Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
MDE_File_Sample_9325dd111d7e1367f293dfb028879208fd3ed9b9.zip
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Temp\unarchiver.log
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\7za.exe
|
"C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\m3tmluw3.esm" "C:\Users\user\Desktop\MDE_File_Sample_9325dd111d7e1367f293dfb028879208fd3ed9b9.zip"
|
 |
|
|
C:\Windows\SysWOW64\unarchiver.exe
|
"C:\Windows\SysWow64\unarchiver.exe" "C:\Users\user\Desktop\MDE_File_Sample_9325dd111d7e1367f293dfb028879208fd3ed9b9.zip"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2B05000
|
heap
|
page read and write
|
||
|
33C9000
|
trusted library allocation
|
page read and write
|
||
|
FA8000
|
heap
|
page read and write
|
||
|
12B5000
|
heap
|
page read and write
|
||
|
33BE000
|
trusted library allocation
|
page read and write
|
||
|
F9E000
|
stack
|
page read and write
|
||
|
339F000
|
trusted library allocation
|
page read and write
|
||
|
341D000
|
trusted library allocation
|
page read and write
|
||
|
1820000
|
trusted library allocation
|
page read and write
|
||
|
3412000
|
trusted library allocation
|
page read and write
|
||
|
3394000
|
trusted library allocation
|
page read and write
|
||
|
1280000
|
heap
|
page read and write
|
||
|
146A000
|
heap
|
page read and write
|
||
|
3378000
|
trusted library allocation
|
page read and write
|
||
|
12A2000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A30000
|
heap
|
page read and write
|
||
|
546F000
|
stack
|
page read and write
|
||
|
1270000
|
trusted library allocation
|
page read and write
|
||
|
342B000
|
trusted library allocation
|
page read and write
|
||
|
BDC000
|
stack
|
page read and write
|
||
|
3404000
|
trusted library allocation
|
page read and write
|
||
|
140E000
|
heap
|
page read and write
|
||
|
126F000
|
stack
|
page read and write
|
||
|
3428000
|
trusted library allocation
|
page read and write
|
||
|
341A000
|
trusted library allocation
|
page read and write
|
||
|
33D4000
|
trusted library allocation
|
page read and write
|
||
|
33E8000
|
trusted library allocation
|
page read and write
|
||
|
3407000
|
trusted library allocation
|
page read and write
|
||
|
12AA000
|
trusted library allocation
|
page execute and read and write
|
||
|
1700000
|
heap
|
page execute and read and write
|
||
|
3360000
|
trusted library allocation
|
page read and write
|
||
|
12B0000
|
heap
|
page read and write
|
||
|
3399000
|
trusted library allocation
|
page read and write
|
||
|
143E000
|
heap
|
page read and write
|
||
|
4331000
|
trusted library allocation
|
page read and write
|
||
|
2A7E000
|
stack
|
page read and write
|
||
|
2C0F000
|
stack
|
page read and write
|
||
|
33F0000
|
trusted library allocation
|
page read and write
|
||
|
1470000
|
heap
|
page read and write
|
||
|
3439000
|
trusted library allocation
|
page read and write
|
||
|
3415000
|
trusted library allocation
|
page read and write
|
||
|
3386000
|
trusted library allocation
|
page read and write
|
||
|
33F9000
|
trusted library allocation
|
page read and write
|
||
|
33B3000
|
trusted library allocation
|
page read and write
|
||
|
F50000
|
heap
|
page read and write
|
||
|
3420000
|
trusted library allocation
|
page read and write
|
||
|
33F6000
|
trusted library allocation
|
page read and write
|
||
|
1250000
|
trusted library allocation
|
page read and write
|
||
|
33E5000
|
trusted library allocation
|
page read and write
|
||
|
342E000
|
trusted library allocation
|
page read and write
|
||
|
1830000
|
trusted library allocation
|
page execute and read and write
|
||
|
13D0000
|
trusted library allocation
|
page read and write
|
||
|
1472000
|
heap
|
page read and write
|
||
|
127A000
|
trusted library allocation
|
page execute and read and write
|
||
|
33E2000
|
trusted library allocation
|
page read and write
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
180E000
|
stack
|
page read and write
|
||
|
2A80000
|
trusted library allocation
|
page read and write
|
||
|
3431000
|
trusted library allocation
|
page read and write
|
||
|
163E000
|
stack
|
page read and write
|
||
|
1640000
|
heap
|
page read and write
|
||
|
340C000
|
trusted library allocation
|
page read and write
|
||
|
33DD000
|
trusted library allocation
|
page read and write
|
||
|
33EB000
|
trusted library allocation
|
page read and write
|
||
|
33B0000
|
trusted library allocation
|
page read and write
|
||
|
140B000
|
heap
|
page read and write
|
||
|
1272000
|
trusted library allocation
|
page execute and read and write
|
||
|
10F9000
|
stack
|
page read and write
|
||
|
536E000
|
stack
|
page read and write
|
||
|
576D000
|
stack
|
page read and write
|
||
|
EFD000
|
stack
|
page read and write
|
||
|
33C1000
|
trusted library allocation
|
page read and write
|
||
|
13C0000
|
heap
|
page read and write
|
||
|
1270000
|
heap
|
page read and write
|
||
|
DA0000
|
heap
|
page read and write
|
||
|
13D7000
|
trusted library allocation
|
page execute and read and write
|
||
|
126A000
|
trusted library allocation
|
page execute and read and write
|
||
|
566E000
|
stack
|
page read and write
|
||
|
1426000
|
heap
|
page read and write
|
||
|
3423000
|
trusted library allocation
|
page read and write
|
||
|
594E000
|
stack
|
page read and write
|
||
|
340F000
|
trusted library allocation
|
page read and write
|
||
|
3391000
|
trusted library allocation
|
page read and write
|
||
|
13DB000
|
trusted library allocation
|
page execute and read and write
|
||
|
FA0000
|
heap
|
page read and write
|
||
|
33CC000
|
trusted library allocation
|
page read and write
|
||
|
7F490000
|
trusted library allocation
|
page execute and read and write
|
||
|
F20000
|
heap
|
page read and write
|
||
|
33D7000
|
trusted library allocation
|
page read and write
|
||
|
33FE000
|
trusted library allocation
|
page read and write
|
||
|
1840000
|
heap
|
page read and write
|
||
|
2C10000
|
heap
|
page read and write
|
||
|
33F3000
|
trusted library allocation
|
page read and write
|
||
|
127C000
|
trusted library allocation
|
page execute and read and write
|
||
|
3380000
|
trusted library allocation
|
page read and write
|
||
|
10FB000
|
stack
|
page read and write
|
||
|
33CF000
|
trusted library allocation
|
page read and write
|
||
|
33C6000
|
trusted library allocation
|
page read and write
|
||
|
3331000
|
trusted library allocation
|
page read and write
|
||
|
33A9000
|
trusted library allocation
|
page read and write
|
||
|
3436000
|
trusted library allocation
|
page read and write
|
||
|
5A4E000
|
stack
|
page read and write
|
||
|
2B00000
|
heap
|
page read and write
|
||
|
33A6000
|
trusted library allocation
|
page read and write
|
||
|
33DA000
|
trusted library allocation
|
page read and write
|
||
|
33BB000
|
trusted library allocation
|
page read and write
|
||
|
1400000
|
heap
|
page read and write
|
||
|
3401000
|
trusted library allocation
|
page read and write
|
||
|
D3C000
|
stack
|
page read and write
|
||
|
33B8000
|
trusted library allocation
|
page read and write
|
||
|
1262000
|
trusted library allocation
|
page execute and read and write
|
||
|
10F6000
|
stack
|
page read and write
|
There are 102 hidden memdumps, click here to show them.