IOC Report
rslogixbuddy.exe

loading gif

Files

File Path
Type
Category
Malicious
rslogixbuddy.exe
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\rslogixbuddy.exe.log
CSV text
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bpnaoii5.d1s.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wr1liv1d.obg.psm1
ASCII text, with no line terminators
dropped
\Device\ConDrv
ASCII text, with CRLF line terminators
dropped

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\rslogixbuddy.exe
C:\Users\user\Desktop\rslogixbuddy.exe
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

URLs

Name
IP
Malicious
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown

Memdumps

Base Address
Regiontype
Protect
Malicious
2F1E000
trusted library allocation
page read and write
7FFD9B780000
trusted library allocation
page read and write
DD0000
trusted library allocation
page read and write
1B760000
heap
page read and write
7FFD9B773000
trusted library allocation
page execute and read and write
1CAEF000
stack
page read and write
7FFD9B9A0000
trusted library allocation
page read and write
D3E000
stack
page read and write
2A29000
trusted library allocation
page read and write
1B65E000
stack
page read and write
A90000
heap
page read and write
F75000
heap
page read and write
2A11000
trusted library allocation
page read and write
A50000
heap
page read and write
2A2B000
trusted library allocation
page read and write
7F3000
stack
page read and write
2B37000
trusted library allocation
page read and write
2B68000
trusted library allocation
page read and write
7FFD9B980000
trusted library allocation
page execute and read and write
6B0000
unkown
page readonly
7FFD9BA10000
trusted library allocation
page read and write
DF0000
heap
page read and write
7FF4A6D50000
trusted library allocation
page execute and read and write
29F1000
trusted library allocation
page read and write
EFE000
stack
page read and write
2890000
trusted library allocation
page read and write
1BD5B000
stack
page read and write
7FFD9BA30000
trusted library allocation
page read and write
129F1000
trusted library allocation
page read and write
7FFD9B950000
trusted library allocation
page read and write
F60000
heap
page read and write
2EE0000
trusted library allocation
page read and write
7FFD9B77D000
trusted library allocation
page execute and read and write
7FFD9B940000
trusted library allocation
page execute and read and write
7FFD9B9E0000
trusted library allocation
page read and write
D40000
heap
page read and write
A5C000
heap
page read and write
7FFD9B7CC000
trusted library allocation
page execute and read and write
1B784000
heap
page read and write
1B550000
heap
page execute and read and write
1B680000
heap
page read and write
29EF000
stack
page read and write
7FFD9B890000
trusted library allocation
page execute and read and write
1B48E000
stack
page read and write
A7B000
heap
page read and write
12A65000
trusted library allocation
page read and write
7FFD9BA50000
trusted library allocation
page read and write
2B6F000
trusted library allocation
page read and write
2FA0000
trusted library allocation
page read and write
7FFD9B9D0000
trusted library allocation
page read and write
7FFD9B918000
trusted library allocation
page read and write
A40000
heap
page read and write
7FFD9B926000
trusted library allocation
page read and write
7FFD9B9C0000
trusted library allocation
page read and write
2B2D000
trusted library allocation
page read and write
D60000
heap
page read and write
1B7DF000
heap
page read and write
7FFD9B774000
trusted library allocation
page read and write
7FFD9B9B0000
trusted library allocation
page read and write
7FFD9B957000
trusted library allocation
page read and write
A56000
heap
page read and write
2B3A000
trusted library allocation
page read and write
7FFD9B960000
trusted library allocation
page execute and read and write
7FFD9B820000
trusted library allocation
page read and write
1B79C000
heap
page read and write
A6F000
heap
page read and write
1B380000
heap
page read and write
7FFD9B920000
trusted library allocation
page read and write
28DE000
stack
page read and write
2B2A000
trusted library allocation
page read and write
7FFD9B78D000
trusted library allocation
page execute and read and write
1B775000
heap
page read and write
7FFD9B929000
trusted library allocation
page read and write
2F0F000
trusted library allocation
page read and write
7FFD9B990000
trusted library allocation
page read and write
DF5000
heap
page read and write
7FFD9BA40000
trusted library allocation
page read and write
7FFD9B856000
trusted library allocation
page execute and read and write
6B2000
unkown
page readonly
7FFD9B772000
trusted library allocation
page read and write
7FFD9BA00000
trusted library allocation
page read and write
2F18000
trusted library allocation
page read and write
7FFD9B790000
trusted library allocation
page read and write
7FFD9B9F0000
trusted library allocation
page read and write
1B7C4000
heap
page read and write
A93000
heap
page read and write
1C9EE000
stack
page read and write
107E000
stack
page read and write
2B33000
trusted library allocation
page read and write
129FF000
trusted library allocation
page read and write
DB0000
trusted library allocation
page read and write
1BE5E000
stack
page read and write
1B7E3000
heap
page read and write
1B95E000
stack
page read and write
C20000
heap
page read and write