Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
enigma_loader.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\svchost.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_enigma_loader.ex_241c9992af64d28bdcb0b67c166884b89b2d3ebe_e45d3950_fd5bba2a-f600-4b81-a0a7-5975f24b1b5e\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4E45.tmp.dmp
|
Mini DuMP crash report, 16 streams, Sat Nov 23 13:33:31 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4FFB.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER503B.tmp.xml
|
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER50E5.tmp.csv
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER528B.tmp.txt
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\svchost.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Sat Nov 23 12:31:16
2024, mtime=Sat Nov 23 12:31:16 2024, atime=Sat Nov 23 12:31:16 2024, length=35840, window=hide
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\enigma_loader.exe
|
"C:\Users\user\Desktop\enigma_loader.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\svchost.exe
|
"C:\Users\user\AppData\Roaming\svchost.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\svchost.exe
|
"C:\Users\user\AppData\Roaming\svchost.exe"
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k WerSvcGroup
|
|
|
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -pss -s 440 -p 7268 -ip 7268
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 7268 -s 1880
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
selection-wa.gl.at.ply.gg
|
|
||
|
http://upx.sf.net
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
127.0.0.1
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
selection-wa.gl.at.ply.gg
|
147.185.221.23
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
147.185.221.23
|
selection-wa.gl.at.ply.gg
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
svchost
|
||
|
\REGISTRY\A\{ee44e4ae-51d4-204f-965a-c058b6e6fb51}\Root\InventoryApplicationFile\enigma_loader.ex|c438a6ad8a06bcf2
|
ProgramId
|
||
|
\REGISTRY\A\{ee44e4ae-51d4-204f-965a-c058b6e6fb51}\Root\InventoryApplicationFile\enigma_loader.ex|c438a6ad8a06bcf2
|
FileId
|
||
|
\REGISTRY\A\{ee44e4ae-51d4-204f-965a-c058b6e6fb51}\Root\InventoryApplicationFile\enigma_loader.ex|c438a6ad8a06bcf2
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{ee44e4ae-51d4-204f-965a-c058b6e6fb51}\Root\InventoryApplicationFile\enigma_loader.ex|c438a6ad8a06bcf2
|
LongPathHash
|
||
|
\REGISTRY\A\{ee44e4ae-51d4-204f-965a-c058b6e6fb51}\Root\InventoryApplicationFile\enigma_loader.ex|c438a6ad8a06bcf2
|
Name
|
||
|
\REGISTRY\A\{ee44e4ae-51d4-204f-965a-c058b6e6fb51}\Root\InventoryApplicationFile\enigma_loader.ex|c438a6ad8a06bcf2
|
OriginalFileName
|
||
|
\REGISTRY\A\{ee44e4ae-51d4-204f-965a-c058b6e6fb51}\Root\InventoryApplicationFile\enigma_loader.ex|c438a6ad8a06bcf2
|
Publisher
|
||
|
\REGISTRY\A\{ee44e4ae-51d4-204f-965a-c058b6e6fb51}\Root\InventoryApplicationFile\enigma_loader.ex|c438a6ad8a06bcf2
|
Version
|
||
|
\REGISTRY\A\{ee44e4ae-51d4-204f-965a-c058b6e6fb51}\Root\InventoryApplicationFile\enigma_loader.ex|c438a6ad8a06bcf2
|
BinFileVersion
|
||
|
\REGISTRY\A\{ee44e4ae-51d4-204f-965a-c058b6e6fb51}\Root\InventoryApplicationFile\enigma_loader.ex|c438a6ad8a06bcf2
|
BinaryType
|
||
|
\REGISTRY\A\{ee44e4ae-51d4-204f-965a-c058b6e6fb51}\Root\InventoryApplicationFile\enigma_loader.ex|c438a6ad8a06bcf2
|
ProductName
|
||
|
\REGISTRY\A\{ee44e4ae-51d4-204f-965a-c058b6e6fb51}\Root\InventoryApplicationFile\enigma_loader.ex|c438a6ad8a06bcf2
|
ProductVersion
|
||
|
\REGISTRY\A\{ee44e4ae-51d4-204f-965a-c058b6e6fb51}\Root\InventoryApplicationFile\enigma_loader.ex|c438a6ad8a06bcf2
|
LinkDate
|
||
|
\REGISTRY\A\{ee44e4ae-51d4-204f-965a-c058b6e6fb51}\Root\InventoryApplicationFile\enigma_loader.ex|c438a6ad8a06bcf2
|
BinProductVersion
|
||
|
\REGISTRY\A\{ee44e4ae-51d4-204f-965a-c058b6e6fb51}\Root\InventoryApplicationFile\enigma_loader.ex|c438a6ad8a06bcf2
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{ee44e4ae-51d4-204f-965a-c058b6e6fb51}\Root\InventoryApplicationFile\enigma_loader.ex|c438a6ad8a06bcf2
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{ee44e4ae-51d4-204f-965a-c058b6e6fb51}\Root\InventoryApplicationFile\enigma_loader.ex|c438a6ad8a06bcf2
|
Size
|
||
|
\REGISTRY\A\{ee44e4ae-51d4-204f-965a-c058b6e6fb51}\Root\InventoryApplicationFile\enigma_loader.ex|c438a6ad8a06bcf2
|
Language
|
||
|
\REGISTRY\A\{ee44e4ae-51d4-204f-965a-c058b6e6fb51}\Root\InventoryApplicationFile\enigma_loader.ex|c438a6ad8a06bcf2
|
Usn
|
There are 10 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3041000
|
trusted library allocation
|
page read and write
|
|
|
|
D52000
|
unkown
|
page readonly
|
|
|
|
289FF313000
|
heap
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
F02000
|
heap
|
page read and write
|
||
|
7FFD9B800000
|
trusted library allocation
|
page execute and read and write
|
||
|
289FF041000
|
heap
|
page read and write
|
||
|
1AE02000
|
heap
|
page read and write
|
||
|
570000
|
trusted library allocation
|
page read and write
|
||
|
289FF302000
|
heap
|
page read and write
|
||
|
651000
|
heap
|
page read and write
|
||
|
EC0000
|
heap
|
page read and write
|
||
|
11FF000
|
stack
|
page read and write
|
||
|
289FF300000
|
heap
|
page read and write
|
||
|
1BFD1000
|
heap
|
page read and write
|
||
|
1360000
|
heap
|
page read and write
|
||
|
7FFD9B72C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C32F000
|
stack
|
page read and write
|
||
|
289FF200000
|
heap
|
page read and write
|
||
|
B02000
|
heap
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
E26000
|
heap
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
7FFD9B7B6000
|
trusted library allocation
|
page execute and read and write
|
||
|
E46000
|
heap
|
page read and write
|
||
|
687000
|
heap
|
page read and write
|
||
|
7FFD9B73C000
|
trusted library allocation
|
page execute and read and write
|
||
|
10F4000
|
stack
|
page read and write
|
||
|
D58A1F9000
|
stack
|
page read and write
|
||
|
D589EFE000
|
stack
|
page read and write
|
||
|
7FFD9B7F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1302000
|
heap
|
page read and write
|
||
|
1C3B0000
|
heap
|
page read and write
|
||
|
1580000
|
trusted library allocation
|
page read and write
|
||
|
16D5000
|
heap
|
page read and write
|
||
|
1BAFE000
|
stack
|
page read and write
|
||
|
1BFBD000
|
heap
|
page read and write
|
||
|
E4B000
|
heap
|
page read and write
|
||
|
12D0000
|
heap
|
page read and write
|
||
|
1C5BC000
|
stack
|
page read and write
|
||
|
E77000
|
heap
|
page read and write
|
||
|
1BF42000
|
heap
|
page read and write
|
||
|
289FF011000
|
unkown
|
page read and write
|
||
|
289FEE20000
|
heap
|
page read and write
|
||
|
1202000
|
heap
|
page read and write
|
||
|
1253000
|
heap
|
page read and write
|
||
|
1BCFE000
|
stack
|
page read and write
|
||
|
24B1000
|
trusted library allocation
|
page read and write
|
||
|
1350000
|
trusted library allocation
|
page read and write
|
||
|
5D0000
|
heap
|
page execute and read and write
|
||
|
7FFD9B6ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B78C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B8FE000
|
stack
|
page read and write
|
||
|
7FFD9B6E2000
|
trusted library allocation
|
page read and write
|
||
|
289FF013000
|
unkown
|
page read and write
|
||
|
11D0000
|
heap
|
page read and write
|
||
|
7FFD9B6FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
6B5000
|
heap
|
page read and write
|
||
|
13041000
|
trusted library allocation
|
page read and write
|
||
|
289FF000000
|
unkown
|
page read and write
|
||
|
1B4BC000
|
stack
|
page read and write
|
||
|
62D000
|
heap
|
page read and write
|
||
|
1B4E0000
|
heap
|
page read and write
|
||
|
6BA000
|
heap
|
page read and write
|
||
|
16D0000
|
heap
|
page read and write
|
||
|
289FF313000
|
heap
|
page read and write
|
||
|
E89000
|
heap
|
page read and write
|
||
|
638000
|
heap
|
page read and write
|
||
|
1A91D000
|
stack
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
124A8000
|
trusted library allocation
|
page read and write
|
||
|
D50000
|
unkown
|
page readonly
|
||
|
E0B000
|
heap
|
page read and write
|
||
|
24AF000
|
trusted library allocation
|
page read and write
|
||
|
2E8B000
|
heap
|
page read and write
|
||
|
1BFF1000
|
heap
|
page read and write
|
||
|
289FF213000
|
heap
|
page read and write
|
||
|
1BFF5000
|
heap
|
page read and write
|
||
|
E48000
|
heap
|
page read and write
|
||
|
7FFD9B6ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B7A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B6F4000
|
trusted library allocation
|
page read and write
|
||
|
E38000
|
heap
|
page read and write
|
||
|
6D5000
|
heap
|
page read and write
|
||
|
7FFD9B73C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1284000
|
heap
|
page read and write
|
||
|
15A0000
|
heap
|
page execute and read and write
|
||
|
12D28000
|
trusted library allocation
|
page read and write
|
||
|
289FF115000
|
trusted library allocation
|
page read and write
|
||
|
1365000
|
heap
|
page read and write
|
||
|
E3E000
|
heap
|
page read and write
|
||
|
1BABE000
|
stack
|
page read and write
|
||
|
A02000
|
heap
|
page read and write
|
||
|
7FFD9B880000
|
trusted library allocation
|
page read and write
|
||
|
124A3000
|
trusted library allocation
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
1210000
|
heap
|
page read and write
|
||
|
11F0000
|
heap
|
page read and write
|
||
|
655000
|
heap
|
page read and write
|
||
|
7FFD9B7C6000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B7C6000
|
trusted library allocation
|
page execute and read and write
|
||
|
156B000
|
stack
|
page read and write
|
||
|
600000
|
heap
|
page read and write
|
||
|
1304E000
|
trusted library allocation
|
page read and write
|
||
|
7FF43FD50000
|
trusted library allocation
|
page execute and read and write
|
||
|
289FF100000
|
trusted library allocation
|
page read and write
|
||
|
121D000
|
heap
|
page read and write
|
||
|
1BF60000
|
heap
|
page read and write
|
||
|
1B070000
|
trusted library allocation
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
289FF102000
|
trusted library allocation
|
page read and write
|
||
|
289FF00B000
|
unkown
|
page read and write
|
||
|
7FFD9B6D0000
|
trusted library allocation
|
page read and write
|
||
|
1B9FE000
|
stack
|
page read and write
|
||
|
1C7BC000
|
stack
|
page read and write
|
||
|
7FFD9B780000
|
trusted library allocation
|
page read and write
|
||
|
1C1FE000
|
stack
|
page read and write
|
||
|
289FF300000
|
heap
|
page read and write
|
||
|
3010000
|
heap
|
page read and write
|
||
|
7FFD9B891000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
613000
|
heap
|
page read and write
|
||
|
7FFD9B6ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AD5E000
|
stack
|
page read and write
|
||
|
550000
|
trusted library allocation
|
page read and write
|
||
|
657000
|
heap
|
page read and write
|
||
|
7FFD9B6FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B6E4000
|
trusted library allocation
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
289FEF00000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6E3000
|
trusted library allocation
|
page execute and read and write
|
||
|
CF4000
|
stack
|
page read and write
|
||
|
1B930000
|
heap
|
page read and write
|
||
|
3030000
|
heap
|
page read and write
|
||
|
35D6000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B786000
|
trusted library allocation
|
page read and write
|
||
|
123F000
|
heap
|
page read and write
|
||
|
7FFD9B880000
|
trusted library allocation
|
page execute and read and write
|
||
|
344B000
|
trusted library allocation
|
page read and write
|
||
|
8FF000
|
stack
|
page read and write
|
||
|
7FFD9B880000
|
trusted library allocation
|
page read and write
|
||
|
1216000
|
heap
|
page read and write
|
||
|
124A1000
|
trusted library allocation
|
page read and write
|
||
|
1B8FF000
|
stack
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
1310000
|
heap
|
page read and write
|
||
|
7FFD9B6E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6E3000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C00000
|
heap
|
page read and write
|
||
|
7FFD9B790000
|
trusted library allocation
|
page read and write
|
||
|
289FF076000
|
heap
|
page read and write
|
||
|
EAD000
|
heap
|
page read and write
|
||
|
622000
|
heap
|
page read and write
|
||
|
7FFD9B6F0000
|
trusted library allocation
|
page read and write
|
||
|
D5C000
|
unkown
|
page readonly
|
||
|
1BF74000
|
heap
|
page read and write
|
||
|
1593000
|
trusted library allocation
|
page read and write
|
||
|
1C2FE000
|
stack
|
page read and write
|
||
|
289FF124000
|
heap
|
page read and write
|
||
|
289FF02B000
|
heap
|
page read and write
|
||
|
16AE000
|
stack
|
page read and write
|
||
|
2C10000
|
heap
|
page execute and read and write
|
||
|
2BF0000
|
trusted library allocation
|
page read and write
|
||
|
1C1F4000
|
stack
|
page read and write
|
||
|
E51000
|
heap
|
page read and write
|
||
|
702000
|
heap
|
page read and write
|
||
|
127F000
|
heap
|
page read and write
|
||
|
1C8BA000
|
stack
|
page read and write
|
||
|
1B933000
|
heap
|
page read and write
|
||
|
D589C7D000
|
stack
|
page read and write
|
||
|
13048000
|
trusted library allocation
|
page read and write
|
||
|
2D1E000
|
stack
|
page read and write
|
||
|
7FFD9B6F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6F2000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6F2000
|
trusted library allocation
|
page read and write
|
||
|
1BFF3000
|
heap
|
page read and write
|
||
|
289FF202000
|
heap
|
page read and write
|
||
|
146A000
|
stack
|
page read and write
|
||
|
289FEE00000
|
heap
|
page read and write
|
||
|
D589FFE000
|
stack
|
page read and write
|
||
|
1BAF0000
|
heap
|
page execute and read and write
|
||
|
1299000
|
heap
|
page read and write
|
||
|
7FFD9B6D4000
|
trusted library allocation
|
page read and write
|
||
|
12D21000
|
trusted library allocation
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
289FF03C000
|
heap
|
page read and write
|
||
|
7FFD9B6F4000
|
trusted library allocation
|
page read and write
|
||
|
289FF002000
|
unkown
|
page read and write
|
||
|
662000
|
heap
|
page read and write
|
||
|
7FFD9B790000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D21000
|
trusted library allocation
|
page read and write
|
||
|
1B19D000
|
stack
|
page read and write
|
||
|
590000
|
heap
|
page execute and read and write
|
||
|
7FFD9B800000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C0F9000
|
stack
|
page read and write
|
||
|
D589CFE000
|
stack
|
page read and write
|
||
|
24A1000
|
trusted library allocation
|
page read and write
|
||
|
1BF00000
|
heap
|
page read and write
|
||
|
1BBFE000
|
stack
|
page read and write
|
||
|
E2D000
|
heap
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
7FFD9B870000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6D3000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D2C000
|
trusted library allocation
|
page read and write
|
||
|
1B602000
|
heap
|
page read and write
|
||
|
12CA000
|
heap
|
page read and write
|
||
|
289FF302000
|
heap
|
page read and write
|
||
|
7FFD9B6DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
1CABC000
|
stack
|
page read and write
|
||
|
63C000
|
heap
|
page read and write
|
||
|
400000
|
heap
|
page read and write
|
||
|
9FF000
|
stack
|
page read and write
|
||
|
7FFD9B6F0000
|
trusted library allocation
|
page read and write
|
||
|
12D23000
|
trusted library allocation
|
page read and write
|
||
|
1BFDF000
|
heap
|
page read and write
|
||
|
1249000
|
heap
|
page read and write
|
||
|
7FFD9B6F4000
|
trusted library allocation
|
page read and write
|
||
|
D589D7E000
|
stack
|
page read and write
|
||
|
1255000
|
heap
|
page read and write
|
||
|
D58A0FE000
|
stack
|
page read and write
|
||
|
10FF000
|
stack
|
page read and write
|
||
|
1C0FE000
|
stack
|
page read and write
|
||
|
960000
|
unkown
|
page readonly
|
||
|
24AC000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B700000
|
trusted library allocation
|
page read and write
|
||
|
249E000
|
stack
|
page read and write
|
||
|
1C6BC000
|
stack
|
page read and write
|
||
|
1B510000
|
heap
|
page execute and read and write
|
||
|
E13000
|
heap
|
page read and write
|
||
|
E40000
|
heap
|
page read and write
|
||
|
1590000
|
trusted library allocation
|
page read and write
|
||
|
625000
|
heap
|
page read and write
|
||
|
2BD0000
|
trusted library allocation
|
page read and write
|
||
|
1C4000
|
stack
|
page read and write
|
There are 225 hidden memdumps, click here to show them.