Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
2016.zip
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Temp\bas04viz.kyq\Started\1.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\unarchiver.log
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\unarchiver.exe
|
"C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Desktop\2016.zip"
|
||
|
C:\Windows\SysWOW64\7za.exe
|
"C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\bas04viz.kyq" "C:\Users\user\Desktop\2016.zip"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://wnsdobe.xmm.a/xap/1.0/
|
unknown
|
||
|
http://wnsdobe.xmm.a/xap/1.0/mm/
|
unknown
|
||
|
http://wnsdobe.xmm.a/xap/1.0/wM5fb
|
unknown
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
B3C000
|
stack
|
page read and write
|
||
|
BFE000
|
stack
|
page read and write
|
||
|
12CF000
|
stack
|
page read and write
|
||
|
7EEE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5250000
|
trusted library allocation
|
page read and write
|
||
|
30DD000
|
trusted library allocation
|
page read and write
|
||
|
3095000
|
trusted library allocation
|
page read and write
|
||
|
30A2000
|
trusted library allocation
|
page read and write
|
||
|
10F5000
|
heap
|
page read and write
|
||
|
26C0000
|
heap
|
page read and write
|
||
|
A80000
|
heap
|
page read and write
|
||
|
30EA000
|
trusted library allocation
|
page read and write
|
||
|
30CF000
|
trusted library allocation
|
page read and write
|
||
|
F3D000
|
stack
|
page read and write
|
||
|
10D2000
|
trusted library allocation
|
page execute and read and write
|
||
|
30B6000
|
trusted library allocation
|
page read and write
|
||
|
308C000
|
trusted library allocation
|
page read and write
|
||
|
30C7000
|
trusted library allocation
|
page read and write
|
||
|
1090000
|
trusted library allocation
|
page read and write
|
||
|
27C0000
|
trusted library allocation
|
page read and write
|
||
|
10B0000
|
trusted library allocation
|
page read and write
|
||
|
26B5000
|
heap
|
page read and write
|
||
|
570E000
|
stack
|
page read and write
|
||
|
F8A000
|
heap
|
page read and write
|
||
|
10EB000
|
trusted library allocation
|
page execute and read and write
|
||
|
10E0000
|
trusted library allocation
|
page read and write
|
||
|
10BC000
|
trusted library allocation
|
page execute and read and write
|
||
|
13DE000
|
stack
|
page read and write
|
||
|
10AA000
|
trusted library allocation
|
page execute and read and write
|
||
|
546D000
|
stack
|
page read and write
|
||
|
512E000
|
stack
|
page read and write
|
||
|
584E000
|
stack
|
page read and write
|
||
|
7BD000
|
stack
|
page read and write
|
||
|
10B2000
|
trusted library allocation
|
page execute and read and write
|
||
|
EBF000
|
stack
|
page read and write
|
||
|
F60000
|
heap
|
page execute and read and write
|
||
|
2660000
|
trusted library allocation
|
page read and write
|
||
|
30AE000
|
trusted library allocation
|
page read and write
|
||
|
12D0000
|
heap
|
page read and write
|
||
|
309D000
|
trusted library allocation
|
page read and write
|
||
|
141E000
|
stack
|
page read and write
|
||
|
BB0000
|
heap
|
page read and write
|
||
|
30ED000
|
trusted library allocation
|
page read and write
|
||
|
2680000
|
trusted library allocation
|
page read and write
|
||
|
10A2000
|
trusted library allocation
|
page execute and read and write
|
||
|
FBD000
|
heap
|
page read and write
|
||
|
30C1000
|
trusted library allocation
|
page read and write
|
||
|
3080000
|
trusted library allocation
|
page read and write
|
||
|
5260000
|
trusted library allocation
|
page execute and read and write
|
||
|
3051000
|
trusted library allocation
|
page read and write
|
||
|
FA6000
|
heap
|
page read and write
|
||
|
C88000
|
heap
|
page read and write
|
||
|
10BA000
|
trusted library allocation
|
page execute and read and write
|
||
|
10E7000
|
trusted library allocation
|
page execute and read and write
|
||
|
532D000
|
stack
|
page read and write
|
||
|
A6E000
|
stack
|
page read and write
|
||
|
1530000
|
heap
|
page read and write
|
||
|
1540000
|
heap
|
page read and write
|
||
|
30AB000
|
trusted library allocation
|
page read and write
|
||
|
30F4000
|
trusted library allocation
|
page read and write
|
||
|
30BC000
|
trusted library allocation
|
page read and write
|
||
|
4051000
|
trusted library allocation
|
page read and write
|
||
|
C5F000
|
stack
|
page read and write
|
||
|
3030000
|
heap
|
page read and write
|
||
|
F80000
|
heap
|
page read and write
|
||
|
F8E000
|
heap
|
page read and write
|
||
|
30D7000
|
trusted library allocation
|
page read and write
|
||
|
26B0000
|
heap
|
page read and write
|
||
|
C80000
|
heap
|
page read and write
|
||
|
560E000
|
stack
|
page read and write
|
||
|
6BC000
|
stack
|
page read and write
|
||
|
574E000
|
stack
|
page read and write
|
||
|
556D000
|
stack
|
page read and write
|
||
|
522E000
|
stack
|
page read and write
|
||
|
EFB000
|
stack
|
page read and write
|
||
|
EF9000
|
stack
|
page read and write
|
||
|
542A000
|
stack
|
page read and write
|
||
|
DBE000
|
stack
|
page read and write
|
||
|
C70000
|
heap
|
page read and write
|
||
|
A70000
|
heap
|
page read and write
|
||
|
30E5000
|
trusted library allocation
|
page read and write
|
||
|
10DA000
|
trusted library allocation
|
page execute and read and write
|
||
|
10F0000
|
heap
|
page read and write
|
||
|
A20000
|
heap
|
page read and write
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
EF6000
|
stack
|
page read and write
|
||
|
30E2000
|
trusted library allocation
|
page read and write
|
||
|
151E000
|
stack
|
page read and write
|
There are 78 hidden memdumps, click here to show them.