Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
encryptor.ps1
|
Unicode text, UTF-8 (with BOM) text, with very long lines (2495), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\hn0ifsok\hn0ifsok.cmdline
|
Unicode text, UTF-8 (with BOM) text, with very long lines (549), with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\RES87BF.tmp
|
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48e, 9 symbols, created Fri May 24 03:38:14 2024,
1st section name ".debug$S"
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0numvd2g.1dw.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uqutyshx.tn0.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\hn0ifsok\CSC1C7F141CDCAE40F4922864A98F7AF3A0.TMP
|
MSVC .res
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\hn0ifsok\hn0ifsok.0.cs
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\hn0ifsok\hn0ifsok.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\hn0ifsok\hn0ifsok.out
|
Unicode text, UTF-8 (with BOM) text, with very long lines (631), with CRLF, CR line terminators
|
modified
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\2MD3KK9MAOKNR60S1YOC.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
There are 2 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\encryptor.ps1"
|
|
|
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
|
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\hn0ifsok\hn0ifsok.cmdline"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES87BF.tmp"
"c:\Users\user\AppData\Local\Temp\hn0ifsok\CSC1C7F141CDCAE40F4922864A98F7AF3A0.TMP"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://oneget.orgX
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://oneget.org
|
unknown
|
There are 4 hidden URLs, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2D2567C000
|
stack
|
page read and write
|
||
|
1C5D0602000
|
heap
|
page read and write
|
||
|
1C5D059A000
|
heap
|
page read and write
|
||
|
7FFD9BAB0000
|
trusted library allocation
|
page read and write
|
||
|
2117A400000
|
heap
|
page read and write
|
||
|
1C5D0794000
|
heap
|
page read and write
|
||
|
1C5D35C0000
|
direct allocation
|
page read and write
|
||
|
2D2517E000
|
stack
|
page read and write
|
||
|
1C5D1F80000
|
direct allocation
|
page read and write
|
||
|
7FFD9B763000
|
trusted library allocation
|
page execute and read and write
|
||
|
134C24CA000
|
trusted library allocation
|
page read and write
|
||
|
1C5D05E7000
|
heap
|
page read and write
|
||
|
1C5D3540000
|
direct allocation
|
page read and write
|
||
|
134CA48C000
|
heap
|
page read and write
|
||
|
1C5D057B000
|
heap
|
page read and write
|
||
|
7FFD9BA40000
|
trusted library allocation
|
page read and write
|
||
|
1C5D35A0000
|
direct allocation
|
page read and write
|
||
|
1C5D05F0000
|
heap
|
page read and write
|
||
|
7FFD9BAA0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B944000
|
trusted library allocation
|
page read and write
|
||
|
134B21C0000
|
heap
|
page execute and read and write
|
||
|
7FFD9BA10000
|
trusted library allocation
|
page read and write
|
||
|
134B3FB7000
|
trusted library allocation
|
page read and write
|
||
|
1C5D05EE000
|
heap
|
page read and write
|
||
|
7FFD9B816000
|
trusted library allocation
|
page read and write
|
||
|
1C5D057F000
|
heap
|
page read and write
|
||
|
1C5D1FDB000
|
direct allocation
|
page read and write
|
||
|
1C5D20B0000
|
direct allocation
|
page read and write
|
||
|
134B225A000
|
trusted library allocation
|
page read and write
|
||
|
134B03A0000
|
heap
|
page read and write
|
||
|
134B01F2000
|
heap
|
page read and write
|
||
|
134B1D55000
|
heap
|
page read and write
|
||
|
2117A444000
|
heap
|
page read and write
|
||
|
1C5D058F000
|
heap
|
page read and write
|
||
|
2D2604F000
|
stack
|
page read and write
|
||
|
134CA23A000
|
heap
|
page read and write
|
||
|
1C5D20D0000
|
direct allocation
|
page read and write
|
||
|
1AE85FF000
|
stack
|
page read and write
|
||
|
7FFD9BA50000
|
trusted library allocation
|
page read and write
|
||
|
134CA2CC000
|
heap
|
page read and write
|
||
|
134B398F000
|
trusted library allocation
|
page read and write
|
||
|
1C5D20F0000
|
direct allocation
|
page read and write
|
||
|
134B3C36000
|
trusted library allocation
|
page read and write
|
||
|
1C5D058A000
|
heap
|
page read and write
|
||
|
2117A50A000
|
heap
|
page read and write
|
||
|
2D24BFE000
|
stack
|
page read and write
|
||
|
134B1D50000
|
heap
|
page read and write
|
||
|
134B3692000
|
trusted library allocation
|
page read and write
|
||
|
2117A320000
|
heap
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
1C5D357C000
|
direct allocation
|
page read and write
|
||
|
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B770000
|
trusted library allocation
|
page read and write
|
||
|
2D24FFE000
|
stack
|
page read and write
|
||
|
1C5D05BB000
|
heap
|
page read and write
|
||
|
1C5D357E000
|
direct allocation
|
page read and write
|
||
|
1C5D1FC0000
|
direct allocation
|
page read and write
|
||
|
7FFD9B880000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C5D05A0000
|
heap
|
page read and write
|
||
|
134B0120000
|
heap
|
page read and write
|
||
|
1C5D2110000
|
direct allocation
|
page read and write
|
||
|
1C5D1FC7000
|
direct allocation
|
page read and write
|
||
|
1C5D058B000
|
heap
|
page read and write
|
||
|
134C21D1000
|
trusted library allocation
|
page read and write
|
||
|
134CA1EA000
|
heap
|
page read and write
|
||
|
1C5D05FC000
|
heap
|
page read and write
|
||
|
1C5D2160000
|
heap
|
page read and write
|
||
|
1C5D059A000
|
heap
|
page read and write
|
||
|
1C5D0550000
|
heap
|
page read and write
|
||
|
1C5D05E1000
|
heap
|
page read and write
|
||
|
7FFD9B76D000
|
trusted library allocation
|
page execute and read and write
|
||
|
134CA4DB000
|
heap
|
page read and write
|
||
|
134CA23C000
|
heap
|
page read and write
|
||
|
1C5D0608000
|
heap
|
page read and write
|
||
|
134CA478000
|
heap
|
page read and write
|
||
|
2D255FE000
|
stack
|
page read and write
|
||
|
134CA360000
|
heap
|
page execute and read and write
|
||
|
134B0284000
|
heap
|
page read and write
|
||
|
1C5D05D8000
|
heap
|
page read and write
|
||
|
2D253F8000
|
stack
|
page read and write
|
||
|
1C5D058F000
|
heap
|
page read and write
|
||
|
2D25279000
|
stack
|
page read and write
|
||
|
1C5D2164000
|
heap
|
page read and write
|
||
|
134B3C32000
|
trusted library allocation
|
page read and write
|
||
|
134B0300000
|
trusted library allocation
|
page read and write
|
||
|
1C5D0571000
|
heap
|
page read and write
|
||
|
2D24E7E000
|
stack
|
page read and write
|
||
|
7FFD9BAD0000
|
trusted library allocation
|
page read and write
|
||
|
134B399B000
|
trusted library allocation
|
page read and write
|
||
|
1C5D0640000
|
heap
|
page read and write
|
||
|
1C5D3580000
|
direct allocation
|
page read and write
|
||
|
134B2400000
|
trusted library allocation
|
page read and write
|
||
|
2D24F7D000
|
stack
|
page read and write
|
||
|
1C5D3560000
|
direct allocation
|
page read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C5D059B000
|
heap
|
page read and write
|
||
|
7DF4DB990000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C5D3643000
|
direct allocation
|
page read and write
|
||
|
7FFD9B846000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C5D05A3000
|
heap
|
page read and write
|
||
|
134B3C70000
|
trusted library allocation
|
page read and write
|
||
|
1C5D0584000
|
heap
|
page read and write
|
||
|
7FFD9BA70000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9F0000
|
trusted library allocation
|
page read and write
|
||
|
134B0415000
|
heap
|
page read and write
|
||
|
134CA2C3000
|
heap
|
page read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
|
134CA390000
|
heap
|
page read and write
|
||
|
1C5D35F7000
|
direct allocation
|
page read and write
|
||
|
134B0340000
|
heap
|
page readonly
|
||
|
7FFD9BA60000
|
trusted library allocation
|
page read and write
|
||
|
1C5D059A000
|
heap
|
page read and write
|
||
|
134CA269000
|
heap
|
page read and write
|
||
|
1C5D05B4000
|
heap
|
page read and write
|
||
|
2117A500000
|
heap
|
page read and write
|
||
|
134C2241000
|
trusted library allocation
|
page read and write
|
||
|
134CA488000
|
heap
|
page read and write
|
||
|
1C5D0570000
|
heap
|
page read and write
|
||
|
2D252F7000
|
stack
|
page read and write
|
||
|
1C5D058F000
|
heap
|
page read and write
|
||
|
1AE81F6000
|
stack
|
page read and write
|
||
|
2D24BB5000
|
stack
|
page read and write
|
||
|
1C5D057D000
|
heap
|
page read and write
|
||
|
7FFD9BA30000
|
trusted library allocation
|
page read and write
|
||
|
134B3EF1000
|
trusted library allocation
|
page read and write
|
||
|
1C5D05F5000
|
heap
|
page read and write
|
||
|
1C5D3600000
|
direct allocation
|
page read and write
|
||
|
7FFD9B911000
|
trusted library allocation
|
page read and write
|
||
|
1C5D0575000
|
heap
|
page read and write
|
||
|
1C5D2090000
|
direct allocation
|
page read and write
|
||
|
1C5D058D000
|
heap
|
page read and write
|
||
|
1C5D0567000
|
heap
|
page read and write
|
||
|
1C5D055B000
|
heap
|
page read and write
|
||
|
7FFD9B820000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C5D059A000
|
heap
|
page read and write
|
||
|
1C5D0790000
|
heap
|
page read and write
|
||
|
7FFD9BA20000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B764000
|
trusted library allocation
|
page read and write
|
||
|
1C5D0720000
|
heap
|
page read and write
|
||
|
134C2383000
|
trusted library allocation
|
page read and write
|
||
|
134B1CA0000
|
heap
|
page read and write
|
||
|
2D24EFE000
|
stack
|
page read and write
|
||
|
7DE4EFE000
|
stack
|
page read and write
|
||
|
134B0282000
|
heap
|
page read and write
|
||
|
1C5D2130000
|
direct allocation
|
page read and write
|
||
|
1C5D0547000
|
heap
|
page read and write
|
||
|
134B21D1000
|
trusted library allocation
|
page read and write
|
||
|
1C5D0576000
|
heap
|
page read and write
|
||
|
134B20AE000
|
heap
|
page read and write
|
||
|
134CA1F2000
|
heap
|
page read and write
|
||
|
2D252FE000
|
stack
|
page read and write
|
||
|
7FFD9BAE0000
|
trusted library allocation
|
page read and write
|
||
|
134B3C13000
|
trusted library allocation
|
page read and write
|
||
|
1C5D05FE000
|
heap
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page read and write
|
||
|
134B0350000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA00000
|
trusted library allocation
|
page read and write
|
||
|
7DE4FFF000
|
stack
|
page read and write
|
||
|
7FFD9B77B000
|
trusted library allocation
|
page read and write
|
||
|
134B02AE000
|
heap
|
page read and write
|
||
|
2117A440000
|
heap
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C5D0604000
|
heap
|
page read and write
|
||
|
134B2E00000
|
trusted library allocation
|
page read and write
|
||
|
1C5D357E000
|
direct allocation
|
page read and write
|
||
|
1C5D0570000
|
heap
|
page read and write
|
||
|
2D251FC000
|
stack
|
page read and write
|
||
|
134C21E0000
|
trusted library allocation
|
page read and write
|
||
|
1C5D05A2000
|
heap
|
page read and write
|
||
|
2D250FE000
|
stack
|
page read and write
|
||
|
1C5D35F7000
|
direct allocation
|
page read and write
|
||
|
1C5D2070000
|
direct allocation
|
page read and write
|
||
|
134CA470000
|
heap
|
page read and write
|
||
|
7FFD9B9E0000
|
trusted library allocation
|
page read and write
|
||
|
134B0410000
|
heap
|
page read and write
|
||
|
134CA2A3000
|
heap
|
page read and write
|
||
|
134CA1E8000
|
heap
|
page read and write
|
||
|
1C5D059A000
|
heap
|
page read and write
|
||
|
1C5D05B4000
|
heap
|
page read and write
|
||
|
134CA4EB000
|
heap
|
page read and write
|
||
|
1C5D05C2000
|
heap
|
page read and write
|
||
|
1C5D0770000
|
heap
|
page read and write
|
||
|
1C5D05E3000
|
heap
|
page read and write
|
||
|
1C5D05E5000
|
heap
|
page read and write
|
||
|
134B0100000
|
heap
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AE83FE000
|
stack
|
page read and write
|
||
|
1C5D057E000
|
heap
|
page read and write
|
||
|
2D254FE000
|
stack
|
page read and write
|
||
|
1C5D0583000
|
heap
|
page read and write
|
||
|
1C5D059A000
|
heap
|
page read and write
|
||
|
1C5D059A000
|
heap
|
page read and write
|
||
|
7FFD9B81C000
|
trusted library allocation
|
page execute and read and write
|
||
|
134B01E0000
|
heap
|
page read and write
|
||
|
2D2507B000
|
stack
|
page read and write
|
||
|
1C5D0584000
|
heap
|
page read and write
|
||
|
7FFD9B9D0000
|
trusted library allocation
|
page read and write
|
||
|
7DE4BAC000
|
stack
|
page read and write
|
||
|
134B390C000
|
trusted library allocation
|
page read and write
|
||
|
1C5D35E0000
|
direct allocation
|
page read and write
|
||
|
1C5D3520000
|
direct allocation
|
page read and write
|
||
|
1C5D3640000
|
direct allocation
|
page read and write
|
||
|
1C5D057E000
|
heap
|
page read and write
|
||
|
2D2537C000
|
stack
|
page read and write
|
||
|
7FFD9B970000
|
trusted library allocation
|
page read and write
|
||
|
134CA367000
|
heap
|
page execute and read and write
|
||
|
1C5D357C000
|
direct allocation
|
page read and write
|
||
|
7FFD9BA80000
|
trusted library allocation
|
page read and write
|
||
|
1C5D056D000
|
heap
|
page read and write
|
||
|
7FFD9B91A000
|
trusted library allocation
|
page read and write
|
||
|
1C5D1FC3000
|
direct allocation
|
page read and write
|
||
|
1C5D0540000
|
heap
|
page read and write
|
||
|
134B0330000
|
trusted library allocation
|
page read and write
|
||
|
2D2547E000
|
stack
|
page read and write
|
||
|
1C5D05FE000
|
heap
|
page read and write
|
||
|
1C5D3500000
|
direct allocation
|
page read and write
|
||
|
134B0020000
|
heap
|
page read and write
|
||
|
134B3BE7000
|
trusted library allocation
|
page read and write
|
||
|
7DE50FF000
|
stack
|
page read and write
|
||
|
134B026B000
|
heap
|
page read and write
|
||
|
1C5D0606000
|
heap
|
page read and write
|
||
|
134CA4C3000
|
heap
|
page read and write
|
||
|
1C5D05D6000
|
heap
|
page read and write
|
||
|
134B3FBB000
|
trusted library allocation
|
page read and write
|
||
|
134B02B3000
|
heap
|
page read and write
|
||
|
7FFD9B810000
|
trusted library allocation
|
page read and write
|
||
|
1C5D1FE0000
|
direct allocation
|
page read and write
|
||
|
1C5D2050000
|
direct allocation
|
page read and write
|
||
|
2117A420000
|
heap
|
page read and write
|
||
|
7FFD9B762000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
|
134CA1D0000
|
heap
|
page read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
|
1C5D05B4000
|
heap
|
page read and write
|
||
|
7FFD9B900000
|
trusted library allocation
|
page read and write
|
||
|
1C5D0582000
|
heap
|
page read and write
|
||
|
1C5D0740000
|
heap
|
page read and write
|
||
|
134B1CB0000
|
heap
|
page execute and read and write
|
||
|
134B0160000
|
heap
|
page read and write
|
||
|
134B1D10000
|
trusted library section
|
page read and write
|
||
|
7FFD9BAC0000
|
trusted library allocation
|
page read and write
|
||
|
134B1BF3000
|
trusted library allocation
|
page read and write
|
||
|
1C5D0608000
|
heap
|
page read and write
|
||
|
1C5D05FE000
|
heap
|
page read and write
|
||
|
7FFD9B942000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA90000
|
trusted library allocation
|
page read and write
|
||
|
134B1BF0000
|
trusted library allocation
|
page read and write
|
There are 237 hidden memdumps, click here to show them.