Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Windows_Update.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_542shvpd.4wd.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_r1o51n3z.min.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
\Device\Null
|
ASCII text, with CRLF line terminators, with overstriking
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\Windows_Update.bat" "
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /K "C:\Users\user\Desktop\Windows_Update.bat" MY_FLAG
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell -ExecutionPolicy Bypass -File "C:\Users\user\Pictures\payload.ps1"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\timeout.exe
|
timeout /t 5 /nobreak
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://aka.ms/pscore6
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7FFB10EC0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB10F93000
|
trusted library allocation
|
page read and write
|
||
|
20BDDDCE000
|
heap
|
page read and write
|
||
|
20BC59D4000
|
trusted library allocation
|
page read and write
|
||
|
7FFB10E76000
|
trusted library allocation
|
page read and write
|
||
|
20BC3E1D000
|
heap
|
page read and write
|
||
|
41CA0FF000
|
stack
|
page read and write
|
||
|
7FFB10D50000
|
trusted library allocation
|
page read and write
|
||
|
20BC598A000
|
trusted library allocation
|
page read and write
|
||
|
20BC4025000
|
heap
|
page read and write
|
||
|
41CA17E000
|
stack
|
page read and write
|
||
|
7FFB10EB1000
|
trusted library allocation
|
page read and write
|
||
|
7FFB10EB7000
|
trusted library allocation
|
page read and write
|
||
|
20BDDD70000
|
heap
|
page read and write
|
||
|
7FFB10E72000
|
trusted library allocation
|
page read and write
|
||
|
20BDDE39000
|
heap
|
page read and write
|
||
|
7FFB10E6D000
|
trusted library allocation
|
page read and write
|
||
|
20BC3DB6000
|
heap
|
page read and write
|
||
|
7FFB10E7D000
|
trusted library allocation
|
page read and write
|
||
|
20BC3D8D000
|
heap
|
page read and write
|
||
|
7FFB10ECA000
|
trusted library allocation
|
page read and write
|
||
|
1BFEB560000
|
heap
|
page read and write
|
||
|
82B537E000
|
stack
|
page read and write
|
||
|
7FFB10CBC000
|
trusted library allocation
|
page read and write
|
||
|
20BC59C0000
|
trusted library allocation
|
page read and write
|
||
|
82B563A000
|
stack
|
page read and write
|
||
|
7FFB10E5C000
|
trusted library allocation
|
page read and write
|
||
|
7FFB10CB0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB10CA2000
|
trusted library allocation
|
page read and write
|
||
|
1BFECD50000
|
heap
|
page read and write
|
||
|
82B53FF000
|
stack
|
page read and write
|
||
|
7FFB10DC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB10E40000
|
trusted library allocation
|
page read and write
|
||
|
20BDDE14000
|
heap
|
page read and write
|
||
|
7FFB10D56000
|
trusted library allocation
|
page read and write
|
||
|
20BC5910000
|
heap
|
page read and write
|
||
|
7FFB10CB3000
|
trusted library allocation
|
page read and write
|
||
|
20BDDDC2000
|
heap
|
page read and write
|
||
|
7FFB10D5C000
|
trusted library allocation
|
page execute and read and write
|
||
|
20BC4070000
|
heap
|
page read and write
|
||
|
20BC5994000
|
trusted library allocation
|
page read and write
|
||
|
20BC5965000
|
trusted library allocation
|
page read and write
|
||
|
7FFB10EAB000
|
trusted library allocation
|
page read and write
|
||
|
20BC3C70000
|
heap
|
page read and write
|
||
|
7FFB10F97000
|
trusted library allocation
|
page read and write
|
||
|
7FFB10F35000
|
trusted library allocation
|
page read and write
|
||
|
7FFB10EE0000
|
trusted library allocation
|
page read and write
|
||
|
20BDDE17000
|
heap
|
page read and write
|
||
|
20BC3DBC000
|
heap
|
page read and write
|
||
|
7FFB10F63000
|
trusted library allocation
|
page read and write
|
||
|
82B4EF2000
|
stack
|
page read and write
|
||
|
7FFB10CAD000
|
trusted library allocation
|
page execute and read and write
|
||
|
20BC5984000
|
trusted library allocation
|
page read and write
|
||
|
20BC3D30000
|
heap
|
page read and write
|
||
|
20BC3F40000
|
heap
|
page read and write
|
||
|
20BD5990000
|
trusted library allocation
|
page read and write
|
||
|
82B57BF000
|
stack
|
page read and write
|
||
|
82B573E000
|
stack
|
page read and write
|
||
|
20BD592F000
|
trusted library allocation
|
page read and write
|
||
|
7FFB10F4E000
|
trusted library allocation
|
page read and write
|
||
|
20BDDDB4000
|
heap
|
page read and write
|
||
|
20BC3D6D000
|
heap
|
page read and write
|
||
|
7FFB10FD0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB10F00000
|
trusted library allocation
|
page read and write
|
||
|
7FFB10FE0000
|
trusted library allocation
|
page read and write
|
||
|
82B4F7E000
|
stack
|
page read and write
|
||
|
7FFB10FA0000
|
trusted library allocation
|
page read and write
|
||
|
1BFECF45000
|
heap
|
page read and write
|
||
|
7FFB10EF0000
|
trusted library allocation
|
page read and write
|
||
|
20BC5921000
|
trusted library allocation
|
page read and write
|
||
|
82B55B4000
|
stack
|
page read and write
|
||
|
7FFB10EE3000
|
trusted library allocation
|
page read and write
|
||
|
7FFB10CB7000
|
trusted library allocation
|
page read and write
|
||
|
7FFB10E60000
|
trusted library allocation
|
page read and write
|
||
|
20BC3F80000
|
trusted library allocation
|
page read and write
|
||
|
20BD5931000
|
trusted library allocation
|
page read and write
|
||
|
7FFB11000000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB10E9C000
|
trusted library allocation
|
page read and write
|
||
|
82B54F6000
|
stack
|
page read and write
|
||
|
20BC3D71000
|
heap
|
page read and write
|
||
|
20BC3E28000
|
heap
|
page read and write
|
||
|
7FFB10F90000
|
trusted library allocation
|
page read and write
|
||
|
20BC3E2E000
|
heap
|
page read and write
|
||
|
7FFB10EB9000
|
trusted library allocation
|
page read and write
|
||
|
7FFB10FB0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB10F9C000
|
trusted library allocation
|
page read and write
|
||
|
7FFB10F20000
|
trusted library allocation
|
page read and write
|
||
|
7FFB10ED1000
|
trusted library allocation
|
page read and write
|
||
|
20BC593B000
|
trusted library allocation
|
page read and write
|
||
|
7FFB10EE6000
|
trusted library allocation
|
page read and write
|
||
|
20BC3D79000
|
heap
|
page read and write
|
||
|
7FFB10F70000
|
trusted library allocation
|
page read and write
|
||
|
7FFB10FF0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB10EA7000
|
trusted library allocation
|
page read and write
|
||
|
7FFB10FC0000
|
trusted library allocation
|
page read and write
|
||
|
82B4FFE000
|
stack
|
page read and write
|
||
|
20BC4075000
|
heap
|
page read and write
|
||
|
20BC4020000
|
heap
|
page read and write
|
||
|
20BC5998000
|
trusted library allocation
|
page read and write
|
||
|
20BDE000000
|
heap
|
page read and write
|
||
|
1BFEB460000
|
heap
|
page read and write
|
||
|
1BFEB469000
|
heap
|
page read and write
|
||
|
7FFB10D60000
|
trusted library allocation
|
page execute and read and write
|
||
|
20BC58B0000
|
heap
|
page execute and read and write
|
||
|
82B553F000
|
stack
|
page read and write
|
||
|
7FFB10E69000
|
trusted library allocation
|
page read and write
|
||
|
7FFB10CA3000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB10E50000
|
trusted library allocation
|
page read and write
|
||
|
7FFB10E90000
|
trusted library allocation
|
page read and write
|
||
|
7FFB10F3C000
|
trusted library allocation
|
page read and write
|
||
|
7FFB10EC3000
|
trusted library allocation
|
page read and write
|
||
|
20BC3FA0000
|
trusted library allocation
|
page read and write
|
||
|
20BC3D42000
|
heap
|
page read and write
|
||
|
20BC3D38000
|
heap
|
page read and write
|
||
|
7FFB10D86000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB10F80000
|
trusted library allocation
|
page read and write
|
||
|
20BC3CF0000
|
heap
|
page read and write
|
||
|
20BDDF40000
|
heap
|
page execute and read and write
|
||
|
82B52FA000
|
stack
|
page read and write
|
||
|
82B527E000
|
stack
|
page read and write
|
||
|
20BC5968000
|
trusted library allocation
|
page read and write
|
||
|
20BC3FB0000
|
heap
|
page readonly
|
||
|
20BD5921000
|
trusted library allocation
|
page read and write
|
||
|
7FFB10E97000
|
trusted library allocation
|
page read and write
|
||
|
7FFB10F10000
|
trusted library allocation
|
page read and write
|
||
|
7FFB10E67000
|
trusted library allocation
|
page read and write
|
||
|
20BC3FC0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB10E7B000
|
trusted library allocation
|
page read and write
|
||
|
20BDDD76000
|
heap
|
page read and write
|
||
|
7FFB10F5C000
|
trusted library allocation
|
page read and write
|
||
|
7FFB10CA4000
|
trusted library allocation
|
page read and write
|
||
|
20BC593F000
|
trusted library allocation
|
page read and write
|
||
|
82B547F000
|
stack
|
page read and write
|
||
|
82B56BE000
|
stack
|
page read and write
|
||
|
20BDDE56000
|
heap
|
page read and write
|
||
|
20BC596F000
|
trusted library allocation
|
page read and write
|
||
|
20BD5929000
|
trusted library allocation
|
page read and write
|
||
|
41CA07C000
|
stack
|
page read and write
|
||
|
1BFECF40000
|
heap
|
page read and write
|
||
|
7DF3FFC80000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB10CA0000
|
trusted library allocation
|
page read and write
|
||
|
20BDEBB0000
|
heap
|
page read and write
|
||
|
20BC3F00000
|
heap
|
page read and write
|
||
|
1BFEB310000
|
heap
|
page read and write
|
There are 134 hidden memdumps, click here to show them.