Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
diatomaceous.dat.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\Desktop\diatomaceous.dat.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\diatomaceous.dat.dll"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\diatomaceous.dat.dll",#1
|
|
|
|
C:\Windows\SysWOW64\regsvr32.exe
|
regsvr32.exe /s C:\Users\user\Desktop\diatomaceous.dat.dll
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\diatomaceous.dat.dll",#1
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\diatomaceous.dat.dll,DllRegisterServer
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\diatomaceous.dat.dll,DllUnregisterServer
|
|
|
|
C:\Windows\SysWOW64\wermgr.exe
|
C:\Windows\SysWOW64\wermgr.exe
|
|
|
|
C:\Windows\SysWOW64\wermgr.exe
|
C:\Windows\SysWOW64\wermgr.exe
|
|
|
|
C:\Windows\SysWOW64\wermgr.exe
|
C:\Windows\SysWOW64\wermgr.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Eaiaomldskz
|
b501c7c4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Eaiaomldskz
|
809e178a
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Eaiaomldskz
|
82df37f6
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Eaiaomldskz
|
3a635093
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Eaiaomldskz
|
476b1f19
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Eaiaomldskz
|
ffd7787c
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Eaiaomldskz
|
382270ef
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Eaiaomldskz
|
ca48a832
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Eaiaomldskz
|
b501c7c4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Eaiaomldskz
|
b501c7c4
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2520000
|
system
|
page execute and read and write
|
|
|
|
3000000
|
trusted library allocation
|
page read and write
|
|
|
|
4960000
|
trusted library allocation
|
page read and write
|
|
|
|
2BC0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
2B70000
|
trusted library allocation
|
page read and write
|
|
|
|
2520000
|
system
|
page execute and read and write
|
|
|
|
2BC0000
|
system
|
page execute and read and write
|
|
|
|
4AD0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
4AF0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
2580000
|
system
|
page execute and read and write
|
|
|
|
2580000
|
system
|
page execute and read and write
|
|
|
|
4C41000
|
heap
|
page read and write
|
||
|
6DAA6000
|
unkown
|
page readonly
|
||
|
4A35000
|
trusted library allocation
|
page read and write
|
||
|
4C16000
|
heap
|
page read and write
|
||
|
4460000
|
trusted library allocation
|
page read and write
|
||
|
6CB000
|
heap
|
page read and write
|
||
|
4A9F000
|
stack
|
page read and write
|
||
|
2DF0000
|
trusted library allocation
|
page read and write
|
||
|
2B90000
|
unkown
|
page readonly
|
||
|
2500000
|
unkown
|
page readonly
|
||
|
4C25000
|
heap
|
page read and write
|
||
|
2B6F000
|
stack
|
page read and write
|
||
|
26AE66C0000
|
heap
|
page readonly
|
||
|
43DF000
|
heap
|
page read and write
|
||
|
4A2E000
|
trusted library allocation
|
page read and write
|
||
|
4C25000
|
heap
|
page read and write
|
||
|
B1F000
|
stack
|
page read and write
|
||
|
6DA51000
|
unkown
|
page execute read
|
||
|
25B0000
|
remote allocation
|
page read and write
|
||
|
4BA0000
|
heap
|
page read and write
|
||
|
ABC000
|
stack
|
page read and write
|
||
|
2BA0000
|
unkown
|
page readonly
|
||
|
2550000
|
unkown
|
page readonly
|
||
|
4860000
|
heap
|
page read and write
|
||
|
2500000
|
unkown
|
page readonly
|
||
|
4EB0000
|
trusted library allocation
|
page read and write
|
||
|
B60000
|
heap
|
page read and write
|
||
|
A84000
|
heap
|
page read and write
|
||
|
4A20000
|
trusted library allocation
|
page read and write
|
||
|
4F31000
|
heap
|
page read and write
|
||
|
24AC000
|
stack
|
page read and write
|
||
|
26AE6730000
|
trusted library allocation
|
page read and write
|
||
|
4C1F000
|
heap
|
page read and write
|
||
|
2BA0000
|
unkown
|
page readonly
|
||
|
4CA0000
|
heap
|
page read and write
|
||
|
4A1F000
|
trusted library allocation
|
page read and write
|
||
|
5F7C000
|
trusted library allocation
|
page read and write
|
||
|
4A20000
|
trusted library allocation
|
page read and write
|
||
|
5F7C000
|
trusted library allocation
|
page read and write
|
||
|
2570000
|
unkown
|
page read and write
|
||
|
597A000
|
trusted library allocation
|
page read and write
|
||
|
4BF1000
|
heap
|
page read and write
|
||
|
4C0F000
|
heap
|
page read and write
|
||
|
4A31000
|
trusted library allocation
|
page read and write
|
||
|
560000
|
trusted library allocation
|
page read and write
|
||
|
4A1F000
|
trusted library allocation
|
page read and write
|
||
|
24F0000
|
unkown
|
page readonly
|
||
|
690000
|
heap
|
page read and write
|
||
|
4F31000
|
heap
|
page read and write
|
||
|
26AE571C000
|
heap
|
page read and write
|
||
|
4EB0000
|
trusted library allocation
|
page read and write
|