Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
ASL OTSL 2 ship's Particulars.xlsx.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\antiprimer
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\ASL OTSL 2 ship's Particulars.xlsx.exe
|
"C:\Users\user\Desktop\ASL OTSL 2 ship's Particulars.xlsx.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Users\user\Desktop\ASL OTSL 2 ship's Particulars.xlsx.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://beirutrest.com
|
unknown
|
|
|
|
https://api.ipify.org/
|
104.26.13.205
|
||
|
https://api.ipify.org
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
https://api.ipify.org/t
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
beirutrest.com
|
50.87.144.157
|
|
|
|
api.ipify.org
|
104.26.13.205
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
50.87.144.157
|
beirutrest.com
|
United States
|
|
|
|
104.26.13.205
|
api.ipify.org
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
FileDirectory
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
265E000
|
heap
|
page read and write
|
|
|
|
3901000
|
trusted library allocation
|
page read and write
|
|
|
|
4FE0000
|
trusted library section
|
page read and write
|
|
|
|
4F20000
|
trusted library section
|
page read and write
|
|
|
|
2954000
|
trusted library allocation
|
page read and write
|
|
|
|
297F000
|
trusted library allocation
|
page read and write
|
|
|
|
9A0000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
3EE1000
|
heap
|
page read and write
|
||
|
3EE1000
|
heap
|
page read and write
|
||
|
3EE1000
|
heap
|
page read and write
|
||
|
9A000
|
stack
|
page read and write
|
||
|
4710000
|
direct allocation
|
page read and write
|
||
|
3F26000
|
heap
|
page read and write
|
||
|
63AE000
|
stack
|
page read and write
|
||
|
4710000
|
direct allocation
|
page read and write
|
||
|
3BE0000
|
heap
|
page read and write
|
||
|
3EE1000
|
heap
|
page read and write
|
||
|
8CE000
|
heap
|
page read and write
|
||
|
444000
|
system
|
page execute and read and write
|
||
|
4693000
|
direct allocation
|
page read and write
|
||
|
4F80000
|
trusted library allocation
|
page read and write
|
||
|
3EB1000
|
heap
|
page read and write
|
||
|
3CE0000
|
heap
|
page read and write
|
||
|
4FC0000
|
trusted library allocation
|
page read and write
|
||
|
94D000
|
stack
|
page read and write
|
||
|
4693000
|
direct allocation
|
page read and write
|
||
|
4570000
|
direct allocation
|
page read and write
|
||
|
3EE1000
|
heap
|
page read and write
|
||
|
3E77000
|
heap
|
page read and write
|
||
|
3E77000
|
heap
|
page read and write
|
||
|
2A38000
|
trusted library allocation
|
page read and write
|
||
|
2943000
|
trusted library allocation
|
page read and write
|
||
|
B00000
|
trusted library allocation
|
page read and write
|
||
|
8F3000
|
heap
|
page read and write
|
||
|
3EE0000
|
heap
|
page read and write
|
||
|
3E77000
|
heap
|
page read and write
|
||
|
426000
|
system
|
page execute and read and write
|
||
|
4570000
|
direct allocation
|
page read and write
|
||
|
3EE1000
|
heap
|
page read and write
|
||
|
950000
|
heap
|
page read and write
|
||
|
4693000
|
direct allocation
|
page read and write
|
||
|
B27000
|
heap
|
page read and write
|
||
|
3EE1000
|
heap
|
page read and write
|
||
|
626E000
|
stack
|
page read and write
|
||
|
59A000
|
stack
|
page read and write
|
||
|
2985000
|
trusted library allocation
|
page read and write
|
||
|
490000
|
unkown
|
page write copy
|
||
|
48AE000
|
direct allocation
|
page read and write
|
||
|
6B1E000
|
stack
|
page read and write
|
||
|
100000
|
heap
|
page read and write
|
||
|
4E1E000
|
stack
|
page read and write
|
||
|
6A10000
|
heap
|
page read and write
|
||
|
3E77000
|
heap
|
page read and write
|
||
|
3E77000
|
heap
|
page read and write
|
||
|
B10000
|
trusted library allocation
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
27E0000
|
trusted library allocation
|
page read and write
|
||
|
6C5E000
|
stack
|
page read and write
|
||
|
1740000
|
heap
|
page read and write
|
||
|
5FE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
B35000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BE000
|
stack
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
652E000
|
stack
|
page read and write
|
||
|
3D2B000
|
heap
|
page read and write
|
||
|
4F8B000
|
trusted library allocation
|
page read and write
|
||
|
66EE000
|
stack
|
page read and write
|
||
|
53BF000
|
heap
|
page read and write
|
||
|
110000
|
heap
|
page read and write
|
||
|
118E000
|
stack
|
page read and write
|
||
|
AF3000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F20000
|
heap
|
page read and write
|
||
|
3E77000
|
heap
|
page read and write
|
||
|
4FA6000
|
trusted library allocation
|
page read and write
|
||
|
490000
|
unkown
|
page read and write
|
||
|
15E000
|
stack
|
page read and write
|
||
|
63F4000
|
trusted library allocation
|
page read and write
|
||
|
9A5000
|
heap
|
page read and write
|
||
|
4F8E000
|
trusted library allocation
|
page read and write
|
||
|
3EE1000
|
heap
|
page read and write
|
||
|
D5E000
|
stack
|
page read and write
|
||
|
3E77000
|
heap
|
page read and write
|
||
|
3E77000
|
heap
|
page read and write
|
||
|
4839000
|
direct allocation
|
page read and write
|
||
|
1770000
|
heap
|
page read and write
|
||
|
973000
|
heap
|
page read and write
|
||
|
48AE000
|
direct allocation
|
page read and write
|
||
|
8CA000
|
heap
|
page read and write
|
||
|
3EE1000
|
heap
|
page read and write
|
||
|
52AC000
|
stack
|
page read and write
|
||
|
BDE000
|
heap
|
page read and write
|
||
|
8AF000
|
stack
|
page read and write
|
||
|
3E77000
|
heap
|
page read and write
|
||
|
672E000
|
stack
|
page read and write
|
||
|
3EE1000
|
heap
|
page read and write
|
||
|
8B4000
|
stack
|
page read and write
|
||
|
BD4000
|
heap
|
page read and write
|
||
|
C0C000
|
heap
|
page read and write
|
||
|
551D000
|
trusted library allocation
|
page read and write
|
||
|
BF4000
|
heap
|
page read and write
|
||
|
3EE1000
|
heap
|
page read and write
|
||
|
6770000
|
trusted library allocation
|
page read and write
|
||
|
48AE000
|
direct allocation
|
page read and write
|
||
|
B9D000
|
heap
|
page read and write
|
||
|
483D000
|
direct allocation
|
page read and write
|
||
|
3E77000
|
heap
|
page read and write
|
||
|
3D8A000
|
heap
|
page read and write
|
||
|
53CE000
|
heap
|
page read and write
|
||
|
5050000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
158F000
|
stack
|
page read and write
|
||
|
4908000
|
trusted library allocation
|
page read and write
|
||
|
3EE1000
|
heap
|
page read and write
|
||
|
62AE000
|
stack
|
page read and write
|
||
|
2991000
|
trusted library allocation
|
page read and write
|
||
|
5520000
|
heap
|
page read and write
|
||
|
3EE1000
|
heap
|
page read and write
|
||
|
6780000
|
trusted library allocation
|
page execute and read and write
|
||
|
43F3000
|
heap
|
page read and write
|
||
|
6B5E000
|
stack
|
page read and write
|
||
|
51AC000
|
stack
|
page read and write
|
||
|
3EE1000
|
heap
|
page read and write
|
||
|
3E77000
|
heap
|
page read and write
|
||
|
3B02000
|
heap
|
page read and write
|
||
|
4710000
|
direct allocation
|
page read and write
|
||
|
B16000
|
trusted library allocation
|
page execute and read and write
|
||
|
48AE000
|
direct allocation
|
page read and write
|
||
|
3EE1000
|
heap
|
page read and write
|
||
|
BC0000
|
heap
|
page read and write
|
||
|
3E77000
|
heap
|
page read and write
|
||
|
B3B000
|
trusted library allocation
|
page execute and read and write
|
||
|
6400000
|
trusted library allocation
|
page execute and read and write
|
||
|
2600000
|
trusted library allocation
|
page execute and read and write
|
||
|
2630000
|
heap
|
page read and write
|
||
|
6540000
|
trusted library allocation
|
page read and write
|
||
|
3E77000
|
heap
|
page read and write
|
||
|
3E77000
|
heap
|
page read and write
|
||
|
483D000
|
direct allocation
|
page read and write
|
||
|
27F0000
|
heap
|
page read and write
|
||
|
3DB6000
|
heap
|
page read and write
|
||
|
B20000
|
heap
|
page read and write
|
||
|
3D88000
|
heap
|
page read and write
|
||
|
6537000
|
trusted library allocation
|
page read and write
|
||
|
6530000
|
trusted library allocation
|
page read and write
|
||
|
63E0000
|
trusted library allocation
|
page read and write
|
||
|
7EE20000
|
trusted library allocation
|
page execute and read and write
|
||
|
B68000
|
heap
|
page read and write
|
||
|
8FB000
|
heap
|
page read and write
|
||
|
52D0000
|
heap
|
page read and write
|
||
|
3E77000
|
heap
|
page read and write
|
||
|
B37000
|
trusted library allocation
|
page execute and read and write
|
||
|
534B000
|
heap
|
page read and write
|
||
|
4710000
|
direct allocation
|
page read and write
|
||
|
4570000
|
direct allocation
|
page read and write
|
||
|
AFD000
|
trusted library allocation
|
page execute and read and write
|
||
|
297B000
|
trusted library allocation
|
page read and write
|
||
|
293A000
|
trusted library allocation
|
page read and write
|
||
|
64EE000
|
stack
|
page read and write
|
||
|
3AF0000
|
heap
|
page read and write
|
||
|
4839000
|
direct allocation
|
page read and write
|
||
|
53AB000
|
heap
|
page read and write
|
||
|
B60000
|
heap
|
page read and write
|
||
|
3DA3000
|
heap
|
page read and write
|
||
|
89F000
|
stack
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
42EC000
|
heap
|
page read and write
|
||
|
4F9A000
|
trusted library allocation
|
page read and write
|
||
|
1720000
|
heap
|
page read and write
|
||
|
52D4000
|
heap
|
page read and write
|
||
|
676E000
|
stack
|
page read and write
|
||
|
B0D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F70000
|
heap
|
page execute and read and write
|
||
|
B32000
|
trusted library allocation
|
page read and write
|
||
|
AF4000
|
trusted library allocation
|
page read and write
|
||
|
4693000
|
direct allocation
|
page read and write
|
||
|
3E77000
|
heap
|
page read and write
|
||
|
2DCE000
|
stack
|
page read and write
|
||
|
3DB1000
|
heap
|
page read and write
|
||
|
4710000
|
direct allocation
|
page read and write
|
||
|
2E0E000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
48AE000
|
direct allocation
|
page read and write
|
||
|
482000
|
unkown
|
page readonly
|
||
|
1744000
|
heap
|
page read and write
|
||
|
4FAD000
|
trusted library allocation
|
page read and write
|
||
|
4AB000
|
unkown
|
page readonly
|
||
|
39C2000
|
trusted library allocation
|
page read and write
|
||
|
175000
|
heap
|
page read and write
|
||
|
C51000
|
heap
|
page read and write
|
||
|
2620000
|
trusted library allocation
|
page read and write
|
||
|
4839000
|
direct allocation
|
page read and write
|
||
|
AF0000
|
trusted library allocation
|
page read and write
|
||
|
3E77000
|
heap
|
page read and write
|
||
|
3EE1000
|
heap
|
page read and write
|
||
|
3EAC000
|
heap
|
page execute and read and write
|
||
|
63F0000
|
trusted library allocation
|
page read and write
|
||
|
3B00000
|
direct allocation
|
page read and write
|
||
|
2E13000
|
heap
|
page read and write
|
||
|
3E94000
|
heap
|
page read and write
|
||
|
297D000
|
trusted library allocation
|
page read and write
|
||
|
3E5E000
|
heap
|
page read and write
|
||
|
3E77000
|
heap
|
page read and write
|
||
|
483D000
|
direct allocation
|
page read and write
|
||
|
277E000
|
stack
|
page read and write
|
||
|
AD0000
|
trusted library section
|
page read and write
|
||
|
3E77000
|
heap
|
page read and write
|
||
|
4F92000
|
trusted library allocation
|
page read and write
|
||
|
2610000
|
heap
|
page execute and read and write
|
||
|
616D000
|
stack
|
page read and write
|
||
|
3EE1000
|
heap
|
page read and write
|
||
|
4FA1000
|
trusted library allocation
|
page read and write
|
||
|
4FB2000
|
trusted library allocation
|
page read and write
|
||
|
3E77000
|
heap
|
page read and write
|
||
|
B12000
|
trusted library allocation
|
page read and write
|
||
|
3EE1000
|
heap
|
page read and write
|
||
|
4F1F000
|
stack
|
page read and write
|
||
|
4710000
|
direct allocation
|
page read and write
|
||
|
3EE1000
|
heap
|
page read and write
|
||
|
3E2E000
|
heap
|
page read and write
|
||
|
28FF000
|
stack
|
page read and write
|
||
|
483D000
|
direct allocation
|
page read and write
|
||
|
63E8000
|
trusted library allocation
|
page read and write
|
||
|
3EE1000
|
heap
|
page read and write
|
||
|
B03000
|
trusted library allocation
|
page read and write
|
||
|
48AE000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
483D000
|
direct allocation
|
page read and write
|
||
|
645D000
|
stack
|
page read and write
|
||
|
5510000
|
trusted library allocation
|
page read and write
|
||
|
4839000
|
direct allocation
|
page read and write
|
||
|
482000
|
unkown
|
page readonly
|
||
|
4F86000
|
trusted library allocation
|
page read and write
|
||
|
AE0000
|
trusted library allocation
|
page read and write
|
||
|
366E000
|
stack
|
page read and write
|
||
|
2901000
|
trusted library allocation
|
page read and write
|
||
|
5312000
|
heap
|
page read and write
|
||
|
3E77000
|
heap
|
page read and write
|
||
|
3EE1000
|
heap
|
page read and write
|
||
|
3A6F000
|
stack
|
page read and write
|
||
|
3A05000
|
trusted library allocation
|
page read and write
|
||
|
4693000
|
direct allocation
|
page read and write
|
||
|
B1A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2950000
|
trusted library allocation
|
page read and write
|
||
|
BC6000
|
heap
|
page read and write
|
||
|
900000
|
heap
|
page read and write
|
||
|
4FD0000
|
trusted library allocation
|
page read and write
|
||
|
8F8000
|
stack
|
page read and write
|
||
|
4839000
|
direct allocation
|
page read and write
|
||
|
3DCF000
|
heap
|
page read and write
|
||
|
4570000
|
direct allocation
|
page read and write
|
||
|
2F25000
|
heap
|
page read and write
|
||
|
532F000
|
heap
|
page read and write
|
||
|
B9A000
|
heap
|
page read and write
|
||
|
4570000
|
direct allocation
|
page read and write
|
||
|
4839000
|
direct allocation
|
page read and write
|
||
|
3EE1000
|
heap
|
page read and write
|
||
|
4A7000
|
unkown
|
page read and write
|
||
|
3EE1000
|
heap
|
page read and write
|
||
|
BE6000
|
heap
|
page read and write
|
||
|
483D000
|
direct allocation
|
page read and write
|
||
|
27BC000
|
stack
|
page read and write
|
||
|
67B0000
|
heap
|
page read and write
|
||
|
3EE1000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
A80000
|
heap
|
page read and write
|
||
|
170000
|
heap
|
page read and write
|
||
|
3E77000
|
heap
|
page read and write
|
||
|
3E77000
|
heap
|
page read and write
|
||
|
3EBE000
|
heap
|
page read and write
|
||
|
AC0000
|
trusted library section
|
page read and write
|
||
|
4570000
|
direct allocation
|
page read and write
|
||
|
3A72000
|
heap
|
page read and write
|
||
|
4F9E000
|
trusted library allocation
|
page read and write
|
||
|
3E77000
|
heap
|
page read and write
|
||
|
6410000
|
trusted library allocation
|
page read and write
|
||
|
5070000
|
heap
|
page read and write
|
||
|
B50000
|
trusted library allocation
|
page read and write
|
||
|
3EE1000
|
heap
|
page read and write
|
||
|
3E77000
|
heap
|
page read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
27C0000
|
heap
|
page read and write
|
||
|
4AB000
|
unkown
|
page readonly
|
||
|
B90000
|
heap
|
page read and write
|
||
|
3EE1000
|
heap
|
page read and write
|
||
|
4A9E000
|
stack
|
page read and write
|
||
|
69DE000
|
stack
|
page read and write
|
||
|
3D92000
|
heap
|
page read and write
|
||
|
3F4F000
|
heap
|
page read and write
|
||
|
4693000
|
direct allocation
|
page read and write
|
||
|
3EE1000
|
heap
|
page read and write
|
There are 281 hidden memdumps, click here to show them.