Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
xm393ns4.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\Desktop\4uof-MjWrlY2P.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
|
\Device\Null
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\systeminfo.exe
|
systeminfo /fo csv
|
|
|
|
C:\Users\user\Desktop\xm393ns4.exe
|
"C:\Users\user\Desktop\xm393ns4.exe"
|
||
|
C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
|
C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c "del C:\Users\user\Desktop\xm393ns4.exe"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://Z4uofnIZILkJsb.q91.latZ4uofnIZILkJsb.q91.lat:80REQUEST_METHODtcpZ4uofnIZILkJsb.q91.latiphlpap
|
unknown
|
||
|
http://Z4uofnIZILkJsb.q91.lat/
|
139.59.65.89
|
||
|
http://historycmd.exefloat32float64UpgradeReferer
|
unknown
|
||
|
https://forms.office.com/r/i1h9pFXbKA
|
unknown
|
||
|
http://Z4uofnIZILkJsb.q91.lat
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
Z4uofnIZILkJsb.q91.lat
|
139.59.65.89
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
139.59.65.89
|
Z4uofnIZILkJsb.q91.lat
|
Singapore
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\159\52C64B7E
|
@%SystemRoot%\system32\mlang.dll,-4386
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
AE44000
|
direct allocation
|
page read and write
|
||
|
AE04000
|
direct allocation
|
page read and write
|
||
|
AE2C000
|
direct allocation
|
page read and write
|
||
|
893000
|
unkown
|
page read and write
|
||
|
AE2C000
|
direct allocation
|
page read and write
|
||
|
AE4C000
|
direct allocation
|
page read and write
|
||
|
AC44000
|
direct allocation
|
page read and write
|
||
|
2B51F000
|
stack
|
page read and write
|
||
|
AC00000
|
direct allocation
|
page read and write
|
||
|
AC0A000
|
direct allocation
|
page read and write
|
||
|
AC86000
|
direct allocation
|
page read and write
|
||
|
AD94000
|
direct allocation
|
page read and write
|
||
|
226F000
|
stack
|
page read and write
|
||
|
AD10000
|
direct allocation
|
page read and write
|
||
|
3AF000
|
stack
|
page read and write
|
||
|
AC10000
|
direct allocation
|
page read and write
|
||
|
AE1C000
|
direct allocation
|
page read and write
|
||
|
AE0000
|
heap
|
page read and write
|
||
|
AC74000
|
direct allocation
|
page read and write
|
||
|
51F000
|
stack
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
896000
|
unkown
|
page read and write
|
||
|
2B9CF000
|
stack
|
page read and write
|
||
|
AC40000
|
direct allocation
|
page read and write
|
||
|
AE16000
|
direct allocation
|
page read and write
|
||
|
AE2E000
|
direct allocation
|
page read and write
|
||
|
ACB6000
|
direct allocation
|
page read and write
|
||
|
AE24000
|
direct allocation
|
page read and write
|
||
|
AE08000
|
direct allocation
|
page read and write
|
||
|
553000
|
heap
|
page read and write
|
||
|
26C000
|
stack
|
page read and write
|
||
|
23C0000
|
direct allocation
|
page read and write
|
||
|
8FF000
|
unkown
|
page readonly
|
||
|
1EAE000
|
stack
|
page read and write
|
||
|
18D000
|
stack
|
page read and write
|
||
|
AD90000
|
direct allocation
|
page read and write
|
||
|
2F4000
|
heap
|
page read and write
|
||
|
30B000
|
heap
|
page read and write
|
||
|
ACAA000
|
direct allocation
|
page read and write
|
||
|
AC72000
|
direct allocation
|
page read and write
|
||
|
AD90000
|
direct allocation
|
page read and write
|
||
|
57A000
|
heap
|
page read and write
|
||
|
AC3B000
|
direct allocation
|
page read and write
|
||
|
AC18000
|
direct allocation
|
page read and write
|
||
|
8C4000
|
unkown
|
page read and write
|
||
|
234D000
|
stack
|
page read and write
|
||
|
2B601000
|
heap
|
page read and write
|
||
|
ACF000
|
stack
|
page read and write
|
||
|
AE58000
|
direct allocation
|
page read and write
|
||
|
8F4000
|
unkown
|
page read and write
|
||
|
AC98000
|
direct allocation
|
page read and write
|
||
|
AC9A000
|
direct allocation
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
AE68000
|
direct allocation
|
page read and write
|
||
|
AC66000
|
direct allocation
|
page read and write
|
||
|
568000
|
heap
|
page read and write
|
||
|
AC2E000
|
direct allocation
|
page read and write
|
||
|
AE2E000
|
direct allocation
|
page read and write
|
||
|
676000
|
unkown
|
page readonly
|
||
|
AE28000
|
direct allocation
|
page read and write
|
||
|
2270000
|
heap
|
page read and write
|
||
|
280000
|
direct allocation
|
page read and write
|
||
|
316000
|
heap
|
page read and write
|
||
|
AC7A000
|
direct allocation
|
page read and write
|
||
|
AC37000
|
direct allocation
|
page read and write
|
||
|
AB80000
|
direct allocation
|
page read and write
|
||
|
AC8A000
|
direct allocation
|
page read and write
|
||
|
AC56000
|
direct allocation
|
page read and write
|
||
|
AC48000
|
direct allocation
|
page read and write
|
||
|
AB3F000
|
stack
|
page read and write
|
||
|
30B000
|
heap
|
page read and write
|
||
|
21F000
|
stack
|
page read and write
|
||
|
1DFF000
|
stack
|
page read and write
|
||
|
AD94000
|
direct allocation
|
page read and write
|
||
|
AD02000
|
direct allocation
|
page read and write
|
||
|
23E0000
|
direct allocation
|
page read and write
|
||
|
AE26000
|
direct allocation
|
page read and write
|
||
|
AE26000
|
direct allocation
|
page read and write
|
||
|
1F0000
|
direct allocation
|
page read and write
|
||
|
AE28000
|
direct allocation
|
page read and write
|
||
|
AE20000
|
direct allocation
|
page read and write
|
||
|
893000
|
unkown
|
page write copy
|
||
|
AE1E000
|
direct allocation
|
page read and write
|
||
|
ACBB000
|
direct allocation
|
page read and write
|
||
|
2B3CE000
|
stack
|
page read and write
|
||
|
2445000
|
direct allocation
|
page read and write
|
||
|
AC93000
|
direct allocation
|
page read and write
|
||
|
AE4C000
|
direct allocation
|
page read and write
|
||
|
527000
|
heap
|
page read and write
|
||
|
AC0C000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2C0000
|
direct allocation
|
page read and write
|
||
|
31F000
|
heap
|
page read and write
|
||
|
224D000
|
stack
|
page read and write
|
||
|
AC35000
|
direct allocation
|
page read and write
|
||
|
AC6A000
|
direct allocation
|
page read and write
|
||
|
AC4E000
|
direct allocation
|
page read and write
|
||
|
AC0E000
|
direct allocation
|
page read and write
|
||
|
B880000
|
direct allocation
|
page read and write
|
||
|
AC22000
|
direct allocation
|
page read and write
|
||
|
2B3E0000
|
heap
|
page read and write
|
||
|
AE7000
|
heap
|
page read and write
|
||
|
AC98000
|
direct allocation
|
page read and write
|
||
|
288000
|
direct allocation
|
page read and write
|
||
|
AE24000
|
direct allocation
|
page read and write
|
||
|
200000
|
heap
|
page read and write
|
||
|
AE22000
|
direct allocation
|
page read and write
|
||
|
AE30000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
AC8A000
|
direct allocation
|
page read and write
|
||
|
2D0000
|
heap
|
page read and write
|
||
|
321000
|
heap
|
page read and write
|
||
|
AE10000
|
direct allocation
|
page read and write
|
||
|
AE1E000
|
direct allocation
|
page read and write
|
||
|
30D000
|
heap
|
page read and write
|
||
|
2B2AD000
|
heap
|
page read and write
|
||
|
304000
|
heap
|
page read and write
|
||
|
A7000
|
heap
|
page read and write
|
||
|
2B290000
|
heap
|
page read and write
|
||
|
AE0A000
|
direct allocation
|
page read and write
|
||
|
3E0000
|
heap
|
page read and write
|
||
|
2467000
|
direct allocation
|
page read and write
|
||
|
AC7E000
|
direct allocation
|
page read and write
|
||
|
AE06000
|
direct allocation
|
page read and write
|
||
|
AE5C000
|
direct allocation
|
page read and write
|
||
|
AE66000
|
direct allocation
|
page read and write
|
||
|
AE14000
|
direct allocation
|
page read and write
|
||
|
898000
|
unkown
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
AD00000
|
direct allocation
|
page read and write
|
||
|
10D000
|
stack
|
page read and write
|
||
|
2B5DE000
|
stack
|
page read and write
|
||
|
AC8E000
|
direct allocation
|
page read and write
|
||
|
AC26000
|
direct allocation
|
page read and write
|
||
|
AD1F000
|
direct allocation
|
page read and write
|
||
|
AE2A000
|
direct allocation
|
page read and write
|
||
|
AD80000
|
direct allocation
|
page read and write
|
||
|
AC52000
|
direct allocation
|
page read and write
|
||
|
AE02000
|
direct allocation
|
page read and write
|
||
|
AC20000
|
direct allocation
|
page read and write
|
||
|
1DBE000
|
stack
|
page read and write
|
||
|
AC64000
|
direct allocation
|
page read and write
|
||
|
2B72F000
|
stack
|
page read and write
|
||
|
AC42000
|
direct allocation
|
page read and write
|
||
|
23D1000
|
direct allocation
|
page read and write
|
||
|
304000
|
heap
|
page read and write
|
||
|
AC08000
|
direct allocation
|
page read and write
|
||
|
AE5C000
|
direct allocation
|
page read and write
|
||
|
AC12000
|
direct allocation
|
page read and write
|
||
|
2AFD0000
|
direct allocation
|
page read and write
|
||
|
318000
|
heap
|
page read and write
|
||
|
895000
|
unkown
|
page write copy
|
||
|
31D000
|
heap
|
page read and write
|
||
|
AE06000
|
direct allocation
|
page read and write
|
||
|
AD04000
|
direct allocation
|
page read and write
|
||
|
303000
|
heap
|
page read and write
|
||
|
AE08000
|
direct allocation
|
page read and write
|
||
|
AC46000
|
direct allocation
|
page read and write
|
||
|
320000
|
heap
|
page read and write
|
||
|
AC5E000
|
direct allocation
|
page read and write
|
||
|
2B18F000
|
stack
|
page read and write
|
||
|
AC1E000
|
direct allocation
|
page read and write
|
||
|
AC9A000
|
direct allocation
|
page read and write
|
||
|
AE12000
|
direct allocation
|
page read and write
|
||
|
2B88F000
|
stack
|
page read and write
|
||
|
ACAD000
|
direct allocation
|
page read and write
|
||
|
AD0A000
|
direct allocation
|
page read and write
|
||
|
AA3D000
|
stack
|
page read and write
|
||
|
ACA0000
|
direct allocation
|
page read and write
|
||
|
1F20000
|
heap
|
page read and write
|
||
|
AE00000
|
direct allocation
|
page read and write
|
||
|
AE1A000
|
direct allocation
|
page read and write
|
||
|
AE62000
|
direct allocation
|
page read and write
|
||
|
300000
|
heap
|
page read and write
|
||
|
AC78000
|
direct allocation
|
page read and write
|
||
|
520000
|
heap
|
page read and write
|
||
|
AE32000
|
direct allocation
|
page read and write
|
||
|
2B14F000
|
stack
|
page read and write
|
||
|
AC30000
|
direct allocation
|
page read and write
|
||
|
8D9000
|
unkown
|
page read and write
|
||
|
30F000
|
heap
|
page read and write
|
||
|
AB7E000
|
stack
|
page read and write
|
||
|
568000
|
heap
|
page read and write
|
||
|
2380000
|
heap
|
page read and write
|
||
|
AE58000
|
direct allocation
|
page read and write
|
||
|
31A000
|
heap
|
page read and write
|
||
|
2B750000
|
heap
|
page read and write
|
||
|
2B5F0000
|
heap
|
page read and write
|
||
|
AE30000
|
direct allocation
|
page read and write
|
||
|
AD16000
|
direct allocation
|
page read and write
|
||
|
2402000
|
direct allocation
|
page read and write
|
||
|
2B04D000
|
stack
|
page read and write
|
||
|
AE04000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2B28F000
|
stack
|
page read and write
|
||
|
8C000
|
stack
|
page read and write
|
||
|
31A000
|
heap
|
page read and write
|
||
|
AE16000
|
direct allocation
|
page read and write
|
||
|
2424000
|
direct allocation
|
page read and write
|
||
|
676000
|
unkown
|
page readonly
|
||
|
9CE000
|
stack
|
page read and write
|
||
|
ACB0000
|
direct allocation
|
page read and write
|
||
|
AD8E000
|
direct allocation
|
page read and write
|
||
|
8CB000
|
unkown
|
page write copy
|
||
|
AC1C000
|
direct allocation
|
page read and write
|
||
|
AC8E000
|
direct allocation
|
page read and write
|
||
|
AC6E000
|
direct allocation
|
page read and write
|
||
|
2D7000
|
heap
|
page read and write
|
||
|
AC02000
|
direct allocation
|
page read and write
|
||
|
AE68000
|
direct allocation
|
page read and write
|
||
|
2ACFF000
|
stack
|
page read and write
|
||
|
321000
|
heap
|
page read and write
|
||
|
ACAD000
|
direct allocation
|
page read and write
|
||
|
8CC000
|
unkown
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
899000
|
unkown
|
page write copy
|
||
|
AE80000
|
direct allocation
|
page read and write
|
||
|
AE6A000
|
direct allocation
|
page read and write
|
||
|
309000
|
heap
|
page read and write
|
||
|
AC2A000
|
direct allocation
|
page read and write
|
||
|
AC28000
|
direct allocation
|
page read and write
|
||
|
2350000
|
direct allocation
|
page read and write
|
||
|
AC7C000
|
direct allocation
|
page read and write
|
||
|
AC70000
|
direct allocation
|
page read and write
|
||
|
2B59E000
|
stack
|
page read and write
|
||
|
AC4A000
|
direct allocation
|
page read and write
|
||
|
AE0E000
|
direct allocation
|
page read and write
|
||
|
317000
|
heap
|
page read and write
|
||
|
8FE000
|
unkown
|
page write copy
|
||
|
AC84000
|
direct allocation
|
page read and write
|
||
|
AE44000
|
direct allocation
|
page read and write
|
||
|
304000
|
heap
|
page read and write
|
||
|
AC5C000
|
direct allocation
|
page read and write
|
||
|
AE0A000
|
direct allocation
|
page read and write
|
||
|
8FE000
|
unkown
|
page write copy
|
||
|
AC5A000
|
direct allocation
|
page read and write
|
||
|
544000
|
heap
|
page read and write
|
||
|
AE2A000
|
direct allocation
|
page read and write
|
||
|
A0000
|
heap
|
page read and write
|
||
|
AC93000
|
direct allocation
|
page read and write
|
||
|
AE12000
|
direct allocation
|
page read and write
|
||
|
8FF000
|
unkown
|
page readonly
|
||
|
303000
|
heap
|
page read and write
|
||
|
8D4000
|
unkown
|
page read and write
|
||
|
2B8CE000
|
stack
|
page read and write
|
||
|
301000
|
heap
|
page read and write
|
||
|
AC14000
|
direct allocation
|
page read and write
|
||
|
897000
|
unkown
|
page write copy
|
||
|
228D000
|
heap
|
page read and write
|
||
|
31D000
|
heap
|
page read and write
|
||
|
AC04000
|
direct allocation
|
page read and write
|
||
|
4DE000
|
stack
|
page read and write
|
||
|
AE32000
|
direct allocation
|
page read and write
|
||
|
AC1A000
|
direct allocation
|
page read and write
|
||
|
AC88000
|
direct allocation
|
page read and write
|
||
|
8FB000
|
unkown
|
page read and write
|
||
|
302000
|
heap
|
page read and write
|
||
|
AC16000
|
direct allocation
|
page read and write
|
||
|
30C000
|
heap
|
page read and write
|
||
|
2B520000
|
direct allocation
|
page read and write
|
||
|
300000
|
heap
|
page read and write
|
||
|
ACAA000
|
direct allocation
|
page read and write
|
||
|
320000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
553000
|
heap
|
page read and write
|
||
|
315000
|
heap
|
page read and write
|
There are 256 hidden memdumps, click here to show them.