Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
COPIA DE PAGO SWIFT.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\COPIA DE PAGO SWIFT.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4nqeqj14.eaw.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cybrq3rz.wlr.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_m0ii00ob.tt5.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_u4wnkwwl.iio.psm1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\COPIA DE PAGO SWIFT.exe
|
"C:\Users\user\Desktop\COPIA DE PAGO SWIFT.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\COPIA DE
PAGO SWIFT.exe"
|
|
|
|
C:\Users\user\Desktop\COPIA DE PAGO SWIFT.exe
|
"C:\Users\user\Desktop\COPIA DE PAGO SWIFT.exe"
|
|
|
|
C:\Users\user\Desktop\COPIA DE PAGO SWIFT.exe
|
"C:\Users\user\Desktop\COPIA DE PAGO SWIFT.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://mail.notarius.gr
|
unknown
|
||
|
http://r3.o.lencr.org0
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://x1.c.lencr.org/0
|
unknown
|
||
|
http://x1.i.lencr.org/0
|
unknown
|
||
|
http://r3.i.lencr.org/0%
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
mail.notarius.gr
|
185.25.23.240
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.25.23.240
|
mail.notarius.gr
|
Greece
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
3171000
|
trusted library allocation
|
page read and write
|
|
|
|
31E8000
|
trusted library allocation
|
page read and write
|
|
|
|
4393000
|
trusted library allocation
|
page read and write
|
|
|
|
31BE000
|
trusted library allocation
|
page read and write
|
|
|
|
32F7000
|
trusted library allocation
|
page read and write
|
||
|
17F0000
|
trusted library allocation
|
page read and write
|
||
|
5B5F000
|
stack
|
page read and write
|
||
|
3151000
|
trusted library allocation
|
page read and write
|
||
|
30FE000
|
trusted library allocation
|
page read and write
|
||
|
30F4000
|
trusted library allocation
|
page read and write
|
||
|
12E4000
|
heap
|
page read and write
|
||
|
151A000
|
trusted library allocation
|
page execute and read and write
|
||
|
14E3000
|
trusted library allocation
|
page execute and read and write
|
||
|
BCEE000
|
stack
|
page read and write
|
||
|
B630000
|
heap
|
page read and write
|
||
|
919F000
|
stack
|
page read and write
|
||
|
BDEE000
|
stack
|
page read and write
|
||
|
352F000
|
trusted library allocation
|
page read and write
|
||
|
1230000
|
heap
|
page read and write
|
||
|
3650000
|
trusted library allocation
|
page read and write
|
||
|
14E0000
|
trusted library allocation
|
page read and write
|
||
|
30C4000
|
trusted library allocation
|
page read and write
|
||
|
13B5000
|
heap
|
page read and write
|
||
|
1737000
|
trusted library allocation
|
page execute and read and write
|
||
|
311D000
|
trusted library allocation
|
page read and write
|
||
|
178E000
|
stack
|
page read and write
|
||
|
14E4000
|
trusted library allocation
|
page read and write
|
||
|
12B0000
|
heap
|
page read and write
|
||
|
FC9000
|
stack
|
page read and write
|
||
|
14F3000
|
trusted library allocation
|
page execute and read and write
|
||
|
3116000
|
trusted library allocation
|
page read and write
|
||
|
57B3000
|
heap
|
page read and write
|
||
|
7370000
|
trusted library allocation
|
page read and write
|
||
|
174E000
|
stack
|
page read and write
|
||
|
1502000
|
trusted library allocation
|
page read and write
|
||
|
4159000
|
trusted library allocation
|
page read and write
|
||
|
5A10000
|
heap
|
page read and write
|
||
|
B5ED000
|
stack
|
page read and write
|
||
|
30F0000
|
trusted library allocation
|
page read and write
|
||
|
5D64000
|
trusted library allocation
|
page read and write
|
||
|
77BE000
|
stack
|
page read and write
|
||
|
B9EF000
|
stack
|
page read and write
|
||
|
6D5E000
|
stack
|
page read and write
|
||
|
131A000
|
heap
|
page read and write
|
||
|
14F0000
|
trusted library allocation
|
page read and write
|
||
|
31E4000
|
trusted library allocation
|
page read and write
|
||
|
179E000
|
stack
|
page read and write
|
||
|
4243000
|
trusted library allocation
|
page read and write
|
||
|
32D8000
|
trusted library allocation
|
page read and write
|
||
|
14CE000
|
stack
|
page read and write
|
||
|
5A20000
|
heap
|
page read and write
|
||
|
57B0000
|
heap
|
page read and write
|
||
|
132E000
|
heap
|
page read and write
|
||
|
5D50000
|
trusted library section
|
page read and write
|
||
|
66BD000
|
stack
|
page read and write
|
||
|
3106000
|
trusted library allocation
|
page read and write
|
||
|
5CA0000
|
trusted library allocation
|
page read and write
|
||
|
BF2E000
|
stack
|
page read and write
|
||
|
7FA30000
|
trusted library allocation
|
page execute and read and write
|
||
|
4199000
|
trusted library allocation
|
page read and write
|
||
|
6EB0000
|
heap
|
page read and write
|
||
|
7922000
|
trusted library allocation
|
page read and write
|
||
|
5CDE000
|
stack
|
page read and write
|
||
|
1500000
|
trusted library allocation
|
page read and write
|
||
|
580C000
|
trusted library allocation
|
page read and write
|
||
|
13B0000
|
heap
|
page read and write
|
||
|
12C5000
|
heap
|
page read and write
|
||
|
52EC000
|
stack
|
page read and write
|
||
|
434E000
|
trusted library allocation
|
page read and write
|
||
|
12AE000
|
heap
|
page read and write
|
||
|
5780000
|
trusted library allocation
|
page execute and read and write
|
||
|
309E000
|
stack
|
page read and write
|
||
|
57F8000
|
trusted library allocation
|
page read and write
|
||
|
14D0000
|
trusted library allocation
|
page read and write
|
||
|
67A0000
|
trusted library allocation
|
page read and write
|
||
|
6F20000
|
heap
|
page read and write
|
||
|
1790000
|
trusted library allocation
|
page execute and read and write
|
||
|
73B0000
|
trusted library section
|
page read and write
|
||
|
1510000
|
trusted library allocation
|
page read and write
|
||
|
12EF000
|
heap
|
page read and write
|
||
|
5B90000
|
heap
|
page read and write
|
||
|
4151000
|
trusted library allocation
|
page read and write
|
||
|
132A000
|
heap
|
page read and write
|
||
|
91A0000
|
trusted library allocation
|
page read and write
|
||
|
530D000
|
stack
|
page read and write
|
||
|
330C000
|
trusted library allocation
|
page read and write
|
||
|
5B9E000
|
stack
|
page read and write
|
||
|
5750000
|
heap
|
page execute and read and write
|
||
|
1800000
|
heap
|
page read and write
|
||
|
679D000
|
stack
|
page read and write
|
||
|
162E000
|
stack
|
page read and write
|
||
|
30F2000
|
trusted library allocation
|
page read and write
|
||
|
7FCC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7439000
|
trusted library allocation
|
page read and write
|
||
|
14FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
5650000
|
heap
|
page execute and read and write
|
||
|
BAED000
|
stack
|
page read and write
|
||
|
3111000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
66C0000
|
trusted library allocation
|
page read and write
|
||
|
6C5E000
|
stack
|
page read and write
|
||
|
5900000
|
heap
|
page read and write
|
||
|
5DC7000
|
trusted library allocation
|
page read and write
|
||
|
31D7000
|
trusted library allocation
|
page read and write
|
||
|
30EE000
|
trusted library allocation
|
page read and write
|
||
|
14CE000
|
stack
|
page read and write
|
||
|
3160000
|
heap
|
page read and write
|
||
|
8F60000
|
heap
|
page read and write
|
||
|
58F0000
|
heap
|
page read and write
|
||
|
1510000
|
trusted library allocation
|
page read and write
|
||
|
30D0000
|
heap
|
page execute and read and write
|
||
|
1500000
|
trusted library allocation
|
page read and write
|
||
|
518E000
|
stack
|
page read and write
|
||
|
7430000
|
trusted library allocation
|
page read and write
|
||
|
41A7000
|
trusted library allocation
|
page read and write
|
||
|
5813000
|
heap
|
page read and write
|
||
|
5690000
|
trusted library allocation
|
page execute and read and write
|
||
|
352B000
|
trusted library allocation
|
page read and write
|
||
|
C33F000
|
stack
|
page read and write
|
||
|
C040000
|
trusted library allocation
|
page read and write
|
||
|
56B7000
|
trusted library allocation
|
page read and write
|
||
|
41DE000
|
trusted library allocation
|
page read and write
|
||
|
1220000
|
heap
|
page read and write
|
||
|
17C0000
|
heap
|
page read and write
|
||
|
1807000
|
heap
|
page read and write
|
||
|
1512000
|
trusted library allocation
|
page read and write
|
||
|
17E0000
|
trusted library allocation
|
page read and write
|
||
|
1356000
|
heap
|
page read and write
|
||
|
150D000
|
trusted library allocation
|
page execute and read and write
|
||
|
B8EE000
|
stack
|
page read and write
|
||
|
31F0000
|
trusted library allocation
|
page read and write
|
||
|
5CB0000
|
trusted library allocation
|
page read and write
|
||
|
C1F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
30EB000
|
trusted library allocation
|
page read and write
|
||
|
1750000
|
trusted library allocation
|
page read and write
|
||
|
310D000
|
trusted library allocation
|
page read and write
|
||
|
352D000
|
trusted library allocation
|
page read and write
|
||
|
1298000
|
heap
|
page read and write
|
||
|
675E000
|
stack
|
page read and write
|
||
|
31BC000
|
trusted library allocation
|
page read and write
|
||
|
5D86000
|
trusted library allocation
|
page read and write
|
||
|
5D80000
|
trusted library allocation
|
page read and write
|
||
|
13B0000
|
heap
|
page read and write
|
||
|
5A0E000
|
stack
|
page read and write
|
||
|
5800000
|
trusted library allocation
|
page read and write
|
||
|
767E000
|
stack
|
page read and write
|
||
|
D80000
|
unkown
|
page readonly
|
||
|
5630000
|
trusted library allocation
|
page read and write
|
||
|
1730000
|
trusted library allocation
|
page read and write
|
||
|
B62D000
|
stack
|
page read and write
|
||
|
7350000
|
trusted library allocation
|
page execute and read and write
|
||
|
310E000
|
trusted library allocation
|
page read and write
|
||
|
FB7000
|
stack
|
page read and write
|
||
|
C1BC000
|
stack
|
page read and write
|
||
|
6B24000
|
heap
|
page read and write
|
||
|
1506000
|
trusted library allocation
|
page execute and read and write
|
||
|
32C7000
|
trusted library allocation
|
page read and write
|
||
|
164E000
|
stack
|
page read and write
|
||
|
30C0000
|
trusted library allocation
|
page read and write
|
||
|
1516000
|
trusted library allocation
|
page execute and read and write
|
||
|
1735000
|
trusted library allocation
|
page execute and read and write
|
||
|
12F1000
|
heap
|
page read and write
|
||
|
5DC0000
|
trusted library allocation
|
page read and write
|
||
|
30AE000
|
stack
|
page read and write
|
||
|
173B000
|
trusted library allocation
|
page execute and read and write
|
||
|
1290000
|
heap
|
page read and write
|
||
|
14F3000
|
trusted library allocation
|
page read and write
|
||
|
14F4000
|
trusted library allocation
|
page read and write
|
||
|
695D000
|
stack
|
page read and write
|
||
|
647E000
|
stack
|
page read and write
|
||
|
3101000
|
trusted library allocation
|
page read and write
|
||
|
5650000
|
heap
|
page read and write
|
||
|
7360000
|
trusted library allocation
|
page execute and read and write
|
||
|
57A0000
|
trusted library section
|
page readonly
|
||
|
745C000
|
trusted library allocation
|
page read and write
|
||
|
EB9000
|
stack
|
page read and write
|
||
|
12BE000
|
heap
|
page read and write
|
||
|
58EB000
|
stack
|
page read and write
|
||
|
ECA000
|
stack
|
page read and write
|
||
|
4171000
|
trusted library allocation
|
page read and write
|
||
|
8FC1000
|
heap
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
C0BC000
|
stack
|
page read and write
|
||
|
17E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1520000
|
heap
|
page read and write
|
||
|
1512000
|
trusted library allocation
|
page read and write
|
||
|
909E000
|
stack
|
page read and write
|
||
|
14FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
151B000
|
trusted library allocation
|
page execute and read and write
|
||
|
17B0000
|
trusted library allocation
|
page read and write
|
||
|
5DB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
BAF0000
|
heap
|
page read and write
|
||
|
1732000
|
trusted library allocation
|
page read and write
|
||
|
BB00000
|
heap
|
page read and write
|
||
|
BE2E000
|
stack
|
page read and write
|
||
|
5A5C000
|
stack
|
page read and write
|
||
|
3120000
|
trusted library allocation
|
page read and write
|
||
|
17DC000
|
stack
|
page read and write
|
||
|
5190000
|
trusted library allocation
|
page read and write
|
||
|
14ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
1517000
|
trusted library allocation
|
page execute and read and write
|
||
|
57DE000
|
stack
|
page read and write
|
||
|
8FC6000
|
heap
|
page read and write
|
||
|
131E000
|
heap
|
page read and write
|
||
|
17E5000
|
trusted library allocation
|
page read and write
|
||
|
1362000
|
heap
|
page read and write
|
||
|
56B0000
|
trusted library allocation
|
page read and write
|
||
|
6B83000
|
heap
|
page read and write
|
||
|
3527000
|
trusted library allocation
|
page read and write
|
||
|
3140000
|
heap
|
page execute and read and write
|
||
|
5D90000
|
trusted library allocation
|
page read and write
|
||
|
150A000
|
trusted library allocation
|
page execute and read and write
|
||
|
127D000
|
stack
|
page read and write
|
||
|
17F0000
|
heap
|
page read and write
|
||
|
17D0000
|
trusted library allocation
|
page read and write
|
||
|
5905000
|
heap
|
page read and write
|
||
|
3529000
|
trusted library allocation
|
page read and write
|
||
|
1398000
|
heap
|
page read and write
|
||
|
30FB000
|
trusted library allocation
|
page read and write
|
||
|
6B20000
|
heap
|
page read and write
|
||
|
77FD000
|
stack
|
page read and write
|
||
|
51DE000
|
stack
|
page read and write
|
||
|
B7EF000
|
stack
|
page read and write
|
||
|
30EC000
|
stack
|
page read and write
|
||
|
14F0000
|
trusted library allocation
|
page read and write
|
||
|
30E0000
|
trusted library allocation
|
page read and write
|
||
|
C23E000
|
stack
|
page read and write
|
||
|
5CD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
12C7000
|
heap
|
page read and write
|
||
|
7340000
|
trusted library section
|
page read and write
|
||
|
6B62000
|
heap
|
page read and write
|
||
|
14E0000
|
trusted library allocation
|
page read and write
|
||
|
1540000
|
heap
|
page read and write
|
||
|
76BE000
|
stack
|
page read and write
|
||
|
12BA000
|
heap
|
page read and write
|
||
|
31C6000
|
trusted library allocation
|
page read and write
|
||
|
56A0000
|
heap
|
page read and write
|
||
|
D82000
|
unkown
|
page readonly
|
||
|
5C9E000
|
stack
|
page read and write
|
||
|
5A40000
|
heap
|
page read and write
|
||
|
7330000
|
trusted library section
|
page read and write
|
||
|
30FA000
|
trusted library allocation
|
page read and write
|
||
|
30A0000
|
trusted library allocation
|
page read and write
|
||
|
31A4000
|
trusted library allocation
|
page read and write
|
||
|
5810000
|
heap
|
page read and write
|
||
|
5DA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6EC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
579C000
|
stack
|
page read and write
|
||
|
5D60000
|
trusted library allocation
|
page read and write
|
||
|
57F0000
|
trusted library allocation
|
page read and write
|
||
|
17A0000
|
trusted library allocation
|
page read and write
|
||
|
5BA0000
|
heap
|
page read and write
|
||
|
139B000
|
heap
|
page read and write
|
||
|
1230000
|
heap
|
page read and write
|
||
|
8FBC000
|
heap
|
page read and write
|
||
|
41F5000
|
trusted library allocation
|
page read and write
|
||
|
1280000
|
heap
|
page read and write
|
||
|
1530000
|
trusted library allocation
|
page read and write
|
||
|
56C0000
|
trusted library allocation
|
page read and write
|
||
|
5680000
|
heap
|
page read and write
|
||
|
5178000
|
trusted library allocation
|
page read and write
|
There are 252 hidden memdumps, click here to show them.