Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cqz53mx0.fnv.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ixtqhfaq.xnb.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ueeh2mli.5vx.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xe3tlqns.qbm.ps1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe"
|
|
|
|
C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe"
|
|
|
|
C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe"
|
|
|
|
C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.26512.27594.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
www.uggernauty.net/t94g/
|
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://www.chiark.greenend.org.uk/~sgtatham/putty/0
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
241.42.69.40.in-addr.arpa
|
unknown
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
359C000
|
trusted library allocation
|
page read and write
|
|
|
|
4E20000
|
heap
|
page read and write
|
||
|
499E000
|
trusted library allocation
|
page read and write
|
||
|
994000
|
trusted library allocation
|
page read and write
|
||
|
B10000
|
trusted library allocation
|
page read and write
|
||
|
791000
|
heap
|
page read and write
|
||
|
67F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
248C000
|
stack
|
page read and write
|
||
|
67AF000
|
stack
|
page read and write
|
||
|
B3CE000
|
stack
|
page read and write
|
||
|
AD2000
|
trusted library allocation
|
page read and write
|
||
|
9A3000
|
trusted library allocation
|
page read and write
|
||
|
139D000
|
direct allocation
|
page execute and read and write
|
||
|
D70000
|
heap
|
page read and write
|
||
|
AC0000
|
trusted library allocation
|
page read and write
|
||
|
98E000
|
stack
|
page read and write
|
||
|
B15F000
|
stack
|
page read and write
|
||
|
4A40000
|
trusted library allocation
|
page execute and read and write
|
||
|
132000
|
unkown
|
page readonly
|
||
|
11FD000
|
direct allocation
|
page execute and read and write
|
||
|
B64C000
|
stack
|
page read and write
|
||
|
498B000
|
trusted library allocation
|
page read and write
|
||
|
808000
|
heap
|
page read and write
|
||
|
B20000
|
heap
|
page read and write
|
||
|
784000
|
heap
|
page read and write
|
||
|
7FF000
|
heap
|
page read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
9AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
72E000
|
stack
|
page read and write
|
||
|
4B30000
|
trusted library allocation
|
page read and write
|
||
|
B4CE000
|
stack
|
page read and write
|
||
|
10D0000
|
direct allocation
|
page execute and read and write
|
||
|
B68E000
|
stack
|
page read and write
|
||
|
AC2000
|
trusted library allocation
|
page read and write
|
||
|
B95000
|
trusted library allocation
|
page read and write
|
||
|
49C3000
|
heap
|
page read and write
|
||
|
463C000
|
stack
|
page read and write
|
||
|
C90000
|
heap
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
126E000
|
direct allocation
|
page execute and read and write
|
||
|
AF0000
|
trusted library allocation
|
page read and write
|
||
|
B29E000
|
stack
|
page read and write
|
||
|
4E0D000
|
stack
|
page read and write
|
||
|
B70000
|
trusted library allocation
|
page read and write
|
||
|
6840000
|
trusted library allocation
|
page execute and read and write
|
||
|
6B9E000
|
stack
|
page read and write
|
||
|
49AD000
|
trusted library allocation
|
page read and write
|
||
|
B19D000
|
stack
|
page read and write
|
||
|
4BF0000
|
trusted library allocation
|
page read and write
|
||
|
990000
|
trusted library allocation
|
page read and write
|
||
|
B00000
|
trusted library allocation
|
page execute and read and write
|
||
|
6AAE000
|
stack
|
page read and write
|
||
|
4A00000
|
trusted library allocation
|
page read and write
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
6850000
|
trusted library allocation
|
page read and write
|
||
|
6855000
|
trusted library allocation
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
B78E000
|
stack
|
page read and write
|
||
|
AF61000
|
heap
|
page read and write
|
||
|
AC6000
|
trusted library allocation
|
page execute and read and write
|
||
|
BA4000
|
heap
|
page read and write
|
||
|
4A52000
|
trusted library allocation
|
page read and write
|
||
|
24A1000
|
trusted library allocation
|
page read and write
|
||
|
4F7E000
|
stack
|
page read and write
|
||
|
6820000
|
trusted library allocation
|
page read and write
|
||
|
65B0000
|
heap
|
page read and write
|
||
|
AE5E000
|
stack
|
page read and write
|
||
|
AD7000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E10000
|
heap
|
page read and write
|
||
|
B6E000
|
stack
|
page read and write
|
||
|
2490000
|
heap
|
page execute and read and write
|
||
|
4C10000
|
heap
|
page execute and read and write
|
||
|
834F000
|
heap
|
page read and write
|
||
|
67B0000
|
trusted library section
|
page read and write
|
||
|
4A50000
|
trusted library allocation
|
page read and write
|
||
|
75D000
|
stack
|
page read and write
|
||
|
4BC0000
|
trusted library section
|
page readonly
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
49C0000
|
heap
|
page read and write
|
||
|
34A1000
|
trusted library allocation
|
page read and write
|
||
|
7F4F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
130000
|
unkown
|
page readonly
|
||
|
6880000
|
trusted library allocation
|
page execute and read and write
|
||
|
7ED000
|
heap
|
page read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
11F9000
|
direct allocation
|
page execute and read and write
|
||
|
4E55000
|
heap
|
page read and write
|
||
|
9A0000
|
trusted library allocation
|
page read and write
|
||
|
777000
|
heap
|
page read and write
|
||
|
6AF0000
|
trusted library section
|
page read and write
|
||
|
6830000
|
trusted library allocation
|
page read and write
|
||
|
355A000
|
trusted library allocation
|
page read and write
|
||
|
49A1000
|
trusted library allocation
|
page read and write
|
||
|
27E9000
|
trusted library allocation
|
page read and write
|
||
|
AC5F000
|
stack
|
page read and write
|
||
|
4B9B000
|
stack
|
page read and write
|
||
|
ACA000
|
trusted library allocation
|
page execute and read and write
|
||
|
4BD0000
|
heap
|
page read and write
|
||
|
1381000
|
direct allocation
|
page execute and read and write
|
||
|
ABE000
|
stack
|
page read and write
|
||
|
82F0000
|
heap
|
page read and write
|
||
|
49A6000
|
trusted library allocation
|
page read and write
|
||
|
4BA0000
|
heap
|
page read and write
|
||
|
1396000
|
direct allocation
|
page execute and read and write
|
||
|
49D0000
|
trusted library allocation
|
page read and write
|
||
|
6800000
|
trusted library allocation
|
page execute and read and write
|
||
|
68CE000
|
stack
|
page read and write
|
||
|
6AED000
|
stack
|
page read and write
|
||
|
B54C000
|
stack
|
page read and write
|
||
|
4A60000
|
trusted library allocation
|
page read and write
|
||
|
75E000
|
heap
|
page read and write
|
||
|
834000
|
heap
|
page read and write
|
||
|
67E0000
|
trusted library allocation
|
page read and write
|
||
|
993000
|
trusted library allocation
|
page execute and read and write
|
||
|
B60000
|
heap
|
page read and write
|
||
|
1418000
|
direct allocation
|
page execute and read and write
|
||
|
6860000
|
trusted library allocation
|
page read and write
|
||
|
831000
|
heap
|
page read and write
|
||
|
4A5A000
|
trusted library allocation
|
page read and write
|
||
|
AFE000
|
stack
|
page read and write
|
||
|
ADB000
|
trusted library allocation
|
page execute and read and write
|
||
|
567000
|
stack
|
page read and write
|
||
|
44A8000
|
trusted library allocation
|
page read and write
|
||
|
855E000
|
stack
|
page read and write
|
||
|
4BE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
99D000
|
trusted library allocation
|
page execute and read and write
|
||
|
67D1000
|
trusted library allocation
|
page read and write
|
||
|
4B40000
|
trusted library allocation
|
page execute and read and write
|
||
|
82F5000
|
heap
|
page read and write
|
||
|
69CE000
|
stack
|
page read and write
|
||
|
4E30000
|
heap
|
page read and write
|
||
|
AD5F000
|
stack
|
page read and write
|
||
|
94E000
|
stack
|
page read and write
|
||
|
B4F0000
|
heap
|
page read and write
|
||
|
4B20000
|
trusted library allocation
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
6810000
|
trusted library allocation
|
page read and write
|
||
|
4BB0000
|
heap
|
page read and write
|
||
|
6A0E000
|
stack
|
page read and write
|
||
|
34A9000
|
trusted library allocation
|
page read and write
|
||
|
6CB2000
|
trusted library allocation
|
page read and write
|
||
|
4E15000
|
heap
|
page read and write
|
||
|
4A30000
|
heap
|
page read and write
|
||
|
244E000
|
stack
|
page read and write
|
||
|
AF5D000
|
stack
|
page read and write
|
||
|
B90000
|
trusted library allocation
|
page read and write
|
||
|
4980000
|
trusted library allocation
|
page read and write
|
||
|
740000
|
trusted library allocation
|
page read and write
|
||
|
469000
|
stack
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
There are 141 hidden memdumps, click here to show them.