Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe
|
PE32+ executable (console) x86-64, for MS Windows
|
initial sample
|
 |
|
|
\Device\ConDrv
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe" MD5
| find /i /v "md5" | find /i /v "certutil"
|
||
|
C:\Windows\System32\certutil.exe
|
certutil -hashfile "C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe" MD5
|
||
|
C:\Windows\System32\find.exe
|
find /i /v "md5"
|
||
|
C:\Windows\System32\find.exe
|
find /i /v "certutil"
|
||
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c start cmd /C "color b && title Error && echo SSL connect error && timeout /t 5"
|
||
|
C:\Windows\System32\cmd.exe
|
cmd /C "color b && title Error && echo SSL connect error && timeout /t 5"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\timeout.exe
|
timeout /t 5
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 4712 -s 516
|
There are 1 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://keyauth.win/api/1.2/L
|
unknown
|
||
|
https://keyauth.win/api/1.2/y=
|
unknown
|
||
|
https://curl.haxx.se/docs/http-cookies.html
|
unknown
|
||
|
https://keyauth.win/api/1.2/
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
keyauth.win
|
104.26.0.5
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
104.26.0.5
|
keyauth.win
|
United States
|
||
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.60.3.1!7
|
Name
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.60.3.2!7
|
Name
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.60.3.3!7
|
Name
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
202D8147000
|
heap
|
page read and write
|
||
|
21D7AB45000
|
heap
|
page read and write
|
||
|
1F0000
|
direct allocation
|
page read and write
|
||
|
1F0000
|
direct allocation
|
page read and write
|
||
|
2100A1C0000
|
heap
|
page read and write
|
||
|
21D7A910000
|
heap
|
page read and write
|
||
|
1F0000
|
direct allocation
|
page read and write
|
||
|
1F0000
|
direct allocation
|
page read and write
|
||
|
21008650000
|
heap
|
page read and write
|
||
|
1430B8000
|
unkown
|
page execute read
|
||
|
E662E7F000
|
stack
|
page read and write
|
||
|
AD6337F000
|
stack
|
page read and write
|
||
|
1F0000
|
remote allocation
|
page read and write
|
||
|
1EE19E00000
|
heap
|
page read and write
|
||
|
14007C000
|
unkown
|
page readonly
|
||
|
1F0000
|
remote allocation
|
page read and write
|
||
|
1400A2000
|
unkown
|
page execute and read and write
|
||
|
FF6C59C000
|
stack
|
page read and write
|
||
|
22C0000
|
direct allocation
|
page read and write
|
||
|
1F0000
|
direct allocation
|
page read and write
|
||
|
1E5000
|
heap
|
page read and write
|
||
|
4EC000
|
heap
|
page read and write
|
||
|
143AB8000
|
unkown
|
page execute read
|
||
|
4E6000
|
heap
|
page read and write
|
||
|
1F0000
|
direct allocation
|
page read and write
|
||
|
143AB8000
|
unkown
|
page execute read
|
||
|
7FF880000000
|
direct allocation
|
page execute and read and write
|
||
|
1426B8000
|
unkown
|
page execute read
|
||
|
143000
|
stack
|
page read and write
|
||
|
1EE19E0A000
|
heap
|
page read and write
|
||
|
202D8420000
|
heap
|
page read and write
|
||
|
180000
|
heap
|
page read and write
|
||
|
2100A1C5000
|
heap
|
page read and write
|
||
|
FF6C8FF000
|
stack
|
page read and write
|
||
|
1423B4000
|
unkown
|
page execute and read and write
|
||
|
202D7F80000
|
heap
|
page read and write
|
||
|
1414A2000
|
unkown
|
page execute and read and write
|
||
|
21D7AA10000
|
heap
|
page read and write
|
||
|
1400A0000
|
unkown
|
page read and write
|
||
|
14009A000
|
unkown
|
page readonly
|
||
|
FF6C97F000
|
stack
|
page read and write
|
||
|
1430B8000
|
unkown
|
page execute read
|
||
|
140098000
|
unkown
|
page read and write
|
||
|
517000
|
heap
|
page read and write
|
||
|
AD633FF000
|
stack
|
page read and write
|
||
|
142370000
|
unkown
|
page execute and read and write
|
||
|
1EE19D80000
|
heap
|
page read and write
|
||
|
1EE19DB0000
|
heap
|
page read and write
|
||
|
14C000
|
stack
|
page read and write
|
||
|
21D7A8D0000
|
heap
|
page read and write
|
||
|
1400A0000
|
unkown
|
page write copy
|
||
|
AD632FC000
|
stack
|
page read and write
|
||
|
140000000
|
unkown
|
page readonly
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
1420D6000
|
unkown
|
page execute and read and write
|
||
|
140001000
|
unkown
|
page execute read
|
||
|
202D8060000
|
heap
|
page read and write
|
||
|
190000
|
heap
|
page read and write
|
||
|
1444B8000
|
unkown
|
page execute read
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
E662BFF000
|
stack
|
page read and write
|
||
|
1EE19D90000
|
heap
|
page read and write
|
||
|
21D7A919000
|
heap
|
page read and write
|
||
|
1F0000
|
direct allocation
|
page read and write
|
||
|
1F0000
|
remote allocation
|
page read and write
|
||
|
21D7A7F0000
|
heap
|
page read and write
|
||
|
260F000
|
stack
|
page read and write
|
||
|
1EE19E07000
|
heap
|
page read and write
|
||
|
7FF880030000
|
direct allocation
|
page execute and read and write
|
||
|
1F0000
|
remote allocation
|
page read and write
|
||
|
1EE19DD5000
|
heap
|
page read and write
|
||
|
142374000
|
unkown
|
page execute and read and write
|
||
|
14007C000
|
unkown
|
page readonly
|
||
|
FF6C87E000
|
stack
|
page read and write
|
||
|
250F000
|
stack
|
page read and write
|
||
|
51B000
|
heap
|
page read and write
|
||
|
210086F0000
|
heap
|
page read and write
|
||
|
210086A0000
|
heap
|
page read and write
|
||
|
14009A000
|
unkown
|
page readonly
|
||
|
1EE19DD0000
|
heap
|
page read and write
|
||
|
7DE000
|
stack
|
page read and write
|
||
|
8D00FAC000
|
stack
|
page read and write
|
||
|
210086F8000
|
heap
|
page read and write
|
||
|
140000000
|
unkown
|
page readonly
|
||
|
1F0000
|
direct allocation
|
page read and write
|
||
|
8D012FF000
|
stack
|
page read and write
|
||
|
202D8140000
|
heap
|
page read and write
|
||
|
E662B7C000
|
stack
|
page read and write
|
||
|
202D814A000
|
heap
|
page read and write
|
||
|
140001000
|
unkown
|
page execute read
|
||
|
140AA2000
|
unkown
|
page execute and read and write
|
||
|
21D7C770000
|
heap
|
page read and write
|
||
|
202D8080000
|
heap
|
page read and write
|
||
|
21D7C7F0000
|
heap
|
page read and write
|
||
|
1444B8000
|
unkown
|
page execute read
|
||
|
1426B8000
|
unkown
|
page execute read
|
||
|
21008660000
|
heap
|
page read and write
|
||
|
8D0127F000
|
stack
|
page read and write
|
||
|
1F0000
|
direct allocation
|
page read and write
|
||
|
240E000
|
stack
|
page read and write
|
||
|
202D8425000
|
heap
|
page read and write
|
||
|
141EA2000
|
unkown
|
page execute and read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
140098000
|
unkown
|
page write copy
|
||
|
1F0000
|
direct allocation
|
page read and write
|
||
|
1423BA000
|
unkown
|
page execute and read and write
|
||
|
21D7AB40000
|
heap
|
page read and write
|
||
|
6DF000
|
stack
|
page read and write
|
There are 98 hidden memdumps, click here to show them.