Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\LABERT\Cirkusforestillinger.exe
|
data
|
dropped
|
 |
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe
|
'C:\Users\user\Desktop\DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe'
|
|
|
|
C:\Program Files (x86)\Internet Explorer\ieinstal.exe
|
'C:\Users\user\Desktop\DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe'
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://178.32.63.50/moss/Host_AKhLBP62.bin
|
178.32.63.50
|
|
|
|
http://178.32.63.50/moss/Host_AKhLBP62.bin:
|
unknown
|
|
|
|
http://178.32.63.50/moss/Host_AKhLBP62.binF
|
unknown
|
|
|
|
http://178.32.63.50/boss/Host_AKhLBP62.bin
|
unknown
|
|
|
|
http://178.32.63.50/moss/Host_AKhLBP62.binhttp://178.32.63.50/boss/Host_AKhLBP62.binwininet.dllMozil
|
unknown
|
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
septnet.duckdns.org
|
193.104.197.28
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
193.104.197.28
|
septnet.duckdns.org
|
unknown
|
|
|
|
178.32.63.50
|
unknown
|
France
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Halvngen7
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\NetWire
|
HostId
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\NetWire
|
Install Date
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2300000
|
unkown
|
page execute and read and write
|
|
|
|
7F7B0000
|
unkown image
|
page readonly
|
|
|
|
2C20000
|
heap private
|
page read and write
|
|
|
|
1C531000
|
unkown
|
page read and write
|
|
|
|
7F7C0000
|
unkown image
|
page readonly
|
|
|
|
23A0000
|
heap private
|
page read and write
|
|
|
|
1C72F000
|
unkown
|
page read and write
|
|
|
|
2ACE000
|
unkown image
|
page readonly
|
|
|
|
21E0000
|
unkown
|
page read and write
|
|
|
|
2E31000
|
unkown
|
page read and write
|
|
|
|
19B000
|
unkown
|
page read and write
|
|
|
|
8DF000
|
unkown
|
page read and write
|
|
|
|
39B0000
|
unkown image
|
page readonly
|
|
|
|
400000
|
unkown image
|
page readonly
|
|
|
|
7F7B2000
|
unkown image
|
page readonly
|
|
|
|
2B71000
|
unkown image
|
page readonly
|
|
|
|
1A0000
|
unkown image
|
page readonly
|
|
|
|
2320000
|
unkown image
|
page readonly
|
|
|
|
69E000
|
unkown
|
page read and write
|
|
|
|
2B01000
|
unkown image
|
page readonly
|
|
|
|
1EE1F000
|
unkown
|
page read and write
|
|
|
|
2AF6000
|
unkown image
|
page readonly
|
|
|
|
614000
|
unkown
|
page read and write
|
|
|
|
534000
|
heap default
|
page read and write
|
|
|
|
610000
|
heap default
|
page read and write
|
|
|
|
2C30000
|
unkown
|
page read and write
|
|
|
|
2B83000
|
unkown image
|
page readonly
|
|
|
|
30A0000
|
unkown image
|
page readonly
|
|
|
|
2B9B000
|
unkown image
|
page readonly
|
|
|
|
2B35000
|
unkown image
|
page readonly
|
|
|
|
500000
|
unkown
|
page read and write
|
|
|
|
2250000
|
heap private
|
page read and write
|
|
|
|
35C0000
|
unkown
|
page read and write
|
|
|
|
2240000
|
unkown image
|
page readonly
|
|
|
|
31D0000
|
unkown image
|
page readonly
|
|
|
|
2340000
|
unkown
|
page read and write
|
|
|
|
2B31000
|
unkown image
|
page readonly
|
|
|
|
7FFC0000
|
unkown image
|
page readonly
|
|
|
|
1ECDC000
|
unkown
|
page read and write
|
|
|
|
79F000
|
unkown
|
page read and write
|
|
|
|
2ADC000
|
unkown image
|
page readonly
|
|
|
|
2B2E000
|
unkown
|
page read and write
|
|
|
|
2B7D000
|
unkown image
|
page readonly
|
|
|
|
2DC0000
|
unkown image
|
page readonly
|
|
|
|
2DF0000
|
unkown image
|
page readonly
|
|
|
|
3A3000
|
unkown
|
page read and write
|
|
|
|
2AE2000
|
unkown image
|
page readonly
|
|
|
|
1ED9E000
|
unkown
|
page read and write
|
|
|
|
10000
|
unkown image
|
page readonly
|
|
|
|
39C1000
|
unkown image
|
page readonly
|
|
|
|
31E8000
|
heap default
|
page read and write
|
|
|
|
2D30000
|
unkown image
|
page readonly
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
3314000
|
unkown
|
page read and write
|
|
|
|
31C0000
|
unkown image
|
page readonly
|
|
|
|
2B5F000
|
unkown image
|
page readonly
|
|
|
|
7FFB2000
|
unkown image
|
page readonly
|
|
|
|
2B56000
|
unkown image
|
page readonly
|
|
|
|
297F000
|
unkown image
|
page readonly
|
|
|
|
2220000
|
unkown image
|
page readonly
|
|
|
|
3000000
|
unkown image
|
page readonly
|
|
|
|
7F7D0000
|
unkown image
|
page readonly
|
|
|
|
2F1E000
|
unkown
|
page read and write
|
|
|
|
7FFC2000
|
unkown image
|
page readonly
|
|
|
|
1E7D0000
|
heap private
|
page read and write
|
|
|
|
29CC000
|
unkown image
|
page readonly
|
|
|
|
91E000
|
unkown
|
page read and write
|
|
|
|
400000
|
unkown image
|
page readonly
|
|
|
|
2BA7000
|
unkown image
|
page readonly
|
|
|
|
30000
|
unkown image
|
page read and write
|
|
|
|
7F7C2000
|
unkown image
|
page readonly
|
|
|
|
1EDDE000
|
unkown
|
page read and write
|
|
|
|
3620000
|
heap private
|
page read and write
|
|
|
|
2AC5000
|
unkown image
|
page readonly
|
|
|
|
2B40000
|
unkown image
|
page readonly
|
|
|
|
2DF0000
|
unkown image
|
page readonly
|
|
|
|
2ACC000
|
unkown image
|
page readonly
|
|
|
|
7F7B0000
|
unkown image
|
page readonly
|
|
|
|
2BB4000
|
unkown image
|
page readonly
|
|
|
|
2DE0000
|
unkown image
|
page read and write
|
|
|
|
3263000
|
heap default
|
page read and write
|
|
|
|
22F0000
|
unkown image
|
page readonly
|
|
|
|
7FFC2000
|
unkown image
|
page readonly
|
|
|
|
1ED1F000
|
unkown
|
page read and write
|
|
|
|
7F7D0000
|
unkown image
|
page readonly
|
|
|
|
21C0000
|
unkown
|
page execute read
|
|
|
|
96000
|
unkown
|
page read and write
|
|
|
|
419000
|
unkown image
|
page readonly
|
|
|
|
2B07000
|
unkown image
|
page readonly
|
|
|
|
7F7B0000
|
unkown image
|
page readonly
|
|
|
|
7FFD0000
|
unkown image
|
page readonly
|
|
|
|
C20000
|
unkown image
|
page readonly
|
|
|
|
2B65000
|
unkown image
|
page readonly
|
|
|
|
2BC0000
|
heap private
|
page read and write
|
|
|
|
1F0000
|
unkown image
|
page readonly
|
|
|
|
A1F000
|
unkown
|
page read and write
|
|
|
|
2B95000
|
unkown image
|
page readonly
|
|
|
|
2330000
|
heap private
|
page read and write
|
|
|
|
620000
|
unkown
|
page read and write
|
|
|
|
323A000
|
heap default
|
page read and write
|
|
|
|
2B15000
|
unkown image
|
page readonly
|
|
|
|
7F7C0000
|
unkown image
|
page readonly
|
|
|
|
35D0000
|
unkown
|
page readonly
|
|
|
|
7FFB2000
|
unkown image
|
page readonly
|
|
|
|
7F7B2000
|
unkown image
|
page readonly
|
|
|
|
401000
|
unkown image
|
page execute read
|
|
|
|
1C530000
|
unkown
|
page read and write
|
|
|
|
30CE000
|
unkown
|
page execute and read and write
|
|
|
|
3000000
|
unkown image
|
page readonly
|
|
|
|
3301000
|
unkown image
|
page readonly
|
|
|
|
7FFB0000
|
unkown image
|
page readonly
|
|
|
|
2B38000
|
unkown image
|
page readonly
|
|
|
|
4F1000
|
unkown image
|
page readonly
|
|
|
|
400000
|
unkown image
|
page readonly
|
|
|
|
22E0000
|
unkown
|
page read and write
|
|
|
|
3570000
|
unkown
|
page read and write
|
|
|
|
1E4E0000
|
unkown
|
page read and write
|
|
|
|
614000
|
unkown
|
page read and write
|
|
|
|
2C24000
|
heap private
|
page read and write
|
|
|
|
DA0000
|
unkown image
|
page readonly
|
|
|
|
1C0000
|
unkown image
|
page readonly
|
|
|
|
2BAE000
|
unkown image
|
page readonly
|
|
|
|
1D0000
|
unkown image
|
page readonly
|
|
|
|
51E000
|
heap default
|
page read and write
|
|
|
|
7F7C0000
|
unkown image
|
page readonly
|
|
|
|
7FFD0000
|
unkown image
|
page readonly
|
|
|
|
7F7D0000
|
unkown image
|
page readonly
|
|
|
|
2B2E000
|
unkown image
|
page readonly
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
2B21000
|
unkown image
|
page readonly
|
|
|
|
2B62000
|
unkown image
|
page readonly
|
|
|
|
2AE5000
|
unkown image
|
page readonly
|
|
|
|
419000
|
unkown image
|
page readonly
|
|
|
|
7F7C2000
|
unkown image
|
page readonly
|
|
|
|
1C531000
|
unkown
|
page read and write
|
|
|
|
39F000
|
unkown
|
page read and write
|
|
|
|
31E0000
|
heap default
|
page read and write
|
|
|
|
324E000
|
heap default
|
page read and write
|
|
|
|
7FE50000
|
unkown image
|
page readonly
|
|
|
|
29D0000
|
unkown image
|
page readonly
|
|
|
|
3830000
|
unkown image
|
page readonly
|
|
|
|
32F0000
|
unkown image
|
page readonly
|
|
|
|
3310000
|
heap default
|
page read and write
|
|
|
|
7FFC0000
|
unkown image
|
page readonly
|
|
|
|
4DD0000
|
unkown
|
page read and write
|
|
|
|
1E0000
|
unkown image
|
page readonly
|
|
|
|
2AAB000
|
unkown image
|
page readonly
|
|
|
|
2B19000
|
unkown image
|
page readonly
|
|
|
|
510000
|
heap default
|
page read and write
|
|
|
|
2988000
|
unkown image
|
page readonly
|
|
|
|
7F7B2000
|
unkown image
|
page readonly
|
|
|
|
2AA0000
|
unkown image
|
page readonly
|
|
|
|
32E0000
|
unkown image
|
page readonly
|
|
|
|
3630000
|
unkown image
|
page readonly
|
|
|
|
416000
|
unkown image
|
page read and write
|
|
|
|
23B0000
|
unkown
|
page read and write
|
|
|
|
401000
|
unkown image
|
page execute read
|
|
|
|
51A000
|
heap default
|
page read and write
|
|
|
|
2BAA000
|
unkown image
|
page readonly
|
|
|
|
A20000
|
unkown image
|
page readonly
|
|
|
|
2B0C000
|
unkown image
|
page readonly
|
|
|
|
30A0000
|
unkown image
|
page readonly
|
|
|
|
2260000
|
unkown
|
page read and write
|
|
|
|
3229000
|
heap default
|
page read and write
|
|
|
|
2AD1000
|
unkown image
|
page readonly
|
|
|
|
1EBBF000
|
unkown
|
page read and write
|
|
|
|
7FFB0000
|
unkown image
|
page readonly
|
|
|
|
3000000
|
unkown image
|
page readonly
|
|
|
|
1E5E0000
|
unkown
|
page read and write
|
|
|
|
2ABA000
|
unkown image
|
page readonly
|
|
|
|
35E0000
|
unkown image
|
page readonly
|
|
|
|
2339000
|
heap private
|
page read and write
|
|
|
|
7F7C2000
|
unkown image
|
page readonly
|
|
|
|
2ADA000
|
unkown image
|
page readonly
|
|
|
|
2B91000
|
unkown image
|
page readonly
|
|
|
|
2BB4000
|
unkown image
|
page readonly
|
|
|
|
1ED15000
|
unkown
|
page read and write
|
|
|
|
2DD0000
|
unkown image
|
page readonly
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
7F650000
|
unkown image
|
page readonly
|
|
|
|
2BB4000
|
unkown image
|
page readonly
|
|
|
|
1E4E1000
|
unkown
|
page read and write
|
|
|
|
1ED5B000
|
unkown
|
page read and write
|
|
|
|
7DE000
|
unkown
|
page read and write
|
|
|
|
1EB7E000
|
unkown
|
page read and write
|
|
There are 175 hidden memdumps, click here to show them.