Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
20240328-REV2.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_20240328-REV2.ex_d0d499a9646a641b819fa0255edad0bdab418090_3cf00dc3_f546981a-4c8e-4734-9074-23d81c861b04\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5DE2.tmp.dmp
|
Mini DuMP crash report, 15 streams, Fri Apr 26 08:06:28 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER60A2.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6101.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\20240328-REV2.exe.log
|
ASCII text, with CRLF line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_e22pavwa.f3a.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tckzrrwj.5ng.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yakagxcv.e30.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zv2kgg4g.glx.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 2 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\20240328-REV2.exe
|
"C:\Users\user\Desktop\20240328-REV2.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\20240328-REV2.exe"
|
|
|
|
C:\Users\user\Desktop\20240328-REV2.exe
|
"C:\Users\user\Desktop\20240328-REV2.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6840 -s 1796
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://upx.sf.net
|
unknown
|
||
|
http://mbarieservicesltd.com
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://mail.mbarieservicesltd.com
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
mbarieservicesltd.com
|
199.79.62.115
|
|
|
|
mail.mbarieservicesltd.com
|
unknown
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
199.79.62.115
|
mbarieservicesltd.com
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{bb2554b6-545c-838e-c755-e66c0079e870}\Root\InventoryApplicationFile\20240328-rev2.ex|abaee9cbe36b71a6
|
ProgramId
|
||
|
\REGISTRY\A\{bb2554b6-545c-838e-c755-e66c0079e870}\Root\InventoryApplicationFile\20240328-rev2.ex|abaee9cbe36b71a6
|
FileId
|
||
|
\REGISTRY\A\{bb2554b6-545c-838e-c755-e66c0079e870}\Root\InventoryApplicationFile\20240328-rev2.ex|abaee9cbe36b71a6
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{bb2554b6-545c-838e-c755-e66c0079e870}\Root\InventoryApplicationFile\20240328-rev2.ex|abaee9cbe36b71a6
|
LongPathHash
|
||
|
\REGISTRY\A\{bb2554b6-545c-838e-c755-e66c0079e870}\Root\InventoryApplicationFile\20240328-rev2.ex|abaee9cbe36b71a6
|
Name
|
||
|
\REGISTRY\A\{bb2554b6-545c-838e-c755-e66c0079e870}\Root\InventoryApplicationFile\20240328-rev2.ex|abaee9cbe36b71a6
|
OriginalFileName
|
||
|
\REGISTRY\A\{bb2554b6-545c-838e-c755-e66c0079e870}\Root\InventoryApplicationFile\20240328-rev2.ex|abaee9cbe36b71a6
|
Publisher
|
||
|
\REGISTRY\A\{bb2554b6-545c-838e-c755-e66c0079e870}\Root\InventoryApplicationFile\20240328-rev2.ex|abaee9cbe36b71a6
|
Version
|
||
|
\REGISTRY\A\{bb2554b6-545c-838e-c755-e66c0079e870}\Root\InventoryApplicationFile\20240328-rev2.ex|abaee9cbe36b71a6
|
BinFileVersion
|
||
|
\REGISTRY\A\{bb2554b6-545c-838e-c755-e66c0079e870}\Root\InventoryApplicationFile\20240328-rev2.ex|abaee9cbe36b71a6
|
BinaryType
|
||
|
\REGISTRY\A\{bb2554b6-545c-838e-c755-e66c0079e870}\Root\InventoryApplicationFile\20240328-rev2.ex|abaee9cbe36b71a6
|
ProductName
|
||
|
\REGISTRY\A\{bb2554b6-545c-838e-c755-e66c0079e870}\Root\InventoryApplicationFile\20240328-rev2.ex|abaee9cbe36b71a6
|
ProductVersion
|
||
|
\REGISTRY\A\{bb2554b6-545c-838e-c755-e66c0079e870}\Root\InventoryApplicationFile\20240328-rev2.ex|abaee9cbe36b71a6
|
LinkDate
|
||
|
\REGISTRY\A\{bb2554b6-545c-838e-c755-e66c0079e870}\Root\InventoryApplicationFile\20240328-rev2.ex|abaee9cbe36b71a6
|
BinProductVersion
|
||
|
\REGISTRY\A\{bb2554b6-545c-838e-c755-e66c0079e870}\Root\InventoryApplicationFile\20240328-rev2.ex|abaee9cbe36b71a6
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{bb2554b6-545c-838e-c755-e66c0079e870}\Root\InventoryApplicationFile\20240328-rev2.ex|abaee9cbe36b71a6
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{bb2554b6-545c-838e-c755-e66c0079e870}\Root\InventoryApplicationFile\20240328-rev2.ex|abaee9cbe36b71a6
|
Size
|
||
|
\REGISTRY\A\{bb2554b6-545c-838e-c755-e66c0079e870}\Root\InventoryApplicationFile\20240328-rev2.ex|abaee9cbe36b71a6
|
Language
|
||
|
\REGISTRY\A\{bb2554b6-545c-838e-c755-e66c0079e870}\Root\InventoryApplicationFile\20240328-rev2.ex|abaee9cbe36b71a6
|
Usn
|
There are 9 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
6D50000
|
trusted library section
|
page read and write
|
|
|
|
2941000
|
trusted library allocation
|
page read and write
|
|
|
|
299A000
|
trusted library allocation
|
page read and write
|
|
|
|
3799000
|
trusted library allocation
|
page read and write
|
|
|
|
4187000
|
trusted library allocation
|
page read and write
|
|
|
|
70B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
3AE000
|
unkown
|
page readonly
|
||
|
61F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D40000
|
trusted library allocation
|
page read and write
|
||
|
278F000
|
stack
|
page read and write
|
||
|
2770000
|
trusted library allocation
|
page read and write
|
||
|
CAA000
|
trusted library allocation
|
page execute and read and write
|
||
|
AFF0000
|
trusted library allocation
|
page read and write
|
||
|
8ACE000
|
stack
|
page read and write
|
||
|
507E000
|
stack
|
page read and write
|
||
|
2765000
|
trusted library allocation
|
page read and write
|
||
|
2880000
|
trusted library allocation
|
page read and write
|
||
|
6E20000
|
trusted library allocation
|
page read and write
|
||
|
6EA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
28AD000
|
trusted library allocation
|
page read and write
|
||
|
2790000
|
trusted library allocation
|
page read and write
|
||
|
61A0000
|
trusted library allocation
|
page read and write
|
||
|
C80000
|
trusted library allocation
|
page read and write
|
||
|
E16000
|
trusted library allocation
|
page execute and read and write
|
||
|
26EC000
|
stack
|
page read and write
|
||
|
27E8000
|
trusted library allocation
|
page read and write
|
||
|
272D000
|
trusted library allocation
|
page read and write
|
||
|
4F3E000
|
stack
|
page read and write
|
||
|
24EE000
|
stack
|
page read and write
|
||
|
D79C000
|
stack
|
page read and write
|
||
|
66EE000
|
stack
|
page read and write
|
||
|
6D91000
|
trusted library allocation
|
page read and write
|
||
|
26F0000
|
trusted library allocation
|
page read and write
|
||
|
4EFE000
|
stack
|
page read and write
|
||
|
281E000
|
trusted library allocation
|
page read and write
|
||
|
4C20000
|
heap
|
page read and write
|
||
|
6150000
|
trusted library allocation
|
page execute and read and write
|
||
|
75F0000
|
heap
|
page read and write
|
||
|
CE0000
|
heap
|
page read and write
|
||
|
5BA000
|
stack
|
page read and write
|
||
|
AD5000
|
heap
|
page read and write
|
||
|
65A000
|
stack
|
page read and write
|
||
|
4889000
|
stack
|
page read and write
|
||
|
517E000
|
stack
|
page read and write
|
||
|
2791000
|
trusted library allocation
|
page read and write
|
||
|
D3EE000
|
stack
|
page read and write
|
||
|
27C0000
|
trusted library allocation
|
page read and write
|
||
|
6170000
|
trusted library allocation
|
page read and write
|
||
|
404E000
|
trusted library allocation
|
page read and write
|
||
|
5D20000
|
heap
|
page read and write
|
||
|
908000
|
heap
|
page read and write
|
||
|
CE4000
|
trusted library allocation
|
page read and write
|
||
|
25EE000
|
stack
|
page read and write
|
||
|
5A34000
|
heap
|
page read and write
|
||
|
62CE000
|
stack
|
page read and write
|
||
|
2721000
|
trusted library allocation
|
page read and write
|
||
|
5330000
|
trusted library allocation
|
page read and write
|
||
|
ED0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6B00000
|
heap
|
page read and write
|
||
|
985000
|
heap
|
page read and write
|
||
|
84E000
|
stack
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
9ED000
|
heap
|
page read and write
|
||
|
617C000
|
trusted library allocation
|
page read and write
|
||
|
765B000
|
heap
|
page read and write
|
||
|
7202000
|
trusted library allocation
|
page read and write
|
||
|
52BE000
|
stack
|
page read and write
|
||
|
2760000
|
trusted library allocation
|
page read and write
|
||
|
61B0000
|
trusted library allocation
|
page read and write
|
||
|
C70000
|
trusted library allocation
|
page read and write
|
||
|
4C40000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D50000
|
trusted library allocation
|
page read and write
|
||
|
5320000
|
heap
|
page read and write
|
||
|
CED000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F67000
|
trusted library allocation
|
page read and write
|
||
|
28A1000
|
trusted library allocation
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
5E70000
|
trusted library allocation
|
page read and write
|
||
|
AC19000
|
trusted library allocation
|
page read and write
|
||
|
618D000
|
trusted library allocation
|
page read and write
|
||
|
28A6000
|
trusted library allocation
|
page read and write
|
||
|
4D70000
|
trusted library section
|
page readonly
|
||
|
4BE0000
|
trusted library allocation
|
page read and write
|
||
|
4F4E000
|
stack
|
page read and write
|
||
|
4F40000
|
trusted library allocation
|
page read and write
|
||
|
4D90000
|
heap
|
page read and write
|
||
|
289A000
|
trusted library allocation
|
page read and write
|
||
|
B2F000
|
stack
|
page read and write
|
||
|
5E80000
|
heap
|
page read and write
|
||
|
6179000
|
trusted library allocation
|
page read and write
|
||
|
42C000
|
remote allocation
|
page execute and read and write
|
||
|
5E90000
|
trusted library allocation
|
page read and write
|
||
|
4A3D000
|
stack
|
page read and write
|
||
|
CA0000
|
trusted library allocation
|
page read and write
|
||
|
2700000
|
trusted library allocation
|
page read and write
|
||
|
28D0000
|
trusted library allocation
|
page read and write
|
||
|
271E000
|
trusted library allocation
|
page read and write
|
||
|
E0D000
|
trusted library allocation
|
page execute and read and write
|
||
|
6D4E000
|
stack
|
page read and write
|
||
|
E25000
|
trusted library allocation
|
page execute and read and write
|
||
|
29E2000
|
trusted library allocation
|
page read and write
|
||
|
4F73000
|
heap
|
page read and write
|
||
|
4F50000
|
trusted library allocation
|
page read and write
|
||
|
8950000
|
trusted library allocation
|
page execute and read and write
|
||
|
CB2000
|
trusted library allocation
|
page read and write
|
||
|
4F70000
|
heap
|
page read and write
|
||
|
289E000
|
trusted library allocation
|
page read and write
|
||
|
CB7000
|
trusted library allocation
|
page execute and read and write
|
||
|
6FBE000
|
heap
|
page read and write
|
||
|
6180000
|
trusted library allocation
|
page read and write
|
||
|
4D30000
|
trusted library allocation
|
page execute and read and write
|
||
|
CE3000
|
trusted library allocation
|
page execute and read and write
|
||
|
63CE000
|
stack
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
28B2000
|
trusted library allocation
|
page read and write
|
||
|
EE0000
|
heap
|
page read and write
|
||
|
2740000
|
trusted library allocation
|
page read and write
|
||
|
CE0000
|
trusted library allocation
|
page read and write
|
||
|
C9D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
4F8E000
|
stack
|
page read and write
|
||
|
CA2000
|
trusted library allocation
|
page read and write
|
||
|
628D000
|
stack
|
page read and write
|
||
|
92B000
|
heap
|
page read and write
|
||
|
6E90000
|
trusted library allocation
|
page read and write
|
||
|
28C4000
|
trusted library allocation
|
page read and write
|
||
|
938000
|
heap
|
page read and write
|
||
|
2A17000
|
trusted library allocation
|
page read and write
|
||
|
E10000
|
trusted library allocation
|
page read and write
|
||
|
4F0E000
|
stack
|
page read and write
|
||
|
280D000
|
trusted library allocation
|
page read and write
|
||
|
280A000
|
trusted library allocation
|
page read and write
|
||
|
2892000
|
trusted library allocation
|
page read and write
|
||
|
61A4000
|
trusted library allocation
|
page read and write
|
||
|
310000
|
unkown
|
page readonly
|
||
|
288B000
|
trusted library allocation
|
page read and write
|
||
|
6DF0000
|
trusted library section
|
page read and write
|
||
|
6FAE000
|
stack
|
page read and write
|
||
|
C8D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4000000
|
trusted library allocation
|
page read and write
|
||
|
C6F000
|
stack
|
page read and write
|
||
|
2600000
|
heap
|
page read and write
|
||
|
C93000
|
trusted library allocation
|
page read and write
|
||
|
4D20000
|
trusted library allocation
|
page read and write
|
||
|
29A8000
|
trusted library allocation
|
page read and write
|
||
|
5340000
|
trusted library allocation
|
page execute and read and write
|
||
|
5D6E000
|
heap
|
page read and write
|
||
|
C90000
|
trusted library allocation
|
page read and write
|
||
|
A70000
|
heap
|
page read and write
|
||
|
6177000
|
trusted library allocation
|
page read and write
|
||
|
529F000
|
stack
|
page read and write
|
||
|
51BE000
|
stack
|
page read and write
|
||
|
5D43000
|
heap
|
page read and write
|
||
|
757000
|
stack
|
page read and write
|
||
|
E8E000
|
stack
|
page read and write
|
||
|
27A0000
|
heap
|
page read and write
|
||
|
2A30000
|
trusted library allocation
|
page read and write
|
||
|
86E000
|
heap
|
page read and write
|
||
|
E2B000
|
trusted library allocation
|
page execute and read and write
|
||
|
61B4000
|
trusted library allocation
|
page read and write
|
||
|
25F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
89F000
|
heap
|
page read and write
|
||
|
7622000
|
heap
|
page read and write
|
||
|
5A10000
|
heap
|
page read and write
|
||
|
B0E0000
|
trusted library section
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
4D80000
|
heap
|
page read and write
|
||
|
4C60000
|
trusted library allocation
|
page read and write
|
||
|
CD0000
|
trusted library allocation
|
page read and write
|
||
|
6DDE000
|
stack
|
page read and write
|
||
|
9E6000
|
heap
|
page read and write
|
||
|
86A000
|
heap
|
page read and write
|
||
|
4EBC000
|
stack
|
page read and write
|
||
|
2726000
|
trusted library allocation
|
page read and write
|
||
|
4C50000
|
heap
|
page execute and read and write
|
||
|
763D000
|
heap
|
page read and write
|
||
|
9EF000
|
heap
|
page read and write
|
||
|
E27000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D93000
|
heap
|
page read and write
|
||
|
4F60000
|
trusted library allocation
|
page read and write
|
||
|
26AD000
|
stack
|
page read and write
|
||
|
6DE0000
|
trusted library allocation
|
page read and write
|
||
|
7F770000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CC2000
|
trusted library allocation
|
page read and write
|
||
|
9CB000
|
heap
|
page read and write
|
||
|
75E0000
|
heap
|
page read and write
|
||
|
2780000
|
heap
|
page execute and read and write
|
||
|
28F0000
|
heap
|
page execute and read and write
|
||
|
6D80000
|
trusted library section
|
page read and write
|
||
|
519E000
|
stack
|
page read and write
|
||
|
6160000
|
heap
|
page read and write
|
||
|
D52E000
|
stack
|
page read and write
|
||
|
AD0000
|
heap
|
page read and write
|
||
|
75F4000
|
heap
|
page read and write
|
||
|
936000
|
heap
|
page read and write
|
||
|
5A00000
|
heap
|
page read and write
|
||
|
8940000
|
trusted library allocation
|
page read and write
|
||
|
7646000
|
heap
|
page read and write
|
||
|
99A000
|
heap
|
page read and write
|
||
|
7032000
|
heap
|
page read and write
|
||
|
3941000
|
trusted library allocation
|
page read and write
|
||
|
288E000
|
trusted library allocation
|
page read and write
|
||
|
7B5000
|
heap
|
page read and write
|
||
|
D08000
|
heap
|
page read and write
|
||
|
6C4E000
|
stack
|
page read and write
|
||
|
4DBC000
|
stack
|
page read and write
|
||
|
509D000
|
stack
|
page read and write
|
||
|
E40000
|
trusted library allocation
|
page read and write
|
||
|
D69C000
|
stack
|
page read and write
|
||
|
8A1000
|
heap
|
page read and write
|
||
|
CA6000
|
trusted library allocation
|
page execute and read and write
|
||
|
28C0000
|
trusted library allocation
|
page read and write
|
||
|
4C30000
|
heap
|
page read and write
|
||
|
409C000
|
trusted library allocation
|
page read and write
|
||
|
4D29000
|
trusted library allocation
|
page read and write
|
||
|
70C0000
|
trusted library allocation
|
page read and write
|
||
|
4F95000
|
heap
|
page read and write
|
||
|
6D70000
|
trusted library allocation
|
page execute and read and write
|
||
|
C83000
|
trusted library allocation
|
page execute and read and write
|
||
|
CD0000
|
trusted library allocation
|
page read and write
|
||
|
312000
|
unkown
|
page readonly
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
4ECB000
|
stack
|
page read and write
|
||
|
75EC000
|
heap
|
page read and write
|
||
|
CBB000
|
trusted library allocation
|
page execute and read and write
|
||
|
264E000
|
stack
|
page read and write
|
||
|
ECC000
|
stack
|
page read and write
|
||
|
2750000
|
trusted library allocation
|
page read and write
|
||
|
3949000
|
trusted library allocation
|
page read and write
|
||
|
D42E000
|
stack
|
page read and write
|
||
|
59FE000
|
stack
|
page read and write
|
||
|
27F6000
|
trusted library allocation
|
page read and write
|
||
|
900000
|
heap
|
page read and write
|
||
|
E00000
|
trusted library allocation
|
page read and write
|
||
|
6B0E000
|
heap
|
page read and write
|
||
|
27D0000
|
heap
|
page read and write
|
||
|
2930000
|
heap
|
page execute and read and write
|
||
|
894000
|
heap
|
page read and write
|
||
|
E22000
|
trusted library allocation
|
page read and write
|
||
|
4F90000
|
heap
|
page read and write
|
||
|
E1A000
|
trusted library allocation
|
page execute and read and write
|
||
|
A20000
|
heap
|
page read and write
|
||
|
764E000
|
heap
|
page read and write
|
||
|
8F8000
|
stack
|
page read and write
|
||
|
B6E000
|
stack
|
page read and write
|
||
|
70C5000
|
trusted library allocation
|
page read and write
|
||
|
3791000
|
trusted library allocation
|
page read and write
|
||
|
E12000
|
trusted library allocation
|
page read and write
|
||
|
765D000
|
heap
|
page read and write
|
||
|
C84000
|
trusted library allocation
|
page read and write
|
||
|
5E60000
|
trusted library allocation
|
page execute and read and write
|
There are 244 hidden memdumps, click here to show them.