Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
MDE_File_Sample_bcdc0b75df7c481568c48ae5a8f1d75305b5fc22.zip
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Temp\unarchiver.log
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\unarchiver.exe
|
"C:\Windows\SysWow64\unarchiver.exe" "C:\Users\user\Desktop\MDE_File_Sample_bcdc0b75df7c481568c48ae5a8f1d75305b5fc22.zip"
|
||
|
C:\Windows\SysWOW64\7za.exe
|
"C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\4o4mctv4.ggf" "C:\Users\user\Desktop\MDE_File_Sample_bcdc0b75df7c481568c48ae5a8f1d75305b5fc22.zip"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2F12000
|
trusted library allocation
|
page read and write
|
||
|
2EF9000
|
trusted library allocation
|
page read and write
|
||
|
11AC000
|
trusted library allocation
|
page execute and read and write
|
||
|
122E000
|
stack
|
page read and write
|
||
|
119A000
|
trusted library allocation
|
page execute and read and write
|
||
|
DBE000
|
heap
|
page read and write
|
||
|
2F04000
|
trusted library allocation
|
page read and write
|
||
|
2EC1000
|
trusted library allocation
|
page read and write
|
||
|
2EE8000
|
trusted library allocation
|
page read and write
|
||
|
CFB000
|
stack
|
page read and write
|
||
|
2E90000
|
trusted library allocation
|
page read and write
|
||
|
C1E000
|
stack
|
page read and write
|
||
|
11C2000
|
trusted library allocation
|
page execute and read and write
|
||
|
1192000
|
trusted library allocation
|
page execute and read and write
|
||
|
2EB0000
|
trusted library allocation
|
page read and write
|
||
|
2EFE000
|
trusted library allocation
|
page read and write
|
||
|
11A2000
|
trusted library allocation
|
page execute and read and write
|
||
|
11A0000
|
trusted library allocation
|
page read and write
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
11E0000
|
trusted library allocation
|
page read and write
|
||
|
11AA000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F20000
|
trusted library allocation
|
page read and write
|
||
|
553E000
|
stack
|
page read and write
|
||
|
2EF3000
|
trusted library allocation
|
page read and write
|
||
|
503E000
|
stack
|
page read and write
|
||
|
7EE60000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F15000
|
trusted library allocation
|
page read and write
|
||
|
1400000
|
heap
|
page execute and read and write
|
||
|
563E000
|
stack
|
page read and write
|
||
|
9A0000
|
heap
|
page read and write
|
||
|
990000
|
heap
|
page read and write
|
||
|
DA0000
|
heap
|
page read and write
|
||
|
2E61000
|
trusted library allocation
|
page read and write
|
||
|
C78000
|
heap
|
page read and write
|
||
|
2EB6000
|
trusted library allocation
|
page read and write
|
||
|
DD7000
|
heap
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
CF6000
|
stack
|
page read and write
|
||
|
E20000
|
heap
|
page read and write
|
||
|
E29000
|
heap
|
page read and write
|
||
|
2B1F000
|
stack
|
page read and write
|
||
|
9F5000
|
heap
|
page read and write
|
||
|
2ED6000
|
trusted library allocation
|
page read and write
|
||
|
4F3E000
|
stack
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
2F1D000
|
trusted library allocation
|
page read and write
|
||
|
2710000
|
heap
|
page read and write
|
||
|
11E7000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F07000
|
trusted library allocation
|
page read and write
|
||
|
2EE5000
|
trusted library allocation
|
page read and write
|
||
|
11EB000
|
trusted library allocation
|
page execute and read and write
|
||
|
1230000
|
heap
|
page read and write
|
||
|
E6F000
|
stack
|
page read and write
|
||
|
2825000
|
heap
|
page read and write
|
||
|
2F23000
|
trusted library allocation
|
page read and write
|
||
|
C70000
|
heap
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
E2B000
|
heap
|
page read and write
|
||
|
11CA000
|
trusted library allocation
|
page execute and read and write
|
||
|
5050000
|
trusted library allocation
|
page execute and read and write
|
||
|
DEE000
|
heap
|
page read and write
|
||
|
DBA000
|
heap
|
page read and write
|
||
|
E18000
|
heap
|
page read and write
|
||
|
2820000
|
heap
|
page read and write
|
||
|
2EE2000
|
trusted library allocation
|
page read and write
|
||
|
1180000
|
trusted library allocation
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
D60000
|
heap
|
page read and write
|
||
|
AFD000
|
stack
|
page read and write
|
||
|
7DE000
|
stack
|
page read and write
|
||
|
92C000
|
stack
|
page read and write
|
||
|
F6F000
|
stack
|
page read and write
|
||
|
549F000
|
stack
|
page read and write
|
||
|
CF9000
|
stack
|
page read and write
|
||
|
72C000
|
stack
|
page read and write
|
||
|
2EEB000
|
trusted library allocation
|
page read and write
|
||
|
2F0F000
|
trusted library allocation
|
page read and write
|
||
|
2F01000
|
trusted library allocation
|
page read and write
|
||
|
539E000
|
stack
|
page read and write
|
||
|
C30000
|
trusted library allocation
|
page read and write
|
||
|
2EC9000
|
trusted library allocation
|
page read and write
|
||
|
2EF6000
|
trusted library allocation
|
page read and write
|
||
|
11D0000
|
heap
|
page read and write
|
||
|
3E61000
|
trusted library allocation
|
page read and write
|
||
|
2E95000
|
trusted library allocation
|
page read and write
|
||
|
DF5000
|
heap
|
page read and write
|
||
|
2EA8000
|
trusted library allocation
|
page read and write
|
||
|
C20000
|
heap
|
page read and write
|
||
|
5040000
|
trusted library allocation
|
page read and write
|
||
|
2F0C000
|
trusted library allocation
|
page read and write
|
||
|
2ECF000
|
trusted library allocation
|
page read and write
|
||
|
2EF0000
|
trusted library allocation
|
page read and write
|
||
|
2EC4000
|
trusted library allocation
|
page read and write
|
||
|
2F1A000
|
trusted library allocation
|
page read and write
|
||
|
2ED9000
|
trusted library allocation
|
page read and write
|
There are 85 hidden memdumps, click here to show them.