page read and write
|
||
|
2BFE000
|
heap
|
page read and write
|
||
|
ECE000
|
stack
|
page read and write
|
||
|
760000
|
heap
|
page read and write
|
||
|
1080000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FB40000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DB7000
|
trusted library allocation
|
page read and write
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
5D4E000
|
stack
|
page read and write
|
||
|
1220000
|
trusted library allocation
|
page execute and read and write
|
||
|
3184000
|
trusted library allocation
|
page read and write
|
||
|
53AE000
|
stack
|
page read and write
|
||
|
2BFE000
|
heap
|
page read and write
|
||
|
2BE2000
|
heap
|
page read and write
|
||
|
29C1000
|
trusted library allocation
|
page read and write
|
||
|
62DB000
|
stack
|
page read and write
|
||
|
2CEE000
|
trusted library allocation
|
page read and write
|
||
|
CB0000
|
heap
|
page read and write
|
||
|
524D000
|
stack
|
page read and write
|
||
|
2B90000
|
heap
|
page execute and read and write
|
||
|
63E0000
|
heap
|
page read and write
|
||
|
2810000
|
trusted library allocation
|
page execute and read and write
|
||
|
4BC0000
|
heap
|
page read and write
|
||
|
EC0000
|
heap
|
page read and write
|
||
|
2CA8000
|
trusted library allocation
|
page read and write
|
||
|
E3D000
|
heap
|
page read and write
|
||
|
39B1000
|
trusted library allocation
|
page read and write
|
||
|
5490000
|
heap
|
page read and write
|
||
|
1557000
|
trusted library allocation
|
page read and write
|
||
|
11DE000
|
stack
|
page read and write
|
||
|
2C7F000
|
trusted library allocation
|
page read and write
|
||
|
11D0000
|
trusted library allocation
|
page read and write
|
||
|
2C81000
|
trusted library allocation
|
page read and write
|
||
|
578D000
|
stack
|
page read and write
|
||
|
2C5C000
|
trusted library allocation
|
page read and write
|
||
|
11C0000
|
trusted library allocation
|
page read and write
|
||
|
1580000
|
heap
|
page read and write
|
||
|
2AFC000
|
stack
|
page read and write
|
||
|
58CD000
|
stack
|
page read and write
|
||
|
39D5000
|
trusted library allocation
|
page read and write
|
||
|
5786000
|
heap
|
page read and write
|
||
|
11F7000
|
trusted library allocation
|
page execute and read and write
|
||
|
CA4000
|
trusted library allocation
|
page read and write
|
||
|
AF9000
|
stack
|
page read and write
|
||
|
2CD8000
|
trusted library allocation
|
page read and write
|
||
|
538D000
|
stack
|
page read and write
|
||
|
2BFE000
|
heap
|
page read and write
|
||
|
F06000
|
heap
|
page read and write
|
||
|
5050000
|
heap
|
page read and write
|
||
|
75E000
|
unkown
|
page read and write
|
||
|
1570000
|
heap
|
page read and write
|
||
|
1090000
|
trusted library allocation
|
page read and write
|
||
|
E40000
|
heap
|
page read and write
|
||
|
10D0000
|
heap
|
page read and write
|
||
|
2C4A000
|
trusted library allocation
|
page read and write
|
||
|
1247000
|
heap
|
page read and write
|
||
|
2A7E000
|
stack
|
page read and write
|
||
|
5C0E000
|
stack
|
page read and write
|
||
|
1030000
|
trusted library allocation
|
page read and write
|
||
|
1120000
|
heap
|
page read and write
|
||
|
CAD000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C61000
|
trusted library allocation
|
page read and write
|
||
|
295E000
|
stack
|
page read and write
|
||
|
2BA1000
|
trusted library allocation
|
page read and write
|
||
|
BF0000
|
heap
|
page read and write
|
||
|
999000
|
stack
|
page read and write
|
||
|
2F8F000
|
stack
|
page read and write
|
||
|
2CC7000
|
trusted library allocation
|
page read and write
|
||
|
2C47000
|
trusted library allocation
|
page read and write
|
||
|
2F4E000
|
stack
|
page read and write
|
||
|
29B1000
|
trusted library allocation
|
page read and write
|
||
|
C8E000
|
stack
|
page read and write
|
||
|
780000
|
heap
|
page read and write
|
||
|
2C9E000
|
trusted library allocation
|
page read and write
|
||
|
2CFF000
|
trusted library allocation
|
page read and write
|
||
|
5B0E000
|
stack
|
page read and write
|
||
|
7AC000
|
stack
|
page read and write
|
||
|
2970000
|
trusted library allocation
|
page read and write
|
||
|
125E000
|
heap
|
page read and write
|
||
|
1240000
|
heap
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
DD0000
|
trusted library allocation
|
page read and write
|
||
|
E8C000
|
stack
|
page read and write
|
||
|
2E60000
|
heap
|
page read and write
|
||
|
2DB9000
|
trusted library allocation
|
page read and write
|
||
|
4BAF000
|
stack
|
page read and write
|
||
|
CF5000
|
heap
|
page read and write
|
||
|
320C000
|
trusted library allocation
|
page read and write
|
||
|
11CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C6A000
|
trusted library allocation
|
page read and write
|
||
|
4ED8000
|
trusted library allocation
|
page read and write
|
||
|
CD7000
|
trusted library allocation
|
page execute and read and write
|
||
|
CB0000
|
trusted library allocation
|
page read and write
|
||
|
33B0000
|
heap
|
page read and write
|
||
|
4AAE000
|
stack
|
page read and write
|
||
|
2CD6000
|
trusted library allocation
|
page read and write
|
||
|
DE3000
|
trusted library allocation
|
page execute and read and write
|
||
|
300A000
|
trusted library allocation
|
page read and write
|
||
|
DED000
|
trusted library allocation
|
page execute and read and write
|
||
|
5CCE000
|
stack
|
page read and write
|
||
|
7F2000
|
unkown
|
page readonly
|
||
|
2CA3000
|
trusted library allocation
|
page read and write
|
||
|
2FDF000
|
heap
|
page read and write
|
||
|
2CAF000
|
trusted library allocation
|
page read and write
|
||
|
1550000
|
trusted library allocation
|
page read and write
|
||
|
2C53000
|
trusted library allocation
|
page read and write
|
||
|
2E6E000
|
stack
|
page read and write
|
||
|
2850000
|
heap
|
page read and write
|
||
|
C90000
|
heap
|
page read and write
|
||
|
5A8E000
|
stack
|
page read and write
|
||
|
ED8000
|
heap
|
page read and write
|
||
|
11DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
2820000
|
heap
|
page read and write
|
||
|
B10000
|
heap
|
page read and write
|
There are 273 hidden memdumps, click here to show them.