Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
HJoRg2I07j.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\bb8ef99577\Utsysc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\246122658369
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024,
components 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\bb8ef99577\Utsysc.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
modified
|
||
|
C:\Users\user\AppData\Roaming\ab10c56eed80d1\clip64.dll
|
HTML document, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\ab10c56eed80d1\cred64.dll
|
HTML document, ASCII text
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\HJoRg2I07j.exe
|
"C:\Users\user\Desktop\HJoRg2I07j.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\bb8ef99577\Utsysc.exe
|
"C:\Users\user\AppData\Local\Temp\bb8ef99577\Utsysc.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN Utsysc.exe /TR "C:\Users\user\AppData\Local\Temp\bb8ef99577\Utsysc.exe"
/F
|
|
|
|
C:\Users\user\AppData\Local\Temp\bb8ef99577\Utsysc.exe
|
C:\Users\user\AppData\Local\Temp\bb8ef99577\Utsysc.exe
|
|
|
|
C:\Users\user\AppData\Local\Temp\bb8ef99577\Utsysc.exe
|
C:\Users\user\AppData\Local\Temp\bb8ef99577\Utsysc.exe
|
|
|
|
C:\Users\user\AppData\Local\Temp\bb8ef99577\Utsysc.exe
|
C:\Users\user\AppData\Local\Temp\bb8ef99577\Utsysc.exe
|
|
|
|
C:\Users\user\AppData\Local\Temp\bb8ef99577\Utsysc.exe
|
C:\Users\user\AppData\Local\Temp\bb8ef99577\Utsysc.exe
|
|
|
|
C:\Users\user\AppData\Local\Temp\bb8ef99577\Utsysc.exe
|
C:\Users\user\AppData\Local\Temp\bb8ef99577\Utsysc.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://atillapro.com/vsdjcn3khS/index.php?scr=1
|
185.196.8.137
|
|
|
|
http://atillapro.com/vsdjcn3khS/Plugins/cred64.dll
|
185.196.8.137
|
|
|
|
atillapro.com/vsdjcn3khS/index.php
|
|
||
|
http://atillapro.com/vsdjcn3khS/index.php
|
185.196.8.137
|
|
|
|
http://atillapro.com/vsdjcn3khS/Plugins/clip64.dll
|
185.196.8.137
|
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
atillapro.com
|
185.196.8.137
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.196.8.137
|
atillapro.com
|
Switzerland
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
|
Startup
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
DB1000
|
unkown
|
page execute read
|
|
|
|
3F1000
|
unkown
|
page execute read
|
|
|
|
DB1000
|
unkown
|
page execute read
|
|
|
|
DB1000
|
unkown
|
page execute read
|
|
|
|
DB1000
|
unkown
|
page execute read
|
|
|
|
DB1000
|
unkown
|
page execute read
|
|
|
|
DB1000
|
unkown
|
page execute read
|
|
|
|
DB1000
|
unkown
|
page execute read
|
|
|
|
3F1000
|
unkown
|
page execute read
|
|
|
|
DB1000
|
unkown
|
page execute read
|
|
|
|
DB1000
|
unkown
|
page execute read
|
|
|
|
DB1000
|
unkown
|
page execute read
|
|
|
|
DB1000
|
unkown
|
page execute read
|
|
|
|
1060000
|
heap
|
page read and write
|
||
|
687C000
|
stack
|
page read and write
|
||
|
4DE1000
|
heap
|
page read and write
|
||
|
15C0000
|
heap
|
page read and write
|
||
|
13B0000
|
heap
|
page read and write
|
||
|
149E000
|
stack
|
page read and write
|
||
|
CED000
|
heap
|
page read and write
|
||
|
4EE2000
|
heap
|
page read and write
|
||
|
40EE000
|
stack
|
page read and write
|
||
|
1360000
|
heap
|
page read and write
|
||
|
AFA000
|
stack
|
page read and write
|
||
|
2920000
|
heap
|
page read and write
|
||
|
4EEA000
|
heap
|
page read and write
|
||
|
677C000
|
stack
|
page read and write
|
||
|
41EF000
|
stack
|
page read and write
|
||
|
E16000
|
unkown
|
page write copy
|
||
|
D3B000
|
heap
|
page read and write
|
||
|
4DE1000
|
heap
|
page read and write
|
||
|
CBA000
|
heap
|
page read and write
|
||
|
E04000
|
unkown
|
page readonly
|
||
|
42EA000
|
heap
|
page read and write
|
||
|
1076000
|
heap
|
page read and write
|
||
|
1590000
|
heap
|
page read and write
|
||
|
B70000
|
heap
|
page read and write
|
||
|
41CA000
|
heap
|
page read and write
|
||
|
41D0000
|
heap
|
page read and write
|
||
|
E16000
|
unkown
|
page write copy
|
||
|
F6E000
|
stack
|
page read and write
|
||
|
68BC000
|
stack
|
page read and write
|
||
|
4EEA000
|
heap
|
page read and write
|
||
|
3E20000
|
heap
|
page read and write
|
||
|
F2F000
|
stack
|
page read and write
|
||
|
45B000
|
unkown
|
page readonly
|
||
|
E16000
|
unkown
|
page read and write
|
||
|
1067000
|
heap
|
page read and write
|
||
|
2590000
|
heap
|
page read and write
|
||
|
125F000
|
stack
|
page read and write
|
||
|
BDC000
|
stack
|
page read and write
|
||
|
3F6F000
|
stack
|
page read and write
|
||
|
D68000
|
heap
|
page read and write
|
||
|
147F000
|
heap
|
page read and write
|
||
|
1380000
|
heap
|
page read and write
|
||
|
41CA000
|
heap
|
page read and write
|
||
|
4DE1000
|
heap
|
page read and write
|
||
|
4EE7000
|
heap
|
page read and write
|
||
|
E19000
|
unkown
|
page read and write
|
||
|
C8E000
|
stack
|
page read and write
|
||
|
4DE1000
|
heap
|
page read and write
|
||
|
3F0000
|
unkown
|
page readonly
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
4EE6000
|
heap
|
page read and write
|
||
|
D68000
|
heap
|
page read and write
|
||
|
E04000
|
unkown
|
page readonly
|
||
|
41F4000
|
heap
|
page read and write
|
||
|
41C0000
|
heap
|
page read and write
|
||
|
D6C000
|
heap
|
page read and write
|
||
|
E16000
|
unkown
|
page write copy
|
||
|
CB0000
|
heap
|
page read and write
|
||
|
DB0000
|
unkown
|
page readonly
|
||
|
512E000
|
heap
|
page read and write
|
||
|
E1B000
|
unkown
|
page readonly
|
||
|
4700000
|
heap
|
page read and write
|
||
|
E1B000
|
unkown
|
page readonly
|
||
|
4DE1000
|
heap
|
page read and write
|
||
|
4EE8000
|
heap
|
page read and write
|
||
|
DB0000
|
unkown
|
page readonly
|
||
|
41C0000
|
heap
|
page read and write
|
||
|
4EEC000
|
heap
|
page read and write
|
||
|
41EA000
|
heap
|
page read and write
|
||
|
D84000
|
heap
|
page read and write
|
||
|
E70000
|
heap
|
page read and write
|
||
|
E19000
|
unkown
|
page read and write
|
||
|
4EEB000
|
heap
|
page read and write
|
||
|
D3B000
|
heap
|
page read and write
|
||
|
E16000
|
unkown
|
page read and write
|
||
|
5130000
|
heap
|
page read and write
|
||
|
4DE1000
|
heap
|
page read and write
|
||
|
DAE000
|
stack
|
page read and write
|
||
|
423A000
|
heap
|
page read and write
|
||
|
9FE000
|
stack
|
page read and write
|
||
|
444000
|
unkown
|
page readonly
|
||
|
DB0000
|
unkown
|
page readonly
|
||
|
C70000
|
heap
|
page read and write
|
||
|
13BA000
|
heap
|
page read and write
|
||
|
4DE1000
|
heap
|
page read and write
|
||
|
E77000
|
heap
|
page read and write
|
||
|
4EE1000
|
heap
|
page read and write
|
||
|
4EEF000
|
heap
|
page read and write
|
||
|
D70000
|
heap
|
page read and write
|
||
|
DB0000
|
unkown
|
page readonly
|
||
|
42EA000
|
heap
|
page read and write
|
||
|
2840000
|
heap
|
page read and write
|
||
|
159A000
|
heap
|
page read and write
|
||
|
C8D000
|
stack
|
page read and write
|
||
|
456000
|
unkown
|
page write copy
|
||
|
4EE8000
|
heap
|
page read and write
|
||
|
16FF000
|
stack
|
page read and write
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
4EE6000
|
heap
|
page read and write
|
||
|
4EE1000
|
heap
|
page read and write
|
||
|
E04000
|
unkown
|
page readonly
|
||
|
DB0000
|
unkown
|
page readonly
|
||
|
47DE000
|
heap
|
page read and write
|
||
|
E04000
|
unkown
|
page readonly
|
||
|
5120000
|
heap
|
page read and write
|
||
|
E04000
|
unkown
|
page readonly
|
||
|
E16000
|
unkown
|
page read and write
|
||
|
E18000
|
unkown
|
page write copy
|
||
|
4DE1000
|
heap
|
page read and write
|
||
|
41DA000
|
heap
|
page read and write
|
||
|
CED000
|
heap
|
page read and write
|
||
|
78B000
|
stack
|
page read and write
|
||
|
E04000
|
unkown
|
page readonly
|
||
|
4DE1000
|
heap
|
page read and write
|
||
|
42E0000
|
heap
|
page read and write
|
||
|
4DE1000
|
heap
|
page read and write
|
||
|
E1B000
|
unkown
|
page readonly
|
||
|
D60000
|
heap
|
page read and write
|
||
|
ADC000
|
stack
|
page read and write
|
||
|
D17000
|
heap
|
page read and write
|
||
|
2926000
|
heap
|
page read and write
|
||
|
4230000
|
heap
|
page read and write
|
||
|
15CA000
|
heap
|
page read and write
|
||
|
44C0000
|
heap
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
3B6A000
|
heap
|
page read and write
|
||
|
19FF000
|
stack
|
page read and write
|
||
|
2810000
|
heap
|
page read and write
|
||
|
4EE6000
|
heap
|
page read and write
|
||
|
DB0000
|
unkown
|
page readonly
|
||
|
94C000
|
stack
|
page read and write
|
||
|
D68000
|
heap
|
page read and write
|
||
|
4307000
|
heap
|
page read and write
|
||
|
E04000
|
unkown
|
page readonly
|
||
|
4DE1000
|
heap
|
page read and write
|
||
|
A17000
|
heap
|
page read and write
|
||
|
4300000
|
heap
|
page read and write
|
||
|
E18000
|
unkown
|
page write copy
|
||
|
42EA000
|
heap
|
page read and write
|
||
|
D0D000
|
heap
|
page read and write
|
||
|
E1B000
|
unkown
|
page readonly
|
||
|
4DE1000
|
heap
|
page read and write
|
||
|
5121000
|
heap
|
page read and write
|
||
|
D37000
|
heap
|
page read and write
|
||
|
3E25000
|
heap
|
page read and write
|
||
|
C45000
|
heap
|
page read and write
|
||
|
D70000
|
heap
|
page read and write
|
||
|
B60000
|
heap
|
page read and write
|
||
|
E16000
|
unkown
|
page write copy
|
||
|
B80000
|
heap
|
page read and write
|
||
|
D3B000
|
heap
|
page read and write
|
||
|
E18000
|
unkown
|
page write copy
|
||
|
2789000
|
stack
|
page read and write
|
||
|
29D0000
|
heap
|
page read and write
|
||
|
D5F000
|
heap
|
page read and write
|
||
|
44CA000
|
heap
|
page read and write
|
||
|
D6C000
|
heap
|
page read and write
|
||
|
810000
|
heap
|
page read and write
|
||
|
DB0000
|
unkown
|
page readonly
|
||
|
3C2A000
|
heap
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
E04000
|
unkown
|
page readonly
|
||
|
3C20000
|
heap
|
page read and write
|
||
|
69C0000
|
heap
|
page read and write
|
||
|
4DE1000
|
heap
|
page read and write
|
||
|
CEE000
|
heap
|
page read and write
|
||
|
65FE000
|
stack
|
page read and write
|
||
|
DB0000
|
unkown
|
page readonly
|
||
|
459000
|
unkown
|
page read and write
|
||
|
E1B000
|
unkown
|
page readonly
|
||
|
42E0000
|
heap
|
page read and write
|
||
|
4310000
|
heap
|
page read and write
|
||
|
4DE1000
|
heap
|
page read and write
|
||
|
3E3A000
|
heap
|
page read and write
|
||
|
C90000
|
heap
|
page read and write
|
||
|
4EE6000
|
heap
|
page read and write
|
||
|
458000
|
unkown
|
page write copy
|
||
|
4DE1000
|
heap
|
page read and write
|
||
|
3060000
|
heap
|
page read and write
|
||
|
E18000
|
unkown
|
page write copy
|
||
|
C77000
|
heap
|
page read and write
|
||
|
DB0000
|
unkown
|
page readonly
|
||
|
D14000
|
heap
|
page read and write
|
||
|
40AF000
|
stack
|
page read and write
|
||
|
E19000
|
unkown
|
page read and write
|
||
|
4DE1000
|
heap
|
page read and write
|
||
|
3F0000
|
unkown
|
page readonly
|
||
|
2844000
|
heap
|
page read and write
|
||
|
1507000
|
heap
|
page read and write
|
||
|
4EEF000
|
heap
|
page read and write
|
||
|
106F000
|
stack
|
page read and write
|
||
|
41E0000
|
heap
|
page read and write
|
||
|
E16000
|
unkown
|
page write copy
|
||
|
D1F000
|
heap
|
page read and write
|
||
|
4DE1000
|
heap
|
page read and write
|
||
|
42E0000
|
heap
|
page read and write
|
||
|
3C3A000
|
heap
|
page read and write
|
||
|
FAE000
|
stack
|
page read and write
|
||
|
4790000
|
trusted library allocation
|
page read and write
|
||
|
3BD0000
|
heap
|
page read and write
|
||
|
FFC000
|
stack
|
page read and write
|
||
|
433A000
|
heap
|
page read and write
|
||
|
4EE1000
|
heap
|
page read and write
|
||
|
EAE000
|
stack
|
page read and write
|
||
|
4EE8000
|
heap
|
page read and write
|
||
|
45B000
|
unkown
|
page readonly
|
||
|
431A000
|
heap
|
page read and write
|
||
|
D60000
|
heap
|
page read and write
|
||
|
D70000
|
heap
|
page read and write
|
||
|
E1B000
|
unkown
|
page readonly
|
||
|
D3B000
|
heap
|
page read and write
|
||
|
E1B000
|
unkown
|
page readonly
|
||
|
E6E000
|
stack
|
page read and write
|
||
|
4DE1000
|
heap
|
page read and write
|
||
|
E04000
|
unkown
|
page readonly
|
||
|
4F90000
|
heap
|
page read and write
|
||
|
41F0000
|
heap
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
3B60000
|
heap
|
page read and write
|
||
|
14EE000
|
stack
|
page read and write
|
||
|
4EEC000
|
heap
|
page read and write
|
||
|
292A000
|
heap
|
page read and write
|
||
|
E1B000
|
unkown
|
page readonly
|
||
|
4160000
|
heap
|
page read and write
|
||
|
5130000
|
heap
|
page read and write
|
||
|
4DE1000
|
heap
|
page read and write
|
||
|
4EE8000
|
heap
|
page read and write
|
||
|
4218000
|
heap
|
page read and write
|
||
|
4200000
|
heap
|
page read and write
|
||
|
E1B000
|
unkown
|
page readonly
|
||
|
4EE8000
|
heap
|
page read and write
|
||
|
4DE1000
|
heap
|
page read and write
|
||
|
4EE6000
|
heap
|
page read and write
|
||
|
4DE1000
|
heap
|
page read and write
|
||
|
4330000
|
heap
|
page read and write
|
||
|
4DE1000
|
heap
|
page read and write
|
||
|
E16000
|
unkown
|
page read and write
|
||
|
456000
|
unkown
|
page read and write
|
||
|
3FAE000
|
stack
|
page read and write
|
||
|
4DE1000
|
heap
|
page read and write
|
||
|
42E0000
|
heap
|
page read and write
|
||
|
41F0000
|
heap
|
page read and write
|
||
|
15CA000
|
heap
|
page read and write
|
||
|
3E30000
|
heap
|
page read and write
|
||
|
D81000
|
heap
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
13FF000
|
stack
|
page read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
64FD000
|
stack
|
page read and write
|
||
|
77C000
|
stack
|
page read and write
|
||
|
12FE000
|
stack
|
page read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
12FC000
|
stack
|
page read and write
|
||
|
69BC000
|
stack
|
page read and write
|
||
|
E16000
|
unkown
|
page read and write
|
||
|
4DE1000
|
heap
|
page read and write
|
||
|
A10000
|
heap
|
page read and write
|
||
|
3E26000
|
heap
|
page read and write
|
||
|
3C30000
|
heap
|
page read and write
|
||
|
42EA000
|
heap
|
page read and write
|
||
|
136A000
|
heap
|
page read and write
|
||
|
4DE1000
|
heap
|
page read and write
|
||
|
7FC000
|
stack
|
page read and write
|
||
|
E04000
|
unkown
|
page readonly
|
||
|
67C000
|
stack
|
page read and write
|
||
|
42E0000
|
heap
|
page read and write
|
||
|
CA0000
|
heap
|
page read and write
|
||
|
E19000
|
unkown
|
page read and write
|
||
|
E04000
|
unkown
|
page readonly
|
||
|
D68000
|
heap
|
page read and write
|
||
|
3BDA000
|
heap
|
page read and write
|
||
|
E18000
|
unkown
|
page write copy
|
||
|
D68000
|
heap
|
page read and write
|
||
|
4EE2000
|
heap
|
page read and write
|
||
|
1360000
|
heap
|
page read and write
|
||
|
3E6E000
|
stack
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
4EE2000
|
heap
|
page read and write
|
||
|
DB0000
|
unkown
|
page readonly
|
||
|
1370000
|
heap
|
page read and write
|
||
|
42EA000
|
heap
|
page read and write
|
||
|
138A000
|
heap
|
page read and write
|
||
|
D60000
|
heap
|
page read and write
|
||
|
1380000
|
heap
|
page read and write
|
||
|
E16000
|
unkown
|
page write copy
|
||
|
CBE000
|
heap
|
page read and write
|
||
|
15C0000
|
heap
|
page read and write
|
||
|
AFC000
|
stack
|
page read and write
|
||
|
444000
|
unkown
|
page readonly
|
||
|
E1B000
|
unkown
|
page readonly
|
||
|
1500000
|
heap
|
page read and write
|
||
|
4DE1000
|
heap
|
page read and write
|
||
|
D70000
|
heap
|
page read and write
|
||
|
E1B000
|
unkown
|
page readonly
|
||
|
D0D000
|
heap
|
page read and write
|
||
|
4EE1000
|
heap
|
page read and write
|
||
|
EB0000
|
heap
|
page read and write
|
||
|
D37000
|
heap
|
page read and write
|
||
|
D58000
|
heap
|
page read and write
|
||
|
2D6B000
|
stack
|
page read and write
|
||
|
CFC000
|
stack
|
page read and write
|
||
|
2D90000
|
heap
|
page read and write
|
||
|
D37000
|
heap
|
page read and write
|
||
|
EF0000
|
heap
|
page read and write
|
||
|
DB0000
|
unkown
|
page readonly
|
||
|
C1E000
|
stack
|
page read and write
|
||
|
E19000
|
unkown
|
page read and write
|
||
|
D65000
|
heap
|
page read and write
|
There are 311 hidden memdumps, click here to show them.