Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
6gmoJJZr1e.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_6gm_9b1d9c974cdc3e984dfdab69b0a88852c0a1104e_548d04a3_3f19492b-0eed-400a-afd1-e598d38770c0\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_6gm_9b1d9c974cdc3e984dfdab69b0a88852c0a1104e_548d04a3_563ae1a6-ee2b-4b5b-920d-2c39c7262e81\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_6gm_9b1d9c974cdc3e984dfdab69b0a88852c0a1104e_548d04a3_8abe9583-1d52-4e8c-8b02-0ee72f6ed599\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER72E6.tmp.dmp
|
Mini DuMP crash report, 14 streams, Mon Nov 25 20:01:11 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7382.tmp.dmp
|
Mini DuMP crash report, 14 streams, Mon Nov 25 20:01:11 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER75B6.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7614.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7634.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER76E0.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7883.tmp.dmp
|
Mini DuMP crash report, 14 streams, Mon Nov 25 20:01:12 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER78E2.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7912.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 4 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\6gmoJJZr1e.dll,ReflectiveLoader
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\6gmoJJZr1e.dll",#1
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\6gmoJJZr1e.dll",ReflectiveLoader
|
|
|
|
C:\Windows\System32\loaddll64.exe
|
loaddll64.exe "C:\Users\user\Desktop\6gmoJJZr1e.dll"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\6gmoJJZr1e.dll",#1
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 7172 -s 332
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 7180 -s 352
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 7596 -s 344
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
3.78.244.11
|
|
||
|
http://upx.sf.net
|
unknown
|
||
|
http://127.0.0.1:%u/
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{cb0ef725-d155-7e32-49e4-809fb9367959}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProgramId
|
||
|
\REGISTRY\A\{cb0ef725-d155-7e32-49e4-809fb9367959}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
FileId
|
||
|
\REGISTRY\A\{cb0ef725-d155-7e32-49e4-809fb9367959}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{cb0ef725-d155-7e32-49e4-809fb9367959}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LongPathHash
|
||
|
\REGISTRY\A\{cb0ef725-d155-7e32-49e4-809fb9367959}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Name
|
||
|
\REGISTRY\A\{cb0ef725-d155-7e32-49e4-809fb9367959}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
OriginalFileName
|
||
|
\REGISTRY\A\{cb0ef725-d155-7e32-49e4-809fb9367959}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Publisher
|
||
|
\REGISTRY\A\{cb0ef725-d155-7e32-49e4-809fb9367959}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Version
|
||
|
\REGISTRY\A\{cb0ef725-d155-7e32-49e4-809fb9367959}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinFileVersion
|
||
|
\REGISTRY\A\{cb0ef725-d155-7e32-49e4-809fb9367959}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinaryType
|
||
|
\REGISTRY\A\{cb0ef725-d155-7e32-49e4-809fb9367959}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductName
|
||
|
\REGISTRY\A\{cb0ef725-d155-7e32-49e4-809fb9367959}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductVersion
|
||
|
\REGISTRY\A\{cb0ef725-d155-7e32-49e4-809fb9367959}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LinkDate
|
||
|
\REGISTRY\A\{cb0ef725-d155-7e32-49e4-809fb9367959}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinProductVersion
|
||
|
\REGISTRY\A\{cb0ef725-d155-7e32-49e4-809fb9367959}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{cb0ef725-d155-7e32-49e4-809fb9367959}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{cb0ef725-d155-7e32-49e4-809fb9367959}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Size
|
||
|
\REGISTRY\A\{cb0ef725-d155-7e32-49e4-809fb9367959}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Language
|
||
|
\REGISTRY\A\{cb0ef725-d155-7e32-49e4-809fb9367959}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
IsOsComponent
|
||
|
\REGISTRY\A\{cb0ef725-d155-7e32-49e4-809fb9367959}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Usn
|
There are 10 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7FFB0C682000
|
unkown
|
page readonly
|
|
|
|
1C688500000
|
direct allocation
|
page execute and read and write
|
|
|
|
218AB7A0000
|
direct allocation
|
page execute and read and write
|
|
|
|
1AFB2A50000
|
direct allocation
|
page execute and read and write
|
|
|
|
7FFB0C682000
|
unkown
|
page readonly
|
|
|
|
7FFB0C682000
|
unkown
|
page readonly
|
|
|
|
7FFB0C69E000
|
unkown
|
page read and write
|
||
|
1AFB2AA4000
|
direct allocation
|
page execute and read and write
|
||
|
1AFB0EC0000
|
heap
|
page read and write
|
||
|
1C688670000
|
heap
|
page read and write
|
||
|
218AB790000
|
heap
|
page read and write
|
||
|
7FFB0C69E000
|
unkown
|
page read and write
|
||
|
1C688554000
|
direct allocation
|
page execute and read and write
|
||
|
7FFB0C692000
|
unkown
|
page write copy
|
||
|
1C6869E7000
|
heap
|
page read and write
|
||
|
403667E000
|
stack
|
page read and write
|
||
|
218A9C50000
|
heap
|
page read and write
|
||
|
403638E000
|
stack
|
page read and write
|
||
|
237D50B0000
|
heap
|
page read and write
|
||
|
218A9E50000
|
heap
|
page read and write
|
||
|
1C686BB0000
|
heap
|
page read and write
|
||
|
7FFB0C6A4000
|
unkown
|
page readonly
|
||
|
7FFB0C6A4000
|
unkown
|
page readonly
|
||
|
218A9C60000
|
heap
|
page read and write
|
||
|
237D50B0000
|
heap
|
page read and write
|
||
|
674EBFE000
|
stack
|
page read and write
|
||
|
1AFB1190000
|
heap
|
page read and write
|
||
|
7FFB0C650000
|
unkown
|
page readonly
|
||
|
1C6869EE000
|
heap
|
page read and write
|
||
|
7FFB0C698000
|
unkown
|
page read and write
|
||
|
218A9C68000
|
heap
|
page read and write
|
||
|
7FFB0C651000
|
unkown
|
page execute read
|
||
|
1C686D50000
|
heap
|
page read and write
|
||
|
CB1F4F000
|
stack
|
page read and write
|
||
|
218A9EC5000
|
heap
|
page read and write
|
||
|
218AB7F4000
|
direct allocation
|
page execute and read and write
|
||
|
403630C000
|
stack
|
page read and write
|
||
|
2ACBCFF000
|
stack
|
page read and write
|
||
|
2ACB9FC000
|
stack
|
page read and write
|
||
|
1AFB10D0000
|
heap
|
page read and write
|
||
|
1C6869E0000
|
heap
|
page read and write
|
||
|
1AFB0EE0000
|
heap
|
page read and write
|
||
|
1AFB2A40000
|
heap
|
page read and write
|
||
|
7FFB0C692000
|
unkown
|
page write copy
|
||
|
1C686BD0000
|
heap
|
page read and write
|
||
|
1C6869C0000
|
heap
|
page read and write
|
||
|
7FFB0C6A3000
|
unkown
|
page read and write
|
||
|
237D4ED8000
|
heap
|
page read and write
|
||
|
7FFB0C698000
|
unkown
|
page read and write
|
||
|
7FFB0C650000
|
unkown
|
page readonly
|
||
|
CB1FCE000
|
stack
|
page read and write
|
||
|
1AFB0EE8000
|
heap
|
page read and write
|
||
|
237D5120000
|
heap
|
page read and write
|
||
|
674EAFE000
|
stack
|
page read and write
|
||
|
237D4EDC000
|
heap
|
page read and write
|
||
|
674E75C000
|
stack
|
page read and write
|
||
|
237D5120000
|
heap
|
page read and write
|
||
|
7FFB0C69E000
|
unkown
|
page read and write
|
||
|
7FFB0C6A3000
|
unkown
|
page read and write
|
||
|
237D4EC0000
|
heap
|
page read and write
|
||
|
1AFB10B0000
|
heap
|
page read and write
|
||
|
CB1ECC000
|
stack
|
page read and write
|
||
|
237D4ECD000
|
heap
|
page read and write
|
||
|
1C686D55000
|
heap
|
page read and write
|
||
|
7FFB0C692000
|
unkown
|
page write copy
|
||
|
2ACBC7F000
|
stack
|
page read and write
|
||
|
218A9E30000
|
heap
|
page read and write
|
||
|
218A9EC0000
|
heap
|
page read and write
|
||
|
7FFB0C650000
|
unkown
|
page readonly
|
||
|
7FFB0C651000
|
unkown
|
page execute read
|
||
|
237D5090000
|
heap
|
page read and write
|
||
|
237D4EA0000
|
heap
|
page read and write
|
||
|
237D4EC9000
|
heap
|
page read and write
|
||
|
7FFB0C698000
|
unkown
|
page read and write
|
||
|
7FFB0C6A4000
|
unkown
|
page readonly
|
||
|
7FFB0C651000
|
unkown
|
page execute read
|
||
|
1AFB1195000
|
heap
|
page read and write
|
||
|
7FFB0C6A3000
|
unkown
|
page read and write
|
There are 68 hidden memdumps, click here to show them.