Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
|
unknown
|
||
|
https://sectigo.com/CPS0
|
unknown
|
||
|
http://ocsp.sectigo.com0
|
unknown
|
||
|
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349
|
Blob
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7FFD33D1F000
|
trusted library allocation
|
page execute and read and write
|
||
|
1773000
|
heap
|
page read and write
|
||
|
7FFD33D02000
|
trusted library allocation
|
page execute and read and write
|
||
|
17A6000
|
heap
|
page read and write
|
||
|
C54000
|
unkown
|
page readonly
|
||
|
7FFD33E40000
|
trusted library allocation
|
page execute and read and write
|
||
|
1430000
|
heap
|
page read and write
|
||
|
1C4BE000
|
stack
|
page read and write
|
||
|
167E000
|
stack
|
page read and write
|
||
|
7FFD33DBA000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD33DF2000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BEC0000
|
heap
|
page read and write
|
||
|
1710000
|
heap
|
page read and write
|
||
|
1C1BE000
|
stack
|
page read and write
|
||
|
1339B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD33CF2000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD33D0A000
|
trusted library allocation
|
page execute and read and write
|
||
|
C50000
|
unkown
|
page readonly
|
||
|
1130000
|
heap
|
page read and write
|
||
|
C50000
|
unkown
|
page readonly
|
||
|
13391000
|
trusted library allocation
|
page read and write
|
||
|
13D5000
|
trusted library allocation
|
page read and write
|
||
|
C52000
|
unkown
|
page readonly
|
||
|
7FFD33DB2000
|
trusted library allocation
|
page execute and read and write
|
||
|
122A000
|
heap
|
page read and write
|
||
|
13F0000
|
trusted library allocation
|
page read and write
|
||
|
1BDB0000
|
heap
|
page read and write
|
||
|
11CD000
|
heap
|
page read and write
|
||
|
13D0000
|
trusted library allocation
|
page read and write
|
||
|
7FF4B2800000
|
trusted library allocation
|
page execute and read and write
|
||
|
13398000
|
trusted library allocation
|
page read and write
|
||
|
D96000
|
stack
|
page read and write
|
||
|
304E000
|
stack
|
page read and write
|
||
|
7FF4B27F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
138E000
|
stack
|
page read and write
|
||
|
1470000
|
heap
|
page read and write
|
||
|
3391000
|
trusted library allocation
|
page read and write
|
||
|
1BD6E000
|
stack
|
page read and write
|
||
|
13F4000
|
trusted library allocation
|
page read and write
|
||
|
1435000
|
heap
|
page read and write
|
||
|
1BFC0000
|
heap
|
page read and write
|
||
|
16D0000
|
heap
|
page execute and read and write
|
||
|
7FFD33DCA000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD33D54000
|
trusted library allocation
|
page execute and read and write
|
||
|
10D0000
|
heap
|
page read and write
|
||
|
11C2000
|
heap
|
page read and write
|
||
|
7FFD33D23000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD33DC0000
|
trusted library allocation
|
page read and write
|
||
|
17A3000
|
heap
|
page read and write
|
||
|
10F0000
|
heap
|
page read and write
|
||
|
1190000
|
heap
|
page read and write
|
||
|
7FFD33DCD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1110000
|
heap
|
page read and write
|
||
|
1770000
|
heap
|
page read and write
|
||
|
13395000
|
trusted library allocation
|
page read and write
|
||
|
1BEBE000
|
stack
|
page read and write
|
||
|
7FFD33D05000
|
trusted library allocation
|
page execute and read and write
|
||
|
143C000
|
heap
|
page read and write
|
||
|
1E20E000
|
stack
|
page read and write
|
||
|
1D910000
|
trusted library allocation
|
page read and write
|
||
|
1E30E000
|
stack
|
page read and write
|
||
|
1C3BE000
|
stack
|
page read and write
|
||
|
17A0000
|
heap
|
page read and write
|
||
|
1228000
|
heap
|
page read and write
|
||
|
119C000
|
heap
|
page read and write
|
||
|
13DA000
|
trusted library allocation
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
128B000
|
heap
|
page read and write
|
||
|
7FFD33E32000
|
trusted library allocation
|
page read and write
|
||
|
157E000
|
stack
|
page read and write
|
||
|
1BC6C000
|
stack
|
page read and write
|
||
|
13DD000
|
trusted library allocation
|
page read and write
|
||
|
1475000
|
heap
|
page read and write
|
||
|
1C2BE000
|
stack
|
page read and write
|
||
|
20000
|
trusted library allocation
|
page read and write
|
||
|
1BF20000
|
heap
|
page read and write
|
||
|
11BF000
|
heap
|
page read and write
|
There are 67 hidden memdumps, click here to show them.