Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
dekont_20240423_388993774837743.exe
|
PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_dekont_20240423__f29aed481361345eef85fedfd8f72632aa8e00_c74f1f47_6ea974dd-8f19-446a-b783-c735a24ea101\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC9B9.tmp.dmp
|
Mini DuMP crash report, 16 streams, Wed Apr 24 05:11:06 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCB31.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCBA0.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\dekont_20240423_388993774837743.exe
|
"C:\Users\user\Desktop\dekont_20240423_388993774837743.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 6492 -s 1072
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://hatiplertekstil.com
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
http://mail.hatiplertekstil.com
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
hatiplertekstil.com
|
93.190.220.113
|
|
|
|
mail.hatiplertekstil.com
|
unknown
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
93.190.220.113
|
hatiplertekstil.com
|
Turkey
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{44886331-5d3f-8c09-1f06-60059a27ac16}\Root\InventoryApplicationFile\dekont_20240423_|2c79dc46326379e7
|
ProgramId
|
||
|
\REGISTRY\A\{44886331-5d3f-8c09-1f06-60059a27ac16}\Root\InventoryApplicationFile\dekont_20240423_|2c79dc46326379e7
|
FileId
|
||
|
\REGISTRY\A\{44886331-5d3f-8c09-1f06-60059a27ac16}\Root\InventoryApplicationFile\dekont_20240423_|2c79dc46326379e7
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{44886331-5d3f-8c09-1f06-60059a27ac16}\Root\InventoryApplicationFile\dekont_20240423_|2c79dc46326379e7
|
LongPathHash
|
||
|
\REGISTRY\A\{44886331-5d3f-8c09-1f06-60059a27ac16}\Root\InventoryApplicationFile\dekont_20240423_|2c79dc46326379e7
|
Name
|
||
|
\REGISTRY\A\{44886331-5d3f-8c09-1f06-60059a27ac16}\Root\InventoryApplicationFile\dekont_20240423_|2c79dc46326379e7
|
OriginalFileName
|
||
|
\REGISTRY\A\{44886331-5d3f-8c09-1f06-60059a27ac16}\Root\InventoryApplicationFile\dekont_20240423_|2c79dc46326379e7
|
Publisher
|
||
|
\REGISTRY\A\{44886331-5d3f-8c09-1f06-60059a27ac16}\Root\InventoryApplicationFile\dekont_20240423_|2c79dc46326379e7
|
Version
|
||
|
\REGISTRY\A\{44886331-5d3f-8c09-1f06-60059a27ac16}\Root\InventoryApplicationFile\dekont_20240423_|2c79dc46326379e7
|
BinFileVersion
|
||
|
\REGISTRY\A\{44886331-5d3f-8c09-1f06-60059a27ac16}\Root\InventoryApplicationFile\dekont_20240423_|2c79dc46326379e7
|
BinaryType
|
||
|
\REGISTRY\A\{44886331-5d3f-8c09-1f06-60059a27ac16}\Root\InventoryApplicationFile\dekont_20240423_|2c79dc46326379e7
|
ProductName
|
||
|
\REGISTRY\A\{44886331-5d3f-8c09-1f06-60059a27ac16}\Root\InventoryApplicationFile\dekont_20240423_|2c79dc46326379e7
|
ProductVersion
|
||
|
\REGISTRY\A\{44886331-5d3f-8c09-1f06-60059a27ac16}\Root\InventoryApplicationFile\dekont_20240423_|2c79dc46326379e7
|
LinkDate
|
||
|
\REGISTRY\A\{44886331-5d3f-8c09-1f06-60059a27ac16}\Root\InventoryApplicationFile\dekont_20240423_|2c79dc46326379e7
|
BinProductVersion
|
||
|
\REGISTRY\A\{44886331-5d3f-8c09-1f06-60059a27ac16}\Root\InventoryApplicationFile\dekont_20240423_|2c79dc46326379e7
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{44886331-5d3f-8c09-1f06-60059a27ac16}\Root\InventoryApplicationFile\dekont_20240423_|2c79dc46326379e7
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{44886331-5d3f-8c09-1f06-60059a27ac16}\Root\InventoryApplicationFile\dekont_20240423_|2c79dc46326379e7
|
Size
|
||
|
\REGISTRY\A\{44886331-5d3f-8c09-1f06-60059a27ac16}\Root\InventoryApplicationFile\dekont_20240423_|2c79dc46326379e7
|
Language
|
||
|
\REGISTRY\A\{44886331-5d3f-8c09-1f06-60059a27ac16}\Root\InventoryApplicationFile\dekont_20240423_|2c79dc46326379e7
|
Usn
|
There are 9 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1EA20347000
|
trusted library allocation
|
page read and write
|
|
|
|
32CE000
|
trusted library allocation
|
page read and write
|
|
|
|
32D6000
|
trusted library allocation
|
page read and write
|
|
|
|
3281000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
1EA107E3000
|
trusted library allocation
|
page read and write
|
|
|
|
1EA0EB80000
|
heap
|
page read and write
|
||
|
1560000
|
trusted library allocation
|
page read and write
|
||
|
7FFB1E851000
|
unkown
|
page execute read
|
||
|
1EA0E7B0000
|
heap
|
page read and write
|
||
|
32F5000
|
trusted library allocation
|
page read and write
|
||
|
15F7000
|
heap
|
page read and write
|
||
|
32EF000
|
trusted library allocation
|
page read and write
|
||
|
1EA0E760000
|
trusted library allocation
|
page read and write
|
||
|
1EA10441000
|
trusted library allocation
|
page read and write
|
||
|
1EA28AA0000
|
heap
|
page read and write
|
||
|
1615000
|
heap
|
page read and write
|
||
|
14B0000
|
heap
|
page read and write
|
||
|
7FFAACBC0000
|
trusted library allocation
|
page read and write
|
||
|
CC852FE000
|
stack
|
page read and write
|
||
|
FC0000
|
heap
|
page read and write
|
||
|
7FFAACBCD000
|
trusted library allocation
|
page execute and read and write
|
||
|
15AB000
|
heap
|
page read and write
|
||
|
318F000
|
stack
|
page read and write
|
||
|
6DE0000
|
heap
|
page read and write
|
||
|
1500000
|
heap
|
page read and write
|
||
|
1EA0E502000
|
unkown
|
page readonly
|
||
|
177E000
|
stack
|
page read and write
|
||
|
7FFB1E870000
|
unkown
|
page read and write
|
||
|
704BD000
|
unkown
|
page read and write
|
||
|
1EA0E6F0000
|
heap
|
page read and write
|
||
|
1470000
|
trusted library allocation
|
page read and write
|
||
|
CC854FE000
|
stack
|
page read and write
|
||
|
1EA0E8C0000
|
heap
|
page execute and read and write
|
||
|
5850000
|
heap
|
page execute and read and write
|
||
|
7FFB1E872000
|
unkown
|
page readonly
|
||
|
5890000
|
heap
|
page read and write
|
||
|
1490000
|
trusted library allocation
|
page read and write
|
||
|
12F9000
|
stack
|
page read and write
|
||
|
323E000
|
trusted library allocation
|
page read and write
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
15D9000
|
heap
|
page read and write
|
||
|
1631000
|
heap
|
page read and write
|
||
|
1EA0E6D0000
|
heap
|
page read and write
|
||
|
7FFB1E875000
|
unkown
|
page readonly
|
||
|
32F3000
|
trusted library allocation
|
page read and write
|
||
|
5878000
|
trusted library allocation
|
page read and write
|
||
|
4281000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACCC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
CC853FC000
|
stack
|
page read and write
|
||
|
5DE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
14A5000
|
trusted library allocation
|
page execute and read and write
|
||
|
14D0000
|
trusted library allocation
|
page read and write
|
||
|
CC84FFF000
|
stack
|
page read and write
|
||
|
6DF0000
|
trusted library allocation
|
page read and write
|
||
|
323B000
|
trusted library allocation
|
page read and write
|
||
|
704B6000
|
unkown
|
page readonly
|
||
|
CC856FF000
|
stack
|
page read and write
|
||
|
7FFB1E866000
|
unkown
|
page readonly
|
||
|
1EA10330000
|
heap
|
page execute and read and write
|
||
|
15B7000
|
heap
|
page read and write
|
||
|
67CE000
|
stack
|
page read and write
|
||
|
CC850FE000
|
stack
|
page read and write
|
||
|
14A2000
|
trusted library allocation
|
page read and write
|
||
|
698E000
|
stack
|
page read and write
|
||
|
4289000
|
trusted library allocation
|
page read and write
|
||
|
3270000
|
heap
|
page execute and read and write
|
||
|
5E4B000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACC50000
|
trusted library allocation
|
page read and write
|
||
|
665D000
|
heap
|
page read and write
|
||
|
7FFAACD90000
|
trusted library allocation
|
page read and write
|
||
|
1580000
|
heap
|
page read and write
|
||
|
F2A000
|
stack
|
page read and write
|
||
|
1EA0E7F0000
|
heap
|
page read and write
|
||
|
32F1000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACBCB000
|
trusted library allocation
|
page execute and read and write
|
||
|
15B9000
|
heap
|
page read and write
|
||
|
57FC000
|
stack
|
page read and write
|
||
|
6E00000
|
heap
|
page read and write
|
||
|
7FFAACBA4000
|
trusted library allocation
|
page read and write
|
||
|
6DCD000
|
stack
|
page read and write
|
||
|
6CCE000
|
stack
|
page read and write
|
||
|
6600000
|
heap
|
page read and write
|
||
|
5DD0000
|
trusted library allocation
|
page read and write
|
||
|
F90000
|
heap
|
page read and write
|
||
|
1EA0E500000
|
unkown
|
page readonly
|
||
|
1EA0E995000
|
heap
|
page read and write
|
||
|
18BC000
|
stack
|
page read and write
|
||
|
5894000
|
heap
|
page read and write
|
||
|
CC859FE000
|
stack
|
page read and write
|
||
|
7FF41F390000
|
trusted library allocation
|
page execute and read and write
|
||
|
3198000
|
trusted library allocation
|
page read and write
|
||
|
144E000
|
stack
|
page read and write
|
||
|
CC855FF000
|
stack
|
page read and write
|
||
|
5E2D000
|
stack
|
page read and write
|
||
|
7FFAACC5C000
|
trusted library allocation
|
page execute and read and write
|
||
|
CC857FD000
|
stack
|
page read and write
|
||
|
140E000
|
stack
|
page read and write
|
||
|
1EA0EB85000
|
heap
|
page read and write
|
||
|
7FFAACD5F000
|
trusted library allocation
|
page read and write
|
||
|
32CC000
|
trusted library allocation
|
page read and write
|
||
|
56C0000
|
heap
|
page read and write
|
||
|
7FFAACBC4000
|
trusted library allocation
|
page read and write
|
||
|
1EA28370000
|
trusted library allocation
|
page read and write
|
||
|
1588000
|
heap
|
page read and write
|
||
|
7FFAACD70000
|
trusted library allocation
|
page read and write
|
||
|
1EA10430000
|
trusted library allocation
|
page read and write
|
||
|
7FFB1E850000
|
unkown
|
page readonly
|
||
|
1EA0E893000
|
heap
|
page read and write
|
||
|
1EA1045A000
|
trusted library allocation
|
page read and write
|
||
|
42E4000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
1550000
|
trusted library allocation
|
page read and write
|
||
|
1EA0E710000
|
heap
|
page read and write
|
||
|
5DD7000
|
trusted library allocation
|
page read and write
|
||
|
704A0000
|
unkown
|
page readonly
|
||
|
7FFAACBB3000
|
trusted library allocation
|
page read and write
|
||
|
6ACE000
|
stack
|
page read and write
|
||
|
1480000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD40000
|
trusted library allocation
|
page read and write
|
||
|
584E000
|
stack
|
page read and write
|
||
|
32E9000
|
trusted library allocation
|
page read and write
|
||
|
CC858FA000
|
stack
|
page read and write
|
||
|
7FFAACC56000
|
trusted library allocation
|
page read and write
|
||
|
1EA10341000
|
trusted library allocation
|
page read and write
|
||
|
154E000
|
stack
|
page read and write
|
||
|
7FFAACD5A000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD80000
|
trusted library allocation
|
page read and write
|
||
|
1EA0E81B000
|
heap
|
page read and write
|
||
|
1EA0E780000
|
trusted library allocation
|
page read and write
|
||
|
67D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
325D000
|
trusted library allocation
|
page read and write
|
||
|
1473000
|
trusted library allocation
|
page execute and read and write
|
||
|
3251000
|
trusted library allocation
|
page read and write
|
||
|
1460000
|
trusted library allocation
|
page read and write
|
||
|
1EA0E7F2000
|
heap
|
page read and write
|
||
|
7FFAACDB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
704A1000
|
unkown
|
page execute read
|
||
|
69CE000
|
stack
|
page read and write
|
||
|
1EA10498000
|
trusted library allocation
|
page read and write
|
||
|
599C000
|
stack
|
page read and write
|
||
|
7FFAACBFC000
|
trusted library allocation
|
page execute and read and write
|
||
|
18E0000
|
heap
|
page read and write
|
||
|
14E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAACD60000
|
trusted library allocation
|
page read and write
|
||
|
1EA0E7DB000
|
heap
|
page read and write
|
||
|
7FFAACD9D000
|
trusted library allocation
|
page read and write
|
||
|
704BF000
|
unkown
|
page readonly
|
||
|
149A000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EA101A3000
|
heap
|
page read and write
|
||
|
CC84EF2000
|
stack
|
page read and write
|
||
|
7FFAACBBD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EA28A00000
|
trusted library section
|
page read and write
|
||
|
1EA104AA000
|
trusted library allocation
|
page read and write
|
||
|
148D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAACD50000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD44000
|
trusted library allocation
|
page read and write
|
||
|
187E000
|
stack
|
page read and write
|
||
|
7FFAACC86000
|
trusted library allocation
|
page execute and read and write
|
||
|
5880000
|
trusted library allocation
|
page read and write
|
||
|
1EA0E790000
|
trusted library allocation
|
page read and write
|
||
|
6E10000
|
trusted library allocation
|
page execute and read and write
|
||
|
14AB000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAACBA0000
|
trusted library allocation
|
page read and write
|
||
|
32E3000
|
trusted library allocation
|
page read and write
|
||
|
1474000
|
trusted library allocation
|
page read and write
|
||
|
5870000
|
trusted library allocation
|
page read and write
|
||
|
3230000
|
trusted library allocation
|
page read and write
|
||
|
1EA0E81D000
|
heap
|
page read and write
|
||
|
7FFAACDA0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACC60000
|
trusted library allocation
|
page execute and read and write
|
||
|
14B5000
|
heap
|
page read and write
|
||
|
1EA0E5F0000
|
heap
|
page read and write
|
||
|
1EA104CE000
|
trusted library allocation
|
page read and write
|
||
|
1EA1046E000
|
trusted library allocation
|
page read and write
|
||
|
1EA0E823000
|
heap
|
page read and write
|
||
|
5A9E000
|
stack
|
page read and write
|
||
|
7FFAACBA3000
|
trusted library allocation
|
page execute and read and write
|
||
|
42A9000
|
trusted library allocation
|
page read and write
|
||
|
588C000
|
trusted library allocation
|
page read and write
|
||
|
1EA10476000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACBA2000
|
trusted library allocation
|
page read and write
|
||
|
1EA10480000
|
trusted library allocation
|
page read and write
|
||
|
1EA0E7BC000
|
heap
|
page read and write
|
||
|
1EA10463000
|
trusted library allocation
|
page read and write
|
||
|
1EA20620000
|
trusted library allocation
|
page read and write
|
||
|
1496000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EA104A1000
|
trusted library allocation
|
page read and write
|
||
|
1EA0E566000
|
unkown
|
page readonly
|
||
|
1EA0E990000
|
heap
|
page read and write
|
||
|
165F000
|
heap
|
page read and write
|
||
|
6B0E000
|
stack
|
page read and write
|
||
|
537D000
|
stack
|
page read and write
|
||
|
1EA10489000
|
trusted library allocation
|
page read and write
|
||
|
6683000
|
heap
|
page read and write
|
||
|
6B4F000
|
stack
|
page read and write
|
||
|
7FFAACBAD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1492000
|
trusted library allocation
|
page read and write
|
||
|
5E30000
|
trusted library allocation
|
page read and write
|
||
|
1EA10449000
|
trusted library allocation
|
page read and write
|
||
|
324E000
|
trusted library allocation
|
page read and write
|
||
|
1EA0E910000
|
heap
|
page read and write
|
||
|
FA0000
|
heap
|
page read and write
|
||
|
5DC6000
|
trusted library allocation
|
page read and write
|
||
|
5E40000
|
trusted library allocation
|
page read and write
|
||
|
15DD000
|
heap
|
page read and write
|
||
|
1EA0E8A8000
|
heap
|
page read and write
|
||
|
14F0000
|
trusted library allocation
|
page read and write
|
||
|
1EA10438000
|
trusted library allocation
|
page read and write
|
||
|
678E000
|
stack
|
page read and write
|
||
|
14A7000
|
trusted library allocation
|
page execute and read and write
|
||
|
14A0000
|
trusted library allocation
|
page read and write
|
||
|
5DC0000
|
trusted library allocation
|
page read and write
|
||
|
3256000
|
trusted library allocation
|
page read and write
|
||
|
1EA0E793000
|
trusted library allocation
|
page read and write
|
||
|
1EA0E891000
|
heap
|
page read and write
|
||
|
7FFAACDC0000
|
trusted library allocation
|
page read and write
|
||
|
147D000
|
trusted library allocation
|
page execute and read and write
|
||
|
CC851FF000
|
stack
|
page read and write
|
||
|
1EA20341000
|
trusted library allocation
|
page read and write
|
||
|
3242000
|
trusted library allocation
|
page read and write
|
||
|
7F650000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EA10452000
|
trusted library allocation
|
page read and write
|
||
|
1570000
|
trusted library allocation
|
page read and write
|
||
|
7060000
|
heap
|
page read and write
|
||
|
1EA104B2000
|
trusted library allocation
|
page read and write
|
There are 216 hidden memdumps, click here to show them.