IOC Report
ud.bat

loading gif

Files

File Path
Type
Category
Malicious
ud.bat
Unicode text, UTF-16, little-endian text, with very long lines (32767), with no line terminators
initial sample
malicious
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_445rbmny.5h0.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_apmabcek.eax.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uunydedk.hq1.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xmrnui1n.thv.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\YAFOA8YT1Y1SL9DCJLYD.temp
data
dropped

Processes

Path
Cmdline
Malicious
C:\Windows\System32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\ud.bat" "
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -WindowStyle Hidden -Command "C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe C:\\Users\\Public\\Document\\python C:\\Users\\Public\\Document\\Lib\\sim.py"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe" C:\\Users\\Public\\Document\\python C:\\Users\\Public\\Document\\Lib\\sim.py
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

URLs

Name
IP
Malicious
https://aka.ms/pscore68
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown

Memdumps

Base Address
Regiontype
Protect
Malicious
1C5667B0000
trusted library allocation
page read and write
1C568186000
heap
page read and write
7FFD9B770000
trusted library allocation
page read and write
7FFD9BA90000
trusted library allocation
page read and write
1C568184000
heap
page read and write
7FFD9B9F0000
trusted library allocation
page read and write
1C5666D0000
heap
page read and write
1ABBBE000
stack
page read and write
1C5688C8000
heap
page read and write
1C5002A5000
trusted library allocation
page read and write
7FFD9B780000
trusted library allocation
page read and write
7FFD9B980000
trusted library allocation
page read and write
7FFD9B900000
trusted library allocation
page read and write
1C566713000
heap
page read and write
7FFD9B930000
trusted library allocation
page execute and read and write
1ABE3E000
stack
page read and write
7FFD9B960000
trusted library allocation
page read and write
1C568752000
heap
page read and write
1C5686F3000
heap
page read and write
1C5686B0000
heap
page read and write
1C500502000
trusted library allocation
page read and write
7FFD9B76D000
trusted library allocation
page execute and read and write
7FFD9B9A0000
trusted library allocation
page read and write
1C500486000
trusted library allocation
page read and write
7FFD9BA10000
trusted library allocation
page read and write
1C566860000
heap
page read and write
7FFD9BA60000
trusted library allocation
page read and write
1C566790000
trusted library allocation
page read and write
7FFD9BA30000
trusted library allocation
page read and write
1AB5FF000
unkown
page read and write
1ABB79000
stack
page read and write
1C510074000
trusted library allocation
page read and write
1C5667C0000
heap
page readonly
7FFD9B9D0000
trusted library allocation
page read and write
7FFD9BA20000
trusted library allocation
page read and write
7FFD9B942000
trusted library allocation
page read and write
1C5667F0000
heap
page read and write
1C5687E0000
heap
page read and write
1AB573000
stack
page read and write
1C5665F0000
heap
page read and write
1C568C10000
heap
page read and write
1C566719000
heap
page read and write
7FFD9B762000
trusted library allocation
page read and write
1ABCB8000
stack
page read and write
1AB87F000
stack
page read and write
1C500108000
trusted library allocation
page read and write
7FFD9B820000
trusted library allocation
page execute and read and write
1C566690000
heap
page read and write
7DF447BE0000
trusted library allocation
page execute and read and write
7FFD9B9B0000
trusted library allocation
page read and write
1AB9FE000
stack
page read and write
7FFD9B7BC000
trusted library allocation
page execute and read and write
1ABDBE000
stack
page read and write
1C50010C000
trusted library allocation
page read and write
1C5666CC000
heap
page read and write
1C500151000
trusted library allocation
page read and write
7FFD9BA50000
trusted library allocation
page read and write
1C50001D000
trusted library allocation
page read and write
1C500105000
trusted library allocation
page read and write
1C50086A000
trusted library allocation
page read and write
1ABFBC000
stack
page read and write
1ABD39000
stack
page read and write
1C510011000
trusted library allocation
page read and write
7FFD9B764000
trusted library allocation
page read and write
7FFD9B920000
trusted library allocation
page execute and read and write
7FFD9BA40000
trusted library allocation
page read and write
1C5000FA000
trusted library allocation
page read and write
7FFD9B763000
trusted library allocation
page execute and read and write
1C566610000
heap
page read and write
1C500110000
trusted library allocation
page read and write
1ABEBE000
stack
page read and write
7FFD9BAA0000
trusted library allocation
page read and write
1C500084000
trusted library allocation
page read and write
1C5667D0000
trusted library allocation
page read and write
1C5666D6000
heap
page read and write
1C568360000
heap
page execute and read and write
1C500112000
trusted library allocation
page read and write
1C510001000
trusted library allocation
page read and write
1C566650000
heap
page read and write
1C5687B6000
heap
page execute and read and write
1C5004A8000
trusted library allocation
page read and write
7FFD9B810000
trusted library allocation
page read and write
1C5687B0000
heap
page execute and read and write
1C5666EC000
heap
page read and write
1C568785000
heap
page read and write
1C568180000
heap
page read and write
1C5004D0000
trusted library allocation
page read and write
1C50014B000
trusted library allocation
page read and write
1C566777000
heap
page read and write
1C568721000
heap
page read and write
1C50005D000
trusted library allocation
page read and write
1C566864000
heap
page read and write
1ABA7E000
stack
page read and write
1ABAFF000
stack
page read and write
7FFD9B911000
trusted library allocation
page read and write
1AB8FF000
stack
page read and write
1C568140000
heap
page execute and read and write
7FFD9B9E0000
trusted library allocation
page read and write
7FFD9B950000
trusted library allocation
page execute and read and write
1C56878C000
heap
page read and write
7FFD9B81C000
trusted library allocation
page execute and read and write
1C568789000
heap
page read and write
7FFD9B990000
trusted library allocation
page read and write
1C5688C0000
heap
page read and write
7FFD9B816000
trusted library allocation
page read and write
7FFD9B91A000
trusted library allocation
page read and write
7FFD9B880000
trusted library allocation
page execute and read and write
1C50086E000
trusted library allocation
page read and write
7FFD9B846000
trusted library allocation
page execute and read and write
1ABF3E000
stack
page read and write
1ABC37000
stack
page read and write
1C5666CE000
heap
page read and write
1C500115000
trusted library allocation
page read and write
1AB97D000
stack
page read and write
1C500017000
trusted library allocation
page read and write
7FFD9B9C0000
trusted library allocation
page read and write
1C566510000
heap
page read and write
7FFD9B970000
trusted library allocation
page read and write
7FFD9BA80000
trusted library allocation
page read and write
7FFD9BA70000
trusted library allocation
page read and write
7FFD9BA00000
trusted library allocation
page read and write
1C568754000
heap
page read and write
1C500001000
trusted library allocation
page read and write
There are 113 hidden memdumps, click here to show them.