Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
py.ps1
|
ASCII text, with very long lines (65441), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\notepad.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0mkkiuzz.qoe.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bcscsxma.uxp.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kfgeeizk.0ip.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ps3tgjrv.sn3.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\HZOW7QS4Q08H87IVNTFN.temp
|
data
|
dropped
|
||
|
\Device\ConDrv
|
ASCII text
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\py.ps1"
|
|
|
|
C:\Windows\System32\notepad.exe
|
C:\Windows\System32\notepad.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
dcxwq1.duckdns.org
|
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2004AC31000
|
trusted library allocation
|
page read and write
|
|
|
|
2004AA50000
|
trusted library section
|
page read and write
|
|
|
|
200490CB000
|
heap
|
page read and write
|
||
|
7FFAAC5E2000
|
trusted library allocation
|
page read and write
|
||
|
1D19AF00000
|
heap
|
page read and write
|
||
|
7FFAAC5F0000
|
trusted library allocation
|
page read and write
|
||
|
62BDEFD000
|
stack
|
page read and write
|
||
|
1D19DE29000
|
trusted library allocation
|
page read and write
|
||
|
1D199590000
|
heap
|
page read and write
|
||
|
1D199500000
|
heap
|
page read and write
|
||
|
7FFAAC5F8000
|
trusted library allocation
|
page execute and read and write
|
||
|
2004906E000
|
heap
|
page read and write
|
||
|
2004AA83000
|
trusted library allocation
|
page read and write
|
||
|
2004AA90000
|
trusted library allocation
|
page read and write
|
||
|
62BE07F000
|
stack
|
page read and write
|
||
|
7FFAAC5E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC44D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D19AF75000
|
heap
|
page read and write
|
||
|
2004AA80000
|
trusted library allocation
|
page read and write
|
||
|
2004AA83000
|
trusted library allocation
|
page read and write
|
||
|
1A2A0FE000
|
stack
|
page read and write
|
||
|
2005AC39000
|
trusted library allocation
|
page read and write
|
||
|
20049031000
|
heap
|
page read and write
|
||
|
7FFAAC442000
|
trusted library allocation
|
page read and write
|
||
|
1D19AE50000
|
trusted library allocation
|
page read and write
|
||
|
7DF44A0E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A2A17D000
|
stack
|
page read and write
|
||
|
20048E70000
|
unkown
|
page execute read
|
||
|
2004AA80000
|
trusted library allocation
|
page read and write
|
||
|
1D1A0629000
|
trusted library allocation
|
page read and write
|
||
|
200490CF000
|
heap
|
page read and write
|
||
|
1D19B070000
|
heap
|
page execute and read and write
|
||
|
2004AA83000
|
trusted library allocation
|
page read and write
|
||
|
1D199649000
|
heap
|
page read and write
|
||
|
1A2A1FE000
|
stack
|
page read and write
|
||
|
200490A8000
|
heap
|
page read and write
|
||
|
20049095000
|
heap
|
page read and write
|
||
|
1A2B24F000
|
stack
|
page read and write
|
||
|
7FFAAC620000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D19AE80000
|
trusted library allocation
|
page read and write
|
||
|
1A2A47E000
|
stack
|
page read and write
|
||
|
20048E90000
|
heap
|
page read and write
|
||
|
1D19CA29000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC5ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
20049034000
|
heap
|
page read and write
|
||
|
1D19F229000
|
trusted library allocation
|
page read and write
|
||
|
200490C1000
|
heap
|
page read and write
|
||
|
1D19B488000
|
trusted library allocation
|
page read and write
|
||
|
2004AA90000
|
trusted library allocation
|
page read and write
|
||
|
2004A890000
|
heap
|
page read and write
|
||
|
1A2A27F000
|
stack
|
page read and write
|
||
|
2004AA90000
|
trusted library allocation
|
page read and write
|
||
|
2004AA40000
|
heap
|
page read and write
|
||
|
1D1995DC000
|
heap
|
page read and write
|
||
|
200490D6000
|
heap
|
page read and write
|
||
|
7FFAAC5E5000
|
trusted library allocation
|
page read and write
|
||
|
62BE0FE000
|
stack
|
page read and write
|
||
|
20049042000
|
heap
|
page read and write
|
||
|
1D199645000
|
heap
|
page read and write
|
||
|
1A2A2FE000
|
stack
|
page read and write
|
||
|
1D1995A2000
|
heap
|
page read and write
|
||
|
2004AA89000
|
trusted library allocation
|
page read and write
|
||
|
2004AA74000
|
heap
|
page read and write
|
||
|
7FFAAC612000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC526000
|
trusted library allocation
|
page execute and read and write
|
||
|
62BDB9F000
|
stack
|
page read and write
|
||
|
62BDA90000
|
stack
|
page read and write
|
||
|
1D1A2E29000
|
trusted library allocation
|
page read and write
|
||
|
2004AA30000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC600000
|
trusted library allocation
|
page read and write
|
||
|
1A2A37E000
|
stack
|
page read and write
|
||
|
2004903F000
|
heap
|
page read and write
|
||
|
1A2A3F9000
|
stack
|
page read and write
|
||
|
2004AA80000
|
trusted library allocation
|
page read and write
|
||
|
1A2A07D000
|
stack
|
page read and write
|
||
|
2004906C000
|
heap
|
page read and write
|
||
|
2005AC3E000
|
trusted library allocation
|
page read and write
|
||
|
1A2A87B000
|
stack
|
page read and write
|
||
|
1D1994A0000
|
heap
|
page read and write
|
||
|
20049031000
|
heap
|
page read and write
|
||
|
1D19965D000
|
heap
|
page read and write
|
||
|
2004AA70000
|
heap
|
page read and write
|
||
|
2004902C000
|
heap
|
page read and write
|
||
|
1D19FC29000
|
trusted library allocation
|
page read and write
|
||
|
62BDB1F000
|
stack
|
page read and write
|
||
|
1D199641000
|
heap
|
page read and write
|
||
|
2004AA44000
|
heap
|
page read and write
|
||
|
200490CB000
|
heap
|
page read and write
|
||
|
1D19963C000
|
heap
|
page read and write
|
||
|
2004A8E0000
|
trusted library allocation
|
page read and write
|
||
|
62BDFFF000
|
stack
|
page read and write
|
||
|
1D1A1A29000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC610000
|
trusted library allocation
|
page read and write
|
||
|
2004A910000
|
heap
|
page read and write
|
||
|
200490D7000
|
heap
|
page read and write
|
||
|
2004A900000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC450000
|
trusted library allocation
|
page read and write
|
||
|
2004AA60000
|
trusted library allocation
|
page read and write
|
||
|
2005AC31000
|
trusted library allocation
|
page read and write
|
||
|
1A29D85000
|
stack
|
page read and write
|
||
|
1D1994C0000
|
heap
|
page read and write
|
||
|
200490B4000
|
heap
|
page read and write
|
||
|
2004A8F0000
|
heap
|
page readonly
|
||
|
7FFAAC444000
|
trusted library allocation
|
page read and write
|
||
|
1A2A67E000
|
stack
|
page read and write
|
||
|
2004AA80000
|
trusted library allocation
|
page read and write
|
||
|
2004AA90000
|
trusted library allocation
|
page read and write
|
||
|
1A29DCF000
|
stack
|
page read and write
|
||
|
1A2A5FE000
|
stack
|
page read and write
|
||
|
2004A8C0000
|
trusted library allocation
|
page read and write
|
||
|
2004906E000
|
heap
|
page read and write
|
||
|
1D19964D000
|
heap
|
page read and write
|
||
|
2004AAA0000
|
trusted library allocation
|
page read and write
|
||
|
1D19B629000
|
trusted library allocation
|
page read and write
|
||
|
20049029000
|
heap
|
page read and write
|
||
|
1D19AEA0000
|
trusted library allocation
|
page read and write
|
||
|
1A2A4FE000
|
stack
|
page read and write
|
||
|
1D19B0B0000
|
heap
|
page read and write
|
||
|
1D19D429000
|
trusted library allocation
|
page read and write
|
||
|
20048FB0000
|
heap
|
page read and write
|
||
|
1D19C029000
|
trusted library allocation
|
page read and write
|
||
|
1D199623000
|
heap
|
page read and write
|
||
|
1D1A1029000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC443000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D199616000
|
heap
|
page read and write
|
||
|
2004AC20000
|
heap
|
page execute and read and write
|
||
|
1D1993C0000
|
heap
|
page read and write
|
||
|
1A2A6FF000
|
stack
|
page read and write
|
||
|
1D19960F000
|
heap
|
page read and write
|
||
|
1D19B060000
|
heap
|
page execute and read and write
|
||
|
1A2A57C000
|
stack
|
page read and write
|
||
|
2004903F000
|
heap
|
page read and write
|
||
|
2004AA80000
|
trusted library allocation
|
page read and write
|
||
|
2004AA83000
|
trusted library allocation
|
page read and write
|
||
|
1D19AE90000
|
heap
|
page readonly
|
||
|
7FFAAC4F0000
|
trusted library allocation
|
page read and write
|
||
|
1D199550000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC560000
|
trusted library allocation
|
page execute and read and write
|
||
|
20049034000
|
heap
|
page read and write
|
||
|
20049042000
|
heap
|
page read and write
|
||
|
7DF44A100000
|
trusted library allocation
|
page execute and read and write
|
||
|
2004ABF0000
|
heap
|
page execute and read and write
|
||
|
1D19E829000
|
trusted library allocation
|
page read and write
|
||
|
2004AC5F000
|
trusted library allocation
|
page read and write
|
||
|
1A2A77E000
|
stack
|
page read and write
|
||
|
1D19AF70000
|
heap
|
page read and write
|
||
|
20049029000
|
heap
|
page read and write
|
||
|
2004AA90000
|
trusted library allocation
|
page read and write
|
||
|
1D19968B000
|
heap
|
page read and write
|
||
|
1D199835000
|
heap
|
page read and write
|
||
|
1D199688000
|
heap
|
page read and write
|
||
|
7FFAAC455000
|
trusted library allocation
|
page read and write
|
||
|
2004AA63000
|
trusted library allocation
|
page read and write
|
||
|
20048F70000
|
heap
|
page read and write
|
||
|
1D199686000
|
heap
|
page read and write
|
||
|
62BDF7E000
|
stack
|
page read and write
|
||
|
1D199647000
|
heap
|
page read and write
|
||
|
62BDE7E000
|
stack
|
page read and write
|
||
|
2004902C000
|
heap
|
page read and write
|
||
|
1D1A2429000
|
trusted library allocation
|
page read and write
|
||
|
2004AA80000
|
trusted library allocation
|
page read and write
|
||
|
200490D8000
|
heap
|
page read and write
|
||
|
2004AA80000
|
heap
|
page read and write
|
||
|
1D19AF80000
|
direct allocation
|
page execute and read and write
|
||
|
2004906C000
|
heap
|
page read and write
|
||
|
7FFAAC500000
|
trusted library allocation
|
page execute and read and write
|
||
|
20048FF0000
|
heap
|
page read and write
|
||
|
2004AA81000
|
heap
|
page read and write
|
||
|
200490D8000
|
heap
|
page read and write
|
||
|
1A2A7FE000
|
stack
|
page read and write
|
||
|
1D199830000
|
heap
|
page read and write
|
||
|
200490CF000
|
heap
|
page read and write
|
||
|
1D19B401000
|
trusted library allocation
|
page read and write
|
||
|
7DF44A0F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
20048FF8000
|
heap
|
page read and write
|
There are 165 hidden memdumps, click here to show them.