Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
rfxJzZjiWv.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\C79A3B\B52B3F.lck
|
very short file (no magic)
|
dropped
|
 |
|
|
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\bc49718863ee53e026d805ec372039e9_d06ed635-68f6-4e9a-955c-4899f5f57b9a
|
data
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\rfxJzZjiWv.exe
|
"C:\Users\user\Desktop\rfxJzZjiWv.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://kbfvzoboss.bid/alien/fre.php
|
|
||
|
http://alphastand.win/alien/fre.php
|
|
||
|
http://naourl.com/data/five/fre.php
|
212.32.237.90
|
|
|
|
http://alphastand.trade/alien/fre.php
|
|
||
|
http://alphastand.top/alien/fre.php
|
|
||
|
http://www.ibsensoftware.com/
|
unknown
|
|
|
|
http://survey-smiles.com
|
unknown
|
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
naourl.com
|
212.32.237.90
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
212.32.237.90
|
naourl.com
|
Netherlands
|
|
|
|
192.168.2.1
|
unknown
|
unknown
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
415000
|
unkown image
|
page readonly
|
|
|
|
415000
|
unkown image
|
page readonly
|
|
|
|
24D6EE29000
|
unkown
|
page read and write
|
|
|
|
400000
|
unkown image
|
page readonly
|
|
|
|
7FF5A766F000
|
unkown image
|
page readonly
|
|
|
|
7FFC0000
|
unkown image
|
page readonly
|
|
|
|
24D6EE64000
|
unkown
|
page read and write
|
|
|
|
90F000
|
stack
|
page read and write
|
|
|
|
7FF5A7574000
|
unkown image
|
page readonly
|
|
|
|
7FF5A7664000
|
unkown image
|
page readonly
|
|
|
|
7FF5A7702000
|
unkown image
|
page readonly
|
|
|
|
7FF5A763F000
|
unkown image
|
page readonly
|
|
|
|
296D000
|
stack
|
page read and write
|
|
|
|
7FF5A7387000
|
unkown image
|
page readonly
|
|
|
|
7FF5A767E000
|
unkown image
|
page readonly
|
|
|
|
24D6F200000
|
unkown image
|
page readonly
|
|
|
|
7FF5A75FC000
|
unkown image
|
page readonly
|
|
|
|
2217000
|
unkown
|
page read and write
|
|
|
|
24D6EC60000
|
unkown image
|
page readonly
|
|
|
|
9E0B97B000
|
stack
|
page read and write
|
|
|
|
24D6EF02000
|
unkown
|
page read and write
|
|
|
|
24D6EE13000
|
unkown
|
page read and write
|
|
|
|
7FFC0000
|
unkown image
|
page readonly
|
|
|
|
7FFB2000
|
unkown image
|
page readonly
|
|
|
|
7FF5A7654000
|
unkown image
|
page readonly
|
|
|
|
24D6EE49000
|
unkown
|
page read and write
|
|
|
|
7FF5A763C000
|
unkown image
|
page readonly
|
|
|
|
24D6F602000
|
unkown
|
page read and write
|
|
|
|
9E0B9FE000
|
stack
|
page read and write
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
761000
|
heap default
|
page read and write
|
|
|
|
282E000
|
stack
|
page read and write
|
|
|
|
7FFC2000
|
unkown image
|
page readonly
|
|
|
|
7FF5A74D1000
|
unkown image
|
page readonly
|
|
|
|
19B000
|
unkown
|
page read and write
|
|
|
|
DE0000
|
unkown image
|
page readonly
|
|
|
|
24D6ED90000
|
unkown
|
page read and write
|
|
|
|
24D6EE3C000
|
unkown
|
page read and write
|
|
|
|
A4F000
|
stack
|
page read and write
|
|
|
|
24D6EE80000
|
unkown
|
page read and write
|
|
|
|
7FF5A6E5C000
|
unkown image
|
page readonly
|
|
|
|
7FF5A7689000
|
unkown image
|
page readonly
|
|
|
|
401000
|
unkown image
|
page execute read
|
|
|
|
7DF5BC782000
|
unkown image
|
page readonly
|
|
|
|
7FFD0000
|
unkown image
|
page readonly
|
|
|
|
7FF5A7610000
|
unkown image
|
page readonly
|
|
|
|
7FF5A7701000
|
unkown image
|
page readonly
|
|
|
|
5CE000
|
stack
|
page read and write
|
|
|
|
7FF5A760A000
|
unkown image
|
page readonly
|
|
|
|
7FF5A7563000
|
unkown image
|
page readonly
|
|
|
|
7FF5A760E000
|
unkown image
|
page readonly
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
24D6EF00000
|
unkown
|
page read and write
|
|
|
|
24D6EE00000
|
unkown
|
page read and write
|
|
|
|
27EF000
|
stack
|
page read and write
|
|
|
|
9E0BBFE000
|
stack
|
page read and write
|
|
|
|
9E0BCFC000
|
stack
|
page read and write
|
|
|
|
24D6EE5C000
|
unkown
|
page read and write
|
|
|
|
7FF5A75FA000
|
unkown image
|
page readonly
|
|
|
|
2210000
|
unkown
|
page read and write
|
|
|
|
7DF5BC792000
|
unkown image
|
page readonly
|
|
|
|
7FF5A7678000
|
unkown image
|
page readonly
|
|
|
|
401000
|
unkown image
|
page execute read
|
|
|
|
1F0000
|
unkown
|
page read and write
|
|
|
|
751000
|
heap default
|
page read and write
|
|
|
|
9E0B77E000
|
stack
|
page read and write
|
|
|
|
7FF5A7647000
|
unkown image
|
page readonly
|
|
|
|
24D6EC90000
|
heap default
|
page read and write
|
|
|
|
24D6EE8A000
|
unkown
|
page read and write
|
|
|
|
580000
|
heap default
|
page read and write
|
|
|
|
7FF5A74B3000
|
unkown image
|
page readonly
|
|
|
|
7DF5BC7A0000
|
unkown image
|
page readonly
|
|
|
|
7FF5A74F1000
|
unkown image
|
page readonly
|
|
|
|
7DF5BC780000
|
unkown image
|
page readonly
|
|
|
|
24D6EC30000
|
heap private
|
page read and write
|
|
|
|
7FFB0000
|
unkown image
|
page readonly
|
|
|
|
24D6EF13000
|
unkown
|
page read and write
|
|
|
|
7FF5A76F4000
|
unkown image
|
page readonly
|
|
|
|
C50000
|
unkown image
|
page readonly
|
|
|
|
7FFB2000
|
unkown image
|
page readonly
|
|
|
|
7FF5A765A000
|
unkown image
|
page readonly
|
|
|
|
2A6E000
|
stack
|
page read and write
|
|
|
|
2A7E000
|
unkown
|
page read and write
|
|
|
|
70E000
|
stack
|
page read and write
|
|
|
|
24D6EE54000
|
unkown
|
page read and write
|
|
|
|
7FF5A750B000
|
unkown image
|
page readonly
|
|
|
|
9E0B6FE000
|
stack
|
page read and write
|
|
|
|
7FF5A755D000
|
unkown image
|
page readonly
|
|
|
|
400000
|
unkown image
|
page readonly
|
|
|
|
7FFB0000
|
unkown image
|
page readonly
|
|
|
|
7FFD0000
|
unkown image
|
page readonly
|
|
|
|
9E0BAF7000
|
stack
|
page read and write
|
|
|
|
7FF5A71D6000
|
unkown image
|
page readonly
|
|
|
|
24D6ED70000
|
unkown image
|
page readonly
|
|
|
|
9E0B67B000
|
unkown
|
page read and write
|
|
|
|
224E000
|
stack
|
page read and write
|
|
|
|
7DF5BC790000
|
unkown image
|
page readonly
|
|
|
|
94E000
|
stack
|
page read and write
|
|
|
|
7FF5A71E5000
|
unkown image
|
page readonly
|
|
|
|
7DF5BC792000
|
unkown image
|
page readonly
|
|
|
|
7FF5A7461000
|
unkown image
|
page readonly
|
|
|
|
9D000
|
unkown
|
page read and write
|
|
|
|
24D6EC70000
|
unkown image
|
page readonly
|
|
|
|
24D6EF08000
|
unkown
|
page read and write
|
|
|
|
7FF5A768D000
|
unkown image
|
page readonly
|
|
|
|
7FF5A7627000
|
unkown image
|
page readonly
|
|
|
|
7FF5A750E000
|
unkown image
|
page readonly
|
|
|
|
7DF5BC780000
|
unkown image
|
page readonly
|
|
|
|
1A0000
|
unkown image
|
page readonly
|
|
|
|
24D6EE8D000
|
unkown
|
page read and write
|
|
|
|
24D6EE5F000
|
unkown
|
page read and write
|
|
|
|
71A000
|
heap default
|
page read and write
|
|
|
|
7DF5BC782000
|
unkown image
|
page readonly
|
|
|
|
24D6F380000
|
unkown image
|
page readonly
|
|
|
|
7FEB0000
|
unkown image
|
page readonly
|
|
|
|
292F000
|
stack
|
page read and write
|
|
|
|
7FF5A757C000
|
unkown image
|
page readonly
|
|
|
|
7FF5A761B000
|
unkown image
|
page readonly
|
|
|
|
24D6EC40000
|
unkown image
|
page readonly
|
|
|
|
3F6000
|
unkown
|
page read and write
|
|
|
|
2390000
|
unkown
|
page read and write
|
|
|
|
24D6EE59000
|
unkown
|
page read and write
|
|
|
|
A50000
|
unkown image
|
page readonly
|
|
|
|
400000
|
unkown image
|
page readonly
|
|
|
|
23A0000
|
heap private
|
page read and write
|
|
|
|
4A0000
|
unkown image
|
page write copy
|
|
|
|
30000
|
unkown image
|
page read and write
|
|
|
|
C60000
|
unkown image
|
page readonly
|
|
|
|
710000
|
heap default
|
page read and write
|
|
|
|
4A0000
|
unkown image
|
page read and write
|
|
|
|
7DF5BC7A0000
|
unkown image
|
page readonly
|
|
|
|
24D6EC40000
|
unkown image
|
page readonly
|
|
|
|
6CF000
|
stack
|
page read and write
|
|
|
|
7DF4BA650000
|
unkown image
|
page readonly
|
|
|
|
24D6F000000
|
unkown image
|
page readonly
|
|
|
|
234F000
|
stack
|
page read and write
|
|
|
|
7FF5A76FA000
|
unkown image
|
page readonly
|
|
|
|
7FF5A728A000
|
unkown image
|
page readonly
|
|
|
|
7FF5A7615000
|
unkown image
|
page readonly
|
|
|
|
3F2000
|
unkown
|
page read and write
|
|
|
|
238E000
|
stack
|
page read and write
|
|
|
|
9E0BDFF000
|
stack
|
page read and write
|
|
|
|
7DF5BC790000
|
unkown image
|
page readonly
|
|
|
|
7FF5A71D0000
|
unkown image
|
page readonly
|
|
|
|
24D6EC20000
|
unkown image
|
page read and write
|
|
|
|
7FFC2000
|
unkown image
|
page readonly
|
|
|
|
7FF5A7686000
|
unkown image
|
page readonly
|
|
There are 137 hidden memdumps, click here to show them.