Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
MDE_File_Sample_1ed7b1e965eab56f55efda975f9f7ade95337267.zip
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
initial sample
|
||
|
C:\Users\user\Desktop\rhc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\rundll32.exe
|
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6}
-Embedding
|
||
|
C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_1ed7b1e965eab56f55efda975f9f7ade95337267.zip\rhc.exe
|
"C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_1ed7b1e965eab56f55efda975f9f7ade95337267.zip\rhc.exe"
|
||
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\system32\cmd.exe"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Program Files\7-Zip\7zG.exe
|
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\user\Desktop\" -an -ai#7zMap13122:172:7zEvent2168
|
||
|
C:\Users\user\AppData\Local\Temp\Temp2_MDE_File_Sample_1ed7b1e965eab56f55efda975f9f7ade95337267.zip\rhc.exe
|
"C:\Users\user\AppData\Local\Temp\Temp2_MDE_File_Sample_1ed7b1e965eab56f55efda975f9f7ade95337267.zip\rhc.exe"
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1787D790000
|
trusted library allocation
|
page read and write
|
||
|
1787D720000
|
trusted library allocation
|
page read and write
|
||
|
5AE000
|
stack
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
5E4000
|
heap
|
page read and write
|
||
|
3BDF000
|
stack
|
page read and write
|
||
|
77E000
|
heap
|
page read and write
|
||
|
5CC000
|
heap
|
page read and write
|
||
|
6D686F9000
|
stack
|
page read and write
|
||
|
1787BCE6000
|
heap
|
page read and write
|
||
|
6D689FE000
|
stack
|
page read and write
|
||
|
5CD000
|
heap
|
page read and write
|
||
|
5AE000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
1787BCEF000
|
heap
|
page read and write
|
||
|
1787BBC0000
|
heap
|
page read and write
|
||
|
77A000
|
heap
|
page read and write
|
||
|
1787BC80000
|
heap
|
page read and write
|
||
|
75A000
|
heap
|
page read and write
|
||
|
16E0DB90000
|
heap
|
page read and write
|
||
|
1787D600000
|
heap
|
page read and write
|
||
|
40B987E000
|
stack
|
page read and write
|
||
|
1787BBF0000
|
heap
|
page read and write
|
||
|
1787BCD2000
|
heap
|
page read and write
|
||
|
77E000
|
heap
|
page read and write
|
||
|
1787BC97000
|
heap
|
page read and write
|
||
|
16E0D8C0000
|
heap
|
page read and write
|
||
|
1787BCC4000
|
heap
|
page read and write
|
||
|
6D68CFF000
|
stack
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
39E4000
|
heap
|
page read and write
|
||
|
777000
|
heap
|
page read and write
|
||
|
5C4000
|
heap
|
page read and write
|
||
|
1787D700000
|
heap
|
page read and write
|
||
|
5E4000
|
heap
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
40B95EE000
|
stack
|
page read and write
|
||
|
5CD000
|
heap
|
page read and write
|
||
|
52E000
|
stack
|
page read and write
|
||
|
5C8000
|
heap
|
page read and write
|
||
|
1787F480000
|
trusted library allocation
|
page read and write
|
||
|
70E000
|
stack
|
page read and write
|
||
|
56E000
|
stack
|
page read and write
|
||
|
777000
|
heap
|
page read and write
|
||
|
45E000
|
stack
|
page read and write
|
||
|
9A000
|
stack
|
page read and write
|
||
|
1787BCE0000
|
heap
|
page read and write
|
||
|
22FE000
|
stack
|
page read and write
|
||
|
5CB000
|
heap
|
page read and write
|
||
|
94F000
|
stack
|
page read and write
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
40B956F000
|
stack
|
page read and write
|
||
|
76D000
|
heap
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
5C7000
|
heap
|
page read and write
|
||
|
40B94EC000
|
stack
|
page read and write
|
||
|
730000
|
heap
|
page read and write
|
||
|
79F000
|
stack
|
page read and write
|
||
|
777000
|
heap
|
page read and write
|
||
|
781000
|
heap
|
page read and write
|
||
|
1787BC85000
|
heap
|
page read and write
|
||
|
5C8000
|
heap
|
page read and write
|
||
|
6D68BFE000
|
stack
|
page read and write
|
||
|
27B0000
|
heap
|
page read and write
|
||
|
1787BCC4000
|
heap
|
page read and write
|
||
|
16E0D8C9000
|
heap
|
page read and write
|
||
|
710000
|
heap
|
page read and write
|
||
|
5AA000
|
heap
|
page read and write
|
||
|
1787F480000
|
trusted library allocation
|
page read and write
|
||
|
6D687FD000
|
stack
|
page read and write
|
||
|
2790000
|
heap
|
page read and write
|
||
|
77A000
|
heap
|
page read and write
|
||
|
1787D7E3000
|
heap
|
page read and write
|
||
|
1787DF00000
|
trusted library allocation
|
page read and write
|
||
|
1787BC90000
|
heap
|
page read and write
|
||
|
5CD000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
6D688FE000
|
stack
|
page read and write
|
||
|
1787D7E0000
|
heap
|
page read and write
|
||
|
23FF000
|
stack
|
page read and write
|
||
|
5CE000
|
heap
|
page read and write
|
||
|
410000
|
heap
|
page read and write
|
||
|
5CB000
|
heap
|
page read and write
|
||
|
16E0D850000
|
heap
|
page read and write
|
||
|
16E0D880000
|
heap
|
page read and write
|
||
|
9A000
|
stack
|
page read and write
|
||
|
27A0000
|
heap
|
page read and write
|
||
|
1787D609000
|
heap
|
page read and write
|
||
|
77D000
|
heap
|
page read and write
|
||
|
5C8000
|
heap
|
page read and write
|
||
|
1787BCC8000
|
heap
|
page read and write
|
||
|
1787BCD9000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute and write copy
|
||
|
77B000
|
heap
|
page read and write
|
||
|
16E0F4B0000
|
heap
|
page read and write
|
||
|
1787BBD0000
|
heap
|
page read and write
|
||
|
5D2000
|
heap
|
page read and write
|
||
|
794000
|
heap
|
page read and write
|
||
|
27F5000
|
heap
|
page read and write
|
||
|
22BF000
|
stack
|
page read and write
|
||
|
1787BCDA000
|
heap
|
page read and write
|
||
|
600000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
1787BCD3000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
1787BCD8000
|
heap
|
page read and write
|
||
|
A4E000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute and read and write
|
||
|
21BE000
|
stack
|
page read and write
|
||
|
1787BCD9000
|
heap
|
page read and write
|
||
|
5CE000
|
heap
|
page read and write
|
||
|
75E000
|
heap
|
page read and write
|
||
|
77D000
|
heap
|
page read and write
|
||
|
39E0000
|
heap
|
page read and write
|
||
|
5CB000
|
heap
|
page read and write
|
||
|
460000
|
heap
|
page read and write
|
||
|
27F0000
|
heap
|
page read and write
|
||
|
16E0D860000
|
heap
|
page read and write
|
||
|
5BE000
|
heap
|
page read and write
|
||
|
266E000
|
stack
|
page read and write
|
||
|
5C7000
|
heap
|
page read and write
|
||
|
794000
|
heap
|
page read and write
|
||
|
16E0DB95000
|
heap
|
page read and write
|
||
|
27A4000
|
heap
|
page read and write
|
||
|
735000
|
heap
|
page read and write
|
||
|
77D000
|
heap
|
page read and write
|
There are 116 hidden memdumps, click here to show them.