|
7ff77bb76000
|
|
page read and write
|
|
|
|
| Name: |
5432.1.00007ff77bb75000.00007ff77bb76000.rw-.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Protect: |
page read and write
|
| Base address: |
7ff77bb76000
|
| Size: |
4096
|
|
|
7ff77b15a000
|
|
page read and write
|
|
|
|
| Name: |
5432.1.00007ff77b158000.00007ff77b15a000.rw-.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Protect: |
page read and write
|
| Base address: |
7ff77b15a000
|
| Size: |
8192
|
|
|
7ff77bb7e000
|
|
page read and write
|
|
|
|
| Name: |
5432.1.00007ff77bb7c000.00007ff77bb7e000.rw-.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Protect: |
page read and write
|
| Base address: |
7ff77bb7e000
|
| Size: |
8192
|
|
|
55b82cdd0000
|
|
page read and write
|
|
|
|
| Name: |
5432.1.000055b82cdba000.000055b82cdd0000.rw-.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Protect: |
page read and write
|
| Base address: |
55b82cdd0000
|
| Size: |
90112
|
|
|
7ff77bbc3000
|
|
page read and write
|
|
|
|
| Name: |
5432.1.00007ff77bbc2000.00007ff77bbc3000.rw-.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Protect: |
page read and write
|
| Base address: |
7ff77bbc3000
|
| Size: |
4096
|
|
|
7ff77ae9c000
|
|
page read and write
|
|
|
|
| Name: |
5432.1.00007ff77a695000.00007ff77ae9c000.rw-.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Protect: |
page read and write
|
| Base address: |
7ff77ae9c000
|
| Size: |
8417280
|
|
|
55b82adb1000
|
|
page read and write
|
|
|
|
| Name: |
5432.1.000055b82ad87000.000055b82adb1000.rw-.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Protect: |
page read and write
|
| Base address: |
55b82adb1000
|
| Size: |
172032
|
|
|
7ff6f4130000
|
|
page execute and read and write
|
|
|
|
| Name: |
5432.1.00007ff6f412f000.00007ff6f4130000.rwx.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Protect: |
page execute and read and write
|
| Base address: |
7ff6f4130000
|
| Size: |
4096
|
|
|
7ff77b53b000
|
|
page read and write
|
|
|
|
| Name: |
5432.1.00007ff77b539000.00007ff77b53b000.rw-.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Protect: |
page read and write
|
| Base address: |
7ff77b53b000
|
| Size: |
8192
|
|
|
7ff774021000
|
|
page read and write
|
|
|
|
| Name: |
5432.1.00007ff774000000.00007ff774021000.rw-.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Protect: |
page read and write
|
| Base address: |
7ff774021000
|
| Size: |
135168
|
|
|
7ff6f4455000
|
|
page read and write
|
|
|
|
| Name: |
5432.1.00007ff6f444f000.00007ff6f4455000.rw-.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Protect: |
page read and write
|
| Base address: |
7ff6f4455000
|
| Size: |
24576
|
|
|
7ff77a694000
|
|
page read and write
|
|
|
|
| Name: |
5432.1.00007ff77a613000.00007ff77a694000.rw-.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Protect: |
page read and write
|
| Base address: |
7ff77a694000
|
| Size: |
528384
|
|
|
55b82cdb9000
|
|
page execute and read and write
|
|
|
|
| Name: |
5432.1.000055b82adbb000.000055b82cdb9000.rwx.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Protect: |
page execute and read and write
|
| Base address: |
55b82cdb9000
|
| Size: |
33546240
|
|
|
7ffdc2255000
|
|
page read and write
|
|
|
|
| Name: |
5432.1.00007ffdc2234000.00007ffdc2255000.rw-.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Protect: |
page read and write
|
| Base address: |
7ffdc2255000
|
| Size: |
135168
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
7ff77b4fb000
|
|
page read and write
|
|
|
|
| Name: |
5432.1.00007ff77b4f7000.00007ff77b4fb000.rw-.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Protect: |
page read and write
|
| Base address: |
7ff77b4fb000
|
| Size: |
16384
|
|
|
7ff6f440f000
|
|
page execute read
|
|
|
|
| Name: |
5432.1.00007ff6f4400000.00007ff6f440f000.r-x.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Protect: |
page execute read
|
| Base address: |
7ff6f440f000
|
| Size: |
61440
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara signature match |
System Summary |
|
|
|
7ff774000000
|
|
page read and write
|
|
|
|
| Name: |
5432.1.00007ff773800000.00007ff774000000.rw-.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Protect: |
page read and write
|
| Base address: |
7ff774000000
|
| Size: |
8388608
|
|
|
55b82adbb000
|
|
page read and write
|
|
|
|
| Name: |
5432.1.000055b82adb1000.000055b82adbb000.rw-.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Protect: |
page read and write
|
| Base address: |
55b82adbb000
|
| Size: |
40960
|
|
|
7ffdc226e000
|
|
page execute read
|
|
|
|
| Name: |
5432.1.00007ffdc226d000.00007ffdc226e000.r-x.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Protect: |
page execute read
|
| Base address: |
7ffdc226e000
|
| Size: |
4096
|
|
|
7ff77b86c000
|
|
page read and write
|
|
|
|
| Name: |
5432.1.00007ff77b869000.00007ff77b86c000.rw-.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Protect: |
page read and write
|
| Base address: |
7ff77b86c000
|
| Size: |
12288
|
|
|
7ff77b51e000
|
|
page read and write
|
|
|
|
| Name: |
5432.1.00007ff77b51a000.00007ff77b51e000.rw-.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Protect: |
page read and write
|
| Base address: |
7ff77b51e000
|
| Size: |
16384
|
|
|
55b82d7e7000
|
|
page read and write
|
|
|
|
| Name: |
5432.1.000055b82d760000.000055b82d7e7000.rw-.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Protect: |
page read and write
|
| Base address: |
55b82d7e7000
|
| Size: |
552960
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
7ff77ba4d000
|
|
page read and write
|
|
|
|
| Name: |
5432.1.00007ff77ba4b000.00007ff77ba4d000.rw-.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Protect: |
page read and write
|
| Base address: |
7ff77ba4d000
|
| Size: |
8192
|
|
|
7ff77aeaa000
|
|
page read and write
|
|
|
|
| Name: |
5432.1.00007ff77aea8000.00007ff77aeaa000.rw-.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Protect: |
page read and write
|
| Base address: |
7ff77aeaa000
|
| Size: |
8192
|
|
|
55b82ab29000
|
|
page execute read
|
|
|
|
| Name: |
5432.1.000055b82a907000.000055b82ab29000.r-x.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Protect: |
page execute read
|
| Base address: |
55b82ab29000
|
| Size: |
2236416
|
|
