Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Bank Swift Payment.bat.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Bank Swift Payment.bat.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1s22uek3.rpy.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_njrozhuy.yv2.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xfvi515l.wfl.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ytwdzvdo.iw1.psm1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Bank Swift Payment.bat.exe
|
"C:\Users\user\Desktop\Bank Swift Payment.bat.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Bank Swift
Payment.bat.exe"
|
|
|
|
C:\Users\user\Desktop\Bank Swift Payment.bat.exe
|
"C:\Users\user\Desktop\Bank Swift Payment.bat.exe"
|
|
|
|
C:\Users\user\Desktop\Bank Swift Payment.bat.exe
|
"C:\Users\user\Desktop\Bank Swift Payment.bat.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://checkip.dyndns.org/
|
193.122.130.0
|
||
|
https://reallyfreegeoip.org/xml/8.46.123.189
|
104.21.48.1
|
||
|
https://reallyfreegeoip.org/xml/8.46.123.189l
|
unknown
|
||
|
http://checkip.dyndns.comd
|
unknown
|
||
|
http://checkip.dyndns.org/q
|
unknown
|
||
|
http://reallyfreegeoip.orgd
|
unknown
|
||
|
https://reallyfreegeoip.org/xml/8.46.123.189d
|
unknown
|
||
|
http://reallyfreegeoip.org
|
unknown
|
||
|
http://checkip.dyndns.orgd
|
unknown
|
||
|
https://reallyfreegeoip.org
|
unknown
|
||
|
http://checkip.dyndns.org
|
unknown
|
||
|
http://checkip.dyndns.com
|
unknown
|
||
|
http://checkip.dyndns.org/d
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://api.telegram.org/bot-/sendDocument?chat_id=
|
unknown
|
||
|
https://reallyfreegeoip.org/xml/
|
unknown
|
There are 6 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
reallyfreegeoip.org
|
104.21.48.1
|
||
|
checkip.dyndns.com
|
193.122.130.0
|
||
|
checkip.dyndns.org
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
104.21.48.1
|
reallyfreegeoip.org
|
United States
|
||
|
193.122.130.0
|
checkip.dyndns.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Bank Swift Payment_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Bank Swift Payment_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Bank Swift Payment_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Bank Swift Payment_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Bank Swift Payment_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Bank Swift Payment_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Bank Swift Payment_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Bank Swift Payment_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Bank Swift Payment_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Bank Swift Payment_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Bank Swift Payment_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Bank Swift Payment_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Bank Swift Payment_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Bank Swift Payment_RASMANCS
|
FileDirectory
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
374C000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
4FC6000
|
trusted library allocation
|
page read and write
|
||
|
2A10000
|
heap
|
page execute and read and write
|
||
|
E60000
|
trusted library allocation
|
page read and write
|
||
|
3B84000
|
trusted library allocation
|
page read and write
|
||
|
4B1E000
|
trusted library allocation
|
page read and write
|
||
|
B51F000
|
stack
|
page read and write
|
||
|
4C8C000
|
stack
|
page read and write
|
||
|
D30000
|
trusted library allocation
|
page read and write
|
||
|
D40000
|
heap
|
page read and write
|
||
|
4BB0000
|
trusted library allocation
|
page read and write
|
||
|
F77000
|
heap
|
page read and write
|
||
|
EB8000
|
heap
|
page read and write
|
||
|
6860000
|
heap
|
page read and write
|
||
|
5E3E000
|
stack
|
page read and write
|
||
|
241D000
|
trusted library allocation
|
page execute and read and write
|
||
|
E82000
|
trusted library allocation
|
page read and write
|
||
|
2BDC000
|
trusted library allocation
|
page read and write
|
||
|
2550000
|
trusted library allocation
|
page execute and read and write
|
||
|
E9B000
|
trusted library allocation
|
page execute and read and write
|
||
|
4C20000
|
trusted library allocation
|
page execute and read and write
|
||
|
6E49000
|
trusted library allocation
|
page read and write
|
||
|
7F360000
|
trusted library allocation
|
page execute and read and write
|
||
|
506A000
|
trusted library allocation
|
page read and write
|
||
|
5770000
|
heap
|
page read and write
|
||
|
5760000
|
heap
|
page read and write
|
||
|
4FD2000
|
trusted library allocation
|
page read and write
|
||
|
1050000
|
trusted library allocation
|
page execute and read and write
|
||
|
A24000
|
heap
|
page read and write
|
||
|
B7FD000
|
stack
|
page read and write
|
||
|
5060000
|
trusted library allocation
|
page read and write
|
||
|
3B61000
|
trusted library allocation
|
page read and write
|
||
|
6F62000
|
trusted library allocation
|
page read and write
|
||
|
B050000
|
heap
|
page read and write
|
||
|
B2E000
|
stack
|
page read and write
|
||
|
2A50000
|
heap
|
page read and write
|
||
|
287A000
|
trusted library allocation
|
page read and write
|
||
|
6330000
|
trusted library allocation
|
page execute and read and write
|
||
|
4B26000
|
trusted library allocation
|
page read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
639000
|
stack
|
page read and write
|
||
|
2560000
|
trusted library allocation
|
page read and write
|
||
|
29FC000
|
trusted library allocation
|
page read and write
|
||
|
69DB000
|
heap
|
page read and write
|
||
|
4FAB000
|
trusted library allocation
|
page read and write
|
||
|
2420000
|
trusted library allocation
|
page read and write
|
||
|
4B30000
|
trusted library allocation
|
page read and write
|
||
|
977000
|
heap
|
page read and write
|
||
|
4C5E000
|
stack
|
page read and write
|
||
|
2A40000
|
trusted library allocation
|
page read and write
|
||
|
6B5E000
|
stack
|
page read and write
|
||
|
938000
|
heap
|
page read and write
|
||
|
E7D000
|
trusted library allocation
|
page execute and read and write
|
||
|
F43000
|
heap
|
page read and write
|
||
|
2BDE000
|
trusted library allocation
|
page read and write
|
||
|
41A000
|
remote allocation
|
page execute and read and write
|
||
|
2450000
|
trusted library allocation
|
page read and write
|
||
|
47BC000
|
stack
|
page read and write
|
||
|
62D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E50000
|
heap
|
page execute and read and write
|
||
|
5BFE000
|
stack
|
page read and write
|
||
|
DD7000
|
heap
|
page read and write
|
||
|
312000
|
unkown
|
page readonly
|
||
|
2A94000
|
trusted library allocation
|
page read and write
|
||
|
EB0000
|
heap
|
page read and write
|
||
|
2C58000
|
trusted library allocation
|
page read and write
|
||
|
4BD0000
|
heap
|
page read and write
|
||
|
2460000
|
heap
|
page read and write
|
||
|
4BF3000
|
heap
|
page read and write
|
||
|
ECE000
|
heap
|
page read and write
|
||
|
E86000
|
trusted library allocation
|
page execute and read and write
|
||
|
521E000
|
stack
|
page read and write
|
||
|
552E000
|
stack
|
page read and write
|
||
|
62E0000
|
trusted library allocation
|
page read and write
|
||
|
6DEE000
|
stack
|
page read and write
|
||
|
3689000
|
trusted library allocation
|
page read and write
|
||
|
2432000
|
trusted library allocation
|
page read and write
|
||
|
61BE000
|
stack
|
page read and write
|
||
|
1070000
|
trusted library allocation
|
page read and write
|
||
|
4FA4000
|
trusted library allocation
|
page read and write
|
||
|
62F0000
|
trusted library allocation
|
page read and write
|
||
|
4E30000
|
heap
|
page read and write
|
||
|
6AD0000
|
heap
|
page read and write
|
||
|
69AA000
|
heap
|
page read and write
|
||
|
4FC1000
|
trusted library allocation
|
page read and write
|
||
|
2C15000
|
trusted library allocation
|
page read and write
|
||
|
2C77000
|
trusted library allocation
|
page read and write
|
||
|
5530000
|
trusted library allocation
|
page read and write
|
||
|
3B99000
|
trusted library allocation
|
page read and write
|
||
|
A39000
|
stack
|
page read and write
|
||
|
5070000
|
trusted library allocation
|
page read and write
|
||
|
267F000
|
stack
|
page read and write
|
||
|
5F7E000
|
stack
|
page read and write
|
||
|
2C4E000
|
trusted library allocation
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5DFE000
|
stack
|
page read and write
|
||
|
4B60000
|
trusted library allocation
|
page read and write
|
||
|
6960000
|
heap
|
page read and write
|
||
|
2C84000
|
trusted library allocation
|
page read and write
|
||
|
546E000
|
stack
|
page read and write
|
||
|
23F0000
|
trusted library allocation
|
page read and write
|
||
|
73696000
|
unkown
|
page readonly
|
||
|
2C45000
|
trusted library allocation
|
page read and write
|
||
|
FFE000
|
stack
|
page read and write
|
||
|
3BBB000
|
trusted library allocation
|
page read and write
|
||
|
2681000
|
trusted library allocation
|
page read and write
|
||
|
4B0B000
|
trusted library allocation
|
page read and write
|
||
|
2404000
|
trusted library allocation
|
page read and write
|
||
|
6C20000
|
trusted library allocation
|
page execute and read and write
|
||
|
2422000
|
trusted library allocation
|
page read and write
|
||
|
4FAE000
|
trusted library allocation
|
page read and write
|
||
|
2C19000
|
trusted library allocation
|
page read and write
|
||
|
F36000
|
heap
|
page read and write
|
||
|
4BE0000
|
trusted library allocation
|
page read and write
|
||
|
4BE6000
|
trusted library allocation
|
page read and write
|
||
|
85A0000
|
trusted library section
|
page read and write
|
||
|
29F0000
|
trusted library allocation
|
page read and write
|
||
|
8DE000
|
stack
|
page read and write
|
||
|
61C0000
|
heap
|
page read and write
|
||
|
4FB0000
|
trusted library allocation
|
page read and write
|
||
|
B6BC000
|
stack
|
page read and write
|
||
|
310000
|
unkown
|
page readonly
|
||
|
2C07000
|
trusted library allocation
|
page read and write
|
||
|
B18D000
|
stack
|
page read and write
|
||
|
4B00000
|
trusted library allocation
|
page read and write
|
||
|
607E000
|
stack
|
page read and write
|
||
|
73681000
|
unkown
|
page execute read
|
||
|
A03000
|
heap
|
page read and write
|
||
|
2570000
|
heap
|
page execute and read and write
|
||
|
890000
|
heap
|
page read and write
|
||
|
4E40000
|
heap
|
page read and write
|
||
|
24B8000
|
trusted library allocation
|
page read and write
|
||
|
FA1000
|
heap
|
page read and write
|
||
|
7369F000
|
unkown
|
page readonly
|
||
|
390000
|
unkown
|
page readonly
|
||
|
2C3A000
|
trusted library allocation
|
page read and write
|
||
|
6B60000
|
trusted library section
|
page read and write
|
||
|
4B21000
|
trusted library allocation
|
page read and write
|
||
|
2437000
|
trusted library allocation
|
page execute and read and write
|
||
|
1090000
|
heap
|
page read and write
|
||
|
4B50000
|
trusted library allocation
|
page read and write
|
||
|
C2F000
|
stack
|
page read and write
|
||
|
51AE000
|
stack
|
page read and write
|
||
|
4BF0000
|
heap
|
page read and write
|
||
|
5060000
|
heap
|
page read and write
|
||
|
864E000
|
stack
|
page read and write
|
||
|
2410000
|
trusted library allocation
|
page read and write
|
||
|
9DD000
|
heap
|
page read and write
|
||
|
E80000
|
trusted library allocation
|
page read and write
|
||
|
6E40000
|
trusted library allocation
|
page read and write
|
||
|
4FC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
E92000
|
trusted library allocation
|
page read and write
|
||
|
370D000
|
trusted library allocation
|
page read and write
|
||
|
B910000
|
trusted library allocation
|
page read and write
|
||
|
4B04000
|
trusted library allocation
|
page read and write
|
||
|
242A000
|
trusted library allocation
|
page execute and read and write
|
||
|
4FBA000
|
trusted library allocation
|
page read and write
|
||
|
62E8000
|
trusted library allocation
|
page read and write
|
||
|
2403000
|
trusted library allocation
|
page execute and read and write
|
||
|
B7BC000
|
stack
|
page read and write
|
||
|
5F3F000
|
stack
|
page read and write
|
||
|
2B61000
|
trusted library allocation
|
page read and write
|
||
|
5546000
|
trusted library allocation
|
page read and write
|
||
|
4EE0000
|
heap
|
page read and write
|
||
|
103E000
|
stack
|
page read and write
|
||
|
4C90000
|
trusted library section
|
page readonly
|
||
|
780000
|
heap
|
page read and write
|
||
|
5065000
|
heap
|
page read and write
|
||
|
686E000
|
heap
|
page read and write
|
||
|
5040000
|
trusted library allocation
|
page read and write
|
||
|
EE8000
|
heap
|
page read and write
|
||
|
4FA0000
|
trusted library allocation
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
2C6D000
|
trusted library allocation
|
page read and write
|
||
|
E97000
|
trusted library allocation
|
page execute and read and write
|
||
|
2430000
|
trusted library allocation
|
page read and write
|
||
|
4B70000
|
trusted library allocation
|
page read and write
|
||
|
505D000
|
stack
|
page read and write
|
||
|
E95000
|
trusted library allocation
|
page execute and read and write
|
||
|
874E000
|
stack
|
page read and write
|
||
|
969000
|
heap
|
page read and write
|
||
|
73680000
|
unkown
|
page readonly
|
||
|
860000
|
heap
|
page read and write
|
||
|
930000
|
heap
|
page read and write
|
||
|
B28E000
|
stack
|
page read and write
|
||
|
6207000
|
heap
|
page read and write
|
||
|
B2DE000
|
stack
|
page read and write
|
||
|
B04D000
|
stack
|
page read and write
|
||
|
2C71000
|
trusted library allocation
|
page read and write
|
||
|
4FA7000
|
trusted library allocation
|
page read and write
|
||
|
AF4F000
|
stack
|
page read and write
|
||
|
92E000
|
stack
|
page read and write
|
||
|
6DAE000
|
stack
|
page read and write
|
||
|
2400000
|
trusted library allocation
|
page read and write
|
||
|
7369D000
|
unkown
|
page read and write
|
||
|
2CB4000
|
trusted library allocation
|
page read and write
|
||
|
2426000
|
trusted library allocation
|
page execute and read and write
|
||
|
24AE000
|
stack
|
page read and write
|
||
|
5795000
|
heap
|
page read and write
|
||
|
6E2E000
|
stack
|
page read and write
|
||
|
B37000
|
stack
|
page read and write
|
||
|
516E000
|
stack
|
page read and write
|
||
|
E8A000
|
trusted library allocation
|
page execute and read and write
|
||
|
4FA0000
|
trusted library allocation
|
page read and write
|
||
|
501D000
|
stack
|
page read and write
|
||
|
B41E000
|
stack
|
page read and write
|
||
|
2C1D000
|
trusted library allocation
|
page read and write
|
||
|
554A000
|
trusted library allocation
|
page read and write
|
||
|
2C5D000
|
trusted library allocation
|
page read and write
|
||
|
D50000
|
heap
|
page read and write
|
||
|
2BFB000
|
trusted library allocation
|
page read and write
|
||
|
4FBE000
|
trusted library allocation
|
page read and write
|
||
|
3681000
|
trusted library allocation
|
page read and write
|
||
|
E63000
|
trusted library allocation
|
page execute and read and write
|
||
|
6340000
|
heap
|
page read and write
|
||
|
4BEB000
|
trusted library allocation
|
page read and write
|
||
|
93E000
|
heap
|
page read and write
|
||
|
1060000
|
trusted library allocation
|
page read and write
|
||
|
6883000
|
heap
|
page read and write
|
||
|
240D000
|
trusted library allocation
|
page execute and read and write
|
||
|
54AE000
|
stack
|
page read and write
|
||
|
4C30000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
6D6E000
|
stack
|
page read and write
|
||
|
60BE000
|
stack
|
page read and write
|
||
|
2BC2000
|
trusted library allocation
|
page read and write
|
||
|
2B5E000
|
stack
|
page read and write
|
||
|
6C6E000
|
stack
|
page read and write
|
||
|
EDA000
|
heap
|
page read and write
|
||
|
8600000
|
trusted library allocation
|
page execute and read and write
|
||
|
A14000
|
heap
|
page read and write
|
||
|
243B000
|
trusted library allocation
|
page execute and read and write
|
||
|
E64000
|
trusted library allocation
|
page read and write
|
||
|
4B2D000
|
trusted library allocation
|
page read and write
|
||
|
1080000
|
trusted library allocation
|
page read and write
|
||
|
4B65000
|
trusted library allocation
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
4FCD000
|
trusted library allocation
|
page read and write
|
||
|
E6D000
|
trusted library allocation
|
page execute and read and write
|
||
|
E70000
|
trusted library allocation
|
page read and write
|
||
|
8E0000
|
heap
|
page read and write
|
||
|
29F9000
|
trusted library allocation
|
page read and write
|
||
|
2762000
|
trusted library allocation
|
page read and write
|
||
|
1074000
|
trusted library allocation
|
page read and write
|
||
|
62C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
9CB000
|
heap
|
page read and write
|
||
|
737000
|
stack
|
page read and write
|
||
|
4B32000
|
trusted library allocation
|
page read and write
|
||
|
5220000
|
heap
|
page execute and read and write
|
||
|
6310000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C7E000
|
trusted library allocation
|
page read and write
|
||
|
4FB2000
|
trusted library allocation
|
page read and write
|
||
|
2C3F000
|
trusted library allocation
|
page read and write
|
||
|
46BC000
|
stack
|
page read and write
|
||
|
3B8D000
|
trusted library allocation
|
page read and write
|
||
|
5544000
|
trusted library allocation
|
page read and write
|
||
|
AE4F000
|
stack
|
page read and write
|
||
|
6450000
|
heap
|
page read and write
|
||
|
4C00000
|
trusted library allocation
|
page read and write
|
||
|
CB0000
|
heap
|
page read and write
|
||
|
4B40000
|
trusted library allocation
|
page read and write
|
||
|
B8FE000
|
stack
|
page read and write
|
||
|
1043000
|
heap
|
page read and write
|
||
|
B3DE000
|
stack
|
page read and write
|
||
|
1040000
|
heap
|
page read and write
|
||
|
2C61000
|
trusted library allocation
|
page read and write
|
||
|
6E30000
|
trusted library allocation
|
page read and write
|
There are 258 hidden memdumps, click here to show them.