Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
www.italialife24.it.ps1
|
ASCII text, with CRLF line terminators
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_crm4ejig.ltd.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_erparoma.kae.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\62ALZVAFPVY2T4RK410N.temp
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\www.italialife24.it.ps1"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://www.italialife24.it/wp-content/uploads/2021/05/afretPf.p
|
unknown
|
||
|
https://www.italialife24.it/wp-content/uploads/2021/05/afretPf.php
|
unknown
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7FFB4AF1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4AFCC000
|
trusted library allocation
|
page execute and read and write
|
||
|
2183BA50000
|
trusted library allocation
|
page read and write
|
||
|
21855820000
|
heap
|
page read and write
|
||
|
7FFB4B0E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B1D0000
|
trusted library allocation
|
page read and write
|
||
|
2183D773000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AF12000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AFD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B130000
|
trusted library allocation
|
page read and write
|
||
|
2184D71F000
|
trusted library allocation
|
page read and write
|
||
|
2183B840000
|
heap
|
page read and write
|
||
|
7FFB4B230000
|
trusted library allocation
|
page read and write
|
||
|
2183B931000
|
heap
|
page read and write
|
||
|
2183DBF5000
|
trusted library allocation
|
page read and write
|
||
|
BD17C7E000
|
stack
|
page read and write
|
||
|
7FFB4B180000
|
trusted library allocation
|
page read and write
|
||
|
BD180FE000
|
stack
|
page read and write
|
||
|
7FFB4B100000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4AFF6000
|
trusted library allocation
|
page execute and read and write
|
||
|
21855990000
|
heap
|
page read and write
|
||
|
7FFB4B1F0000
|
trusted library allocation
|
page read and write
|
||
|
2183DDDE000
|
trusted library allocation
|
page read and write
|
||
|
2183B908000
|
heap
|
page read and write
|
||
|
2184D784000
|
trusted library allocation
|
page read and write
|
||
|
2184D711000
|
trusted library allocation
|
page read and write
|
||
|
2183DFCE000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AFC0000
|
trusted library allocation
|
page read and write
|
||
|
2183D735000
|
trusted library allocation
|
page read and write
|
||
|
2183B8C2000
|
heap
|
page read and write
|
||
|
7FFB4B0B0000
|
trusted library allocation
|
page read and write
|
||
|
2183DE76000
|
trusted library allocation
|
page read and write
|
||
|
BD18176000
|
stack
|
page read and write
|
||
|
2183D880000
|
trusted library allocation
|
page read and write
|
||
|
2183D700000
|
heap
|
page execute and read and write
|
||
|
21855A98000
|
heap
|
page read and write
|
||
|
BD179CE000
|
stack
|
page read and write
|
||
|
2183BA40000
|
heap
|
page read and write
|
||
|
218558F9000
|
heap
|
page read and write
|
||
|
7FFB4B150000
|
trusted library allocation
|
page read and write
|
||
|
21855AA0000
|
heap
|
page read and write
|
||
|
2183BA45000
|
heap
|
page read and write
|
||
|
7DF48D000000
|
trusted library allocation
|
page execute and read and write
|
||
|
2183DC05000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B240000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B140000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AF20000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B110000
|
trusted library allocation
|
page read and write
|
||
|
2183D266000
|
heap
|
page execute and read and write
|
||
|
7FFB4AFC6000
|
trusted library allocation
|
page read and write
|
||
|
BD17DFD000
|
stack
|
page read and write
|
||
|
BD17985000
|
stack
|
page read and write
|
||
|
7FFB4B1A0000
|
trusted library allocation
|
page read and write
|
||
|
2183D230000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B120000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B200000
|
trusted library allocation
|
page read and write
|
||
|
2183B960000
|
heap
|
page read and write
|
||
|
7FFB4B250000
|
trusted library allocation
|
page read and write
|
||
|
BD17D7E000
|
stack
|
page read and write
|
||
|
2183BA85000
|
heap
|
page read and write
|
||
|
7FFB4B1B0000
|
trusted library allocation
|
page read and write
|
||
|
2183B940000
|
heap
|
page read and write
|
||
|
2183DCFD000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AF14000
|
trusted library allocation
|
page read and write
|
||
|
2183D79E000
|
trusted library allocation
|
page read and write
|
||
|
BD17CFE000
|
stack
|
page read and write
|
||
|
7FFB4B1C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B170000
|
trusted library allocation
|
page read and write
|
||
|
2183D300000
|
heap
|
page read and write
|
||
|
BD17F7E000
|
stack
|
page read and write
|
||
|
7FFB4B1E0000
|
trusted library allocation
|
page read and write
|
||
|
2183DBC3000
|
trusted library allocation
|
page read and write
|
||
|
BD180F8000
|
stack
|
page read and write
|
||
|
BD181F9000
|
stack
|
page read and write
|
||
|
2183D878000
|
trusted library allocation
|
page read and write
|
||
|
2183D270000
|
heap
|
page read and write
|
||
|
7FFB4B0C1000
|
trusted library allocation
|
page read and write
|
||
|
2183D82E000
|
trusted library allocation
|
page read and write
|
||
|
2183D250000
|
trusted library allocation
|
page read and write
|
||
|
BD17EFB000
|
stack
|
page read and write
|
||
|
21855896000
|
heap
|
page read and write
|
||
|
BD17E7E000
|
stack
|
page read and write
|
||
|
2183B8CD000
|
heap
|
page read and write
|
||
|
BD183FE000
|
stack
|
page read and write
|
||
|
2183D831000
|
trusted library allocation
|
page read and write
|
||
|
21855894000
|
heap
|
page read and write
|
||
|
BD1807D000
|
stack
|
page read and write
|
||
|
BD184FC000
|
stack
|
page read and write
|
||
|
7FFB4AF6C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B0D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B0CA000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B0F2000
|
trusted library allocation
|
page read and write
|
||
|
2183D828000
|
trusted library allocation
|
page read and write
|
||
|
2183DD74000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B210000
|
trusted library allocation
|
page read and write
|
||
|
2183D711000
|
trusted library allocation
|
page read and write
|
||
|
2183D240000
|
heap
|
page readonly
|
||
|
2183B8E8000
|
heap
|
page read and write
|
||
|
BD1847E000
|
stack
|
page read and write
|
||
|
2183DA90000
|
trusted library allocation
|
page read and write
|
||
|
BD182FE000
|
stack
|
page read and write
|
||
|
2183BA80000
|
heap
|
page read and write
|
||
|
2185585B000
|
heap
|
page read and write
|
||
|
2183DBFD000
|
trusted library allocation
|
page read and write
|
||
|
2183D6E0000
|
heap
|
page execute and read and write
|
||
|
2183D83F000
|
trusted library allocation
|
page read and write
|
||
|
BD1837E000
|
stack
|
page read and write
|
||
|
BD17FFE000
|
stack
|
page read and write
|
||
|
2183B8EC000
|
heap
|
page read and write
|
||
|
2183B9A0000
|
heap
|
page read and write
|
||
|
7FFB4B030000
|
trusted library allocation
|
page execute and read and write
|
||
|
218559B0000
|
heap
|
page read and write
|
||
|
2183D260000
|
heap
|
page execute and read and write
|
||
|
2183B760000
|
heap
|
page read and write
|
||
|
2183D82B000
|
trusted library allocation
|
page read and write
|
||
|
21855863000
|
heap
|
page read and write
|
||
|
21855AA3000
|
heap
|
page read and write
|
||
|
2183B937000
|
heap
|
page read and write
|
||
|
7FFB4B220000
|
trusted library allocation
|
page read and write
|
||
|
BD1827A000
|
stack
|
page read and write
|
||
|
2183D83C000
|
trusted library allocation
|
page read and write
|
||
|
2183D7BC000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AF30000
|
trusted library allocation
|
page read and write
|
||
|
21855A90000
|
heap
|
page read and write
|
||
|
2183D75E000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B160000
|
trusted library allocation
|
page read and write
|
||
|
2183D72B000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B190000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AF13000
|
trusted library allocation
|
page execute and read and write
|
||
|
2183DC49000
|
trusted library allocation
|
page read and write
|
||
|
2183D842000
|
trusted library allocation
|
page read and write
|
There are 121 hidden memdumps, click here to show them.