Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Iu4csQ2rwX.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Google
Chrome - UNREGISTERED - Wrapped using MSI Wrapper from www.exemsi.com 123.0.6312.122, Subject: Google Chrome - UNREGISTERED
- Wrapped using MSI Wrapper from www.exemsi.com, Author: Google LLC, Keywords: Installer, Template: x64;1033, Revision Number:
{13CFB811-92D4-4E78-880A-3A795941D09C}, Create Time/Date: Thu Jan 11 14:59:38 2024, Last Saved Time/Date: Thu Jan 11 14:59:38
2024, Number of Pages: 200, Number of Words: 12, Name of Creating Application: MSI Wrapper (11.0.53.0), Security: 2
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\MW-bf5b098d-e722-4cb5-9ffe-2c0760c327a0\files.cab
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 1289612 bytes, 1 file, at 0x2c +A "mafiachroom.exe", ID 3549, number
1, 40 datablocks, 0 compression
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\MW-bf5b098d-e722-4cb5-9ffe-2c0760c327a0\files\19846695766e49c9ae2db4b896af4d3a$dpx$.tmp\d6568875baf18047a674d73da59f1fb3.tmp
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\MW-bf5b098d-e722-4cb5-9ffe-2c0760c327a0\files\mafiachroom.exe (copy)
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Installer\6c70ae.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Google
Chrome - UNREGISTERED - Wrapped using MSI Wrapper from www.exemsi.com 123.0.6312.122, Subject: Google Chrome - UNREGISTERED
- Wrapped using MSI Wrapper from www.exemsi.com, Author: Google LLC, Keywords: Installer, Template: x64;1033, Revision Number:
{13CFB811-92D4-4E78-880A-3A795941D09C}, Create Time/Date: Thu Jan 11 14:59:38 2024, Last Saved Time/Date: Thu Jan 11 14:59:38
2024, Number of Pages: 200, Number of Words: 12, Name of Creating Application: MSI Wrapper (11.0.53.0), Security: 2
|
dropped
|
|
|
|
C:\Windows\Installer\MSI7206.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Temp\MW-bf5b098d-e722-4cb5-9ffe-2c0760c327a0\msiwrapper.ini
|
data
|
dropped
|
||
|
C:\Windows\Installer\SourceHash{BE13E8ED-EE1E-41EA-93EE-21B2B781511E}
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Installer\inprogressinstallinfo.ipi
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Logs\DPX\setupact.log
|
CSV text
|
dropped
|
||
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\~DF5089C8F6485DBCAD.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFEEBD6A38A1E19B64.TMP
|
data
|
dropped
|
||
|
\Device\ConDrv
|
ASCII text, with CRLF, CR, LF line terminators
|
dropped
|
There are 4 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\AppData\Local\Temp\MW-bf5b098d-e722-4cb5-9ffe-2c0760c327a0\files\mafiachroom.exe
|
"C:\Users\user\AppData\Local\Temp\MW-bf5b098d-e722-4cb5-9ffe-2c0760c327a0\files\mafiachroom.exe"
|
|
|
|
C:\Windows\System32\msiexec.exe
|
"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\Iu4csQ2rwX.msi"
|
||
|
C:\Windows\System32\msiexec.exe
|
C:\Windows\system32\msiexec.exe /V
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\syswow64\MsiExec.exe -Embedding 49FA398F3E264BE26A418C8408A7EA4A
|
||
|
C:\Windows\SysWOW64\icacls.exe
|
"C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-bf5b098d-e722-4cb5-9ffe-2c0760c327a0\." /SETINTEGRITYLEVEL
(CI)(OI)HIGH
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\expand.exe
|
"C:\Windows\system32\EXPAND.EXE" -R files.cab -F:* files
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
|||
|
twinks234.duckdns.org
|
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
twinks234.duckdns.org
|
unknown
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
127.0.0.1
|
unknown
|
unknown
|
|
|
|
192.168.2.4
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2C61000
|
trusted library allocation
|
page read and write
|
|
|
|
7C2000
|
unkown
|
page readonly
|
|
|
|
51A0000
|
trusted library allocation
|
page read and write
|
||
|
566B000
|
trusted library allocation
|
page read and write
|
||
|
2D98000
|
heap
|
page read and write
|
||
|
2C60000
|
heap
|
page read and write
|
||
|
2C80000
|
heap
|
page read and write
|
||
|
5660000
|
trusted library allocation
|
page read and write
|
||
|
29F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
EDA000
|
heap
|
page read and write
|
||
|
29B0000
|
trusted library allocation
|
page read and write
|
||
|
56D0000
|
trusted library allocation
|
page read and write
|
||
|
E5E000
|
stack
|
page read and write
|
||
|
1380000
|
trusted library allocation
|
page read and write
|
||
|
10C0000
|
heap
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
1370000
|
trusted library allocation
|
page read and write
|
||
|
29C2000
|
trusted library allocation
|
page read and write
|
||
|
3073000
|
heap
|
page read and write
|
||
|
550C000
|
stack
|
page read and write
|
||
|
5823000
|
heap
|
page read and write
|
||
|
309C000
|
heap
|
page read and write
|
||
|
3099000
|
heap
|
page read and write
|
||
|
EE6000
|
heap
|
page read and write
|
||
|
1374000
|
trusted library allocation
|
page read and write
|
||
|
307C000
|
heap
|
page read and write
|
||
|
3057000
|
heap
|
page read and write
|
||
|
7C0000
|
unkown
|
page readonly
|
||
|
5666000
|
trusted library allocation
|
page read and write
|
||
|
1360000
|
trusted library allocation
|
page read and write
|
||
|
CF9000
|
stack
|
page read and write
|
||
|
50A0000
|
heap
|
page read and write
|
||
|
56B7000
|
trusted library allocation
|
page read and write
|
||
|
3099000
|
heap
|
page read and write
|
||
|
568D000
|
trusted library allocation
|
page read and write
|
||
|
3088000
|
heap
|
page read and write
|
||
|
3040000
|
trusted library allocation
|
page read and write
|
||
|
3088000
|
heap
|
page read and write
|
||
|
2F2E000
|
stack
|
page read and write
|
||
|
2E3C000
|
stack
|
page read and write
|
||
|
3073000
|
heap
|
page read and write
|
||
|
5672000
|
trusted library allocation
|
page read and write
|
||
|
11CE000
|
stack
|
page read and write
|
||
|
EB0000
|
heap
|
page read and write
|
||
|
5659000
|
stack
|
page read and write
|
||
|
307A000
|
heap
|
page read and write
|
||
|
EB8000
|
heap
|
page read and write
|
||
|
2C3D000
|
stack
|
page read and write
|
||
|
2A00000
|
trusted library allocation
|
page read and write
|
||
|
3390000
|
heap
|
page read and write
|
||
|
307A000
|
heap
|
page read and write
|
||
|
2D60000
|
heap
|
page read and write
|
||
|
3C61000
|
trusted library allocation
|
page read and write
|
||
|
302F000
|
stack
|
page read and write
|
||
|
56E0000
|
heap
|
page read and write
|
||
|
29B2000
|
trusted library allocation
|
page read and write
|
||
|
2FA0000
|
heap
|
page read and write
|
||
|
3050000
|
heap
|
page read and write
|
||
|
98C000
|
stack
|
page read and write
|
||
|
567A000
|
trusted library allocation
|
page read and write
|
||
|
29C7000
|
trusted library allocation
|
page execute and read and write
|
||
|
51D0000
|
heap
|
page read and write
|
||
|
3080000
|
heap
|
page read and write
|
||
|
3099000
|
heap
|
page read and write
|
||
|
3080000
|
heap
|
page read and write
|
||
|
E90000
|
heap
|
page read and write
|
||
|
5681000
|
trusted library allocation
|
page read and write
|
||
|
2F4E000
|
stack
|
page read and write
|
||
|
3089000
|
heap
|
page read and write
|
||
|
3C89000
|
trusted library allocation
|
page read and write
|
||
|
2F8F000
|
stack
|
page read and write
|
||
|
3089000
|
heap
|
page read and write
|
||
|
1373000
|
trusted library allocation
|
page execute and read and write
|
||
|
29E0000
|
trusted library allocation
|
page read and write
|
||
|
2F6F000
|
stack
|
page read and write
|
||
|
2EE0000
|
heap
|
page read and write
|
||
|
2ECE000
|
stack
|
page read and write
|
||
|
5810000
|
trusted library allocation
|
page execute and read and write
|
||
|
29CD000
|
stack
|
page read and write
|
||
|
E60000
|
heap
|
page read and write
|
||
|
5820000
|
heap
|
page read and write
|
||
|
51C0000
|
heap
|
page execute and read and write
|
||
|
2B50000
|
heap
|
page read and write
|
||
|
2D70000
|
heap
|
page read and write
|
||
|
3CCA000
|
trusted library allocation
|
page read and write
|
||
|
307A000
|
heap
|
page read and write
|
||
|
307A000
|
heap
|
page read and write
|
||
|
554A000
|
stack
|
page read and write
|
||
|
2C5E000
|
stack
|
page read and write
|
||
|
29C0000
|
trusted library allocation
|
page read and write
|
||
|
3073000
|
heap
|
page read and write
|
||
|
2FEE000
|
stack
|
page read and write
|
||
|
309B000
|
heap
|
page read and write
|
||
|
5550000
|
trusted library allocation
|
page read and write
|
||
|
540E000
|
stack
|
page read and write
|
||
|
2DA8000
|
heap
|
page read and write
|
||
|
2E7C000
|
stack
|
page read and write
|
||
|
2A10000
|
heap
|
page execute and read and write
|
||
|
2D90000
|
heap
|
page read and write
|
||
|
567E000
|
trusted library allocation
|
page read and write
|
||
|
E1E000
|
stack
|
page read and write
|
||
|
1390000
|
heap
|
page read and write
|
||
|
3080000
|
heap
|
page read and write
|
||
|
29BA000
|
trusted library allocation
|
page execute and read and write
|
||
|
566E000
|
trusted library allocation
|
page read and write
|
||
|
57E0000
|
trusted library allocation
|
page read and write
|
||
|
9E5000
|
heap
|
page read and write
|
||
|
4D5E000
|
stack
|
page read and write
|
||
|
308B000
|
heap
|
page read and write
|
||
|
2F0F000
|
stack
|
page read and write
|
||
|
29B6000
|
trusted library allocation
|
page execute and read and write
|
||
|
3073000
|
heap
|
page read and write
|
||
|
308C000
|
heap
|
page read and write
|
||
|
138D000
|
trusted library allocation
|
page execute and read and write
|
||
|
3088000
|
heap
|
page read and write
|
||
|
2B3D000
|
stack
|
page read and write
|
||
|
2F70000
|
heap
|
page read and write
|
||
|
56B0000
|
trusted library allocation
|
page read and write
|
||
|
29CB000
|
trusted library allocation
|
page execute and read and write
|
||
|
10AE000
|
stack
|
page read and write
|
||
|
5686000
|
trusted library allocation
|
page read and write
|
||
|
3088000
|
heap
|
page read and write
|
||
|
5830000
|
heap
|
page read and write
|
||
|
5246000
|
heap
|
page read and write
|
||
|
2A5E000
|
stack
|
page read and write
|
||
|
59E0000
|
heap
|
page read and write
|
||
|
56C0000
|
trusted library allocation
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
2A68000
|
trusted library allocation
|
page read and write
|
||
|
EE8000
|
heap
|
page read and write
|
||
|
3080000
|
heap
|
page read and write
|
||
|
56A0000
|
trusted library allocation
|
page read and write
|
||
|
2DA0000
|
heap
|
page read and write
|
||
|
3080000
|
heap
|
page read and write
|
||
|
137D000
|
trusted library allocation
|
page execute and read and write
|
||
|
3099000
|
heap
|
page read and write
|
There are 126 hidden memdumps, click here to show them.