Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
PURCHASE ORDER-6350-2024.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PURCHASE ORDER-6350-2024.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_aa3ncavf.zhi.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bqvapdi5.4ez.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_e3phy5qo.2xj.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vjxw10nb.fvq.psm1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\PURCHASE ORDER-6350-2024.exe
|
"C:\Users\user\Desktop\PURCHASE ORDER-6350-2024.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PURCHASE
ORDER-6350-2024.exe"
|
|
|
|
C:\Users\user\Desktop\PURCHASE ORDER-6350-2024.exe
|
"C:\Users\user\Desktop\PURCHASE ORDER-6350-2024.exe"
|
|
|
|
C:\Users\user\Desktop\PURCHASE ORDER-6350-2024.exe
|
"C:\Users\user\Desktop\PURCHASE ORDER-6350-2024.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://mail.mbarieservicesltd.com
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
mail.mbarieservicesltd.com
|
199.79.62.115
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
199.79.62.115
|
mail.mbarieservicesltd.com
|
United States
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
3A29000
|
trusted library allocation
|
page read and write
|
|
|
|
2D11000
|
trusted library allocation
|
page read and write
|
|
|
|
2D6A000
|
trusted library allocation
|
page read and write
|
|
|
|
4FB0000
|
trusted library allocation
|
page read and write
|
||
|
1000000
|
trusted library allocation
|
page read and write
|
||
|
29C0000
|
trusted library allocation
|
page read and write
|
||
|
548E000
|
stack
|
page read and write
|
||
|
654C000
|
trusted library allocation
|
page read and write
|
||
|
5EAF000
|
stack
|
page read and write
|
||
|
BC0000
|
heap
|
page read and write
|
||
|
109E000
|
stack
|
page read and write
|
||
|
66F4000
|
trusted library allocation
|
page read and write
|
||
|
682000
|
unkown
|
page readonly
|
||
|
FAC000
|
heap
|
page read and write
|
||
|
29E0000
|
trusted library allocation
|
page read and write
|
||
|
63D4000
|
heap
|
page read and write
|
||
|
2A10000
|
heap
|
page read and write
|
||
|
5093000
|
heap
|
page read and write
|
||
|
100E000
|
heap
|
page read and write
|
||
|
526A000
|
trusted library allocation
|
page read and write
|
||
|
570E000
|
stack
|
page read and write
|
||
|
D1A000
|
heap
|
page read and write
|
||
|
B6CE000
|
stack
|
page read and write
|
||
|
F03000
|
trusted library allocation
|
page execute and read and write
|
||
|
1245000
|
trusted library allocation
|
page execute and read and write
|
||
|
1003000
|
trusted library allocation
|
page execute and read and write
|
||
|
D7F000
|
heap
|
page read and write
|
||
|
1030000
|
trusted library allocation
|
page read and write
|
||
|
4F1E000
|
trusted library allocation
|
page read and write
|
||
|
29F0000
|
heap
|
page execute and read and write
|
||
|
4F80000
|
heap
|
page read and write
|
||
|
F98000
|
heap
|
page read and write
|
||
|
1100000
|
trusted library allocation
|
page read and write
|
||
|
4F0B000
|
trusted library allocation
|
page read and write
|
||
|
D08000
|
heap
|
page read and write
|
||
|
102A000
|
trusted library allocation
|
page execute and read and write
|
||
|
8840000
|
heap
|
page read and write
|
||
|
8AAE000
|
stack
|
page read and write
|
||
|
544C000
|
stack
|
page read and write
|
||
|
6710000
|
trusted library allocation
|
page read and write
|
||
|
C4E000
|
stack
|
page read and write
|
||
|
F10000
|
heap
|
page read and write
|
||
|
3A21000
|
trusted library allocation
|
page read and write
|
||
|
510B000
|
stack
|
page read and write
|
||
|
4F21000
|
trusted library allocation
|
page read and write
|
||
|
F18000
|
heap
|
page read and write
|
||
|
5520000
|
heap
|
page read and write
|
||
|
6540000
|
trusted library allocation
|
page read and write
|
||
|
B58E000
|
stack
|
page read and write
|
||
|
2C5C000
|
stack
|
page read and write
|
||
|
4F90000
|
trusted library allocation
|
page execute and read and write
|
||
|
42C000
|
remote allocation
|
page execute and read and write
|
||
|
6E00000
|
trusted library allocation
|
page read and write
|
||
|
1032000
|
trusted library allocation
|
page read and write
|
||
|
2CC0000
|
heap
|
page read and write
|
||
|
1240000
|
trusted library allocation
|
page read and write
|
||
|
1037000
|
trusted library allocation
|
page execute and read and write
|
||
|
103B000
|
trusted library allocation
|
page execute and read and write
|
||
|
4BBC000
|
stack
|
page read and write
|
||
|
6E25000
|
trusted library allocation
|
page read and write
|
||
|
5120000
|
heap
|
page read and write
|
||
|
5641000
|
trusted library allocation
|
page read and write
|
||
|
888C000
|
heap
|
page read and write
|
||
|
64B0000
|
trusted library allocation
|
page read and write
|
||
|
53B0000
|
heap
|
page read and write
|
||
|
1117000
|
heap
|
page read and write
|
||
|
D15000
|
heap
|
page read and write
|
||
|
526E000
|
trusted library allocation
|
page read and write
|
||
|
6720000
|
trusted library allocation
|
page execute and read and write
|
||
|
121F000
|
stack
|
page read and write
|
||
|
6DB0000
|
trusted library allocation
|
page read and write
|
||
|
5110000
|
trusted library section
|
page readonly
|
||
|
1026000
|
trusted library allocation
|
page execute and read and write
|
||
|
683F000
|
stack
|
page read and write
|
||
|
F04000
|
trusted library allocation
|
page read and write
|
||
|
687E000
|
stack
|
page read and write
|
||
|
6DF0000
|
trusted library allocation
|
page read and write
|
||
|
679D000
|
stack
|
page read and write
|
||
|
12C8000
|
trusted library allocation
|
page read and write
|
||
|
5080000
|
trusted library allocation
|
page read and write
|
||
|
FF0000
|
trusted library allocation
|
page read and write
|
||
|
52FC000
|
stack
|
page read and write
|
||
|
4F2D000
|
trusted library allocation
|
page read and write
|
||
|
64F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
88B6000
|
heap
|
page read and write
|
||
|
FE1000
|
heap
|
page read and write
|
||
|
2CD0000
|
trusted library allocation
|
page read and write
|
||
|
680000
|
unkown
|
page readonly
|
||
|
B29000
|
stack
|
page read and write
|
||
|
6714000
|
trusted library allocation
|
page read and write
|
||
|
FEE000
|
stack
|
page read and write
|
||
|
1260000
|
heap
|
page read and write
|
||
|
4F26000
|
trusted library allocation
|
page read and write
|
||
|
3D19000
|
trusted library allocation
|
page read and write
|
||
|
D8F000
|
heap
|
page read and write
|
||
|
B7CF000
|
stack
|
page read and write
|
||
|
1110000
|
heap
|
page read and write
|
||
|
6E20000
|
trusted library allocation
|
page read and write
|
||
|
29D0000
|
trusted library allocation
|
page read and write
|
||
|
539E000
|
stack
|
page read and write
|
||
|
63E8000
|
heap
|
page read and write
|
||
|
53A0000
|
heap
|
page read and write
|
||
|
6E10000
|
trusted library allocation
|
page execute and read and write
|
||
|
F3B000
|
heap
|
page read and write
|
||
|
B44F000
|
stack
|
page read and write
|
||
|
71C000
|
unkown
|
page readonly
|
||
|
4FA0000
|
trusted library allocation
|
page read and write
|
||
|
6700000
|
trusted library allocation
|
page read and write
|
||
|
6E9D000
|
stack
|
page read and write
|
||
|
B450000
|
heap
|
page read and write
|
||
|
10F0000
|
trusted library allocation
|
page read and write
|
||
|
525E000
|
trusted library allocation
|
page read and write
|
||
|
4F50000
|
trusted library allocation
|
page read and write
|
||
|
5276000
|
trusted library allocation
|
page read and write
|
||
|
50B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
7E5000
|
heap
|
page read and write
|
||
|
1022000
|
trusted library allocation
|
page read and write
|
||
|
C8E000
|
stack
|
page read and write
|
||
|
D40000
|
heap
|
page read and write
|
||
|
100D000
|
trusted library allocation
|
page execute and read and write
|
||
|
B1AF000
|
stack
|
page read and write
|
||
|
57F0000
|
trusted library allocation
|
page read and write
|
||
|
5620000
|
trusted library section
|
page read and write
|
||
|
10E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5262000
|
trusted library allocation
|
page read and write
|
||
|
6750000
|
heap
|
page read and write
|
||
|
F0D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4A28000
|
trusted library allocation
|
page read and write
|
||
|
CD0000
|
heap
|
page read and write
|
||
|
2D00000
|
heap
|
page read and write
|
||
|
53D0000
|
heap
|
page read and write
|
||
|
5294000
|
trusted library allocation
|
page read and write
|
||
|
4F00000
|
trusted library allocation
|
page read and write
|
||
|
707E000
|
stack
|
page read and write
|
||
|
CDE000
|
heap
|
page read and write
|
||
|
1232000
|
trusted library allocation
|
page read and write
|
||
|
BF0000
|
trusted library allocation
|
page read and write
|
||
|
5090000
|
heap
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
7F700000
|
trusted library allocation
|
page execute and read and write
|
||
|
64C0000
|
trusted library allocation
|
page read and write
|
||
|
5230000
|
heap
|
page read and write
|
||
|
1004000
|
trusted library allocation
|
page read and write
|
||
|
101D000
|
trusted library allocation
|
page execute and read and write
|
||
|
F00000
|
trusted library allocation
|
page read and write
|
||
|
EF8000
|
stack
|
page read and write
|
||
|
8844000
|
heap
|
page read and write
|
||
|
ECE000
|
stack
|
page read and write
|
||
|
B2AE000
|
stack
|
page read and write
|
||
|
1242000
|
trusted library allocation
|
page read and write
|
||
|
6F9E000
|
stack
|
page read and write
|
||
|
5282000
|
trusted library allocation
|
page read and write
|
||
|
52A0000
|
trusted library allocation
|
page read and write
|
||
|
6DC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
56CF000
|
stack
|
page read and write
|
||
|
6DD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1020000
|
trusted library allocation
|
page read and write
|
||
|
1230000
|
trusted library allocation
|
page read and write
|
||
|
7AA000
|
stack
|
page read and write
|
||
|
55CE000
|
stack
|
page read and write
|
||
|
88B1000
|
heap
|
page read and write
|
||
|
57F7000
|
trusted library allocation
|
page read and write
|
||
|
66F0000
|
trusted library allocation
|
page read and write
|
||
|
F9A000
|
heap
|
page read and write
|
||
|
F9D000
|
heap
|
page read and write
|
||
|
EE0000
|
heap
|
page read and write
|
||
|
4FA2000
|
trusted library allocation
|
page read and write
|
||
|
FE3000
|
heap
|
page read and write
|
||
|
70EE000
|
stack
|
page read and write
|
||
|
2CF0000
|
heap
|
page execute and read and write
|
||
|
50A0000
|
trusted library allocation
|
page read and write
|
||
|
527D000
|
trusted library allocation
|
page read and write
|
||
|
670D000
|
trusted library allocation
|
page read and write
|
||
|
CA0000
|
heap
|
page read and write
|
||
|
88CA000
|
heap
|
page read and write
|
||
|
CFA000
|
heap
|
page read and write
|
||
|
B80E000
|
stack
|
page read and write
|
||
|
123A000
|
trusted library allocation
|
page execute and read and write
|
||
|
5295000
|
heap
|
page read and write
|
||
|
122D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5240000
|
trusted library allocation
|
page execute and read and write
|
||
|
5290000
|
heap
|
page read and write
|
||
|
2A21000
|
trusted library allocation
|
page read and write
|
||
|
1220000
|
trusted library allocation
|
page read and write
|
||
|
6C9E000
|
stack
|
page read and write
|
||
|
6520000
|
heap
|
page read and write
|
||
|
5250000
|
trusted library allocation
|
page read and write
|
||
|
D60000
|
heap
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
6530000
|
trusted library allocation
|
page execute and read and write
|
||
|
29D5000
|
trusted library allocation
|
page read and write
|
||
|
2CC3000
|
heap
|
page read and write
|
||
|
2C1E000
|
stack
|
page read and write
|
||
|
12BE000
|
stack
|
page read and write
|
||
|
5256000
|
trusted library allocation
|
page read and write
|
||
|
B94B000
|
stack
|
page read and write
|
||
|
8940000
|
trusted library section
|
page read and write
|
||
|
10DC000
|
stack
|
page read and write
|
||
|
2CA0000
|
heap
|
page read and write
|
||
|
7202000
|
trusted library allocation
|
page read and write
|
||
|
1270000
|
trusted library allocation
|
page read and write
|
||
|
4FAA000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
1360000
|
trusted library allocation
|
page execute and read and write
|
||
|
1247000
|
trusted library allocation
|
page execute and read and write
|
||
|
5340000
|
heap
|
page execute and read and write
|
||
|
6DE0000
|
trusted library allocation
|
page read and write
|
||
|
889B000
|
heap
|
page read and write
|
||
|
7F980000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D51000
|
trusted library allocation
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
F47000
|
heap
|
page read and write
|
||
|
6E30000
|
trusted library allocation
|
page read and write
|
||
|
2A34000
|
trusted library allocation
|
page read and write
|
||
|
B68F000
|
stack
|
page read and write
|
||
|
2D78000
|
trusted library allocation
|
page read and write
|
||
|
111E000
|
stack
|
page read and write
|
||
|
BA4C000
|
stack
|
page read and write
|
||
|
6547000
|
trusted library allocation
|
page read and write
|
||
|
1236000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CE0000
|
trusted library allocation
|
page read and write
|
||
|
6DAE000
|
stack
|
page read and write
|
||
|
57E0000
|
trusted library allocation
|
page read and write
|
||
|
CD8000
|
heap
|
page read and write
|
||
|
4E0D000
|
stack
|
page read and write
|
||
|
F45000
|
heap
|
page read and write
|
||
|
1013000
|
trusted library allocation
|
page read and write
|
||
|
3D11000
|
trusted library allocation
|
page read and write
|
||
|
BC5000
|
heap
|
page read and write
|
||
|
1370000
|
heap
|
page read and write
|
||
|
4FC0000
|
heap
|
page execute and read and write
|
||
|
8850000
|
heap
|
page read and write
|
||
|
63C8000
|
heap
|
page read and write
|
||
|
D48000
|
heap
|
page read and write
|
||
|
5220000
|
heap
|
page read and write
|
||
|
AF7000
|
stack
|
page read and write
|
||
|
D7B000
|
heap
|
page read and write
|
||
|
124B000
|
trusted library allocation
|
page execute and read and write
|
||
|
5271000
|
trusted library allocation
|
page read and write
|
||
|
525B000
|
trusted library allocation
|
page read and write
|
||
|
5330000
|
trusted library allocation
|
page read and write
|
||
|
558E000
|
stack
|
page read and write
|
||
|
1010000
|
trusted library allocation
|
page read and write
|
||
|
5290000
|
trusted library allocation
|
page read and write
|
||
|
DB5000
|
heap
|
page read and write
|
||
|
1050000
|
trusted library allocation
|
page read and write
|
||
|
B20000
|
heap
|
page read and write
|
||
|
B90E000
|
stack
|
page read and write
|
||
|
29BE000
|
stack
|
page read and write
|
||
|
5250000
|
trusted library allocation
|
page read and write
|
||
|
6549000
|
trusted library allocation
|
page read and write
|
||
|
6E50000
|
trusted library allocation
|
page execute and read and write
|
||
|
6CAE000
|
stack
|
page read and write
|
||
|
63B0000
|
heap
|
page read and write
|
There are 246 hidden memdumps, click here to show them.