Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
main.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_4bf71269e42599aca6dd6e6e3b744db6dcf1974_7522e4b5_f39e2f26-38ae-4b7c-88e0-3cfc3351528d\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5A98.tmp.dmp
|
Mini DuMP crash report, 14 streams, Mon Oct 14 07:46:25 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5B73.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5BA3.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\main.dll"
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\main.dll",#1
|
||
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\main.dll",#1
|
||
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7584 -s 776
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://upx.sf.net
|
unknown
|
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
s-part-0017.t-0009.fb-t-msedge.net
|
13.107.253.45
|
||
time.windows.com
|
unknown
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
\REGISTRY\A\{91000a12-77d9-b6d1-881a-e6ac5ed06d35}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
ProgramId
|
||
\REGISTRY\A\{91000a12-77d9-b6d1-881a-e6ac5ed06d35}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
FileId
|
||
\REGISTRY\A\{91000a12-77d9-b6d1-881a-e6ac5ed06d35}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
LowerCaseLongPath
|
||
\REGISTRY\A\{91000a12-77d9-b6d1-881a-e6ac5ed06d35}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
LongPathHash
|
||
\REGISTRY\A\{91000a12-77d9-b6d1-881a-e6ac5ed06d35}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Name
|
||
\REGISTRY\A\{91000a12-77d9-b6d1-881a-e6ac5ed06d35}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
OriginalFileName
|
||
\REGISTRY\A\{91000a12-77d9-b6d1-881a-e6ac5ed06d35}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Publisher
|
||
\REGISTRY\A\{91000a12-77d9-b6d1-881a-e6ac5ed06d35}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Version
|
||
\REGISTRY\A\{91000a12-77d9-b6d1-881a-e6ac5ed06d35}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
BinFileVersion
|
||
\REGISTRY\A\{91000a12-77d9-b6d1-881a-e6ac5ed06d35}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
BinaryType
|
||
\REGISTRY\A\{91000a12-77d9-b6d1-881a-e6ac5ed06d35}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
ProductName
|
||
\REGISTRY\A\{91000a12-77d9-b6d1-881a-e6ac5ed06d35}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
ProductVersion
|
||
\REGISTRY\A\{91000a12-77d9-b6d1-881a-e6ac5ed06d35}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
LinkDate
|
||
\REGISTRY\A\{91000a12-77d9-b6d1-881a-e6ac5ed06d35}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
BinProductVersion
|
||
\REGISTRY\A\{91000a12-77d9-b6d1-881a-e6ac5ed06d35}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
AppxPackageFullName
|
||
\REGISTRY\A\{91000a12-77d9-b6d1-881a-e6ac5ed06d35}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
AppxPackageRelativeId
|
||
\REGISTRY\A\{91000a12-77d9-b6d1-881a-e6ac5ed06d35}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Size
|
||
\REGISTRY\A\{91000a12-77d9-b6d1-881a-e6ac5ed06d35}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Language
|
||
\REGISTRY\A\{91000a12-77d9-b6d1-881a-e6ac5ed06d35}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
IsOsComponent
|
||
\REGISTRY\A\{91000a12-77d9-b6d1-881a-e6ac5ed06d35}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Usn
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
There are 12 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
9FF000
|
stack
|
page read and write
|
||
8A0000
|
heap
|
page read and write
|
||
A3D000
|
stack
|
page read and write
|
||
D5E000
|
stack
|
page read and write
|
||
A70000
|
heap
|
page read and write
|
||
6D6D1000
|
unkown
|
page execute read
|
||
758000
|
heap
|
page read and write
|
||
EF0000
|
heap
|
page read and write
|
||
AA3000
|
heap
|
page read and write
|
||
850000
|
heap
|
page read and write
|
||
87E000
|
stack
|
page read and write
|
||
ACF000
|
stack
|
page read and write
|
||
74F000
|
heap
|
page read and write
|
||
9BE000
|
stack
|
page read and write
|
||
769000
|
heap
|
page read and write
|
||
762000
|
heap
|
page read and write
|
||
6FC000
|
stack
|
page read and write
|
||
D70000
|
heap
|
page read and write
|
||
AA3000
|
heap
|
page read and write
|
||
E14000
|
heap
|
page read and write
|
||
3EC000
|
stack
|
page read and write
|
||
6D745000
|
unkown
|
page readonly
|
||
AC1000
|
heap
|
page read and write
|
||
8F0000
|
heap
|
page read and write
|
||
54C000
|
stack
|
page read and write
|
||
A90000
|
heap
|
page read and write
|
||
BCE000
|
stack
|
page read and write
|
||
A9A000
|
heap
|
page read and write
|
||
5C0000
|
heap
|
page read and write
|
||
6D789000
|
unkown
|
page readonly
|
||
5B0000
|
heap
|
page read and write
|
||
6D6D0000
|
unkown
|
page readonly
|
||
E10000
|
heap
|
page read and write
|
||
6D783000
|
unkown
|
page read and write
|
||
8EE000
|
stack
|
page read and write
|
||
860000
|
heap
|
page read and write
|
||
C0E000
|
stack
|
page read and write
|
||
74B000
|
heap
|
page read and write
|
||
50A000
|
stack
|
page read and write
|
||
8AE000
|
stack
|
page read and write
|
||
AA4000
|
heap
|
page read and write
|
||
D40000
|
heap
|
page read and write
|
||
2930000
|
heap
|
page read and write
|
||
D60000
|
heap
|
page read and write
|
||
740000
|
heap
|
page read and write
|
||
D47000
|
heap
|
page read and write
|
||
A95000
|
heap
|
page read and write
|
||
D0F000
|
stack
|
page read and write
|
||
83E000
|
stack
|
page read and write
|
||
AA0000
|
heap
|
page read and write
|
||
279F000
|
stack
|
page read and write
|
||
D3E000
|
stack
|
page read and write
|
||
A7A000
|
heap
|
page read and write
|
There are 43 hidden memdumps, click here to show them.