Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
coArchi_0.9.2.jar
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
initial sample
|
||
|
C:\cmdlinestart.log
|
ASCII text, with CRLF line terminators
|
modified
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Java\jre-1.8\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar"
-jar "C:\Users\user\Desktop\coArchi_0.9.2.jar"" >> C:\cmdlinestart.log 2>&1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Program Files (x86)\Java\jre-1.8\bin\java.exe
|
"C:\Program Files (x86)\Java\jre-1.8\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\coArchi_0.9.2.jar"
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
C5E000
|
stack
|
page read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
7FE000
|
stack
|
page read and write
|
||
|
7BE000
|
stack
|
page read and write
|
||
|
64C000
|
stack
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
CAF000
|
stack
|
page read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
B10000
|
heap
|
page read and write
|
||
|
6DC000
|
stack
|
page read and write
|
||
|
D30000
|
heap
|
page read and write
|
||
|
B1B000
|
heap
|
page read and write
|
There are 2 hidden memdumps, click here to show them.