Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
time.ps1
|
ASCII text, with very long lines (65346), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\notepad.exe.log
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_b1xkowtr.yit.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ewy3psod.ekd.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lupmndga.ttu.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_omrz4uqt.oni.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\KEVTP9A7ONUB11FEANLH.temp
|
data
|
dropped
|
||
|
\Device\ConDrv
|
ASCII text
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\time.ps1"
|
|
|
|
C:\Windows\System32\notepad.exe
|
C:\Windows\System32\notepad.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
nmds.duckdns.org
|
|
||
|
https://github.com/DARKNOSY/Rush-PowerShell-Obfuscator
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
29B03A70000
|
trusted library section
|
page read and write
|
|
|
|
29B03C11000
|
trusted library allocation
|
page read and write
|
|
|
|
1E710C99000
|
trusted library allocation
|
page read and write
|
||
|
1E710299000
|
trusted library allocation
|
page read and write
|
||
|
29B03A40000
|
trusted library allocation
|
page read and write
|
||
|
7DF441690000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAACCA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAACB83000
|
trusted library allocation
|
page execute and read and write
|
||
|
29B03A90000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD50000
|
trusted library allocation
|
page read and write
|
||
|
1E70D9E5000
|
heap
|
page read and write
|
||
|
29B1C3B0000
|
heap
|
page read and write
|
||
|
7FFAACD40000
|
trusted library allocation
|
page read and write
|
||
|
1E716699000
|
trusted library allocation
|
page read and write
|
||
|
29B1C3BB000
|
heap
|
page read and write
|
||
|
1E70D940000
|
trusted library allocation
|
page read and write
|
||
|
1E712099000
|
trusted library allocation
|
page read and write
|
||
|
29B021D4000
|
heap
|
page read and write
|
||
|
7FFAACD30000
|
trusted library allocation
|
page read and write
|
||
|
29B03A93000
|
trusted library allocation
|
page read and write
|
||
|
29B03A90000
|
trusted library allocation
|
page read and write
|
||
|
93955BF000
|
stack
|
page read and write
|
||
|
1E70D8F0000
|
trusted library allocation
|
page read and write
|
||
|
1E713E99000
|
trusted library allocation
|
page read and write
|
||
|
1E70F320000
|
heap
|
page read and write
|
||
|
1E70D740000
|
heap
|
page read and write
|
||
|
E0F60FD000
|
stack
|
page read and write
|
||
|
7DF4416A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
939517E000
|
stack
|
page read and write
|
||
|
7FFAACD22000
|
trusted library allocation
|
page read and write
|
||
|
29B03A93000
|
trusted library allocation
|
page read and write
|
||
|
93955FE000
|
stack
|
page read and write
|
||
|
29B021CE000
|
heap
|
page read and write
|
||
|
1E70D7B0000
|
heap
|
page read and write
|
||
|
29B021C9000
|
heap
|
page read and write
|
||
|
29B03A90000
|
trusted library allocation
|
page read and write
|
||
|
93950FE000
|
stack
|
page read and write
|
||
|
1E712A99000
|
trusted library allocation
|
page read and write
|
||
|
29B03A50000
|
heap
|
page execute and read and write
|
||
|
29B02285000
|
heap
|
page read and write
|
||
|
29B021E2000
|
heap
|
page read and write
|
||
|
29B03C00000
|
heap
|
page read and write
|
||
|
1E70D84B000
|
heap
|
page read and write
|
||
|
29B03A93000
|
trusted library allocation
|
page read and write
|
||
|
29B0220B000
|
heap
|
page read and write
|
||
|
7FFAACC30000
|
trusted library allocation
|
page read and write
|
||
|
9394FFD000
|
stack
|
page read and write
|
||
|
7FFAACD38000
|
trusted library allocation
|
page execute and read and write
|
||
|
29B03AB0000
|
heap
|
page read and write
|
||
|
1E70D9E0000
|
heap
|
page read and write
|
||
|
E0F62FE000
|
stack
|
page read and write
|
||
|
29B021E2000
|
heap
|
page read and write
|
||
|
939614E000
|
stack
|
page read and write
|
||
|
29B020E0000
|
heap
|
page read and write
|
||
|
29B03BD0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD52000
|
trusted library allocation
|
page read and write
|
||
|
1E70D660000
|
heap
|
page read and write
|
||
|
1E715C99000
|
trusted library allocation
|
page read and write
|
||
|
1E70D867000
|
heap
|
page read and write
|
||
|
29B03A83000
|
trusted library allocation
|
page read and write
|
||
|
1E711699000
|
trusted library allocation
|
page read and write
|
||
|
29B02190000
|
heap
|
page read and write
|
||
|
29B03A90000
|
trusted library allocation
|
page read and write
|
||
|
E0F607E000
|
stack
|
page read and write
|
||
|
1E713499000
|
trusted library allocation
|
page read and write
|
||
|
93956BE000
|
stack
|
page read and write
|
||
|
29B020A0000
|
heap
|
page read and write
|
||
|
1E70D970000
|
trusted library allocation
|
page read and write
|
||
|
1E70F325000
|
heap
|
page read and write
|
||
|
29B13C1E000
|
trusted library allocation
|
page read and write
|
||
|
29B02180000
|
trusted library allocation
|
page read and write
|
||
|
9394E75000
|
stack
|
page read and write
|
||
|
E0F61FF000
|
stack
|
page read and write
|
||
|
1E70F250000
|
direct allocation
|
page execute and read and write
|
||
|
1E70D980000
|
heap
|
page readonly
|
||
|
E0F5DCF000
|
stack
|
page read and write
|
||
|
93961CE000
|
stack
|
page read and write
|
||
|
1E70F1F0000
|
heap
|
page execute and read and write
|
||
|
29B02160000
|
heap
|
page read and write
|
||
|
1E70D86F000
|
heap
|
page read and write
|
||
|
29B02150000
|
trusted library allocation
|
page read and write
|
||
|
7DF441680000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E70D883000
|
heap
|
page read and write
|
||
|
29B03A60000
|
trusted library allocation
|
page read and write
|
||
|
29B03AA0000
|
trusted library allocation
|
page read and write
|
||
|
29B02198000
|
heap
|
page read and write
|
||
|
1E70D86B000
|
heap
|
page read and write
|
||
|
29B02164000
|
heap
|
page read and write
|
||
|
1E70D841000
|
heap
|
page read and write
|
||
|
29B0226E000
|
heap
|
page read and write
|
||
|
29B021DF000
|
heap
|
page read and write
|
||
|
29B01FA0000
|
unkown
|
page execute read
|
||
|
7FFAACC66000
|
trusted library allocation
|
page execute and read and write
|
||
|
939507E000
|
stack
|
page read and write
|
||
|
29B03A30000
|
heap
|
page readonly
|
||
|
1E70F671000
|
trusted library allocation
|
page read and write
|
||
|
E0F5D4F000
|
stack
|
page read and write
|
||
|
7FFAACB95000
|
trusted library allocation
|
page read and write
|
||
|
1E715299000
|
trusted library allocation
|
page read and write
|
||
|
29B1C3B1000
|
heap
|
page read and write
|
||
|
9394EFD000
|
stack
|
page read and write
|
||
|
29B021CC000
|
heap
|
page read and write
|
||
|
29B021D2000
|
heap
|
page read and write
|
||
|
7FFAACB8D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAACD60000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAACB84000
|
trusted library allocation
|
page read and write
|
||
|
29B13C19000
|
trusted library allocation
|
page read and write
|
||
|
1E70D8B0000
|
heap
|
page read and write
|
||
|
29B0226E000
|
heap
|
page read and write
|
||
|
1E717099000
|
trusted library allocation
|
page read and write
|
||
|
29B021C9000
|
heap
|
page read and write
|
||
|
29B03A93000
|
trusted library allocation
|
page read and write
|
||
|
1E70D760000
|
heap
|
page read and write
|
||
|
29B03AA0000
|
trusted library allocation
|
page read and write
|
||
|
939537E000
|
stack
|
page read and write
|
||
|
1E70D86D000
|
heap
|
page read and write
|
||
|
29B0220B000
|
heap
|
page read and write
|
||
|
29B021CE000
|
heap
|
page read and write
|
||
|
1E714899000
|
trusted library allocation
|
page read and write
|
||
|
1E70D863000
|
heap
|
page read and write
|
||
|
29B1C3A0000
|
heap
|
page execute and read and write
|
||
|
29B13C11000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD20000
|
trusted library allocation
|
page read and write
|
||
|
29B021D4000
|
heap
|
page read and write
|
||
|
1E70D990000
|
trusted library allocation
|
page read and write
|
||
|
E0F617E000
|
stack
|
page read and write
|
||
|
93952FF000
|
stack
|
page read and write
|
||
|
7FFAACD2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
29B0223C000
|
heap
|
page read and write
|
||
|
29B03A90000
|
trusted library allocation
|
page read and write
|
||
|
29B1C3B7000
|
heap
|
page read and write
|
||
|
E0F5CBF000
|
stack
|
page read and write
|
||
|
29B021DF000
|
heap
|
page read and write
|
||
|
9394F3E000
|
stack
|
page read and write
|
||
|
93951FE000
|
stack
|
page read and write
|
||
|
7FFAACB90000
|
trusted library allocation
|
page read and write
|
||
|
E0F627F000
|
stack
|
page read and write
|
||
|
29B03A90000
|
trusted library allocation
|
page read and write
|
||
|
29B03C04000
|
heap
|
page read and write
|
||
|
1E70F6F8000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACB82000
|
trusted library allocation
|
page read and write
|
||
|
29B03AA0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACC40000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAACD25000
|
trusted library allocation
|
page read and write
|
||
|
1E70D9A0000
|
heap
|
page read and write
|
||
|
29B01FC0000
|
heap
|
page read and write
|
||
|
29B03AA0000
|
trusted library allocation
|
page read and write
|
||
|
1E70D8AB000
|
heap
|
page read and write
|
||
|
29B03A80000
|
trusted library allocation
|
page read and write
|
||
|
29B02249000
|
heap
|
page read and write
|
||
|
29B02120000
|
heap
|
page read and write
|
||
|
93954FE000
|
stack
|
page read and write
|
||
|
939547E000
|
stack
|
page read and write
|
||
|
29B03AA0000
|
trusted library allocation
|
page read and write
|
||
|
939527A000
|
stack
|
page read and write
|
||
|
1E70F899000
|
trusted library allocation
|
page read and write
|
||
|
1E70D846000
|
heap
|
page read and write
|
||
|
29B021CC000
|
heap
|
page read and write
|
||
|
29B0223D000
|
heap
|
page read and write
|
||
|
29B021D2000
|
heap
|
page read and write
|
||
|
29B0226E000
|
heap
|
page read and write
|
||
|
29B0226E000
|
heap
|
page read and write
|
||
|
1E70F210000
|
heap
|
page execute and read and write
|
||
|
29B03A99000
|
trusted library allocation
|
page read and write
|
||
|
29B02249000
|
heap
|
page read and write
|
||
|
93953FC000
|
stack
|
page read and write
|
||
|
939573B000
|
stack
|
page read and write
|
||
|
1E70F240000
|
heap
|
page read and write
|
There are 158 hidden memdumps, click here to show them.