Behavioral task
behavioral1
Sample
2000-65-0x0000000000400000-0x000000000042F000-memory.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
2000-65-0x0000000000400000-0x000000000042F000-memory.exe
Resource
win10v2004-20220812-en
General
-
Target
2000-65-0x0000000000400000-0x000000000042F000-memory.dmp
-
Size
188KB
-
MD5
8e17a09307ae5ab7b16a7f28f0dde698
-
SHA1
ba09d039cdda7e54d64b26f94255b2e019446af2
-
SHA256
8629ecc7583af52cfc3a2898c7c01c1b4344bf24bd60e7a8a2f1771f5d2f43b0
-
SHA512
48b28c7daafc47805732790c051a0dd26a2aeabe06fcefc6baf42ec866faf6c49b2d58a8c8809909a58b18aea9797e048a1a52444116d38364bf66c81b5ad2d2
-
SSDEEP
3072:lqXONkOlwpno75f3esylwb6y1KNHsLv6Z/mZjiLBGm:5jfe7G6y1KNPZ/KGL
Malware Config
Extracted
formbook
4.1
k04s
draanabellrojas.com
in03.one
kyraloves.co.uk
laluma.store
londoncell.com
kanurikibueadvocates.com
buyeasynow.net
escapefromtarkov-wiki.com
crewint.net
f-b.boats
beautyaidstudio.com
ashfieldconsultancy.uk
dlogsadood.com
ftgam.xyz
constantinopanama.com
yellowpocket.africa
konyil.com
easomobility.com
1135wickloecourt.com
indexb2b.com
kabridates.com
forty04.com
fourjaysgsps.com
bukkaluy.com
elvanite.co.uk
ccnds.online
medicswellnessconsult.africa
dashuzhupin.com
woodstockwine.africa
advisorsforcharities.com
jathinel.com
bwin6789.com
brandologic.net
courier.africa
f6zx.shop
efefcondemned.buzz
cosmochroniclesblog.com
karmaapps.site
kielenki.africa
classbetter.online
ffp78.com
goodwebob.com
facroryoutletstore.com
kart746.xyz
current-vaancies.com
fourblendedsistas.store
anjuhepay.com
lawexpert9.info
family-doctor-96425.com
telcs.net
huodede.com
clarkwire.xyz
aliencultist.com
innovantexclusive.com
theepiclandings.net
happy-christmass.com
bearcreekwood.com
370zhitch.com
game2casino.com
betternook.com
ginkfazoltrelo.info
andyrichardsonwv.com
handygiftstore.com
orientalwholesale.uk
naijabrain.africa
Files
-
2000-65-0x0000000000400000-0x000000000042F000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 180KB - Virtual size: 180KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ