IOC Report
ud(1).bat

loading gif

Files

File Path
Type
Category
Malicious
ud(1).bat
Unicode text, UTF-16, little-endian text, with very long lines (32767), with no line terminators
initial sample
malicious
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dz5h2dmg.1fz.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lzcxfrxc.q0v.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_olecitdf.e5s.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_r1kcqocq.xxb.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\DMQUPFH29LI9EAL94N2L.temp
data
dropped

Processes

Path
Cmdline
Malicious
C:\Windows\System32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\ud(1).bat" "
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -WindowStyle Hidden -Command "C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe C:\\Users\\Public\\Document\\python C:\\Users\\Public\\Document\\Lib\\sim.py"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe" C:\\Users\\Public\\Document\\python C:\\Users\\Public\\Document\\Lib\\sim.py
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

URLs

Name
IP
Malicious
https://aka.ms/pscore68
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown

Memdumps

Base Address
Regiontype
Protect
Malicious
7FF848D3D000
trusted library allocation
page execute and read and write
7FF848F60000
trusted library allocation
page read and write
1A92B859000
trusted library allocation
page read and write
7FF848D50000
trusted library allocation
page read and write
1A92B6F1000
trusted library allocation
page read and write
7FF848F12000
trusted library allocation
page read and write
7FF848F90000
trusted library allocation
page read and write
7FF848F70000
trusted library allocation
page read and write
1A92B806000
trusted library allocation
page read and write
1A92B707000
trusted library allocation
page read and write
1A943D70000
heap
page read and write
1A943CB1000
heap
page read and write
1A92B803000
trusted library allocation
page read and write
1A92B7FD000
trusted library allocation
page read and write
7DF49E8A0000
trusted library allocation
page execute and read and write
1A92B713000
trusted library allocation
page read and write
1A92B5F0000
heap
page readonly
7FF848DF0000
trusted library allocation
page execute and read and write
1A92B6E4000
heap
page read and write
1A93B6F1000
trusted library allocation
page read and write
1A929F84000
heap
page read and write
1A929C07000
heap
page read and write
7FF848DE6000
trusted library allocation
page read and write
1A943EA7000
heap
page read and write
1A92B814000
trusted library allocation
page read and write
1A929F60000
heap
page read and write
1A943E80000
heap
page execute and read and write
32954B6000
stack
page read and write
1A943C50000
heap
page read and write
1A92B5C0000
trusted library allocation
page read and write
1A92B5E0000
trusted library allocation
page read and write
1A92B811000
trusted library allocation
page read and write
7FF848FB0000
trusted library allocation
page read and write
7FF848DEC000
trusted library allocation
page execute and read and write
7FF848FF0000
trusted library allocation
page read and write
1A92BBF4000
trusted library allocation
page read and write
1A92B737000
trusted library allocation
page read and write
329537E000
stack
page read and write
1A929B90000
heap
page read and write
7FF848F40000
trusted library allocation
page read and write
1A929F80000
heap
page read and write
3295539000
stack
page read and write
1A943EAB000
heap
page read and write
7FF848D40000
trusted library allocation
page read and write
7FF849060000
trusted library allocation
page read and write
7FF848F30000
trusted library allocation
page read and write
7FF848EE1000
trusted library allocation
page read and write
7FF849040000
trusted library allocation
page read and write
1A92B739000
trusted library allocation
page read and write
1A92B8CE000
trusted library allocation
page read and write
1A929C83000
heap
page read and write
7FF848F00000
trusted library allocation
page execute and read and write
3294DF3000
stack
page read and write
1A93B762000
trusted library allocation
page read and write
1A92B773000
trusted library allocation
page read and write
1A92BF60000
trusted library allocation
page read and write
1A943EBA000
heap
page read and write
1A93B700000
trusted library allocation
page read and write
7FF848D34000
trusted library allocation
page read and write
1A929C00000
heap
page read and write
7FF848F80000
trusted library allocation
page read and write
329527F000
stack
page read and write
7FF848D33000
trusted library allocation
page execute and read and write
1A929BC0000
heap
page read and write
1A92B6E0000
heap
page read and write
329583B000
stack
page read and write
1A943CAF000
heap
page read and write
7FF848F50000
trusted library allocation
page read and write
7FF849050000
trusted library allocation
page read and write
1A92B74C000
trusted library allocation
page read and write
7FF849070000
trusted library allocation
page read and write
1A943D38000
heap
page read and write
329573E000
stack
page read and write
7FF848ED0000
trusted library allocation
page read and write
1A943D3A000
heap
page read and write
32955B9000
stack
page read and write
1A92B851000
trusted library allocation
page read and write
1A92B680000
trusted library allocation
page read and write
7FF848E50000
trusted library allocation
page execute and read and write
1A92BBC6000
trusted library allocation
page read and write
7FF848FA0000
trusted library allocation
page read and write
1A929C12000
heap
page read and write
7FF848FE0000
trusted library allocation
page read and write
7FF848D8C000
trusted library allocation
page execute and read and write
1A943CC4000
heap
page read and write
32956BE000
stack
page read and write
32950FE000
stack
page read and write
7FF848E16000
trusted library allocation
page execute and read and write
1A943C40000
heap
page execute and read and write
7FF848FD0000
trusted library allocation
page read and write
1A943EA0000
heap
page read and write
1A943EA9000
heap
page read and write
1A92B800000
trusted library allocation
page read and write
32953F8000
stack
page read and write
32951FD000
stack
page read and write
1A929C48000
heap
page read and write
329507E000
unkown
page read and write
1A943C46000
heap
page execute and read and write
1A92B600000
heap
page read and write
1A92BCFA000
trusted library allocation
page read and write
1A929BA0000
heap
page read and write
1A943E70000
heap
page read and write
1A92BB9A000
trusted library allocation
page read and write
1A943EA3000
heap
page read and write
32952FE000
stack
page read and write
7FF848D32000
trusted library allocation
page read and write
1A929C3C000
heap
page read and write
1A943CF7000
heap
page read and write
7FF849020000
trusted library allocation
page read and write
1A929C89000
heap
page read and write
1A929C3A000
heap
page read and write
7FF848FC0000
trusted library allocation
page read and write
7FF849010000
trusted library allocation
page read and write
329563E000
stack
page read and write
329543E000
stack
page read and write
1A929C5C000
heap
page read and write
7FF848F20000
trusted library allocation
page execute and read and write
7FF848EF0000
trusted library allocation
page execute and read and write
7FF848EEA000
trusted library allocation
page read and write
7FF848DE0000
trusted library allocation
page read and write
7FF849000000
trusted library allocation
page read and write
1A92B6B0000
heap
page execute and read and write
32957BE000
stack
page read and write
7FF849030000
trusted library allocation
page read and write
329517F000
stack
page read and write
1A943D1E000
heap
page read and write
1A92B817000
trusted library allocation
page read and write
There are 117 hidden memdumps, click here to show them.