IOC Report
leBwMi0fhZ.ps1

loading gif

Files

File Path
Type
Category
Malicious
leBwMi0fhZ.ps1
data
initial sample
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pnro52ii.arp.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yxmnuhwr.vow.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\G6WENG5ORBTPMTRMD743.temp
data
dropped

Processes

Path
Cmdline
Malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\leBwMi0fhZ.ps1"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

URLs

Name
IP
Malicious
https://aka.ms/pscore68
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown

Memdumps

Base Address
Regiontype
Protect
Malicious
7FF848A30000
trusted library allocation
page read and write
7FF8488E2000
trusted library allocation
page read and write
7FF8488BA000
trusted library allocation
page read and write
14DF5A51000
trusted library allocation
page read and write
14DF5BB8000
trusted library allocation
page read and write
7FF848820000
trusted library allocation
page execute and read and write
14DE3A28000
heap
page read and write
7FF8488F0000
trusted library allocation
page execute and read and write
14DE39A8000
heap
page read and write
14DE5A51000
trusted library allocation
page read and write
14DFDADF000
heap
page read and write
14DFDBE0000
heap
page read and write
14DF5AC3000
trusted library allocation
page read and write
7FF848702000
trusted library allocation
page read and write
14DFE095000
heap
page read and write
2FD2B45000
stack
page read and write
2FD363E000
stack
page read and write
7FF848A20000
trusted library allocation
page read and write
14DE3A6F000
heap
page read and write
2FD2BCE000
stack
page read and write
14DE3BA0000
heap
page read and write
14DE7777000
trusted library allocation
page read and write
14DE5C82000
trusted library allocation
page read and write
14DE6E7D000
trusted library allocation
page read and write
2FD3338000
stack
page read and write
14DFE050000
heap
page read and write
14DE5A20000
heap
page execute and read and write
2FD36BB000
stack
page read and write
14DFDCD0000
heap
page execute and read and write
7FF848720000
trusted library allocation
page read and write
2FD2F7E000
stack
page read and write
2FD32BE000
stack
page read and write
14DFDB25000
heap
page read and write
7FF848960000
trusted library allocation
page read and write
7FF8489D0000
trusted library allocation
page read and write
7FF8487BC000
trusted library allocation
page execute and read and write
7FF848990000
trusted library allocation
page read and write
7FF8488C0000
trusted library allocation
page execute and read and write
14DE3A98000
heap
page read and write
14DE3A51000
heap
page read and write
14DE7984000
trusted library allocation
page read and write
7FF8489F0000
trusted library allocation
page read and write
14DE798A000
trusted library allocation
page read and write
2FD2FFE000
stack
page read and write
14DFDA50000
heap
page read and write
14DE5A40000
heap
page read and write
14DE3A9A000
heap
page read and write
7FF848950000
trusted library allocation
page read and write
7FF848980000
trusted library allocation
page read and write
7FF8487B6000
trusted library allocation
page read and write
7FF8488B5000
trusted library allocation
page read and write
7FF848920000
trusted library allocation
page read and write
2FD34BE000
stack
page read and write
2FD3276000
stack
page read and write
7FF84875C000
trusted library allocation
page execute and read and write
7FF8488D0000
trusted library allocation
page execute and read and write
14DFDDC9000
heap
page read and write
7FF848900000
trusted library allocation
page read and write
14DE3AA0000
heap
page read and write
7FF8487C0000
trusted library allocation
page execute and read and write
14DFE0A5000
heap
page read and write
14DE3A4D000
heap
page read and write
14DF5A60000
trusted library allocation
page read and write
14DE3A1B000
heap
page read and write
14DE6AEE000
trusted library allocation
page read and write
14DE3C30000
heap
page read and write
14DFDCE0000
heap
page read and write
7FF848A00000
trusted library allocation
page read and write
7FF848910000
trusted library allocation
page read and write
14DE39A0000
heap
page read and write
14DFE079000
heap
page read and write
14DFE06C000
heap
page read and write
14DE3BE0000
heap
page read and write
2FD3439000
stack
page read and write
7FF8489E0000
trusted library allocation
page read and write
2FD317E000
stack
page read and write
14DE60EE000
trusted library allocation
page read and write
14DFDAA5000
heap
page read and write
7FF84871C000
trusted library allocation
page read and write
14DE54A0000
heap
page read and write
14DE5555000
heap
page read and write
14DE5ADA000
trusted library allocation
page read and write
14DFDC55000
heap
page read and write
7FF848A40000
trusted library allocation
page read and write
7FF848970000
trusted library allocation
page read and write
7FF8488A0000
trusted library allocation
page read and write
7FF8487B0000
trusted library allocation
page read and write
2FD2E7E000
stack
page read and write
7FF848703000
trusted library allocation
page execute and read and write
7FF848930000
trusted library allocation
page read and write
14DE5550000
heap
page read and write
14DE5430000
trusted library allocation
page read and write
7FF8489A0000
trusted library allocation
page read and write
7FF848940000
trusted library allocation
page read and write
7FF848A50000
trusted library allocation
page read and write
14DE54E0000
trusted library allocation
page read and write
14DE5460000
trusted library allocation
page read and write
14DE7976000
trusted library allocation
page read and write
2FD353F000
stack
page read and write
14DE7699000
trusted library allocation
page read and write
14DE59B0000
heap
page execute and read and write
14DFDB1D000
heap
page read and write
14DE3A55000
heap
page read and write
7FF848710000
trusted library allocation
page read and write
7FF8487E6000
trusted library allocation
page execute and read and write
2FD2EFE000
stack
page read and write
7FF8489B0000
trusted library allocation
page read and write
14DFDCD7000
heap
page execute and read and write
2FD30FE000
stack
page read and write
14DFDA9C000
heap
page read and write
2FD31FD000
stack
page read and write
7FF848A10000
trusted library allocation
page read and write
14DE3A36000
heap
page read and write
14DF5ACF000
trusted library allocation
page read and write
7FF84870D000
trusted library allocation
page execute and read and write
2FD307B000
stack
page read and write
14DE5480000
trusted library allocation
page read and write
7DF49E1C0000
trusted library allocation
page execute and read and write
7FF848704000
trusted library allocation
page read and write
14DE3C35000
heap
page read and write
7FF8489C0000
trusted library allocation
page read and write
2FD33B8000
stack
page read and write
14DE5470000
heap
page readonly
14DE58A8000
heap
page read and write
14DE3A57000
heap
page read and write
14DE3B80000
heap
page read and write
7FF8488B1000
trusted library allocation
page read and write
There are 117 hidden memdumps, click here to show them.