Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Order_002376662-579588_Date 24082022.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\nsa7CF6.tmp\System.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
modified
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Sigtelinjens\Tvtningerne\Forhaanet.Nab
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Sigtelinjens\Tvtningerne\Holograph\Towy\Dgnrytmers\GPUPowerSavingConfigEditor.dll
|
PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Sigtelinjens\Tvtningerne\Holograph\Towy\Dgnrytmers\face-cool.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Sigtelinjens\Tvtningerne\Kalligraferendes\Quantisers\Aqua_20.bmp
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 100x100, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=3], baseline, precision 8, 110x110, frames 3
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Sigtelinjens\Tvtningerne\Noneffervescently.Cre
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Sigtelinjens\Tvtningerne\Tilegnelserne\Suppegrydernes79\iso_3166-1.json
|
UTF-8 Unicode text
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Order_002376662-579588_Date 24082022.exe
|
"C:\Users\user\Desktop\Order_002376662-579588_Date 24082022.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
|
"C:\Users\user\Desktop\Order_002376662-579588_Date 24082022.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://crl.certum.pl/ctnca2.crl0l
|
unknown
|
||
|
http://repository.certum.pl/ctnca2.cer09
|
unknown
|
||
|
http://crl.certum.pl/ctsca2021.crl0o
|
unknown
|
||
|
http://nsis.sf.net/NSIS_Error
|
unknown
|
||
|
http://repository.certum.pl/ctnca.cer09
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
http://repository.certum.pl/ctsca2021.cer0
|
unknown
|
||
|
http://crl.certum.pl/ctnca.crl0k
|
unknown
|
||
|
http://subca.ocsp-certum.com05
|
unknown
|
||
|
http://www.certum.pl/CPS0
|
unknown
|
||
|
http://subca.ocsp-certum.com02
|
unknown
|
||
|
http://subca.ocsp-certum.com01
|
unknown
|
There are 2 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
mnhckm.tk
|
45.8.132.92
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
45.8.132.92
|
mnhckm.tk
|
Germany
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Platooned\Ananthropism
|
Swithen
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Trakeotomis
|
Brndboringen
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fallalishly
|
Navigationsskoler
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Outsnores\Begre\Bonusernes\Skovdistrikts
|
Chold146
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
F70000
|
remote allocation
|
page execute and read and write
|
|
|
|
F70000
|
remote allocation
|
page execute and read and write
|
|
|
|
3500000
|
direct allocation
|
page execute and read and write
|
|
|
|
422000
|
unkown
|
page read and write
|
||
|
F60000
|
remote allocation
|
page read and write
|
||
|
1114000
|
heap
|
page read and write
|
||
|
E6EB1FB000
|
stack
|
page read and write
|
||
|
1BF4E632000
|
heap
|
page read and write
|
||
|
2CE970CD000
|
heap
|
page read and write
|
||
|
2CE9790F000
|
heap
|
page read and write
|
||
|
2CE97040000
|
heap
|
page read and write
|
||
|
1BF4E613000
|
heap
|
page read and write
|
||
|
2CE97024000
|
heap
|
page read and write
|
||
|
8D0000
|
trusted library allocation
|
page read and write
|
||
|
3410000
|
heap
|
page read and write
|
||
|
235F000
|
stack
|
page read and write
|
||
|
3601000
|
trusted library allocation
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
1BF4E450000
|
heap
|
page read and write
|
||
|
14CE000
|
stack
|
page read and write
|
||
|
2CE970CD000
|
heap
|
page read and write
|
||
|
11D4000
|
heap
|
page read and write
|
||
|
10005000
|
unkown
|
page readonly
|
||
|
1BF4E67D000
|
heap
|
page read and write
|
||
|
2D80000
|
trusted library allocation
|
page read and write
|
||
|
158E000
|
stack
|
page read and write
|
||
|
2CE97913000
|
heap
|
page read and write
|
||
|
17318FA000
|
stack
|
page read and write
|
||
|
E6EAFFE000
|
stack
|
page read and write
|
||
|
2CE97970000
|
heap
|
page read and write
|
||
|
E6EB0FD000
|
stack
|
page read and write
|
||
|
3240000
|
trusted library allocation
|
page read and write
|
||
|
98000
|
stack
|
page read and write
|
||
|
277E000
|
stack
|
page read and write
|
||
|
2CE96F20000
|
unclassified section
|
page readonly
|
||
|
1BF4EDC0000
|
trusted library allocation
|
page read and write
|
||
|
2CE97974000
|
heap
|
page read and write
|
||
|
33FC000
|
stack
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
1BF4E5D0000
|
heap
|
page read and write
|
||
|
4FD000
|
heap
|
page read and write
|
||
|
1BF4E602000
|
heap
|
page read and write
|
||
|
2CE9793B000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
10F0000
|
heap
|
page read and write
|
||
|
2CE970A4000
|
heap
|
page read and write
|
||
|
10D9000
|
heap
|
page read and write
|
||
|
1BF4E63B000
|
heap
|
page read and write
|
||
|
2CE97970000
|
heap
|
page read and write
|
||
|
2CE970B9000
|
heap
|
page read and write
|
||
|
E6EB2FE000
|
stack
|
page read and write
|
||
|
2CE97102000
|
heap
|
page read and write
|
||
|
52C000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2CE97100000
|
heap
|
page read and write
|
||
|
4B0000
|
heap
|
page read and write
|
||
|
2CE97929000
|
heap
|
page read and write
|
||
|
4B5000
|
heap
|
page read and write
|
||
|
17316FF000
|
stack
|
page read and write
|
||
|
287F000
|
stack
|
page read and write
|
||
|
1BF4E66B000
|
heap
|
page read and write
|
||
|
2CE96F30000
|
heap
|
page read and write
|
||
|
1BF4E600000
|
heap
|
page read and write
|
||
|
2CE9794B000
|
heap
|
page read and write
|
||
|
108B000
|
heap
|
page read and write
|
||
|
2CE9790E000
|
heap
|
page read and write
|
||
|
20000
|
unclassified section
|
page readonly
|
||
|
10F3000
|
heap
|
page read and write
|
||
|
3400000
|
heap
|
page read and write
|
||
|
2CE9795B000
|
heap
|
page read and write
|
||
|
507000
|
heap
|
page read and write
|
||
|
2CE9797C000
|
heap
|
page read and write
|
||
|
E6EAF79000
|
stack
|
page read and write
|
||
|
1380000
|
heap
|
page read and write
|
||
|
43A000
|
unkown
|
page read and write
|
||
|
2CE9796B000
|
heap
|
page read and write
|
||
|
10DF000
|
heap
|
page read and write
|
||
|
504000
|
heap
|
page read and write
|
||
|
516000
|
heap
|
page read and write
|
||
|
148E000
|
stack
|
page read and write
|
||
|
32FC000
|
stack
|
page read and write
|
||
|
2CE97937000
|
heap
|
page read and write
|
||
|
10020000
|
trusted library allocation
|
page read and write
|
||
|
2CE970A8000
|
heap
|
page read and write
|
||
|
1C481000
|
heap
|
page read and write
|
||
|
10DF000
|
heap
|
page read and write
|
||
|
1590000
|
trusted library allocation
|
page read and write
|
||
|
2CE9707E000
|
heap
|
page read and write
|
||
|
2CE9797C000
|
heap
|
page read and write
|
||
|
1BF4E651000
|
heap
|
page read and write
|
||
|
1BF4E702000
|
heap
|
page read and write
|
||
|
2CE97089000
|
heap
|
page read and write
|
||
|
2CE970AB000
|
heap
|
page read and write
|
||
|
2360000
|
heap
|
page read and write
|
||
|
2CE96F80000
|
trusted library allocation
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
2CE970B6000
|
heap
|
page read and write
|
||
|
528000
|
heap
|
page read and write
|
||
|
2CE9792C000
|
heap
|
page read and write
|
||
|
10F8000
|
heap
|
page read and write
|
||
|
2CE9792D000
|
heap
|
page read and write
|
||
|
10059000
|
trusted library allocation
|
page read and write
|
||
|
10E3000
|
heap
|
page read and write
|
||
|
2CE9797C000
|
heap
|
page read and write
|
||
|
1CE9E000
|
stack
|
page read and write
|
||
|
2CE97815000
|
heap
|
page read and write
|
||
|
2CE97094000
|
heap
|
page read and write
|
||
|
1BF4E669000
|
heap
|
page read and write
|
||
|
1BF4E640000
|
heap
|
page read and write
|
||
|
43C000
|
unkown
|
page readonly
|
||
|
2CE970AD000
|
heap
|
page read and write
|
||
|
26D0000
|
heap
|
page read and write
|
||
|
2CE970A5000
|
heap
|
page read and write
|
||
|
1D0000
|
unclassified section
|
page readonly
|
||
|
2CE970BD000
|
heap
|
page read and write
|
||
|
43C000
|
unkown
|
page readonly
|
||
|
50F000
|
heap
|
page read and write
|
||
|
1BF4E5C0000
|
unclassified section
|
page readonly
|
||
|
2364000
|
heap
|
page read and write
|
||
|
3200000
|
trusted library allocation
|
page read and write
|
||
|
1080000
|
heap
|
page read and write
|
||
|
1BF4E62A000
|
heap
|
page read and write
|
||
|
12B1000
|
trusted library allocation
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
2CE97956000
|
heap
|
page read and write
|
||
|
2CE9790F000
|
heap
|
page read and write
|
||
|
1BF4E620000
|
heap
|
page read and write
|
||
|
4C8000
|
heap
|
page read and write
|
||
|
1CF9E000
|
stack
|
page read and write
|
||
|
2CE97902000
|
heap
|
page read and write
|
||
|
2CE970BD000
|
heap
|
page read and write
|
||
|
1CDBE000
|
stack
|
page read and write
|
||
|
2CE97940000
|
heap
|
page read and write
|
||
|
1C870000
|
heap
|
page read and write
|
||
|
2CE97800000
|
heap
|
page read and write
|
||
|
1E5000
|
heap
|
page read and write
|
||
|
2CE9792C000
|
heap
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
1BF4E660000
|
heap
|
page read and write
|
||
|
1129000
|
heap
|
page read and write
|
||
|
2CE97081000
|
heap
|
page read and write
|
||
|
3A30000
|
trusted library allocation
|
page read and write
|
||
|
1BF4E65D000
|
heap
|
page read and write
|
||
|
11BE000
|
stack
|
page read and write
|
||
|
2CE97113000
|
heap
|
page read and write
|
||
|
2CE9792C000
|
heap
|
page read and write
|
||
|
1BF4E66D000
|
heap
|
page read and write
|
||
|
2CE97932000
|
heap
|
page read and write
|
||
|
2CE9707F000
|
heap
|
page read and write
|
||
|
17317FE000
|
stack
|
page read and write
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
426000
|
unkown
|
page read and write
|
||
|
2CE97000000
|
heap
|
page read and write
|
||
|
1BF4E666000
|
heap
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
2CE9706F000
|
heap
|
page read and write
|
||
|
2CE9792A000
|
heap
|
page read and write
|
||
|
1BF4EE02000
|
trusted library allocation
|
page read and write
|
||
|
2CE97013000
|
heap
|
page read and write
|
||
|
2CE9792F000
|
heap
|
page read and write
|
||
|
10B0000
|
heap
|
page read and write
|
||
|
10003000
|
unkown
|
page readonly
|
||
|
1BF4E647000
|
heap
|
page read and write
|
||
|
173115B000
|
stack
|
page read and write
|
||
|
10F4000
|
heap
|
page read and write
|
||
|
10FB000
|
heap
|
page read and write
|
||
|
2CE97071000
|
heap
|
page read and write
|
||
|
1108000
|
heap
|
page read and write
|
||
|
2CE9790E000
|
heap
|
page read and write
|
||
|
1108000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
408000
|
unkown
|
page readonly
|
||
|
E6EAA9B000
|
stack
|
page read and write
|
||
|
2CE9796D000
|
heap
|
page read and write
|
||
|
2CE9792C000
|
heap
|
page read and write
|
||
|
10E3000
|
heap
|
page read and write
|
||
|
2CE97941000
|
heap
|
page read and write
|
||
|
1BF4E66D000
|
heap
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
28DC000
|
trusted library allocation
|
page read and write
|
||
|
2CE97900000
|
heap
|
page read and write
|
||
|
1340000
|
trusted library allocation
|
page read and write
|
||
|
E3C000
|
stack
|
page read and write
|
||
|
2CE97929000
|
heap
|
page read and write
|
||
|
2CE97976000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
2CE96E10000
|
heap
|
page read and write
|
||
|
1BF4E655000
|
heap
|
page read and write
|
||
|
2CE96F10000
|
unclassified section
|
page readonly
|
||
|
10C7000
|
heap
|
page read and write
|
||
|
1C6BE000
|
unkown
|
page read and write
|
||
|
110E000
|
heap
|
page read and write
|
||
|
1BF4E4B0000
|
heap
|
page read and write
|
||
|
225E000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2CE97051000
|
heap
|
page read and write
|
||
|
1BF4E663000
|
heap
|
page read and write
|
||
|
F3C000
|
stack
|
page read and write
|
||
|
1BF4E64A000
|
heap
|
page read and write
|
||
|
10FB000
|
heap
|
page read and write
|
||
|
1CFB0000
|
heap
|
page read and write
|
||
|
2CE97802000
|
heap
|
page read and write
|
||
|
E6EB3FC000
|
stack
|
page read and write
|
||
|
2CE970BD000
|
heap
|
page read and write
|
||
|
11D0000
|
heap
|
page read and write
|
||
|
51C000
|
heap
|
page read and write
|
||
|
E6EB4FC000
|
stack
|
page read and write
|
||
|
2CE97974000
|
heap
|
page read and write
|
||
|
10FD000
|
heap
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
2CE96DA0000
|
heap
|
page read and write
|
||
|
2380000
|
heap
|
page read and write
|
||
|
42A000
|
unkown
|
page read and write
|
||
|
10DC000
|
heap
|
page read and write
|
||
|
2CE97976000
|
heap
|
page read and write
|
||
|
1C480000
|
heap
|
page read and write
|
||
|
1BF4E5B0000
|
unclassified section
|
page readonly
|
||
|
2CE97910000
|
heap
|
page read and write
|
There are 208 hidden memdumps, click here to show them.