Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
c2SVEEbvn5.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nexus.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Thu Oct 5 06:54:41
2023, mtime=Thu Oct 31 19:42:08 2024, atime=Thu Oct 31 19:42:05 2024, length=2132992, window=hide
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_euowbtn0.ig1.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_roktahm1.gj3.psm1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\c2SVEEbvn5.exe
|
"C:\Users\user\Desktop\c2SVEEbvn5.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\Nexus.lnk'); $s.TargetPath = 'C:\Users\user\Desktop\c2SVEEbvn5.exe'; $s.Save()"
|
|
|
|
C:\Users\user\Desktop\c2SVEEbvn5.exe
|
"C:\Users\user\Desktop\c2SVEEbvn5.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
|
|
|
https://go.micro
|
unknown
|
|
|
|
https://github.com/Pester/Pester
|
unknown
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
There are 1 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.196.10.218
|
unknown
|
Switzerland
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
71E0000
|
heap
|
page read and write
|
||
|
2D00000
|
direct allocation
|
page read and write
|
||
|
300A000
|
direct allocation
|
page read and write
|
||
|
2D20000
|
direct allocation
|
page read and write
|
||
|
2C0A000
|
direct allocation
|
page read and write
|
||
|
2C30000
|
direct allocation
|
page read and write
|
||
|
2DCF000
|
stack
|
page read and write
|
||
|
23140000
|
direct allocation
|
page read and write
|
||
|
2ECF000
|
stack
|
page read and write
|
||
|
6D80000
|
heap
|
page read and write
|
||
|
2C52000
|
direct allocation
|
page read and write
|
||
|
2C48000
|
heap
|
page read and write
|
||
|
3114000
|
direct allocation
|
page read and write
|
||
|
AF0000
|
direct allocation
|
page execute and read and write
|
||
|
2858000
|
direct allocation
|
page read and write
|
||
|
7140000
|
heap
|
page read and write
|
||
|
6B2E000
|
stack
|
page read and write
|
||
|
291E000
|
stack
|
page read and write
|
||
|
5F8000
|
unkown
|
page execute and read and write
|
||
|
5A57000
|
trusted library allocation
|
page read and write
|
||
|
2A90000
|
direct allocation
|
page read and write
|
||
|
6C3D000
|
stack
|
page read and write
|
||
|
1C5000
|
heap
|
page read and write
|
||
|
7530000
|
trusted library allocation
|
page read and write
|
||
|
308A000
|
direct allocation
|
page read and write
|
||
|
8254000
|
heap
|
page read and write
|
||
|
22F7E000
|
stack
|
page read and write
|
||
|
6AAE000
|
stack
|
page read and write
|
||
|
5A19000
|
trusted library allocation
|
page read and write
|
||
|
2C9A000
|
direct allocation
|
page read and write
|
||
|
6A6E000
|
stack
|
page read and write
|
||
|
2C13000
|
trusted library allocation
|
page execute and read and write
|
||
|
71C5000
|
heap
|
page read and write
|
||
|
2C1C000
|
direct allocation
|
page read and write
|
||
|
3000000
|
direct allocation
|
page read and write
|
||
|
2C20000
|
direct allocation
|
page read and write
|
||
|
2560000
|
direct allocation
|
page execute and read and write
|
||
|
802D000
|
stack
|
page read and write
|
||
|
3112000
|
direct allocation
|
page read and write
|
||
|
6BAE000
|
stack
|
page read and write
|
||
|
497C000
|
stack
|
page read and write
|
||
|
8080000
|
trusted library allocation
|
page execute and read and write
|
||
|
7110000
|
trusted library allocation
|
page read and write
|
||
|
3038000
|
direct allocation
|
page read and write
|
||
|
5FA000
|
unkown
|
page readonly
|
||
|
7510000
|
trusted library allocation
|
page read and write
|
||
|
3002000
|
direct allocation
|
page read and write
|
||
|
49C0000
|
trusted library allocation
|
page read and write
|
||
|
308E000
|
direct allocation
|
page read and write
|
||
|
3045000
|
direct allocation
|
page read and write
|
||
|
3102000
|
direct allocation
|
page read and write
|
||
|
2850000
|
direct allocation
|
page read and write
|
||
|
30A6000
|
direct allocation
|
page read and write
|
||
|
3090000
|
direct allocation
|
page read and write
|
||
|
2C78000
|
heap
|
page read and write
|
||
|
305E000
|
direct allocation
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
300E000
|
direct allocation
|
page read and write
|
||
|
2D0E000
|
direct allocation
|
page read and write
|
||
|
49F1000
|
trusted library allocation
|
page read and write
|
||
|
71A6000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
310D000
|
direct allocation
|
page read and write
|
||
|
2D1E000
|
direct allocation
|
page read and write
|
||
|
2C5C000
|
direct allocation
|
page read and write
|
||
|
6CBE000
|
stack
|
page read and write
|
||
|
59F1000
|
trusted library allocation
|
page read and write
|
||
|
2C6C000
|
heap
|
page read and write
|
||
|
3118000
|
direct allocation
|
page read and write
|
||
|
6D7A000
|
stack
|
page read and write
|
||
|
3080000
|
direct allocation
|
page read and write
|
||
|
285C000
|
direct allocation
|
page read and write
|
||
|
300C000
|
direct allocation
|
page read and write
|
||
|
3092000
|
direct allocation
|
page read and write
|
||
|
2A10000
|
direct allocation
|
page read and write
|
||
|
7520000
|
trusted library allocation
|
page read and write
|
||
|
2CA0000
|
direct allocation
|
page read and write
|
||
|
2C04000
|
direct allocation
|
page read and write
|
||
|
74D0000
|
trusted library allocation
|
page read and write
|
||
|
C70000
|
direct allocation
|
page execute and read and write
|
||
|
49BE000
|
stack
|
page read and write
|
||
|
2D22000
|
direct allocation
|
page read and write
|
||
|
2BAF000
|
stack
|
page read and write
|
||
|
3068000
|
direct allocation
|
page read and write
|
||
|
9BA000
|
heap
|
page read and write
|
||
|
3014000
|
direct allocation
|
page read and write
|
||
|
70EF000
|
stack
|
page read and write
|
||
|
2FCF000
|
stack
|
page read and write
|
||
|
7FA0000
|
heap
|
page read and write
|
||
|
2C1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
295E000
|
stack
|
page read and write
|
||
|
2C64000
|
direct allocation
|
page read and write
|
||
|
2D80000
|
heap
|
page readonly
|
||
|
2C1E000
|
direct allocation
|
page read and write
|
||
|
2C0E000
|
direct allocation
|
page read and write
|
||
|
62C000
|
unkown
|
page execute and read and write
|
||
|
3018000
|
direct allocation
|
page read and write
|
||
|
2B6E000
|
stack
|
page read and write
|
||
|
2C3F000
|
direct allocation
|
page read and write
|
||
|
2BE0000
|
heap
|
page read and write
|
||
|
2C18000
|
direct allocation
|
page read and write
|
||
|
8070000
|
heap
|
page read and write
|
||
|
2C30000
|
trusted library allocation
|
page read and write
|
||
|
2C4A000
|
direct allocation
|
page read and write
|
||
|
2DDE000
|
stack
|
page read and write
|
||
|
2C5E000
|
direct allocation
|
page read and write
|
||
|
2D06000
|
heap
|
page read and write
|
||
|
6AE0000
|
heap
|
page execute and read and write
|
||
|
7FC0000
|
trusted library allocation
|
page read and write
|
||
|
304E000
|
direct allocation
|
page read and write
|
||
|
301C000
|
direct allocation
|
page read and write
|
||
|
302A000
|
direct allocation
|
page read and write
|
||
|
306A000
|
direct allocation
|
page read and write
|
||
|
7590000
|
trusted library allocation
|
page read and write
|
||
|
6D90000
|
heap
|
page read and write
|
||
|
3072000
|
direct allocation
|
page read and write
|
||
|
51D8000
|
trusted library allocation
|
page read and write
|
||
|
306E000
|
direct allocation
|
page read and write
|
||
|
311C000
|
direct allocation
|
page read and write
|
||
|
735000
|
unkown
|
page readonly
|
||
|
2C02000
|
direct allocation
|
page read and write
|
||
|
2D04000
|
direct allocation
|
page read and write
|
||
|
3008000
|
direct allocation
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
2C95000
|
direct allocation
|
page read and write
|
||
|
74F0000
|
trusted library allocation
|
page read and write
|
||
|
3030000
|
direct allocation
|
page read and write
|
||
|
22DFF000
|
stack
|
page read and write
|
||
|
2C98000
|
direct allocation
|
page read and write
|
||
|
2307F000
|
stack
|
page read and write
|
||
|
2850000
|
direct allocation
|
page read and write
|
||
|
23100000
|
direct allocation
|
page read and write
|
||
|
6CFF000
|
stack
|
page read and write
|
||
|
28C0000
|
direct allocation
|
page read and write
|
||
|
2C2A000
|
direct allocation
|
page read and write
|
||
|
2970000
|
heap
|
page read and write
|
||
|
3060000
|
direct allocation
|
page read and write
|
||
|
BF8000
|
direct allocation
|
page read and write
|
||
|
8250000
|
heap
|
page read and write
|
||
|
311A000
|
direct allocation
|
page read and write
|
||
|
7350000
|
trusted library allocation
|
page read and write
|
||
|
2C4E000
|
direct allocation
|
page read and write
|
||
|
C60000
|
heap
|
page read and write
|
||
|
810000
|
heap
|
page read and write
|
||
|
75B0000
|
trusted library allocation
|
page read and write
|
||
|
7540000
|
trusted library allocation
|
page read and write
|
||
|
3052000
|
direct allocation
|
page read and write
|
||
|
27EE000
|
stack
|
page read and write
|
||
|
7261000
|
heap
|
page read and write
|
||
|
3004000
|
direct allocation
|
page read and write
|
||
|
7560000
|
trusted library allocation
|
page read and write
|
||
|
29CE000
|
stack
|
page read and write
|
||
|
2D0A000
|
direct allocation
|
page read and write
|
||
|
2C80000
|
direct allocation
|
page read and write
|
||
|
4A53000
|
trusted library allocation
|
page read and write
|
||
|
71BC000
|
heap
|
page read and write
|
||
|
2D50000
|
trusted library allocation
|
page read and write
|
||
|
7130000
|
heap
|
page execute and read and write
|
||
|
3078000
|
direct allocation
|
page read and write
|
||
|
2C38000
|
direct allocation
|
page read and write
|
||
|
3010000
|
direct allocation
|
page read and write
|
||
|
2C36000
|
direct allocation
|
page read and write
|
||
|
2A80000
|
heap
|
page read and write
|
||
|
28D0000
|
direct allocation
|
page read and write
|
||
|
30AA000
|
direct allocation
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
22CFF000
|
stack
|
page read and write
|
||
|
71CE000
|
heap
|
page read and write
|
||
|
291D000
|
stack
|
page read and write
|
||
|
3110000
|
direct allocation
|
page read and write
|
||
|
305C000
|
direct allocation
|
page read and write
|
||
|
3006000
|
direct allocation
|
page read and write
|
||
|
301E000
|
direct allocation
|
page read and write
|
||
|
2C14000
|
direct allocation
|
page read and write
|
||
|
70AE000
|
stack
|
page read and write
|
||
|
3186000
|
direct allocation
|
page read and write
|
||
|
5ED000
|
unkown
|
page write copy
|
||
|
22F3F000
|
stack
|
page read and write
|
||
|
75C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C57000
|
direct allocation
|
page read and write
|
||
|
7391000
|
trusted library allocation
|
page read and write
|
||
|
306C000
|
direct allocation
|
page read and write
|
||
|
7570000
|
trusted library allocation
|
page read and write
|
||
|
2D55000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D0C000
|
direct allocation
|
page read and write
|
||
|
66E000
|
unkown
|
page execute and read and write
|
||
|
27A0000
|
heap
|
page read and write
|
||
|
2C10000
|
direct allocation
|
page read and write
|
||
|
25E0000
|
direct allocation
|
page execute and read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
26EC000
|
stack
|
page read and write
|
||
|
2C0C000
|
direct allocation
|
page read and write
|
||
|
716E000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
2D12000
|
heap
|
page read and write
|
||
|
2BC0000
|
heap
|
page read and write
|
||
|
3066000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2C20000
|
heap
|
page read and write
|
||
|
303F000
|
direct allocation
|
page read and write
|
||
|
2990000
|
heap
|
page read and write
|
||
|
704A1000
|
unkown
|
page execute read
|
||
|
704B6000
|
unkown
|
page readonly
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
6C7B000
|
stack
|
page read and write
|
||
|
2AE6000
|
heap
|
page read and write
|
||
|
2CA9000
|
heap
|
page read and write
|
||
|
2A0D000
|
stack
|
page read and write
|
||
|
880000
|
heap
|
page read and write
|
||
|
720C000
|
heap
|
page read and write
|
||
|
2C39000
|
trusted library allocation
|
page read and write
|
||
|
5FA000
|
unkown
|
page readonly
|
||
|
6AE5000
|
heap
|
page execute and read and write
|
||
|
810000
|
heap
|
page read and write
|
||
|
5ED000
|
unkown
|
page write copy
|
||
|
7FB0000
|
trusted library allocation
|
page read and write
|
||
|
632000
|
unkown
|
page execute and read and write
|
||
|
748E000
|
stack
|
page read and write
|
||
|
49E0000
|
heap
|
page read and write
|
||
|
3057000
|
direct allocation
|
page read and write
|
||
|
704BD000
|
unkown
|
page read and write
|
||
|
8292000
|
heap
|
page read and write
|
||
|
7500000
|
trusted library allocation
|
page read and write
|
||
|
2B2E000
|
stack
|
page read and write
|
||
|
2D90000
|
heap
|
page execute and read and write
|
||
|
2CB6000
|
heap
|
page read and write
|
||
|
5F8000
|
unkown
|
page execute and read and write
|
||
|
2AE0000
|
heap
|
page read and write
|
||
|
81C000
|
heap
|
page read and write
|
||
|
2C45000
|
direct allocation
|
page read and write
|
||
|
885000
|
heap
|
page read and write
|
||
|
2C12000
|
direct allocation
|
page read and write
|
||
|
3012000
|
direct allocation
|
page read and write
|
||
|
2D52000
|
trusted library allocation
|
page read and write
|
||
|
7580000
|
trusted library allocation
|
page read and write
|
||
|
632000
|
unkown
|
page execute and read and write
|
||
|
41E000
|
unkown
|
page execute read
|
||
|
2D08000
|
direct allocation
|
page read and write
|
||
|
9BE000
|
heap
|
page read and write
|
||
|
6EBD000
|
stack
|
page read and write
|
||
|
2E19000
|
heap
|
page read and write
|
||
|
704A0000
|
unkown
|
page readonly
|
||
|
2728000
|
stack
|
page read and write
|
||
|
735000
|
unkown
|
page readonly
|
||
|
27F0000
|
heap
|
page read and write
|
||
|
2C10000
|
trusted library allocation
|
page read and write
|
||
|
6EFB000
|
stack
|
page read and write
|
||
|
2C00000
|
trusted library allocation
|
page read and write
|
||
|
7550000
|
trusted library allocation
|
page read and write
|
||
|
8100000
|
heap
|
page read and write
|
||
|
2C40000
|
heap
|
page read and write
|
||
|
740E000
|
stack
|
page read and write
|
||
|
71F4000
|
heap
|
page read and write
|
||
|
29A0000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page execute and read and write
|
||
|
2D2E000
|
direct allocation
|
page read and write
|
||
|
3020000
|
direct allocation
|
page read and write
|
||
|
3096000
|
direct allocation
|
page read and write
|
||
|
23084000
|
direct allocation
|
page read and write
|
||
|
2C32000
|
direct allocation
|
page read and write
|
||
|
2D10000
|
heap
|
page read and write
|
||
|
5548000
|
trusted library allocation
|
page read and write
|
||
|
744F000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
75A0000
|
trusted library allocation
|
page read and write
|
||
|
2D70000
|
trusted library allocation
|
page read and write
|
||
|
71CA000
|
heap
|
page read and write
|
||
|
22E3E000
|
stack
|
page read and write
|
||
|
3070000
|
direct allocation
|
page read and write
|
||
|
3086000
|
direct allocation
|
page read and write
|
||
|
2C1A000
|
direct allocation
|
page read and write
|
||
|
3048000
|
direct allocation
|
page read and write
|
||
|
74CD000
|
stack
|
page read and write
|
||
|
308C000
|
direct allocation
|
page read and write
|
||
|
2DE0000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
unkown
|
page execute and read and write
|
||
|
41E000
|
unkown
|
page execute read
|
||
|
6A2E000
|
stack
|
page read and write
|
||
|
6F7B000
|
stack
|
page read and write
|
||
|
2CA3000
|
heap
|
page read and write
|
||
|
717D000
|
heap
|
page read and write
|
||
|
230C0000
|
direct allocation
|
page read and write
|
||
|
2C00000
|
direct allocation
|
page read and write
|
||
|
295D000
|
stack
|
page read and write
|
||
|
301A000
|
direct allocation
|
page read and write
|
||
|
2C14000
|
trusted library allocation
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
230FF000
|
stack
|
page read and write
|
||
|
66E000
|
unkown
|
page execute and read and write
|
||
|
71BF000
|
heap
|
page read and write
|
||
|
AE0000
|
heap
|
page read and write
|
||
|
2960000
|
heap
|
page read and write
|
||
|
6FFF000
|
stack
|
page read and write
|
||
|
704BF000
|
unkown
|
page readonly
|
||
|
2CAC000
|
heap
|
page read and write
|
||
|
3016000
|
direct allocation
|
page read and write
|
||
|
2C16000
|
direct allocation
|
page read and write
|
||
|
C50000
|
direct allocation
|
page read and write
|
||
|
806F000
|
stack
|
page read and write
|
||
|
74E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E00000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C60000
|
direct allocation
|
page read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
2D32000
|
direct allocation
|
page read and write
|
||
|
2C06000
|
direct allocation
|
page read and write
|
||
|
3088000
|
direct allocation
|
page read and write
|
||
|
6FBE000
|
stack
|
page read and write
|
||
|
304A000
|
direct allocation
|
page read and write
|
||
|
2C08000
|
direct allocation
|
page read and write
|
||
|
2E10000
|
heap
|
page read and write
|
||
|
6B6D000
|
stack
|
page read and write
|
||
|
2980000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
2D06000
|
direct allocation
|
page read and write
|
||
|
493F000
|
stack
|
page read and write
|
||
|
6F3D000
|
stack
|
page read and write
|
||
|
4B46000
|
trusted library allocation
|
page read and write
|
||
|
2D3A000
|
heap
|
page read and write
|
||
|
6D3E000
|
stack
|
page read and write
|
||
|
2DE8000
|
trusted library allocation
|
page read and write
|
||
|
BF0000
|
direct allocation
|
page read and write
|
||
|
62C000
|
unkown
|
page execute and read and write
|
||
|
2D2A000
|
direct allocation
|
page read and write
|
There are 314 hidden memdumps, click here to show them.