Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
a.ps1
|
ASCII text, with very long lines (65441), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\notepad.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3sjyognc.oy3.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mvzwlc5u.b3x.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wyx21vog.ygx.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yvrb0ysl.qih.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\EEBX35X2P26V975PTGGZ.temp
|
data
|
dropped
|
||
|
\Device\ConDrv
|
ASCII text
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\a.ps1"
|
|
|
|
C:\Windows\System32\notepad.exe
|
C:\Windows\System32\notepad.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
dcxwq1.duckdns.org
|
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1B780001000
|
trusted library allocation
|
page read and write
|
|
|
|
1B7F7DE0000
|
trusted library section
|
page read and write
|
|
|
|
1B7F6452000
|
heap
|
page read and write
|
|
|
|
1B7F7D80000
|
heap
|
page read and write
|
||
|
1B7F7E20000
|
trusted library allocation
|
page read and write
|
||
|
1B7F63C4000
|
heap
|
page read and write
|
||
|
1B7F6458000
|
heap
|
page read and write
|
||
|
525D5FE000
|
stack
|
page read and write
|
||
|
80E2D7F000
|
stack
|
page read and write
|
||
|
80E2DFE000
|
stack
|
page read and write
|
||
|
7FF8489B4000
|
trusted library allocation
|
page read and write
|
||
|
1B7F7DB0000
|
heap
|
page readonly
|
||
|
525DCBE000
|
stack
|
page read and write
|
||
|
1B7F63EF000
|
heap
|
page read and write
|
||
|
7FF848B90000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F700C2A000
|
trusted library allocation
|
page read and write
|
||
|
7DF452400000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B7F7E19000
|
trusted library allocation
|
page read and write
|
||
|
525D1D5000
|
stack
|
page read and write
|
||
|
7FF848B80000
|
trusted library allocation
|
page read and write
|
||
|
525E70E000
|
stack
|
page read and write
|
||
|
1B7F7E00000
|
trusted library allocation
|
page read and write
|
||
|
1B7F6453000
|
heap
|
page read and write
|
||
|
1B7F63AF000
|
heap
|
page read and write
|
||
|
1B7F7DD0000
|
trusted library allocation
|
page read and write
|
||
|
7FF8489B3000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B78002F000
|
trusted library allocation
|
page read and write
|
||
|
1B7F7D40000
|
heap
|
page read and write
|
||
|
1B790009000
|
trusted library allocation
|
page read and write
|
||
|
525D8FD000
|
stack
|
page read and write
|
||
|
1B7F6469000
|
heap
|
page read and write
|
||
|
525DD3B000
|
stack
|
page read and write
|
||
|
1B7F63C1000
|
heap
|
page read and write
|
||
|
1F70162A000
|
trusted library allocation
|
page read and write
|
||
|
1B7F6320000
|
unkown
|
page execute read
|
||
|
1B7F7FC0000
|
heap
|
page execute and read and write
|
||
|
1F70342A000
|
trusted library allocation
|
page read and write
|
||
|
80E2AFE000
|
stack
|
page read and write
|
||
|
1B7F7E20000
|
trusted library allocation
|
page read and write
|
||
|
1F70702A000
|
trusted library allocation
|
page read and write
|
||
|
1F70022A000
|
trusted library allocation
|
page read and write
|
||
|
1B7F63ED000
|
heap
|
page read and write
|
||
|
525D7FF000
|
stack
|
page read and write
|
||
|
525D9FC000
|
stack
|
page read and write
|
||
|
525D57D000
|
stack
|
page read and write
|
||
|
525D77E000
|
stack
|
page read and write
|
||
|
7FF8489C0000
|
trusted library allocation
|
page read and write
|
||
|
1F707A2A000
|
trusted library allocation
|
page read and write
|
||
|
1B7F8768000
|
heap
|
page read and write
|
||
|
1F700088000
|
trusted library allocation
|
page read and write
|
||
|
1B7F63ED000
|
heap
|
page read and write
|
||
|
1F70522A000
|
trusted library allocation
|
page read and write
|
||
|
7FF848B5D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B7F8760000
|
heap
|
page read and write
|
||
|
1B7F63EF000
|
heap
|
page read and write
|
||
|
1B7F7E10000
|
trusted library allocation
|
page read and write
|
||
|
1F703E2A000
|
trusted library allocation
|
page read and write
|
||
|
525D6FE000
|
stack
|
page read and write
|
||
|
7FF848B68000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B7F6421000
|
heap
|
page read and write
|
||
|
1B7F7E10000
|
trusted library allocation
|
page read and write
|
||
|
525D47D000
|
stack
|
page read and write
|
||
|
1B7F63B4000
|
heap
|
page read and write
|
||
|
1F70482A000
|
trusted library allocation
|
page read and write
|
||
|
1F702A2A000
|
trusted library allocation
|
page read and write
|
||
|
1B7F7E20000
|
trusted library allocation
|
page read and write
|
||
|
7FF848A70000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B7F8761000
|
heap
|
page read and write
|
||
|
525D67E000
|
stack
|
page read and write
|
||
|
1B7F7F50000
|
trusted library allocation
|
page read and write
|
||
|
1B79000E000
|
trusted library allocation
|
page read and write
|
||
|
7FF848A96000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B7F6421000
|
heap
|
page read and write
|
||
|
1B7F6423000
|
heap
|
page read and write
|
||
|
7DF452420000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848B50000
|
trusted library allocation
|
page read and write
|
||
|
1B7F7DF0000
|
heap
|
page read and write
|
||
|
1B7F6423000
|
heap
|
page read and write
|
||
|
1B7F7D84000
|
heap
|
page read and write
|
||
|
7DF452410000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B7F642E000
|
heap
|
page read and write
|
||
|
525D4BF000
|
stack
|
page read and write
|
||
|
525DBBF000
|
stack
|
page read and write
|
||
|
1B7F63B7000
|
heap
|
page read and write
|
||
|
1B7F63C4000
|
heap
|
page read and write
|
||
|
1B7F63B4000
|
heap
|
page read and write
|
||
|
525D97E000
|
stack
|
page read and write
|
||
|
525DAFF000
|
stack
|
page read and write
|
||
|
1B7F6453000
|
heap
|
page read and write
|
||
|
1B7F6378000
|
heap
|
page read and write
|
||
|
1B7F642E000
|
heap
|
page read and write
|
||
|
1B7F8764000
|
heap
|
page read and write
|
||
|
80E2C7E000
|
stack
|
page read and write
|
||
|
1B7F63C1000
|
heap
|
page read and write
|
||
|
1F70662A000
|
trusted library allocation
|
page read and write
|
||
|
1B7F6469000
|
heap
|
page read and write
|
||
|
7FF848B82000
|
trusted library allocation
|
page read and write
|
||
|
1B7F7E13000
|
trusted library allocation
|
page read and write
|
||
|
7FF8489C5000
|
trusted library allocation
|
page read and write
|
||
|
1B7F7E10000
|
trusted library allocation
|
page read and write
|
||
|
1B7F6440000
|
heap
|
page read and write
|
||
|
1B7F7D70000
|
trusted library allocation
|
page read and write
|
||
|
1B7F6453000
|
heap
|
page read and write
|
||
|
1B7F641E000
|
heap
|
page read and write
|
||
|
1B7F6350000
|
heap
|
page read and write
|
||
|
1B7F7E20000
|
trusted library allocation
|
page read and write
|
||
|
80E2A7F000
|
stack
|
page read and write
|
||
|
1B7F8769000
|
heap
|
page read and write
|
||
|
1B7F7D00000
|
heap
|
page read and write
|
||
|
1F700001000
|
trusted library allocation
|
page read and write
|
||
|
1B7F7E13000
|
trusted library allocation
|
page read and write
|
||
|
7FF848AD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF8489BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848B52000
|
trusted library allocation
|
page read and write
|
||
|
1B7F7E10000
|
trusted library allocation
|
page read and write
|
||
|
1B7F7E10000
|
trusted library allocation
|
page read and write
|
||
|
1B7F7E20000
|
trusted library allocation
|
page read and write
|
||
|
1B7F6431000
|
heap
|
page read and write
|
||
|
1B7F645A000
|
heap
|
page read and write
|
||
|
7FF848A60000
|
trusted library allocation
|
page read and write
|
||
|
1B7F6463000
|
heap
|
page read and write
|
||
|
1B7F63B7000
|
heap
|
page read and write
|
||
|
1B7F7DA0000
|
trusted library allocation
|
page read and write
|
||
|
1B790001000
|
trusted library allocation
|
page read and write
|
||
|
1B7F8767000
|
heap
|
page read and write
|
||
|
1F705C2A000
|
trusted library allocation
|
page read and write
|
||
|
1B7F6340000
|
heap
|
page read and write
|
||
|
1B7F8768000
|
heap
|
page read and write
|
||
|
525DA7E000
|
stack
|
page read and write
|
||
|
80E2BFD000
|
stack
|
page read and write
|
||
|
1F70202A000
|
trusted library allocation
|
page read and write
|
||
|
525D87A000
|
stack
|
page read and write
|
||
|
1B7F63AF000
|
heap
|
page read and write
|
||
|
1B7F63AC000
|
heap
|
page read and write
|
||
|
7FF8489B2000
|
trusted library allocation
|
page read and write
|
||
|
1B7F7DC0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848B60000
|
trusted library allocation
|
page read and write
|
||
|
1B7F7E10000
|
trusted library allocation
|
page read and write
|
||
|
1B7F6370000
|
heap
|
page read and write
|
||
|
1B7F63AC000
|
heap
|
page read and write
|
||
|
7FF848B55000
|
trusted library allocation
|
page read and write
|
||
|
80E2CFF000
|
stack
|
page read and write
|
||
|
1B7F7E13000
|
trusted library allocation
|
page read and write
|
||
|
1B7F6455000
|
heap
|
page read and write
|
||
|
1B7F7E34000
|
heap
|
page read and write
|
||
|
7FF848B70000
|
trusted library allocation
|
page read and write
|
||
|
1B7F7E30000
|
heap
|
page read and write
|
||
|
1B7F7E13000
|
trusted library allocation
|
page read and write
|
||
|
80E2B7E000
|
stack
|
page read and write
|
||
|
1B7F7E03000
|
trusted library allocation
|
page read and write
|
||
|
1B7F8750000
|
heap
|
page execute and read and write
|
||
|
80E27EF000
|
stack
|
page read and write
|
||
|
1B7F6452000
|
heap
|
page read and write
|
There are 143 hidden memdumps, click here to show them.