Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Week13.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
modified
|
|
|
|
\Device\ConDrv
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Week13.exe
|
"C:\Users\user\Desktop\Week13.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe
|
"C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN oneetx.exe /TR "C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe"
/F
|
|
|
|
C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe
|
C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe
|
|
|
|
C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe
|
C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe
|
|
|
|
C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe
|
C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe
|
|
|
|
C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe
|
C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe
|
|
|
|
C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe
|
C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "oneetx.exe" /P "user:N"&&CACLS "oneetx.exe" /P "user:R" /E&&echo Y|CACLS "..\cb7ae701b3"
/P "user:N"&&CACLS "..\cb7ae701b3" /P "user:R" /E&&Exit
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /S /D /c" echo Y"
|
||
|
C:\Windows\SysWOW64\cacls.exe
|
CACLS "oneetx.exe" /P "user:N"
|
||
|
C:\Windows\SysWOW64\cacls.exe
|
CACLS "oneetx.exe" /P "user:R" /E
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /S /D /c" echo Y"
|
||
|
C:\Windows\SysWOW64\cacls.exe
|
CACLS "..\cb7ae701b3" /P "user:N"
|
||
|
C:\Windows\SysWOW64\cacls.exe
|
CACLS "..\cb7ae701b3" /P "user:R" /E
|
There are 7 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://193.3.19.154/store/games/index.php
|
193.3.19.154
|
|
|
|
http://193.3.19.154/store/games/index.phpb
|
unknown
|
||
|
http://193.3.19.154/store/games/Plugins/cred64.dll
|
unknown
|
||
|
http://193.3.19.154/store/games/Plugins/cred64.dllmingM
|
unknown
|
||
|
http://193.3.19.154/store/games/index.php4~
|
unknown
|
||
|
http://193.3.19.154/store/games/Plugins/cred64.dll?
|
unknown
|
||
|
http://193.3.19.154/store/games/index.phph
|
unknown
|
||
|
http://193.3.19.154/store/games/Plugins/cred64.dll;
|
unknown
|
||
|
http://193.3.19.154/store/games/index.php5a2ab05
|
unknown
|
||
|
http://193.3.19.154/store/games/index.phpp#
|
unknown
|
||
|
http://193.3.19.154/store/games/index.phpSf7XJqPNYA2AOsO34i0TH=
|
unknown
|
||
|
http://193.3.19.154/store/games/Plugins/cred64.dllal
|
unknown
|
||
|
http://193.3.19.154/store/games/index.phpp
|
unknown
|
||
|
http://193.3.19.154/store/games/index.php9
|
unknown
|
||
|
http://193.3.19.154/store/games/Plugins/cred64.dll1
|
unknown
|
||
|
http://193.3.19.154/store/games/index.phpX
|
unknown
|
||
|
http://193.3.19.154/store/games/index.phpcoded
|
unknown
|
||
|
http://193.3.19.154/store/games/Plugins/clip64.dll
|
unknown
|
||
|
http://193.3.19.154/store/games/index.php2465a8e1dc15491b69b82f20
|
unknown
|
||
|
http://193.3.19.154/store/games/Plugins/cred64.dll-
|
unknown
|
There are 10 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
193.3.19.154
|
unknown
|
Denmark
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
|
Startup
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
441000
|
unkown
|
page execute read
|
|
|
|
C5C000
|
heap
|
page read and write
|
|
|
|
441000
|
unkown
|
page execute read
|
|
|
|
441000
|
unkown
|
page execute read
|
|
|
|
FB1000
|
unkown
|
page execute read
|
|
|
|
441000
|
unkown
|
page execute read
|
|
|
|
441000
|
unkown
|
page execute read
|
|
|
|
441000
|
unkown
|
page execute read
|
|
|
|
FB1000
|
unkown
|
page execute read
|
|
|
|
441000
|
unkown
|
page execute read
|
|
|
|
441000
|
unkown
|
page execute read
|
|
|
|
441000
|
unkown
|
page execute read
|
|
|
|
441000
|
unkown
|
page execute read
|
|
|
|
441000
|
unkown
|
page execute read
|
|
|
|
441000
|
unkown
|
page execute read
|
|
|
|
94A000
|
heap
|
page read and write
|
||
|
3F3F000
|
stack
|
page read and write
|
||
|
469000
|
unkown
|
page readonly
|
||
|
471000
|
unkown
|
page write copy
|
||
|
34DF000
|
stack
|
page read and write
|
||
|
9C9000
|
heap
|
page read and write
|
||
|
D35000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
13C000
|
stack
|
page read and write
|
||
|
469000
|
unkown
|
page readonly
|
||
|
FD9000
|
unkown
|
page readonly
|
||
|
D20000
|
heap
|
page read and write
|
||
|
3A10000
|
heap
|
page read and write
|
||
|
B0C000
|
stack
|
page read and write
|
||
|
9A7000
|
heap
|
page read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
BFE000
|
stack
|
page read and write
|
||
|
474000
|
unkown
|
page readonly
|
||
|
D4E000
|
stack
|
page read and write
|
||
|
474000
|
unkown
|
page readonly
|
||
|
440000
|
unkown
|
page readonly
|
||
|
2FEE000
|
stack
|
page read and write
|
||
|
4EA0000
|
heap
|
page read and write
|
||
|
6DE000
|
stack
|
page read and write
|
||
|
469000
|
unkown
|
page readonly
|
||
|
1EE000
|
stack
|
page read and write
|
||
|
1250000
|
heap
|
page read and write
|
||
|
440000
|
unkown
|
page readonly
|
||
|
440000
|
unkown
|
page readonly
|
||
|
B7E000
|
stack
|
page read and write
|
||
|
94E000
|
heap
|
page read and write
|
||
|
7FE000
|
stack
|
page read and write
|
||
|
2DA0000
|
heap
|
page read and write
|
||
|
331E000
|
stack
|
page read and write
|
||
|
440000
|
unkown
|
page readonly
|
||
|
4010000
|
trusted library allocation
|
page read and write
|
||
|
CCE000
|
stack
|
page read and write
|
||
|
440000
|
unkown
|
page readonly
|
||
|
510000
|
heap
|
page read and write
|
||
|
97B000
|
heap
|
page read and write
|
||
|
A7E000
|
stack
|
page read and write
|
||
|
A33000
|
heap
|
page read and write
|
||
|
9C9000
|
heap
|
page read and write
|
||
|
835000
|
heap
|
page read and write
|
||
|
B70000
|
heap
|
page read and write
|
||
|
C80000
|
heap
|
page read and write
|
||
|
2DE0000
|
heap
|
page read and write
|
||
|
EA9000
|
stack
|
page read and write
|
||
|
10EE000
|
stack
|
page read and write
|
||
|
57D000
|
stack
|
page read and write
|
||
|
B0C000
|
stack
|
page read and write
|
||
|
27A4000
|
heap
|
page read and write
|
||
|
38CF000
|
stack
|
page read and write
|
||
|
97C000
|
heap
|
page read and write
|
||
|
440000
|
unkown
|
page readonly
|
||
|
64EE000
|
stack
|
page read and write
|
||
|
2D9F000
|
stack
|
page read and write
|
||
|
313E000
|
stack
|
page read and write
|
||
|
DBF000
|
stack
|
page read and write
|
||
|
850000
|
heap
|
page read and write
|
||
|
3BBE000
|
stack
|
page read and write
|
||
|
2DAE000
|
stack
|
page read and write
|
||
|
B50000
|
heap
|
page read and write
|
||
|
CBD000
|
heap
|
page read and write
|
||
|
1360000
|
heap
|
page read and write
|
||
|
D8E000
|
stack
|
page read and write
|
||
|
2D6E000
|
stack
|
page read and write
|
||
|
627C000
|
stack
|
page read and write
|
||
|
DE8000
|
heap
|
page read and write
|
||
|
6E0000
|
heap
|
page read and write
|
||
|
CBE000
|
stack
|
page read and write
|
||
|
471000
|
unkown
|
page write copy
|
||
|
474000
|
unkown
|
page readonly
|
||
|
CC7000
|
heap
|
page read and write
|
||
|
52D000
|
stack
|
page read and write
|
||
|
3F80000
|
heap
|
page read and write
|
||
|
471000
|
unkown
|
page write copy
|
||
|
469000
|
unkown
|
page readonly
|
||
|
A10000
|
heap
|
page read and write
|
||
|
31A0000
|
heap
|
page read and write
|
||
|
9FA000
|
heap
|
page read and write
|
||
|
E10000
|
heap
|
page read and write
|
||
|
CFD000
|
stack
|
page read and write
|
||
|
6B0000
|
heap
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
920000
|
heap
|
page read and write
|
||
|
11EF000
|
stack
|
page read and write
|
||
|
9C9000
|
heap
|
page read and write
|
||
|
A0F000
|
heap
|
page read and write
|
||
|
9E5000
|
heap
|
page read and write
|
||
|
3A16000
|
heap
|
page read and write
|
||
|
1BC000
|
stack
|
page read and write
|
||
|
FE4000
|
unkown
|
page readonly
|
||
|
471000
|
unkown
|
page write copy
|
||
|
3F70000
|
heap
|
page read and write
|
||
|
AF0000
|
heap
|
page read and write
|
||
|
11E0000
|
heap
|
page read and write
|
||
|
95F000
|
stack
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
A1F000
|
heap
|
page read and write
|
||
|
A20000
|
heap
|
page read and write
|
||
|
474000
|
unkown
|
page readonly
|
||
|
4EB0000
|
heap
|
page read and write
|
||
|
2DE0000
|
heap
|
page read and write
|
||
|
A33000
|
heap
|
page read and write
|
||
|
E5E000
|
stack
|
page read and write
|
||
|
3DFF000
|
stack
|
page read and write
|
||
|
471000
|
unkown
|
page read and write
|
||
|
3E3E000
|
stack
|
page read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
71F000
|
stack
|
page read and write
|
||
|
469000
|
unkown
|
page readonly
|
||
|
FE1000
|
unkown
|
page read and write
|
||
|
B3E000
|
stack
|
page read and write
|
||
|
A3B000
|
heap
|
page read and write
|
||
|
474000
|
unkown
|
page readonly
|
||
|
AEE000
|
stack
|
page read and write
|
||
|
4D10000
|
heap
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
1A0000
|
heap
|
page read and write
|
||
|
C96000
|
heap
|
page read and write
|
||
|
12A7000
|
heap
|
page read and write
|
||
|
6740000
|
heap
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
471000
|
unkown
|
page read and write
|
||
|
6F0000
|
heap
|
page read and write
|
||
|
69F000
|
stack
|
page read and write
|
||
|
3B60000
|
heap
|
page read and write
|
||
|
9C9000
|
heap
|
page read and write
|
||
|
9FF000
|
heap
|
page read and write
|
||
|
3A3E000
|
stack
|
page read and write
|
||
|
469000
|
unkown
|
page readonly
|
||
|
910000
|
heap
|
page read and write
|
||
|
BC8000
|
heap
|
page read and write
|
||
|
FB0000
|
unkown
|
page readonly
|
||
|
440000
|
unkown
|
page readonly
|
||
|
440000
|
unkown
|
page readonly
|
||
|
3CBF000
|
stack
|
page read and write
|
||
|
469000
|
unkown
|
page readonly
|
||
|
471000
|
unkown
|
page write copy
|
||
|
4EB0000
|
heap
|
page read and write
|
||
|
63EE000
|
stack
|
page read and write
|
||
|
410000
|
heap
|
page read and write
|
||
|
9EF000
|
heap
|
page read and write
|
||
|
A33000
|
heap
|
page read and write
|
||
|
9E5000
|
heap
|
page read and write
|
||
|
FAB000
|
stack
|
page read and write
|
||
|
440000
|
unkown
|
page readonly
|
||
|
474000
|
unkown
|
page readonly
|
||
|
637C000
|
stack
|
page read and write
|
||
|
95D000
|
stack
|
page read and write
|
||
|
9A2000
|
heap
|
page read and write
|
||
|
9DE000
|
stack
|
page read and write
|
||
|
31AB000
|
heap
|
page read and write
|
||
|
A33000
|
heap
|
page read and write
|
||
|
FE1000
|
unkown
|
page write copy
|
||
|
440000
|
unkown
|
page readonly
|
||
|
8F8000
|
heap
|
page read and write
|
||
|
3CFE000
|
stack
|
page read and write
|
||
|
9E6000
|
heap
|
page read and write
|
||
|
474000
|
unkown
|
page readonly
|
||
|
469000
|
unkown
|
page readonly
|
||
|
EFD000
|
stack
|
page read and write
|
||
|
830000
|
heap
|
page read and write
|
||
|
474000
|
unkown
|
page readonly
|
||
|
9E5000
|
heap
|
page read and write
|
||
|
30F0000
|
heap
|
page read and write
|
||
|
9AF000
|
heap
|
page read and write
|
||
|
400000
|
heap
|
page read and write
|
||
|
11DF000
|
stack
|
page read and write
|
||
|
9FD000
|
heap
|
page read and write
|
||
|
BBD000
|
stack
|
page read and write
|
||
|
57D000
|
stack
|
page read and write
|
||
|
B4F000
|
stack
|
page read and write
|
||
|
D30000
|
heap
|
page read and write
|
||
|
CE3000
|
heap
|
page read and write
|
||
|
A0F000
|
heap
|
page read and write
|
||
|
469000
|
unkown
|
page readonly
|
||
|
8BC000
|
stack
|
page read and write
|
||
|
C20000
|
heap
|
page read and write
|
||
|
9FA000
|
heap
|
page read and write
|
||
|
4CB000
|
stack
|
page read and write
|
||
|
BC0000
|
heap
|
page read and write
|
||
|
E66000
|
heap
|
page read and write
|
||
|
A0F000
|
heap
|
page read and write
|
||
|
471000
|
unkown
|
page read and write
|
||
|
9F8000
|
heap
|
page read and write
|
||
|
A1A000
|
heap
|
page read and write
|
||
|
85C000
|
stack
|
page read and write
|
||
|
34E0000
|
heap
|
page read and write
|
||
|
990000
|
heap
|
page read and write
|
||
|
2BED000
|
stack
|
page read and write
|
||
|
898000
|
heap
|
page read and write
|
||
|
474000
|
unkown
|
page readonly
|
||
|
4EAE000
|
heap
|
page read and write
|
||
|
2DD0000
|
heap
|
page read and write
|
||
|
440000
|
unkown
|
page readonly
|
||
|
469000
|
unkown
|
page readonly
|
||
|
2D9C000
|
stack
|
page read and write
|
||
|
27A0000
|
heap
|
page read and write
|
||
|
C2A000
|
heap
|
page read and write
|
||
|
8F0000
|
heap
|
page read and write
|
||
|
31A0000
|
heap
|
page read and write
|
||
|
471000
|
unkown
|
page read and write
|
||
|
890000
|
heap
|
page read and write
|
||
|
A12000
|
heap
|
page read and write
|
||
|
469000
|
unkown
|
page readonly
|
||
|
1580000
|
heap
|
page read and write
|
||
|
471000
|
unkown
|
page read and write
|
||
|
ACD000
|
stack
|
page read and write
|
||
|
520000
|
heap
|
page read and write
|
||
|
33DD000
|
stack
|
page read and write
|
||
|
10CE000
|
stack
|
page read and write
|
||
|
CDC000
|
heap
|
page read and write
|
||
|
E60000
|
heap
|
page read and write
|
||
|
9FF000
|
heap
|
page read and write
|
||
|
56C000
|
stack
|
page read and write
|
||
|
B8B000
|
heap
|
page read and write
|
||
|
2EEC000
|
stack
|
page read and write
|
||
|
65E000
|
stack
|
page read and write
|
||
|
9DC000
|
stack
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
663C000
|
stack
|
page read and write
|
||
|
90E000
|
stack
|
page read and write
|
||
|
474000
|
unkown
|
page readonly
|
||
|
EBF000
|
stack
|
page read and write
|
||
|
9E5000
|
heap
|
page read and write
|
||
|
12A0000
|
heap
|
page read and write
|
||
|
32DE000
|
stack
|
page read and write
|
||
|
9EE000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
940000
|
heap
|
page read and write
|
||
|
474000
|
unkown
|
page readonly
|
||
|
17D000
|
stack
|
page read and write
|
||
|
C2E000
|
heap
|
page read and write
|
||
|
9FD000
|
heap
|
page read and write
|
||
|
474000
|
unkown
|
page readonly
|
||
|
D0F000
|
stack
|
page read and write
|
||
|
2CF0000
|
heap
|
page read and write
|
||
|
FB0000
|
unkown
|
page readonly
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
440000
|
unkown
|
page readonly
|
||
|
D1D000
|
stack
|
page read and write
|
||
|
471000
|
unkown
|
page read and write
|
||
|
FE4000
|
unkown
|
page readonly
|
||
|
10D0000
|
heap
|
page read and write
|
||
|
9BD000
|
stack
|
page read and write
|
||
|
3A15000
|
heap
|
page read and write
|
||
|
471000
|
unkown
|
page write copy
|
||
|
52B000
|
heap
|
page read and write
|
||
|
469000
|
unkown
|
page readonly
|
||
|
317F000
|
stack
|
page read and write
|
||
|
B80000
|
heap
|
page read and write
|
||
|
840000
|
heap
|
page read and write
|
||
|
A1A000
|
heap
|
page read and write
|
||
|
BBE000
|
stack
|
page read and write
|
||
|
4EA1000
|
heap
|
page read and write
|
||
|
A1A000
|
heap
|
page read and write
|
||
|
D90000
|
heap
|
page read and write
|
||
|
393D000
|
stack
|
page read and write
|
||
|
10AE000
|
stack
|
page read and write
|
||
|
673C000
|
stack
|
page read and write
|
||
|
E6A000
|
heap
|
page read and write
|
||
|
A1F000
|
heap
|
page read and write
|
||
|
5CA000
|
stack
|
page read and write
|
||
|
37CE000
|
stack
|
page read and write
|
||
|
F10000
|
heap
|
page read and write
|
||
|
F5F000
|
stack
|
page read and write
|
||
|
FD9000
|
unkown
|
page readonly
|
||
|
AA0000
|
heap
|
page read and write
|
||
|
D40000
|
heap
|
page read and write
|
||
|
CEC000
|
heap
|
page read and write
|
||
|
2CED000
|
stack
|
page read and write
|
There are 278 hidden memdumps, click here to show them.