Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SWIFT.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SWIFT.exe_6ba9e42d76a4b86721d9da572c2972bbfa16e19_f16bf124_9885bf37-19c4-43a3-a861-79abd96e7ef6\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2531.tmp.dmp
|
Mini DuMP crash report, 15 streams, Fri Apr 26 05:43:55 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2736.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2766.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SWIFT.exe.log
|
ASCII text, with CRLF line terminators
|
modified
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\SWIFT.exe
|
"C:\Users\user\Desktop\SWIFT.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 1424
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://mail.quoctoan.vn
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
http://mail92152.maychuemail.com
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
http://www.magicspam.com
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
mail92152.maychuemail.com
|
112.213.92.152
|
|
|
|
mail.quoctoan.vn
|
unknown
|
|
|
|
fp2e7a.wpc.phicdn.net
|
192.229.211.108
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
112.213.92.152
|
mail92152.maychuemail.com
|
Viet Nam
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{2e541965-9c2d-793d-7adf-393c80e44a02}\Root\InventoryApplicationFile\swift.exe|c33a59c2f12bc04b
|
ProgramId
|
||
|
\REGISTRY\A\{2e541965-9c2d-793d-7adf-393c80e44a02}\Root\InventoryApplicationFile\swift.exe|c33a59c2f12bc04b
|
FileId
|
||
|
\REGISTRY\A\{2e541965-9c2d-793d-7adf-393c80e44a02}\Root\InventoryApplicationFile\swift.exe|c33a59c2f12bc04b
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{2e541965-9c2d-793d-7adf-393c80e44a02}\Root\InventoryApplicationFile\swift.exe|c33a59c2f12bc04b
|
LongPathHash
|
||
|
\REGISTRY\A\{2e541965-9c2d-793d-7adf-393c80e44a02}\Root\InventoryApplicationFile\swift.exe|c33a59c2f12bc04b
|
Name
|
||
|
\REGISTRY\A\{2e541965-9c2d-793d-7adf-393c80e44a02}\Root\InventoryApplicationFile\swift.exe|c33a59c2f12bc04b
|
OriginalFileName
|
||
|
\REGISTRY\A\{2e541965-9c2d-793d-7adf-393c80e44a02}\Root\InventoryApplicationFile\swift.exe|c33a59c2f12bc04b
|
Publisher
|
||
|
\REGISTRY\A\{2e541965-9c2d-793d-7adf-393c80e44a02}\Root\InventoryApplicationFile\swift.exe|c33a59c2f12bc04b
|
Version
|
||
|
\REGISTRY\A\{2e541965-9c2d-793d-7adf-393c80e44a02}\Root\InventoryApplicationFile\swift.exe|c33a59c2f12bc04b
|
BinFileVersion
|
||
|
\REGISTRY\A\{2e541965-9c2d-793d-7adf-393c80e44a02}\Root\InventoryApplicationFile\swift.exe|c33a59c2f12bc04b
|
BinaryType
|
||
|
\REGISTRY\A\{2e541965-9c2d-793d-7adf-393c80e44a02}\Root\InventoryApplicationFile\swift.exe|c33a59c2f12bc04b
|
ProductName
|
||
|
\REGISTRY\A\{2e541965-9c2d-793d-7adf-393c80e44a02}\Root\InventoryApplicationFile\swift.exe|c33a59c2f12bc04b
|
ProductVersion
|
||
|
\REGISTRY\A\{2e541965-9c2d-793d-7adf-393c80e44a02}\Root\InventoryApplicationFile\swift.exe|c33a59c2f12bc04b
|
LinkDate
|
||
|
\REGISTRY\A\{2e541965-9c2d-793d-7adf-393c80e44a02}\Root\InventoryApplicationFile\swift.exe|c33a59c2f12bc04b
|
BinProductVersion
|
||
|
\REGISTRY\A\{2e541965-9c2d-793d-7adf-393c80e44a02}\Root\InventoryApplicationFile\swift.exe|c33a59c2f12bc04b
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{2e541965-9c2d-793d-7adf-393c80e44a02}\Root\InventoryApplicationFile\swift.exe|c33a59c2f12bc04b
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{2e541965-9c2d-793d-7adf-393c80e44a02}\Root\InventoryApplicationFile\swift.exe|c33a59c2f12bc04b
|
Size
|
||
|
\REGISTRY\A\{2e541965-9c2d-793d-7adf-393c80e44a02}\Root\InventoryApplicationFile\swift.exe|c33a59c2f12bc04b
|
Language
|
||
|
\REGISTRY\A\{2e541965-9c2d-793d-7adf-393c80e44a02}\Root\InventoryApplicationFile\swift.exe|c33a59c2f12bc04b
|
Usn
|
There are 9 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2EF1000
|
trusted library allocation
|
page read and write
|
|
|
|
3869000
|
trusted library allocation
|
page read and write
|
|
|
|
45B7000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
2F3F000
|
trusted library allocation
|
page read and write
|
|
|
|
5340000
|
trusted library section
|
page read and write
|
|
|
|
5BA8000
|
trusted library allocation
|
page read and write
|
||
|
DB0000
|
trusted library allocation
|
page read and write
|
||
|
52CE000
|
stack
|
page read and write
|
||
|
5375000
|
heap
|
page read and write
|
||
|
10A0000
|
heap
|
page read and write
|
||
|
547B000
|
trusted library allocation
|
page read and write
|
||
|
5320000
|
trusted library allocation
|
page execute and read and write
|
||
|
514E000
|
stack
|
page read and write
|
||
|
561C000
|
stack
|
page read and write
|
||
|
73C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
A40000
|
heap
|
page read and write
|
||
|
61A6000
|
heap
|
page read and write
|
||
|
DD3000
|
trusted library allocation
|
page read and write
|
||
|
796E000
|
heap
|
page read and write
|
||
|
64E0000
|
trusted library allocation
|
page read and write
|
||
|
649F000
|
stack
|
page read and write
|
||
|
2F57000
|
trusted library allocation
|
page read and write
|
||
|
4576000
|
trusted library allocation
|
page read and write
|
||
|
5150000
|
heap
|
page read and write
|
||
|
549D000
|
trusted library allocation
|
page read and write
|
||
|
64DE000
|
stack
|
page read and write
|
||
|
4DC1000
|
trusted library allocation
|
page read and write
|
||
|
4A39000
|
stack
|
page read and write
|
||
|
FAE000
|
stack
|
page read and write
|
||
|
57CE000
|
stack
|
page read and write
|
||
|
10E8000
|
heap
|
page read and write
|
||
|
578F000
|
stack
|
page read and write
|
||
|
10E5000
|
heap
|
page read and write
|
||
|
70D0000
|
trusted library section
|
page read and write
|
||
|
5A0E000
|
stack
|
page read and write
|
||
|
600000
|
unkown
|
page readonly
|
||
|
7942000
|
heap
|
page read and write
|
||
|
AEAA000
|
trusted library allocation
|
page read and write
|
||
|
B95000
|
heap
|
page read and write
|
||
|
548A000
|
trusted library allocation
|
page read and write
|
||
|
5460000
|
trusted library allocation
|
page read and write
|
||
|
4E00000
|
trusted library allocation
|
page read and write
|
||
|
493B000
|
stack
|
page read and write
|
||
|
4D80000
|
trusted library allocation
|
page execute and read and write
|
||
|
FB8000
|
heap
|
page read and write
|
||
|
551C000
|
stack
|
page read and write
|
||
|
4DF0000
|
trusted library allocation
|
page read and write
|
||
|
A7F000
|
heap
|
page read and write
|
||
|
547E000
|
trusted library allocation
|
page read and write
|
||
|
550000
|
unkown
|
page readonly
|
||
|
2C70000
|
trusted library allocation
|
page read and write
|
||
|
E5A000
|
stack
|
page read and write
|
||
|
2C82000
|
trusted library allocation
|
page read and write
|
||
|
5BE0000
|
trusted library allocation
|
page read and write
|
||
|
2C6D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5330000
|
heap
|
page read and write
|
||
|
FB0000
|
heap
|
page read and write
|
||
|
DC3000
|
trusted library allocation
|
page execute and read and write
|
||
|
6400000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C60000
|
trusted library allocation
|
page read and write
|
||
|
DE6000
|
trusted library allocation
|
page execute and read and write
|
||
|
115E000
|
heap
|
page read and write
|
||
|
13A3000
|
trusted library allocation
|
page execute and read and write
|
||
|
64F0000
|
trusted library allocation
|
page read and write
|
||
|
568E000
|
stack
|
page read and write
|
||
|
7908000
|
heap
|
page read and write
|
||
|
10B0000
|
heap
|
page read and write
|
||
|
63FD000
|
stack
|
page read and write
|
||
|
5630000
|
heap
|
page execute and read and write
|
||
|
B00000
|
heap
|
page read and write
|
||
|
510B000
|
stack
|
page read and write
|
||
|
13B0000
|
heap
|
page read and write
|
||
|
2CA0000
|
trusted library allocation
|
page read and write
|
||
|
4257000
|
trusted library allocation
|
page read and write
|
||
|
6E20000
|
heap
|
page read and write
|
||
|
411E000
|
trusted library allocation
|
page read and write
|
||
|
4F20000
|
heap
|
page read and write
|
||
|
40D0000
|
trusted library allocation
|
page read and write
|
||
|
4F10000
|
trusted library section
|
page readonly
|
||
|
6E2E000
|
heap
|
page read and write
|
||
|
F02000
|
trusted library allocation
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
58CF000
|
stack
|
page read and write
|
||
|
1188000
|
heap
|
page read and write
|
||
|
B290000
|
trusted library allocation
|
page read and write
|
||
|
705E000
|
stack
|
page read and write
|
||
|
F07000
|
trusted library allocation
|
page execute and read and write
|
||
|
B05000
|
heap
|
page read and write
|
||
|
FB0000
|
heap
|
page read and write
|
||
|
741D000
|
stack
|
page read and write
|
||
|
4DBE000
|
trusted library allocation
|
page read and write
|
||
|
3861000
|
trusted library allocation
|
page read and write
|
||
|
5470000
|
trusted library allocation
|
page read and write
|
||
|
5370000
|
heap
|
page read and write
|
||
|
5433000
|
heap
|
page read and write
|
||
|
4DCD000
|
trusted library allocation
|
page read and write
|
||
|
2C7A000
|
trusted library allocation
|
page execute and read and write
|
||
|
E48E000
|
stack
|
page read and write
|
||
|
4DA0000
|
trusted library allocation
|
page read and write
|
||
|
A75000
|
heap
|
page read and write
|
||
|
4DC6000
|
trusted library allocation
|
page read and write
|
||
|
DC4000
|
trusted library allocation
|
page read and write
|
||
|
2AE7000
|
trusted library allocation
|
page read and write
|
||
|
4EC9000
|
trusted library allocation
|
page read and write
|
||
|
F59000
|
stack
|
page read and write
|
||
|
13A0000
|
trusted library allocation
|
page read and write
|
||
|
4D90000
|
trusted library allocation
|
page read and write
|
||
|
5310000
|
trusted library allocation
|
page read and write
|
||
|
5BD0000
|
trusted library allocation
|
page read and write
|
||
|
530E000
|
stack
|
page read and write
|
||
|
E94E000
|
stack
|
page read and write
|
||
|
FC5000
|
heap
|
page read and write
|
||
|
5170000
|
trusted library allocation
|
page execute and read and write
|
||
|
FF780000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E80000
|
heap
|
page read and write
|
||
|
4ED0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2AD6000
|
trusted library allocation
|
page read and write
|
||
|
1136000
|
heap
|
page read and write
|
||
|
3EF1000
|
trusted library allocation
|
page read and write
|
||
|
4E30000
|
trusted library allocation
|
page read and write
|
||
|
2D92000
|
trusted library allocation
|
page read and write
|
||
|
13AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C87000
|
trusted library allocation
|
page execute and read and write
|
||
|
B390000
|
trusted library section
|
page read and write
|
||
|
5482000
|
trusted library allocation
|
page read and write
|
||
|
A10000
|
heap
|
page read and write
|
||
|
4FED000
|
stack
|
page read and write
|
||
|
6B10000
|
heap
|
page read and write
|
||
|
73D5000
|
trusted library allocation
|
page read and write
|
||
|
63A6000
|
trusted library allocation
|
page read and write
|
||
|
5450000
|
trusted library allocation
|
page read and write
|
||
|
1220000
|
heap
|
page read and write
|
||
|
F50000
|
heap
|
page execute and read and write
|
||
|
4EA0000
|
trusted library allocation
|
page read and write
|
||
|
7071000
|
trusted library allocation
|
page read and write
|
||
|
115A000
|
heap
|
page read and write
|
||
|
547F000
|
stack
|
page read and write
|
||
|
2C8B000
|
trusted library allocation
|
page execute and read and write
|
||
|
5BA0000
|
trusted library allocation
|
page read and write
|
||
|
6B20000
|
trusted library allocation
|
page execute and read and write
|
||
|
73B0000
|
trusted library allocation
|
page read and write
|
||
|
4DE0000
|
trusted library allocation
|
page read and write
|
||
|
2D48000
|
trusted library allocation
|
page read and write
|
||
|
2F47000
|
trusted library allocation
|
page read and write
|
||
|
4F30000
|
heap
|
page read and write
|
||
|
5496000
|
trusted library allocation
|
page read and write
|
||
|
2C85000
|
trusted library allocation
|
page execute and read and write
|
||
|
416C000
|
trusted library allocation
|
page read and write
|
||
|
3EF9000
|
trusted library allocation
|
page read and write
|
||
|
FC0000
|
heap
|
page read and write
|
||
|
D6F000
|
stack
|
page read and write
|
||
|
2B53000
|
trusted library allocation
|
page read and write
|
||
|
54B0000
|
trusted library allocation
|
page read and write
|
||
|
4EE0000
|
trusted library allocation
|
page read and write
|
||
|
DE2000
|
trusted library allocation
|
page read and write
|
||
|
70C0000
|
trusted library allocation
|
page read and write
|
||
|
1129000
|
heap
|
page read and write
|
||
|
552000
|
unkown
|
page readonly
|
||
|
1390000
|
trusted library allocation
|
page read and write
|
||
|
7900000
|
heap
|
page read and write
|
||
|
A4E000
|
heap
|
page read and write
|
||
|
5430000
|
heap
|
page read and write
|
||
|
797000
|
stack
|
page read and write
|
||
|
61A0000
|
heap
|
page read and write
|
||
|
2C72000
|
trusted library allocation
|
page read and write
|
||
|
DDD000
|
trusted library allocation
|
page execute and read and write
|
||
|
DD0000
|
trusted library allocation
|
page read and write
|
||
|
63A0000
|
trusted library allocation
|
page read and write
|
||
|
7297000
|
heap
|
page read and write
|
||
|
E44D000
|
stack
|
page read and write
|
||
|
2AD4000
|
trusted library allocation
|
page read and write
|
||
|
13A4000
|
trusted library allocation
|
page read and write
|
||
|
5491000
|
trusted library allocation
|
page read and write
|
||
|
590E000
|
stack
|
page read and write
|
||
|
5476000
|
trusted library allocation
|
page read and write
|
||
|
5CB0000
|
heap
|
page read and write
|
||
|
2F3D000
|
trusted library allocation
|
page read and write
|
||
|
669E000
|
stack
|
page read and write
|
||
|
70BE000
|
stack
|
page read and write
|
||
|
2B00000
|
trusted library allocation
|
page read and write
|
||
|
7180000
|
trusted library allocation
|
page execute and read and write
|
||
|
54C0000
|
trusted library allocation
|
page read and write
|
||
|
E650000
|
heap
|
page read and write
|
||
|
285E000
|
stack
|
page read and write
|
||
|
A82000
|
heap
|
page read and write
|
||
|
F20000
|
trusted library allocation
|
page read and write
|
||
|
A67000
|
heap
|
page read and write
|
||
|
4E05000
|
trusted library allocation
|
page read and write
|
||
|
5440000
|
trusted library allocation
|
page execute and read and write
|
||
|
4DA4000
|
trusted library allocation
|
page read and write
|
||
|
6CB0000
|
heap
|
page read and write
|
||
|
5C9E000
|
stack
|
page read and write
|
||
|
F30000
|
heap
|
page read and write
|
||
|
DC0000
|
trusted library allocation
|
page read and write
|
||
|
4E10000
|
trusted library allocation
|
page read and write
|
||
|
F0B000
|
trusted library allocation
|
page execute and read and write
|
||
|
114E000
|
heap
|
page read and write
|
||
|
E64D000
|
stack
|
page read and write
|
||
|
2CEE000
|
stack
|
page read and write
|
||
|
2DE0000
|
heap
|
page execute and read and write
|
||
|
2EEF000
|
stack
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
5160000
|
trusted library allocation
|
page read and write
|
||
|
A00000
|
heap
|
page read and write
|
||
|
61AE000
|
heap
|
page read and write
|
||
|
2D2C000
|
stack
|
page read and write
|
||
|
64E7000
|
trusted library allocation
|
page read and write
|
||
|
54B4000
|
trusted library allocation
|
page read and write
|
||
|
73D0000
|
trusted library allocation
|
page read and write
|
||
|
5BDC000
|
trusted library allocation
|
page read and write
|
||
|
7060000
|
trusted library section
|
page read and write
|
||
|
6218000
|
heap
|
page read and write
|
||
|
6AE0000
|
trusted library allocation
|
page read and write
|
||
|
5CD4000
|
heap
|
page read and write
|
||
|
DCD000
|
trusted library allocation
|
page execute and read and write
|
||
|
5474000
|
trusted library allocation
|
page read and write
|
||
|
28CF000
|
trusted library allocation
|
page read and write
|
||
|
620D000
|
heap
|
page read and write
|
||
|
5180000
|
heap
|
page execute and read and write
|
||
|
731D000
|
heap
|
page read and write
|
||
|
DE0000
|
trusted library allocation
|
page read and write
|
||
|
4E90000
|
trusted library allocation
|
page execute and read and write
|
||
|
5CA0000
|
heap
|
page read and write
|
||
|
4E60000
|
heap
|
page read and write
|
||
|
B02000
|
heap
|
page read and write
|
||
|
1200000
|
heap
|
page read and write
|
||
|
4EC0000
|
trusted library allocation
|
page read and write
|
||
|
7522000
|
trusted library allocation
|
page read and write
|
||
|
5360000
|
trusted library allocation
|
page execute and read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
3F19000
|
trusted library allocation
|
page read and write
|
||
|
B7E000
|
stack
|
page read and write
|
||
|
F60000
|
heap
|
page read and write
|
||
|
DAE000
|
stack
|
page read and write
|
||
|
3F5B000
|
trusted library allocation
|
page read and write
|
||
|
2C76000
|
trusted library allocation
|
page execute and read and write
|
||
|
548E000
|
trusted library allocation
|
page read and write
|
||
|
54A2000
|
trusted library allocation
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
528E000
|
stack
|
page read and write
|
||
|
DEA000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D30000
|
heap
|
page read and write
|
||
|
2C80000
|
trusted library allocation
|
page read and write
|
||
|
EFE000
|
stack
|
page read and write
|
||
|
10B8000
|
heap
|
page read and write
|
||
|
7904000
|
heap
|
page read and write
|
||
|
728F000
|
stack
|
page read and write
|
||
|
63B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
A48000
|
heap
|
page read and write
|
||
|
E84E000
|
stack
|
page read and write
|
||
|
B0E000
|
heap
|
page read and write
|
||
|
61C0000
|
heap
|
page read and write
|
||
|
69A000
|
stack
|
page read and write
|
||
|
5B9E000
|
stack
|
page read and write
|
||
|
10DA000
|
heap
|
page read and write
|
||
|
4F33000
|
heap
|
page read and write
|
||
|
7100000
|
trusted library allocation
|
page read and write
|
||
|
6F5E000
|
stack
|
page read and write
|
||
|
2861000
|
trusted library allocation
|
page read and write
|
There are 250 hidden memdumps, click here to show them.