Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
py.ps1
|
ASCII text, with very long lines (65346), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\notepad.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_b0zzjtad.urv.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_joyns0zn.t4f.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qcgvnz3n.01j.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vrf1tlnt.y2e.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5Z3O7SBU59ZQU5LJUYPU.temp
|
data
|
dropped
|
||
|
\Device\ConDrv
|
ASCII text
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\py.ps1"
|
|
|
|
C:\Windows\System32\notepad.exe
|
C:\Windows\System32\notepad.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
nmds.duckdns.org
|
|
||
|
https://github.com/DARKNOSY/Rush-PowerShell-Obfuscator
|
unknown
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1D114C51000
|
trusted library allocation
|
page read and write
|
|
|
|
1D114A90000
|
trusted library section
|
page read and write
|
|
|
|
11C87117000
|
trusted library allocation
|
page read and write
|
||
|
B5FA7E000
|
stack
|
page read and write
|
||
|
B6007E000
|
stack
|
page read and write
|
||
|
B5F7A5000
|
stack
|
page read and write
|
||
|
11C83F17000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34942000
|
trusted library allocation
|
page read and write
|
||
|
1D113194000
|
heap
|
page read and write
|
||
|
1D113100000
|
heap
|
page read and write
|
||
|
7FFD347B0000
|
trusted library allocation
|
page read and write
|
||
|
1D113189000
|
heap
|
page read and write
|
||
|
1D113223000
|
heap
|
page read and write
|
||
|
B60D0E000
|
stack
|
page read and write
|
||
|
1D114A50000
|
trusted library allocation
|
page read and write
|
||
|
1D114AC0000
|
trusted library allocation
|
page read and write
|
||
|
1D114AC0000
|
trusted library allocation
|
page read and write
|
||
|
1D113227000
|
heap
|
page read and write
|
||
|
1D11318E000
|
heap
|
page read and write
|
||
|
7FFD34886000
|
trusted library allocation
|
page execute and read and write
|
||
|
B5FF7C000
|
stack
|
page read and write
|
||
|
1D114AB0000
|
trusted library allocation
|
page read and write
|
||
|
B5FE7D000
|
stack
|
page read and write
|
||
|
25499F0000
|
stack
|
page read and write
|
||
|
1D114B30000
|
heap
|
page read and write
|
||
|
1D11318C000
|
heap
|
page read and write
|
||
|
1D113158000
|
heap
|
page read and write
|
||
|
1D113230000
|
heap
|
page read and write
|
||
|
1D1131FB000
|
heap
|
page read and write
|
||
|
11C84917000
|
trusted library allocation
|
page read and write
|
||
|
1D114AB3000
|
trusted library allocation
|
page read and write
|
||
|
2549F7E000
|
stack
|
page read and write
|
||
|
B5FB7D000
|
stack
|
page read and write
|
||
|
1D114A70000
|
heap
|
page read and write
|
||
|
11C82B17000
|
trusted library allocation
|
page read and write
|
||
|
1D114AB0000
|
trusted library allocation
|
page read and write
|
||
|
1D11318C000
|
heap
|
page read and write
|
||
|
1D114B41000
|
heap
|
page read and write
|
||
|
1D114AC0000
|
trusted library allocation
|
page read and write
|
||
|
1D113189000
|
heap
|
page read and write
|
||
|
1D114AB0000
|
trusted library allocation
|
page read and write
|
||
|
1D112FC0000
|
unkown
|
page execute read
|
||
|
7FFD34940000
|
trusted library allocation
|
page read and write
|
||
|
1D112FE0000
|
heap
|
page read and write
|
||
|
1D113218000
|
heap
|
page read and write
|
||
|
1D124C59000
|
trusted library allocation
|
page read and write
|
||
|
B5FD7F000
|
stack
|
page read and write
|
||
|
B6027B000
|
stack
|
page read and write
|
||
|
1D114AC0000
|
trusted library allocation
|
page read and write
|
||
|
1D113192000
|
heap
|
page read and write
|
||
|
B601FE000
|
stack
|
page read and write
|
||
|
2549D7E000
|
stack
|
page read and write
|
||
|
2549EFE000
|
stack
|
page read and write
|
||
|
7FFD347B5000
|
trusted library allocation
|
page read and write
|
||
|
1D1131CC000
|
heap
|
page read and write
|
||
|
B5FEFE000
|
stack
|
page read and write
|
||
|
1D114AB0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD347A2000
|
trusted library allocation
|
page read and write
|
||
|
1D11319F000
|
heap
|
page read and write
|
||
|
1D1131CE000
|
heap
|
page read and write
|
||
|
1D114A80000
|
trusted library allocation
|
page read and write
|
||
|
11C80001000
|
trusted library allocation
|
page read and write
|
||
|
1D114A40000
|
heap
|
page readonly
|
||
|
11C82117000
|
trusted library allocation
|
page read and write
|
||
|
1D1131CC000
|
heap
|
page read and write
|
||
|
1D12D540000
|
heap
|
page execute and read and write
|
||
|
7FFD34850000
|
trusted library allocation
|
page read and write
|
||
|
1D124C5E000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34945000
|
trusted library allocation
|
page read and write
|
||
|
7FFD347A4000
|
trusted library allocation
|
page read and write
|
||
|
1D114AA3000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34958000
|
trusted library allocation
|
page execute and read and write
|
||
|
B600FE000
|
stack
|
page read and write
|
||
|
1D114AA0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34950000
|
trusted library allocation
|
page read and write
|
||
|
1D114AB3000
|
trusted library allocation
|
page read and write
|
||
|
1D114B40000
|
heap
|
page read and write
|
||
|
B5FBFE000
|
stack
|
page read and write
|
||
|
1D1131CE000
|
heap
|
page read and write
|
||
|
7FFD348C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
B5FC7E000
|
stack
|
page read and write
|
||
|
1D113201000
|
heap
|
page read and write
|
||
|
1D11322F000
|
heap
|
page read and write
|
||
|
2549CFF000
|
stack
|
page read and write
|
||
|
1D113230000
|
heap
|
page read and write
|
||
|
1D114AC0000
|
trusted library allocation
|
page read and write
|
||
|
2549DFD000
|
stack
|
page read and write
|
||
|
1D1149F0000
|
heap
|
page read and write
|
||
|
11C81401000
|
trusted library allocation
|
page read and write
|
||
|
1D114AB0000
|
trusted library allocation
|
page read and write
|
||
|
1D114AB3000
|
trusted library allocation
|
page read and write
|
||
|
1D114AB3000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34970000
|
trusted library allocation
|
page read and write
|
||
|
B5FFFE000
|
stack
|
page read and write
|
||
|
1D11322F000
|
heap
|
page read and write
|
||
|
7DF4058D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D114A74000
|
heap
|
page read and write
|
||
|
11C86717000
|
trusted library allocation
|
page read and write
|
||
|
1D113150000
|
heap
|
page read and write
|
||
|
7FFD34960000
|
trusted library allocation
|
page read and write
|
||
|
B60C8E000
|
stack
|
page read and write
|
||
|
11C85D17000
|
trusted library allocation
|
page read and write
|
||
|
1D114A10000
|
trusted library allocation
|
page read and write
|
||
|
B5FDF9000
|
stack
|
page read and write
|
||
|
11C83517000
|
trusted library allocation
|
page read and write
|
||
|
1D113230000
|
heap
|
page read and write
|
||
|
7FFD347A3000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34980000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D114B34000
|
heap
|
page read and write
|
||
|
1D1131A2000
|
heap
|
page read and write
|
||
|
11C87B17000
|
trusted library allocation
|
page read and write
|
||
|
B5FAFE000
|
stack
|
page read and write
|
||
|
1D114AB9000
|
trusted library allocation
|
page read and write
|
||
|
1D124C51000
|
trusted library allocation
|
page read and write
|
||
|
1D114A60000
|
heap
|
page read and write
|
||
|
11C85317000
|
trusted library allocation
|
page read and write
|
||
|
7DF4058B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD347AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
B5FCFE000
|
stack
|
page read and write
|
||
|
11C88A01000
|
trusted library allocation
|
page read and write
|
||
|
1D11318E000
|
heap
|
page read and write
|
||
|
7FFD34972000
|
trusted library allocation
|
page read and write
|
||
|
1D114C40000
|
heap
|
page execute and read and write
|
||
|
B5F7EE000
|
stack
|
page read and write
|
||
|
1D114AD0000
|
trusted library allocation
|
page read and write
|
||
|
B6013F000
|
stack
|
page read and write
|
||
|
7FFD34860000
|
trusted library allocation
|
page execute and read and write
|
||
|
7DF4058C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2549FFF000
|
stack
|
page read and write
|
||
|
11C88001000
|
trusted library allocation
|
page read and write
|
||
|
1D114A30000
|
trusted library allocation
|
page read and write
|
||
|
1D113192000
|
heap
|
page read and write
|
||
|
1D114AB0000
|
trusted library allocation
|
page read and write
|
||
|
1D11322F000
|
heap
|
page read and write
|
||
|
2549E7E000
|
stack
|
page read and write
|
||
|
2549C7F000
|
stack
|
page read and write
|
||
|
1D113223000
|
heap
|
page read and write
|
||
|
11C80A01000
|
trusted library allocation
|
page read and write
|
||
|
1D1131A2000
|
heap
|
page read and write
|
||
|
1D1130C0000
|
heap
|
page read and write
|
||
|
1D113194000
|
heap
|
page read and write
|
||
|
7FFD3494D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D11319F000
|
heap
|
page read and write
|
There are 133 hidden memdumps, click here to show them.