Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SOA AUG 2024 - CMA CGM.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SOA AUG 2024 - CMA CGM.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\tmp561C.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\tshjuqE.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\tshjuqE.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\tshjuqE.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0g14qtby.bu5.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hjskv5dk.emq.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nv3po1gn.lqj.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zko1ou2o.p4c.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp6484.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
There are 2 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\SOA AUG 2024 - CMA CGM.exe
|
"C:\Users\user\Desktop\SOA AUG 2024 - CMA CGM.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\tshjuqE.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\tshjuqE" /XML "C:\Users\user\AppData\Local\Temp\tmp561C.tmp"
|
|
|
|
C:\Users\user\AppData\Roaming\tshjuqE.exe
|
C:\Users\user\AppData\Roaming\tshjuqE.exe
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\tshjuqE" /XML "C:\Users\user\AppData\Local\Temp\tmp6484.tmp"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
|
||
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
|
||
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
|
||
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
|
||
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
|
||
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
|
||
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
|
||
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
|
||
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
|
There are 9 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
www.f6b-crxy.top/cu29/
|
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
45A2000
|
trusted library allocation
|
page read and write
|
|
|
|
461B000
|
trusted library allocation
|
page read and write
|
|
|
|
6B1E000
|
heap
|
page read and write
|
||
|
F40000
|
heap
|
page execute and read and write
|
||
|
D06E000
|
stack
|
page read and write
|
||
|
706B000
|
heap
|
page read and write
|
||
|
2D21000
|
trusted library allocation
|
page read and write
|
||
|
4F82000
|
trusted library allocation
|
page read and write
|
||
|
751E000
|
stack
|
page read and write
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
1107000
|
trusted library allocation
|
page execute and read and write
|
||
|
1320000
|
heap
|
page read and write
|
||
|
D26D000
|
stack
|
page read and write
|
||
|
CC0000
|
heap
|
page read and write
|
||
|
345E000
|
stack
|
page read and write
|
||
|
12EC000
|
stack
|
page read and write
|
||
|
1130000
|
trusted library allocation
|
page read and write
|
||
|
6F30000
|
trusted library allocation
|
page execute and read and write
|
||
|
3D29000
|
trusted library allocation
|
page read and write
|
||
|
777B000
|
heap
|
page read and write
|
||
|
78BC000
|
stack
|
page read and write
|
||
|
321A000
|
heap
|
page read and write
|
||
|
500B000
|
stack
|
page read and write
|
||
|
57A000
|
stack
|
page read and write
|
||
|
51C0000
|
heap
|
page read and write
|
||
|
5292000
|
trusted library allocation
|
page read and write
|
||
|
4794000
|
trusted library allocation
|
page read and write
|
||
|
BA8000
|
heap
|
page read and write
|
||
|
1327000
|
heap
|
page read and write
|
||
|
5250000
|
heap
|
page read and write
|
||
|
10F6000
|
trusted library allocation
|
page execute and read and write
|
||
|
53D000
|
stack
|
page read and write
|
||
|
7763000
|
heap
|
page read and write
|
||
|
4DAE000
|
stack
|
page read and write
|
||
|
9A60000
|
trusted library allocation
|
page execute and read and write
|
||
|
761E000
|
stack
|
page read and write
|
||
|
D16F000
|
stack
|
page read and write
|
||
|
1160000
|
heap
|
page read and write
|
||
|
660000
|
unkown
|
page readonly
|
||
|
4F3B000
|
trusted library allocation
|
page read and write
|
||
|
F51000
|
heap
|
page read and write
|
||
|
96A000
|
stack
|
page read and write
|
||
|
4694000
|
trusted library allocation
|
page read and write
|
||
|
4FA0000
|
trusted library allocation
|
page read and write
|
||
|
7290000
|
heap
|
page read and write
|
||
|
1140000
|
heap
|
page read and write
|
||
|
10ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
5210000
|
trusted library allocation
|
page read and write
|
||
|
DB2C000
|
stack
|
page read and write
|
||
|
10E3000
|
trusted library allocation
|
page read and write
|
||
|
5255000
|
heap
|
page read and write
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
3680000
|
heap
|
page read and write
|
||
|
CF7000
|
stack
|
page read and write
|
||
|
3A19000
|
trusted library allocation
|
page read and write
|
||
|
B20000
|
heap
|
page read and write
|
||
|
2CF6000
|
trusted library allocation
|
page read and write
|
||
|
4F70000
|
heap
|
page read and write
|
||
|
CF6E000
|
stack
|
page read and write
|
||
|
EDD000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CF1000
|
trusted library allocation
|
page read and write
|
||
|
1120000
|
heap
|
page read and write
|
||
|
10D4000
|
trusted library allocation
|
page read and write
|
||
|
5290000
|
trusted library allocation
|
page read and write
|
||
|
2D60000
|
trusted library allocation
|
page read and write
|
||
|
BAE000
|
heap
|
page read and write
|
||
|
EED000
|
trusted library allocation
|
page execute and read and write
|
||
|
53B0000
|
heap
|
page read and write
|
||
|
F50000
|
trusted library allocation
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
55E0000
|
trusted library section
|
page readonly
|
||
|
587E000
|
trusted library allocation
|
page read and write
|
||
|
EEF000
|
heap
|
page read and write
|
||
|
4F23000
|
heap
|
page read and write
|
||
|
4A18000
|
trusted library allocation
|
page read and write
|
||
|
D5EE000
|
stack
|
page read and write
|
||
|
55EF000
|
trusted library section
|
page readonly
|
||
|
1100000
|
trusted library allocation
|
page read and write
|
||
|
79FE000
|
stack
|
page read and write
|
||
|
7AA000
|
stack
|
page read and write
|
||
|
1316000
|
trusted library allocation
|
page read and write
|
||
|
5480000
|
heap
|
page execute and read and write
|
||
|
BD4E000
|
stack
|
page read and write
|
||
|
EAE000
|
stack
|
page read and write
|
||
|
EBA000
|
heap
|
page read and write
|
||
|
4F51000
|
trusted library allocation
|
page read and write
|
||
|
4D20000
|
trusted library allocation
|
page read and write
|
||
|
45A2000
|
trusted library allocation
|
page read and write
|
||
|
10E0000
|
trusted library allocation
|
page read and write
|
||
|
47D3000
|
trusted library allocation
|
page read and write
|
||
|
4F5D000
|
trusted library allocation
|
page read and write
|
||
|
5870000
|
trusted library allocation
|
page read and write
|
||
|
4292000
|
trusted library allocation
|
page read and write
|
||
|
73DE000
|
stack
|
page read and write
|
||
|
2FD0000
|
heap
|
page read and write
|
||
|
5610000
|
trusted library allocation
|
page execute and read and write
|
||
|
12F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
D8EE000
|
stack
|
page read and write
|
||
|
55F0000
|
heap
|
page read and write
|
||
|
E0E000
|
stack
|
page read and write
|
||
|
C29000
|
heap
|
page read and write
|
||
|
10AE000
|
stack
|
page read and write
|
||
|
6FCE000
|
stack
|
page read and write
|
||
|
5240000
|
trusted library allocation
|
page read and write
|
||
|
7050000
|
heap
|
page read and write
|
||
|
2A11000
|
trusted library allocation
|
page read and write
|
||
|
BF8D000
|
stack
|
page read and write
|
||
|
1115000
|
trusted library allocation
|
page read and write
|
||
|
2CEE000
|
trusted library allocation
|
page read and write
|
||
|
1314000
|
trusted library allocation
|
page read and write
|
||
|
F0B000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A0F000
|
stack
|
page read and write
|
||
|
4D25000
|
trusted library allocation
|
page read and write
|
||
|
9A50000
|
trusted library allocation
|
page read and write
|
||
|
52B0000
|
trusted library allocation
|
page read and write
|
||
|
EE3000
|
trusted library allocation
|
page read and write
|
||
|
1120000
|
trusted library allocation
|
page read and write
|
||
|
6E30000
|
heap
|
page read and write
|
||
|
4704000
|
trusted library allocation
|
page read and write
|
||
|
8CB000
|
heap
|
page read and write
|
||
|
106E000
|
stack
|
page read and write
|
||
|
E8D000
|
stack
|
page read and write
|
||
|
F07000
|
trusted library allocation
|
page execute and read and write
|
||
|
D62E000
|
stack
|
page read and write
|
||
|
6F8E000
|
stack
|
page read and write
|
||
|
47E4000
|
trusted library allocation
|
page read and write
|
||
|
5650000
|
heap
|
page read and write
|
||
|
4774000
|
trusted library allocation
|
page read and write
|
||
|
7A00000
|
trusted library allocation
|
page read and write
|
||
|
6EB0000
|
trusted library section
|
page read and write
|
||
|
2FCE000
|
unkown
|
page read and write
|
||
|
ECE000
|
stack
|
page read and write
|
||
|
F77000
|
heap
|
page read and write
|
||
|
51D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7076000
|
heap
|
page read and write
|
||
|
F60000
|
heap
|
page read and write
|
||
|
5600000
|
heap
|
page read and write
|
||
|
BE2000
|
heap
|
page read and write
|
||
|
586E000
|
stack
|
page read and write
|
||
|
5215000
|
trusted library allocation
|
page read and write
|
||
|
B6E000
|
stack
|
page read and write
|
||
|
83E000
|
unkown
|
page read and write
|
||
|
10FA000
|
trusted library allocation
|
page execute and read and write
|
||
|
705C000
|
heap
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
1100000
|
trusted library allocation
|
page read and write
|
||
|
D9EF000
|
stack
|
page read and write
|
||
|
ACF000
|
stack
|
page read and write
|
||
|
51B0000
|
heap
|
page read and write
|
||
|
2CDB000
|
trusted library allocation
|
page read and write
|
||
|
5380000
|
heap
|
page read and write
|
||
|
3D21000
|
trusted library allocation
|
page read and write
|
||
|
EF6000
|
trusted library allocation
|
page execute and read and write
|
||
|
662000
|
unkown
|
page readonly
|
||
|
CE0000
|
trusted library allocation
|
page read and write
|
||
|
2CFD000
|
trusted library allocation
|
page read and write
|
||
|
EF0000
|
trusted library allocation
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
2F45000
|
trusted library allocation
|
page read and write
|
||
|
54CC000
|
stack
|
page read and write
|
||
|
ECA000
|
stack
|
page read and write
|
||
|
ED3000
|
trusted library allocation
|
page execute and read and write
|
||
|
3210000
|
heap
|
page read and write
|
||
|
537E000
|
stack
|
page read and write
|
||
|
5640000
|
heap
|
page read and write
|
||
|
D72E000
|
stack
|
page read and write
|
||
|
D4ED000
|
stack
|
page read and write
|
||
|
55CD000
|
stack
|
page read and write
|
||
|
2D10000
|
heap
|
page execute and read and write
|
||
|
BD5000
|
heap
|
page read and write
|
||
|
2C88000
|
trusted library allocation
|
page read and write
|
||
|
10AE000
|
stack
|
page read and write
|
||
|
E6E000
|
stack
|
page read and write
|
||
|
EFA000
|
trusted library allocation
|
page execute and read and write
|
||
|
78FE000
|
stack
|
page read and write
|
||
|
728F000
|
stack
|
page read and write
|
||
|
1150000
|
trusted library allocation
|
page read and write
|
||
|
1167000
|
heap
|
page read and write
|
||
|
6C11000
|
trusted library allocation
|
page read and write
|
||
|
BBF000
|
heap
|
page read and write
|
||
|
1300000
|
trusted library allocation
|
page read and write
|
||
|
52C0000
|
heap
|
page read and write
|
||
|
4F34000
|
trusted library allocation
|
page read and write
|
||
|
5630000
|
heap
|
page read and write
|
||
|
6F40000
|
trusted library allocation
|
page read and write
|
||
|
9730000
|
trusted library allocation
|
page read and write
|
||
|
F30000
|
trusted library allocation
|
page execute and read and write
|
||
|
5390000
|
heap
|
page read and write
|
||
|
B10000
|
heap
|
page read and write
|
||
|
6F45000
|
trusted library allocation
|
page read and write
|
||
|
10C0000
|
trusted library allocation
|
page read and write
|
||
|
AD0000
|
heap
|
page read and write
|
||
|
51E0000
|
heap
|
page read and write
|
||
|
5240000
|
trusted library allocation
|
page read and write
|
||
|
ED0000
|
trusted library allocation
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
4F56000
|
trusted library allocation
|
page read and write
|
||
|
944A000
|
trusted library allocation
|
page read and write
|
||
|
F20000
|
trusted library allocation
|
page read and write
|
||
|
ED4000
|
trusted library allocation
|
page read and write
|
||
|
2C37000
|
trusted library allocation
|
page read and write
|
||
|
1102000
|
trusted library allocation
|
page read and write
|
||
|
10D3000
|
trusted library allocation
|
page execute and read and write
|
||
|
718E000
|
stack
|
page read and write
|
||
|
74DE000
|
stack
|
page read and write
|
||
|
51A0000
|
trusted library section
|
page readonly
|
||
|
5480000
|
trusted library section
|
page read and write
|
||
|
4F4E000
|
trusted library allocation
|
page read and write
|
||
|
BD0E000
|
stack
|
page read and write
|
||
|
4F30000
|
trusted library allocation
|
page read and write
|
||
|
1160000
|
heap
|
page read and write
|
||
|
12AE000
|
stack
|
page read and write
|
||
|
2CCE000
|
stack
|
page read and write
|
||
|
10F0000
|
trusted library allocation
|
page read and write
|
||
|
6F20000
|
trusted library allocation
|
page read and write
|
||
|
142F000
|
stack
|
page read and write
|
||
|
1130000
|
heap
|
page read and write
|
||
|
5872000
|
trusted library allocation
|
page read and write
|
||
|
AF7000
|
stack
|
page read and write
|
||
|
FAE000
|
heap
|
page read and write
|
||
|
E20000
|
heap
|
page read and write
|
||
|
10F2000
|
trusted library allocation
|
page read and write
|
||
|
D730000
|
heap
|
page read and write
|
||
|
BE8D000
|
stack
|
page read and write
|
||
|
6B10000
|
heap
|
page read and write
|
||
|
2DBF000
|
trusted library allocation
|
page read and write
|
||
|
5220000
|
trusted library allocation
|
page read and write
|
||
|
BE4E000
|
stack
|
page read and write
|
||
|
9A59000
|
trusted library allocation
|
page read and write
|
||
|
87F000
|
unkown
|
page read and write
|
||
|
55D5000
|
heap
|
page read and write
|
||
|
5200000
|
trusted library allocation
|
page read and write
|
||
|
55D0000
|
heap
|
page read and write
|
||
|
C96000
|
heap
|
page read and write
|
||
|
EE4000
|
heap
|
page read and write
|
||
|
2CD0000
|
trusted library allocation
|
page read and write
|
||
|
EF2000
|
trusted library allocation
|
page read and write
|
||
|
3A11000
|
trusted library allocation
|
page read and write
|
||
|
ECF000
|
heap
|
page read and write
|
||
|
70FD000
|
stack
|
page read and write
|
||
|
10DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
EBE000
|
heap
|
page read and write
|
||
|
F02000
|
trusted library allocation
|
page read and write
|
||
|
702E000
|
stack
|
page read and write
|
||
|
523E000
|
stack
|
page read and write
|
||
|
F20000
|
heap
|
page read and write
|
||
|
D4AF000
|
stack
|
page read and write
|
||
|
EF1000
|
heap
|
page read and write
|
||
|
775E000
|
stack
|
page read and write
|
||
|
4564000
|
trusted library allocation
|
page read and write
|
||
|
52C3000
|
heap
|
page read and write
|
||
|
7760000
|
heap
|
page read and write
|
||
|
6E3E000
|
heap
|
page read and write
|
||
|
D3AD000
|
stack
|
page read and write
|
||
|
5260000
|
trusted library allocation
|
page read and write
|
||
|
5280000
|
heap
|
page read and write
|
||
|
4BAC000
|
stack
|
page read and write
|
||
|
4F80000
|
trusted library allocation
|
page read and write
|
||
|
341F000
|
unkown
|
page read and write
|
||
|
D271000
|
heap
|
page read and write
|
||
|
DA2B000
|
stack
|
page read and write
|
||
|
CDE000
|
stack
|
page read and write
|
||
|
1310000
|
trusted library allocation
|
page read and write
|
||
|
4853000
|
trusted library allocation
|
page read and write
|
||
|
EE0000
|
trusted library allocation
|
page read and write
|
||
|
126E000
|
stack
|
page read and write
|
||
|
4F20000
|
heap
|
page read and write
|
||
|
10D0000
|
trusted library allocation
|
page read and write
|
||
|
8BE000
|
stack
|
page read and write
|
||
|
110B000
|
trusted library allocation
|
page execute and read and write
|
||
|
10F0000
|
trusted library allocation
|
page read and write
|
||
|
2AE7000
|
trusted library allocation
|
page read and write
|
||
|
349F000
|
stack
|
page read and write
|
||
|
54DE000
|
stack
|
page read and write
|
||
|
5270000
|
heap
|
page execute and read and write
|
||
|
70BE000
|
stack
|
page read and write
|
||
|
BC0E000
|
stack
|
page read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
E25000
|
heap
|
page read and write
|
||
|
52A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
77BC000
|
stack
|
page read and write
|
||
|
C36000
|
heap
|
page read and write
|
||
|
EB0000
|
heap
|
page read and write
|
||
|
F29000
|
heap
|
page read and write
|
||
|
10EB000
|
stack
|
page read and write
|
||
|
4EBC000
|
stack
|
page read and write
|
||
|
3D8A000
|
trusted library allocation
|
page read and write
|
||
|
4F90000
|
trusted library allocation
|
page execute and read and write
|
||
|
1110000
|
trusted library allocation
|
page read and write
|
||
|
3A7A000
|
trusted library allocation
|
page read and write
|
||
|
7212000
|
trusted library allocation
|
page read and write
|
||
|
7061000
|
heap
|
page read and write
|
||
|
F40000
|
heap
|
page read and write
|
||
|
795F000
|
stack
|
page read and write
|
||
|
4D6E000
|
stack
|
page read and write
|
There are 285 hidden memdumps, click here to show them.