Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
h4QtFUlwIz.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Temp\IXP000.TMP\VC234PATCH01.msp
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Title: Installation Database,
Subject: OpenText Validation for SAP Solutions, Author: Open Text Corporation, Keywords: Installer, Comments: OpenText Validation
for SAP Solutions., Create Time/Date: Thu Jan 11 08:48:30 2024, Name of Creating Application: Windows Installer XML Toolset
(3.10.2.2516), Security: 2, Template: Intel;1033, Last Saved By: Intel;1033, Revision Number: {349BB8AD-FD04-4468-91BD-DD9127ED2725}23.4.3;{349BB8AD-FD04-4468-91BD-DD9127ED2725}23.4.3.1;{3CD97D22-E660-4547-96DF-E91D3EE910AA},
Number of Pages: 301, Number of Characters: 153223191
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\h4QtFUlwIz.exe
|
"C:\Users\user\Desktop\h4QtFUlwIz.exe"
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
msiexec /p VC234PATCH01.msp REINSTALL=ALL REINSTALLMODE=amus /qf
|
||
|
C:\Windows\System32\rundll32.exe
|
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.opentext.com/2/global/services-home/services-support-contact.htmMoreInfoURLOptimizedInsta
|
unknown
|
||
|
http://wixtoolset.org
|
unknown
|
||
|
https://www.opentext.com0
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce
|
wextract_cleanup0
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
546000
|
heap
|
page read and write
|
||
|
528000
|
heap
|
page read and write
|
||
|
533000
|
heap
|
page read and write
|
||
|
53E000
|
heap
|
page read and write
|
||
|
1A0D000
|
unkown
|
page readonly
|
||
|
546000
|
heap
|
page read and write
|
||
|
3C51000
|
heap
|
page read and write
|
||
|
7AE000
|
stack
|
page read and write
|
||
|
1000000
|
unkown
|
page readonly
|
||
|
528000
|
heap
|
page read and write
|
||
|
100B000
|
unkown
|
page write copy
|
||
|
1A0D000
|
unkown
|
page readonly
|
||
|
506000
|
heap
|
page read and write
|
||
|
B06407C000
|
stack
|
page read and write
|
||
|
514000
|
heap
|
page read and write
|
||
|
542000
|
heap
|
page read and write
|
||
|
542000
|
heap
|
page read and write
|
||
|
1001000
|
unkown
|
page execute read
|
||
|
3390000
|
trusted library allocation
|
page read and write
|
||
|
528000
|
heap
|
page read and write
|
||
|
98000
|
stack
|
page read and write
|
||
|
542000
|
heap
|
page read and write
|
||
|
52A000
|
heap
|
page read and write
|
||
|
50D000
|
heap
|
page read and write
|
||
|
100B000
|
unkown
|
page read and write
|
||
|
1001000
|
unkown
|
page execute read
|
||
|
3BE3000
|
heap
|
page read and write
|
||
|
A10000
|
heap
|
page read and write
|
||
|
140000
|
heap
|
page read and write
|
||
|
25743650000
|
heap
|
page read and write
|
||
|
FCE000
|
stack
|
page read and write
|
||
|
1000000
|
unkown
|
page readonly
|
||
|
25743760000
|
heap
|
page read and write
|
||
|
542000
|
heap
|
page read and write
|
||
|
50D000
|
heap
|
page read and write
|
||
|
A20000
|
heap
|
page read and write
|
||
|
53C000
|
heap
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
3BCF000
|
stack
|
page read and write
|
||
|
F3E000
|
stack
|
page read and write
|
||
|
533000
|
heap
|
page read and write
|
||
|
AC0000
|
heap
|
page read and write
|
||
|
517000
|
heap
|
page read and write
|
||
|
B0640FF000
|
stack
|
page read and write
|
||
|
25743870000
|
heap
|
page read and write
|
||
|
3C5B000
|
heap
|
page read and write
|
||
|
4EB000
|
heap
|
page read and write
|
||
|
DC000
|
stack
|
page read and write
|
||
|
F80000
|
heap
|
page read and write
|
||
|
3C15000
|
heap
|
page read and write
|
||
|
25743730000
|
heap
|
page read and write
|
||
|
25743875000
|
heap
|
page read and write
|
||
|
1B0000
|
heap
|
page read and write
|
||
|
25745110000
|
heap
|
page read and write
|
||
|
1FF000
|
stack
|
page read and write
|
||
|
130000
|
heap
|
page read and write
|
||
|
7C9000
|
heap
|
page read and write
|
||
|
3C1F000
|
heap
|
page read and write
|
||
|
F7F000
|
stack
|
page read and write
|
||
|
543000
|
heap
|
page read and write
|
||
|
509000
|
heap
|
page read and write
|
||
|
7C5000
|
heap
|
page read and write
|
||
|
A0E000
|
stack
|
page read and write
|
||
|
509000
|
heap
|
page read and write
|
||
|
3DA4000
|
heap
|
page read and write
|
||
|
F84000
|
heap
|
page read and write
|
||
|
53E000
|
heap
|
page read and write
|
||
|
3D9A000
|
heap
|
page read and write
|
||
|
B06417F000
|
stack
|
page read and write
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
25743768000
|
heap
|
page read and write
|
||
|
19E000
|
stack
|
page read and write
|
||
|
25743880000
|
heap
|
page read and write
|
||
|
100D000
|
unkown
|
page readonly
|
||
|
53E000
|
heap
|
page read and write
|
||
|
3BD9000
|
heap
|
page read and write
|
||
|
100D000
|
unkown
|
page readonly
|
||
|
4F3000
|
heap
|
page read and write
|
||
|
542000
|
heap
|
page read and write
|
There are 69 hidden memdumps, click here to show them.