Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
wSIWW3vyrB.exe
|
PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
|
initial sample
|
 |
|
|
\Device\Mup\user-PC\PIPE\samr
|
GLS_BINARY_LSB_FIRST
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\wSIWW3vyrB.exe
|
"C:\Users\user\Desktop\wSIWW3vyrB.exe"
|
|
|
|
C:\Windows\System32\whoami.exe
|
whoami
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
fp2e7a.wpc.phicdn.net
|
192.229.221.95
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
121.41.18.122
|
unknown
|
China
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
C0000B9000
|
direct allocation
|
page read and write
|
||
|
C0001EC000
|
direct allocation
|
page read and write
|
||
|
C00015A000
|
direct allocation
|
page read and write
|
||
|
C00027A000
|
direct allocation
|
page read and write
|
||
|
1BA9A010000
|
direct allocation
|
page read and write
|
||
|
C00009A000
|
direct allocation
|
page read and write
|
||
|
C0000CE000
|
direct allocation
|
page read and write
|
||
|
1BA9A370000
|
direct allocation
|
page read and write
|
||
|
C00005A000
|
direct allocation
|
page read and write
|
||
|
C000065000
|
direct allocation
|
page read and write
|
||
|
C000278000
|
direct allocation
|
page read and write
|
||
|
C000063000
|
direct allocation
|
page read and write
|
||
|
C000309000
|
direct allocation
|
page read and write
|
||
|
C000252000
|
direct allocation
|
page read and write
|
||
|
C000264000
|
direct allocation
|
page read and write
|
||
|
1B6F000
|
unkown
|
page execute and read and write
|
||
|
C000260000
|
direct allocation
|
page read and write
|
||
|
C00027C000
|
direct allocation
|
page read and write
|
||
|
C000272000
|
direct allocation
|
page read and write
|
||
|
C000096000
|
direct allocation
|
page read and write
|
||
|
C0000B2000
|
direct allocation
|
page read and write
|
||
|
C0001FE000
|
direct allocation
|
page read and write
|
||
|
C00012C000
|
direct allocation
|
page read and write
|
||
|
C000088000
|
direct allocation
|
page read and write
|
||
|
C00004B000
|
direct allocation
|
page read and write
|
||
|
C0000A2000
|
direct allocation
|
page read and write
|
||
|
C000070000
|
direct allocation
|
page read and write
|
||
|
F00000
|
unkown
|
page readonly
|
||
|
1A11000
|
unkown
|
page execute and read and write
|
||
|
C00012A000
|
direct allocation
|
page read and write
|
||
|
1BA9A02C000
|
heap
|
page read and write
|
||
|
C00025A000
|
direct allocation
|
page read and write
|
||
|
4FA29FF000
|
stack
|
page read and write
|
||
|
1EDB000
|
unkown
|
page execute and read and write
|
||
|
C00024A000
|
direct allocation
|
page read and write
|
||
|
1ED4000
|
unkown
|
page execute and read and write
|
||
|
C0000CA000
|
direct allocation
|
page read and write
|
||
|
18F8000
|
unkown
|
page execute and read and write
|
||
|
C000306000
|
direct allocation
|
page read and write
|
||
|
1BA9A020000
|
heap
|
page read and write
|
||
|
1F24000
|
unkown
|
page read and write
|
||
|
4FA21FF000
|
stack
|
page read and write
|
||
|
213629B8000
|
heap
|
page read and write
|
||
|
1BA9A379000
|
direct allocation
|
page read and write
|
||
|
C000084000
|
direct allocation
|
page read and write
|
||
|
C0000A6000
|
direct allocation
|
page read and write
|
||
|
C000055000
|
direct allocation
|
page read and write
|
||
|
4FA1BFD000
|
stack
|
page read and write
|
||
|
F00000
|
unkown
|
page readonly
|
||
|
C0000C0000
|
direct allocation
|
page read and write
|
||
|
C00018C000
|
direct allocation
|
page read and write
|
||
|
C00028C000
|
direct allocation
|
page read and write
|
||
|
C00002C000
|
direct allocation
|
page read and write
|
||
|
C000128000
|
direct allocation
|
page read and write
|
||
|
21362950000
|
heap
|
page read and write
|
||
|
C0000DA000
|
direct allocation
|
page read and write
|
||
|
1BA99FF0000
|
heap
|
page read and write
|
||
|
F01000
|
unkown
|
page execute and read and write
|
||
|
18C9000
|
unkown
|
page execute and read and write
|
||
|
C000104000
|
direct allocation
|
page read and write
|
||
|
1BA9A214000
|
direct allocation
|
page read and write
|
||
|
C0000DC000
|
direct allocation
|
page read and write
|
||
|
C000283000
|
direct allocation
|
page read and write
|
||
|
C000144000
|
direct allocation
|
page read and write
|
||
|
C0000B5000
|
direct allocation
|
page read and write
|
||
|
1BA9A380000
|
direct allocation
|
page read and write
|
||
|
C0001F2000
|
direct allocation
|
page read and write
|
||
|
C000300000
|
direct allocation
|
page read and write
|
||
|
C000086000
|
direct allocation
|
page read and write
|
||
|
C000285000
|
direct allocation
|
page read and write
|
||
|
C0000AA000
|
direct allocation
|
page read and write
|
||
|
C000254000
|
direct allocation
|
page read and write
|
||
|
C0001F6000
|
direct allocation
|
page read and write
|
||
|
C0001E2000
|
direct allocation
|
page read and write
|
||
|
C00028E000
|
direct allocation
|
page read and write
|
||
|
C0000A0000
|
direct allocation
|
page read and write
|
||
|
C000136000
|
direct allocation
|
page read and write
|
||
|
C000154000
|
direct allocation
|
page read and write
|
||
|
C0000E5000
|
direct allocation
|
page read and write
|
||
|
C000266000
|
direct allocation
|
page read and write
|
||
|
C0000FE000
|
direct allocation
|
page read and write
|
||
|
C000262000
|
direct allocation
|
page read and write
|
||
|
C0000B7000
|
direct allocation
|
page read and write
|
||
|
1BA9A029000
|
heap
|
page read and write
|
||
|
C00008C000
|
direct allocation
|
page read and write
|
||
|
C00028A000
|
direct allocation
|
page read and write
|
||
|
C000174000
|
direct allocation
|
page read and write
|
||
|
4FA27FD000
|
stack
|
page read and write
|
||
|
C00024C000
|
direct allocation
|
page read and write
|
||
|
1F10000
|
unkown
|
page execute and read and write
|
||
|
4FA25FE000
|
stack
|
page read and write
|
||
|
1AC3000
|
unkown
|
page execute and read and write
|
||
|
C000248000
|
direct allocation
|
page read and write
|
||
|
C000044000
|
direct allocation
|
page read and write
|
||
|
C000078000
|
direct allocation
|
page read and write
|
||
|
1F24000
|
unkown
|
page write copy
|
||
|
C000200000
|
direct allocation
|
page read and write
|
||
|
C000122000
|
direct allocation
|
page read and write
|
||
|
C000250000
|
direct allocation
|
page read and write
|
||
|
C00014A000
|
direct allocation
|
page read and write
|
||
|
1A46000
|
unkown
|
page execute and read and write
|
||
|
197A000
|
unkown
|
page execute and write copy
|
||
|
C00025C000
|
direct allocation
|
page read and write
|
||
|
C0000A8000
|
direct allocation
|
page read and write
|
||
|
C00006E000
|
direct allocation
|
page read and write
|
||
|
C00001A000
|
direct allocation
|
page read and write
|
||
|
C0000CC000
|
direct allocation
|
page read and write
|
||
|
C000002000
|
direct allocation
|
page read and write
|
||
|
C0000BB000
|
direct allocation
|
page read and write
|
||
|
5584E7F000
|
stack
|
page read and write
|
||
|
C000102000
|
direct allocation
|
page read and write
|
||
|
C0000E1000
|
direct allocation
|
page read and write
|
||
|
1995000
|
unkown
|
page execute and read and write
|
||
|
C00011A000
|
direct allocation
|
page read and write
|
||
|
C000118000
|
direct allocation
|
page read and write
|
||
|
21362980000
|
heap
|
page read and write
|
||
|
1F23000
|
unkown
|
page execute and write copy
|
||
|
C00013A000
|
direct allocation
|
page read and write
|
||
|
C000126000
|
direct allocation
|
page read and write
|
||
|
C000050000
|
direct allocation
|
page read and write
|
||
|
C000057000
|
direct allocation
|
page read and write
|
||
|
C00006A000
|
direct allocation
|
page read and write
|
||
|
C0000DF000
|
direct allocation
|
page read and write
|
||
|
1BA99FE0000
|
heap
|
page read and write
|
||
|
C0001F0000
|
direct allocation
|
page read and write
|
||
|
1BA9A3E5000
|
heap
|
page read and write
|
||
|
21362C50000
|
heap
|
page read and write
|
||
|
C000082000
|
direct allocation
|
page read and write
|
||
|
C00003C000
|
direct allocation
|
page read and write
|
||
|
C000270000
|
direct allocation
|
page read and write
|
||
|
C00009E000
|
direct allocation
|
page read and write
|
||
|
C0000D8000
|
direct allocation
|
page read and write
|
||
|
1BABFCF3000
|
direct allocation
|
page read and write
|
||
|
C00029C000
|
direct allocation
|
page read and write
|
||
|
1965000
|
unkown
|
page execute and read and write
|
||
|
C000242000
|
direct allocation
|
page read and write
|
||
|
C00003A000
|
direct allocation
|
page read and write
|
||
|
C000292000
|
direct allocation
|
page read and write
|
||
|
C00013C000
|
direct allocation
|
page read and write
|
||
|
C000112000
|
direct allocation
|
page read and write
|
||
|
C00011E000
|
direct allocation
|
page read and write
|
||
|
C00026C000
|
direct allocation
|
page read and write
|
||
|
C000176000
|
direct allocation
|
page read and write
|
||
|
185C000
|
unkown
|
page execute and read and write
|
||
|
5584B1E000
|
stack
|
page read and write
|
||
|
4FA2BFF000
|
stack
|
page read and write
|
||
|
C000244000
|
direct allocation
|
page read and write
|
||
|
1B7E000
|
unkown
|
page execute and read and write
|
||
|
1BA9A219000
|
direct allocation
|
page read and write
|
||
|
C000040000
|
direct allocation
|
page read and write
|
||
|
C000074000
|
direct allocation
|
page read and write
|
||
|
1BA9A210000
|
direct allocation
|
page read and write
|
||
|
21362C55000
|
heap
|
page read and write
|
||
|
4FA23FE000
|
stack
|
page read and write
|
||
|
21362960000
|
heap
|
page read and write
|
||
|
C00007B000
|
direct allocation
|
page read and write
|
||
|
C000061000
|
direct allocation
|
page read and write
|
||
|
C0000FC000
|
direct allocation
|
page read and write
|
||
|
C0000BE000
|
direct allocation
|
page read and write
|
||
|
5584B9F000
|
stack
|
page read and write
|
||
|
C000268000
|
direct allocation
|
page read and write
|
||
|
C0000D2000
|
direct allocation
|
page read and write
|
||
|
C000094000
|
direct allocation
|
page read and write
|
||
|
C0000EE000
|
direct allocation
|
page read and write
|
||
|
C00015E000
|
direct allocation
|
page read and write
|
||
|
C0000FA000
|
direct allocation
|
page read and write
|
||
|
213629B0000
|
heap
|
page read and write
|
||
|
1BA9A374000
|
direct allocation
|
page read and write
|
||
|
C00008A000
|
direct allocation
|
page read and write
|
||
|
C00026E000
|
direct allocation
|
page read and write
|
||
|
C0001EE000
|
direct allocation
|
page read and write
|
||
|
1BA9A3A3000
|
direct allocation
|
page read and write
|
||
|
C0000D0000
|
direct allocation
|
page read and write
|
||
|
C000100000
|
direct allocation
|
page read and write
|
||
|
1BABFD03000
|
direct allocation
|
page read and write
|
||
|
C000130000
|
direct allocation
|
page read and write
|
||
|
5584A9C000
|
stack
|
page read and write
|
||
|
C000004000
|
direct allocation
|
page read and write
|
||
|
1BA9A3E0000
|
heap
|
page read and write
|
||
|
C0001FC000
|
direct allocation
|
page read and write
|
||
|
C000142000
|
direct allocation
|
page read and write
|
||
|
1BABFD01000
|
direct allocation
|
page read and write
|
||
|
C00025E000
|
direct allocation
|
page read and write
|
||
|
C000302000
|
direct allocation
|
page read and write
|
||
|
C0000C4000
|
direct allocation
|
page read and write
|
||
|
C00016E000
|
direct allocation
|
page read and write
|
||
|
C0000C8000
|
direct allocation
|
page read and write
|
||
|
C0000C6000
|
direct allocation
|
page read and write
|
||
|
1BA9A1F0000
|
heap
|
page read and write
|
||
|
1EA7000
|
unkown
|
page execute and read and write
|
||
|
C0000E3000
|
direct allocation
|
page read and write
|
||
|
C00030D000
|
direct allocation
|
page read and write
|
||
|
4FA2DFF000
|
stack
|
page read and write
|
||
|
C0000AE000
|
direct allocation
|
page read and write
|
||
|
C0000F8000
|
direct allocation
|
page read and write
|
||
|
C000258000
|
direct allocation
|
page read and write
|
||
|
C000006000
|
direct allocation
|
page read and write
|
||
|
1EAD000
|
unkown
|
page execute and read and write
|
||
|
1BA9A3A0000
|
direct allocation
|
page read and write
|
||
|
C00026A000
|
direct allocation
|
page read and write
|
||
|
C000246000
|
direct allocation
|
page read and write
|
||
|
C000067000
|
direct allocation
|
page read and write
|
||
|
C00006C000
|
direct allocation
|
page read and write
|
||
|
C000172000
|
direct allocation
|
page read and write
|
||
|
C00005C000
|
direct allocation
|
page read and write
|
||
|
C0000B0000
|
direct allocation
|
page read and write
|
There are 196 hidden memdumps, click here to show them.