Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
FACTURAS.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\M9XgMRXaN30mgEl56ja236
|
data
|
dropped
|
 |
|
|
C:\Users\user\AppData\Local\Temp\~DF6CBEB2FF77188695.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\FACTURAS.exe
|
"C:\Users\user\Desktop\FACTURAS.exe"
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\Turcize6\Sacrocotyloidean8
|
SLIDFAST
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3060000
|
unkown
|
page execute and read and write
|
|
|
|
7FF57B867000
|
unkown image
|
page readonly
|
|
|
|
7FF59B651000
|
unkown image
|
page readonly
|
|
|
|
46B55FE000
|
stack
|
page read and write
|
|
|
|
7FF5A2E4E000
|
unkown image
|
page readonly
|
|
|
|
1F242D02000
|
unkown
|
page read and write
|
|
|
|
7FF59B1C7000
|
unkown image
|
page readonly
|
|
|
|
7FF4F6BC9000
|
unkown image
|
page readonly
|
|
|
|
2C40000
|
unkown image
|
page read and write
|
|
|
|
7FF57B165000
|
unkown image
|
page readonly
|
|
|
|
7DF5B1240000
|
unkown image
|
page readonly
|
|
|
|
2435188B000
|
unkown
|
page read and write
|
|
|
|
7FF4F6B2C000
|
unkown image
|
page readonly
|
|
|
|
46B5579000
|
stack
|
page read and write
|
|
|
|
7FF5072F7000
|
unkown image
|
page readonly
|
|
|
|
7FF506EA1000
|
unkown image
|
page readonly
|
|
|
|
1F74A579000
|
unkown
|
page read and write
|
|
|
|
7FF4F69E2000
|
unkown image
|
page readonly
|
|
|
|
7D259F9000
|
stack
|
page read and write
|
|
|
|
7FF59B4BB000
|
unkown image
|
page readonly
|
|
|
|
7FF50733A000
|
unkown image
|
page readonly
|
|
|
|
24351770000
|
unkown image
|
page readonly
|
|
|
|
7FF5DCC73000
|
unkown image
|
page readonly
|
|
|
|
7FF59AD23000
|
unkown image
|
page readonly
|
|
|
|
7FF5A34D3000
|
unkown image
|
page readonly
|
|
|
|
17E0A770000
|
unkown image
|
page readonly
|
|
|
|
17E0A990000
|
unkown
|
page read and write
|
|
|
|
7DF4A7190000
|
unkown image
|
page readonly
|
|
|
|
1F74A51C000
|
unkown
|
page read and write
|
|
|
|
2A4A1713000
|
unkown
|
page read and write
|
|
|
|
1F74A57D000
|
unkown
|
page read and write
|
|
|
|
7FF59B580000
|
unkown image
|
page readonly
|
|
|
|
24357000000
|
unkown
|
page read and write
|
|
|
|
DC5967F000
|
stack
|
page read and write
|
|
|
|
7DF589590000
|
unkown image
|
page readonly
|
|
|
|
24357021000
|
unkown
|
page read and write
|
|
|
|
2A4A18D0000
|
unkown image
|
page readonly
|
|
|
|
243517A0000
|
heap default
|
page read and write
|
|
|
|
1F74A581000
|
unkown
|
page read and write
|
|
|
|
7FF5DCCDD000
|
unkown image
|
page readonly
|
|
|
|
DC58EFF000
|
stack
|
page read and write
|
|
|
|
1F749B50000
|
unkown image
|
page readonly
|
|
|
|
7FF4F6C99000
|
unkown image
|
page readonly
|
|
|
|
7FF5DCCBE000
|
unkown image
|
page readonly
|
|
|
|
7FF4F6C37000
|
unkown image
|
page readonly
|
|
|
|
424000
|
unkown image
|
page readonly
|
|
|
|
7FFD0000
|
unkown image
|
page readonly
|
|
|
|
2A4A1700000
|
unkown
|
page read and write
|
|
|
|
7FF4F6BF7000
|
unkown image
|
page readonly
|
|
|
|
1F74A5D0000
|
unkown
|
page read and write
|
|
|
|
24351913000
|
unkown
|
page read and write
|
|
|
|
1F74A5A5000
|
unkown
|
page read and write
|
|
|
|
7FF4F6A62000
|
unkown image
|
page readonly
|
|
|
|
DC59779000
|
stack
|
page read and write
|
|
|
|
24357040000
|
unkown
|
page read and write
|
|
|
|
7FF59B56D000
|
unkown image
|
page readonly
|
|
|
|
17E0AA55000
|
heap private
|
page read and write
|
|
|
|
24356F02000
|
unkown
|
page read and write
|
|
|
|
7FF4F6992000
|
unkown image
|
page readonly
|
|
|
|
7FF4F69D4000
|
unkown image
|
page readonly
|
|
|
|
1E3FC2C0000
|
unkown
|
page read and write
|
|
|
|
2A4A1AD0000
|
unkown image
|
page readonly
|
|
|
|
7FF59B237000
|
unkown image
|
page readonly
|
|
|
|
1F74A3B0000
|
unkown image
|
page read and write
|
|
|
|
C0019FA000
|
stack
|
page read and write
|
|
|
|
7FF4F6A8D000
|
unkown image
|
page readonly
|
|
|
|
7DF5B1230000
|
unkown image
|
page readonly
|
|
|
|
1F74A3A0000
|
unkown
|
page read and write
|
|
|
|
24352900000
|
unkown image
|
page readonly
|
|
|
|
24351730000
|
unkown image
|
page read and write
|
|
|
|
7FF50731E000
|
unkown image
|
page readonly
|
|