Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
C:\Users\user\Desktop\cmdline.out
|
ASCII text, with very long lines (1816), with CRLF line terminators
|
modified
|
||
C:\Users\user\Desktop\download\15009518.tif
|
TIFF image data, little-endian, direntries=21
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition
--user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://phisher-parts-production-us-east-1.s3.amazonaws.com/da08a569-c476-4c06-9e6f-9e3c8ae51232/2024-10-03/6vlqsq0ea94qi8rth4tp24je96k0dmndp8mrv081/4800d67e9c2c9b1c9b33e5072a3a4d3590a0f2a7c85332a08f56f93ba90730df?response-content-disposition=attachment%3B%20filename%3D%2215009518.tif%22%3B%20filename%2A%3DUTF-8%27%2715009518.tif&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIA37KREM2QBKQZ3X6K%2F20241004%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241004T130300Z&X-Amz-Expires=20166&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEI3%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIDbW0ksT3kpFTNmdUCSlFAfWS8tve21ITgXdvedLvrBsAiEAjwTn8R9LuIHi9v2IUGcvynJ3u75fZePpg%2Fb7j8YBKfwqiAQI1v%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw4MjMxOTMyNjU4MjQiDAaDG9BVYOPBSHu6TCrcA9jgSDwvR9kC3YEyJ%2BUj76%2B7ozV3IRDwuyAxYIRLInLLpzpFae%2BG7%2FN6hZIYntHvG0RTeaQu8gqTH9RMNxceYkMtryExakSeTn6EyV0rGw1nrz2nnuB%2BvQv2tBhO5g%2FDVEKGIAkBHGXqzCn7l8sitWAQGOFLntTEo8BRSSxLlZhyFKa6r0DTJWA2HRoAMXhvc3e0H%2BZGBW5HnLqIrE6mXeNgar8r7Ix3qP8bgDuIgWYB7BFixCDXcARA6UNqlB9JpI%2BNOzUzOr0g0AWnhyxmqUWBAPUtN2GsQIj%2F5NWAcXL7IJmnBVnmjPE3cIE19Z0sPyPwecimhXPV%2F3452vlugUGuyA%2BUCpqO6E0uatRty3%2FJWz5PcMFLXAopfdfO7IsOTk15zFHXOajtRqzCHv%2BIdRY2SnMY%2Bj5M%2BR88dqdl0%2FxMG%2BUGX5ApvpElUc3M5tH3Jy6fFHsSCBXVkBMt6jnBZWvJ%2BjWo%2BndZwoGdolsb9RuxU6LebmB8OguaOjxxF1r%2F23i5GLeyKLN8YLjUskJC56144IEpXs8YyGkpPsWw%2BEW2kK86Pa5d%2BtwXe9IioLos6ixB2GhVujVEx%2FpUEs%2FZT588Z76kuoFvhwHWwJQIHEh%2F4gtLz%2F3fGY7%2BAhKuMOrD%2F7cGOqUBFB1cCMjdqrpYzbQJl2m6RTmIUSrbFcnAuWFndE8tYoIxIeSc76oacoRCg3jQ4gXh3OQ9iaQuEBSG75w4RLP2uhktT%2BYfgY7mvU0ELQrSRvY6pIle4m6GIQmDHmtX1PTKRLZeS%2Fw2IGtJclWysxcCoXM155PfDM3KgcZhcxplk6YDOxky4u541EsuhZhklnOgutd%2FWYe2whdvHI4RzpQa9k8KEhDi&X-Amz-SignedHeaders=host&X-Amz-Signature=ece90186affc7b0a60310ade8e3c5cdb107dc9de5c37bc91dd97a78b3d4097d0"
> cmdline.out 2>&1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\SysWOW64\wget.exe
|
wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0
(Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://phisher-parts-production-us-east-1.s3.amazonaws.com/da08a569-c476-4c06-9e6f-9e3c8ae51232/2024-10-03/6vlqsq0ea94qi8rth4tp24je96k0dmndp8mrv081/4800d67e9c2c9b1c9b33e5072a3a4d3590a0f2a7c85332a08f56f93ba90730df?response-content-disposition=attachment%3B%20filename%3D%2215009518.tif%22%3B%20filename%2A%3DUTF-8%27%2715009518.tif&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIA37KREM2QBKQZ3X6K%2F20241004%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241004T130300Z&X-Amz-Expires=20166&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEI3%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIDbW0ksT3kpFTNmdUCSlFAfWS8tve21ITgXdvedLvrBsAiEAjwTn8R9LuIHi9v2IUGcvynJ3u75fZePpg%2Fb7j8YBKfwqiAQI1v%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw4MjMxOTMyNjU4MjQiDAaDG9BVYOPBSHu6TCrcA9jgSDwvR9kC3YEyJ%2BUj76%2B7ozV3IRDwuyAxYIRLInLLpzpFae%2BG7%2FN6hZIYntHvG0RTeaQu8gqTH9RMNxceYkMtryExakSeTn6EyV0rGw1nrz2nnuB%2BvQv2tBhO5g%2FDVEKGIAkBHGXqzCn7l8sitWAQGOFLntTEo8BRSSxLlZhyFKa6r0DTJWA2HRoAMXhvc3e0H%2BZGBW5HnLqIrE6mXeNgar8r7Ix3qP8bgDuIgWYB7BFixCDXcARA6UNqlB9JpI%2BNOzUzOr0g0AWnhyxmqUWBAPUtN2GsQIj%2F5NWAcXL7IJmnBVnmjPE3cIE19Z0sPyPwecimhXPV%2F3452vlugUGuyA%2BUCpqO6E0uatRty3%2FJWz5PcMFLXAopfdfO7IsOTk15zFHXOajtRqzCHv%2BIdRY2SnMY%2Bj5M%2BR88dqdl0%2FxMG%2BUGX5ApvpElUc3M5tH3Jy6fFHsSCBXVkBMt6jnBZWvJ%2BjWo%2BndZwoGdolsb9RuxU6LebmB8OguaOjxxF1r%2F23i5GLeyKLN8YLjUskJC56144IEpXs8YyGkpPsWw%2BEW2kK86Pa5d%2BtwXe9IioLos6ixB2GhVujVEx%2FpUEs%2FZT588Z76kuoFvhwHWwJQIHEh%2F4gtLz%2F3fGY7%2BAhKuMOrD%2F7cGOqUBFB1cCMjdqrpYzbQJl2m6RTmIUSrbFcnAuWFndE8tYoIxIeSc76oacoRCg3jQ4gXh3OQ9iaQuEBSG75w4RLP2uhktT%2BYfgY7mvU0ELQrSRvY6pIle4m6GIQmDHmtX1PTKRLZeS%2Fw2IGtJclWysxcCoXM155PfDM3KgcZhcxplk6YDOxky4u541EsuhZhklnOgutd%2FWYe2whdvHI4RzpQa9k8KEhDi&X-Amz-SignedHeaders=host&X-Amz-Signature=ece90186affc7b0a60310ade8e3c5cdb107dc9de5c37bc91dd97a78b3d4097d0"
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://phisher-parts-production-us-east-1.s3.amazonaws.com/da08a569-c476-4c06-9e6f-9e3c8ae51232/2024-10-03/6vlqsq0ea94qi8rth4tp24je96k0dmndp8mrv081/4800d67e9c2c9b1c9b33e5072a3a4d3590a0f2a7c85332a08f56f93ba90730df?response-content-disposition=attachment%3B%20filename%3D%2215009518.tif%22%3B%20filename%2A%3DUTF-8%27%2715009518.tif&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIA37KREM2QBKQZ3X6K%2F20241004%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241004T130300Z&X-Amz-Expires=20166&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEI3%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIDbW0ksT3kpFTNmdUCSlFAfWS8tve21ITgXdvedLvrBsAiEAjwTn8R9LuIHi9v2IUGcvynJ3u75fZePpg%2Fb7j8YBKfwqiAQI1v%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw4MjMxOTMyNjU4MjQiDAaDG9BVYOPBSHu6TCrcA9jgSDwvR9kC3YEyJ%2BUj76%2B7ozV3IRDwuyAxYIRLInLLpzpFae%2BG7%2FN6hZIYntHvG0RTeaQu8gqTH9RMNxceYkMtryExakSeTn6EyV0rGw1nrz2nnuB%2BvQv2tBhO5g%2FDVEKGIAkBHGXqzCn7l8sitWAQGOFLntTEo8BRSSxLlZhyFKa6r0DTJWA2HRoAMXhvc3e0H%2BZGBW5HnLqIrE6mXeNgar8r7Ix3qP8bgDuIgWYB7BFixCDXcARA6UNqlB9JpI%2BNOzUzOr0g0AWnhyxmqUWBAPUtN2GsQIj%2F5NWAcXL7IJmnBVnmjPE3cIE19Z0sPyPwecimhXPV%2F3452vlugUGuyA%2BUCpqO6E0uatRty3%2FJWz5PcMFLXAopfdfO7IsOTk15zFHXOajtRqzCHv%2BIdRY2SnMY%2Bj5M%2BR88dqdl0%2FxMG%2BUGX5ApvpElUc3M5tH3Jy6fFHsSCBXVkBMt6jnBZWvJ%2BjWo%2BndZwoGdolsb9RuxU6LebmB8OguaOjxxF1r%2F23i5GLeyKLN8YLjUskJC56144IEpXs8YyGkpPsWw%2BEW2kK86Pa5d%2BtwXe9IioLos6ixB2GhVujVEx%2FpUEs%2FZT588Z76kuoFvhwHWwJQIHEh%2F4gtLz%2F3fGY7%2BAhKuMOrD%2F7cGOqUBFB1cCMjdqrpYzbQJl2m6RTmIUSrbFcnAuWFndE8tYoIxIeSc76oacoRCg3jQ4gXh3OQ9iaQuEBSG75w4RLP2uhktT%2BYfgY7mvU0ELQrSRvY6pIle4m6GIQmDHmtX1PTKRLZeS%2Fw2IGtJclWysxcCoXM155PfDM3KgcZhcxplk6YDOxky4u541EsuhZhklnOgutd%2FWYe2whdvHI4RzpQa9k8KEhDi&X-Amz-SignedHeaders=host&X-Amz-Signature=ece90186affc7b0a60310ade8e3c5cdb107dc9de5c37bc91dd97a78b3d4097d0
|
|||
https://phisher-parts-production-us-east-1.s3.amazonaws.com/da08a569-c476-4c06-9e6f-9e3c8ae51232/202
|
unknown
|
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
s3-w.us-east-1.amazonaws.com
|
52.217.68.220
|
||
15.164.165.52.in-addr.arpa
|
unknown
|
||
phisher-parts-production-us-east-1.s3.amazonaws.com
|
unknown
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
52.217.68.220
|
s3-w.us-east-1.amazonaws.com
|
United States
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
2B46000
|
heap
|
page read and write
|
||
100000
|
heap
|
page read and write
|
||
1C0000
|
heap
|
page read and write
|
||
2B15000
|
heap
|
page read and write
|
||
A30000
|
heap
|
page read and write
|
||
2B12000
|
heap
|
page read and write
|
||
150000
|
heap
|
page read and write
|
||
2B1F000
|
heap
|
page read and write
|
||
1AE000
|
stack
|
page read and write
|
||
2E0F000
|
stack
|
page read and write
|
||
102F000
|
stack
|
page read and write
|
||
2E40000
|
heap
|
page read and write
|
||
2B5B000
|
heap
|
page read and write
|
||
A36000
|
heap
|
page read and write
|
||
9B000
|
stack
|
page read and write
|
||
1D0000
|
heap
|
page read and write
|
||
2B4A000
|
heap
|
page read and write
|
||
2B5B000
|
heap
|
page read and write
|
||
14E000
|
stack
|
page read and write
|
||
A0E000
|
stack
|
page read and write
|
||
160000
|
heap
|
page read and write
|
||
2B56000
|
heap
|
page read and write
|
||
2B13000
|
heap
|
page read and write
|
||
2B10000
|
heap
|
page read and write
|
||
2B22000
|
heap
|
page read and write
|
||
2B52000
|
heap
|
page read and write
|
||
2B4E000
|
heap
|
page read and write
|
||
A60000
|
heap
|
page read and write
|
||
E2F000
|
stack
|
page read and write
|
||
167000
|
heap
|
page read and write
|
||
A6A000
|
heap
|
page read and write
|
||
2B56000
|
heap
|
page read and write
|
||
9CC000
|
stack
|
page read and write
|
||
2B11000
|
heap
|
page read and write
|
||
2B5B000
|
heap
|
page read and write
|
There are 25 hidden memdumps, click here to show them.