IOC Report
bTfYKNPa3a.ps1

loading gif

Files

File Path
Type
Category
Malicious
bTfYKNPa3a.ps1
data
initial sample
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dac2ajwv.zla.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mqvvpfvy.ct4.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\DIA1993LA91ST5XE6YBZ.temp
data
dropped

Processes

Path
Cmdline
Malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\bTfYKNPa3a.ps1"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

URLs

Name
IP
Malicious
https://aka.ms/pscore68
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown

Memdumps

Base Address
Regiontype
Protect
Malicious
17E1F7E000
stack
page read and write
17B7E4F8000
heap
page read and write
7FFB167B2000
unkown
page readonly
17B7DE95000
heap
page read and write
17B7E2F0000
heap
page read and write
17B7DDE7000
heap
page execute and read and write
7FFAAC3D0000
trusted library allocation
page read and write
7FFAAC5F0000
trusted library allocation
page read and write
17B7C2E4000
heap
page read and write
17B00001000
trusted library allocation
page read and write
7FFAAC700000
trusted library allocation
page read and write
7FFAAC660000
trusted library allocation
page read and write
17B7C2CC000
heap
page read and write
17B7C291000
heap
page read and write
7FFAAC47C000
trusted library allocation
page execute and read and write
17E22FD000
stack
page read and write
17B7E4F0000
heap
page read and write
7FFAAC710000
trusted library allocation
page read and write
17E253A000
stack
page read and write
7FFAAC5B0000
trusted library allocation
page execute and read and write
17B7C190000
heap
page read and write
17B0008B000
trusted library allocation
page read and write
17B01B8F000
trusted library allocation
page read and write
17B10001000
trusted library allocation
page read and write
17B10169000
trusted library allocation
page read and write
7FFAAC470000
trusted library allocation
page read and write
7FFAAC3C2000
trusted library allocation
page read and write
7FFAAC640000
trusted library allocation
page read and write
17E207E000
stack
page read and write
17B01EC7000
trusted library allocation
page read and write
17B7E37C000
heap
page read and write
17E1EFE000
stack
page read and write
17B7E552000
heap
page read and write
17B7C232000
heap
page read and write
17B7DDE0000
heap
page execute and read and write
17E26BE000
stack
page read and write
17B01BF5000
trusted library allocation
page read and write
17B7E410000
heap
page read and write
17E273E000
stack
page read and write
7FFAAC4A6000
trusted library allocation
page execute and read and write
17B01E06000
trusted library allocation
page read and write
17B7C4A0000
trusted library allocation
page read and write
17B10010000
trusted library allocation
page read and write
17B7C4C0000
heap
page read and write
17B01B93000
trusted library allocation
page read and write
7FFAAC590000
trusted library allocation
page execute and read and write
17E227E000
stack
page read and write
7FFAAC571000
trusted library allocation
page read and write
7FFAAC620000
trusted library allocation
page read and write
7FFAAC6F0000
trusted library allocation
page read and write
7FFAAC3C3000
trusted library allocation
page execute and read and write
17B7E6F0000
heap
page read and write
17B7DD00000
trusted library allocation
page read and write
7FFAAC6D0000
trusted library allocation
page read and write
7FFAAC3C4000
trusted library allocation
page read and write
7FFAAC41C000
trusted library allocation
page execute and read and write
7FFAAC3E0000
trusted library allocation
page read and write
17E20FF000
stack
page read and write
7FFAAC480000
trusted library allocation
page execute and read and write
7FFAAC5A2000
trusted library allocation
page read and write
7FFAAC560000
trusted library allocation
page read and write
17E23BE000
stack
page read and write
17B7DE00000
heap
page execute and read and write
17B7DE30000
heap
page execute and read and write
17B7C160000
heap
page read and write
17B00232000
trusted library allocation
page read and write
17B7C2CA000
heap
page read and write
17B7C520000
heap
page read and write
17B10074000
trusted library allocation
page read and write
7FFAAC610000
trusted library allocation
page read and write
17B7E487000
heap
page read and write
7FFAAC476000
trusted library allocation
page read and write
7FFAAC680000
trusted library allocation
page read and write
17B7E3E1000
heap
page read and write
7FFAAC580000
trusted library allocation
page execute and read and write
17B7C297000
heap
page read and write
17E24B9000
stack
page read and write
7FFAAC5C0000
trusted library allocation
page read and write
7FFAAC57A000
trusted library allocation
page read and write
7FFAAC600000
trusted library allocation
page read and write
17E217B000
stack
page read and write
7FFAAC4E0000
trusted library allocation
page execute and read and write
7FFAAC650000
trusted library allocation
page read and write
7FFAAC6B0000
trusted library allocation
page read and write
17B7C30D000
heap
page read and write
17B7E1ED000
heap
page read and write
17B7C317000
heap
page read and write
7FFAAC630000
trusted library allocation
page read and write
7DF456090000
trusted library allocation
page execute and read and write
17B7C525000
heap
page read and write
17B7E3EB000
heap
page read and write
7FFAAC690000
trusted library allocation
page read and write
17B7C470000
trusted library allocation
page read and write
7FFAAC6E0000
trusted library allocation
page read and write
17B7C2C6000
heap
page read and write
17B7E500000
heap
page read and write
7FFAAC5D0000
trusted library allocation
page read and write
17E21FF000
stack
page read and write
17B7C490000
heap
page readonly
17E25BF000
stack
page read and write
7FFAAC6C0000
trusted library allocation
page read and write
17B7E555000
heap
page read and write
17E27BB000
stack
page read and write
17B7C31D000
heap
page read and write
17B006A5000
trusted library allocation
page read and write
17E263E000
stack
page read and write
17B7C228000
heap
page read and write
17E243E000
stack
page read and write
7FFB16790000
unkown
page readonly
17E2378000
stack
page read and write
17B10080000
trusted library allocation
page read and write
17B7C170000
heap
page read and write
17B7C1D0000
heap
page read and write
7FFAAC670000
trusted library allocation
page read and write
17B7C2C4000
heap
page read and write
17B7E32D000
heap
page read and write
17E1E75000
stack
page read and write
17B7E3C6000
heap
page read and write
17B7E536000
heap
page read and write
7FFAAC5E0000
trusted library allocation
page read and write
7FFB167A6000
unkown
page readonly
17B7C480000
heap
page read and write
17B01EDA000
trusted library allocation
page read and write
17B7E336000
heap
page read and write
17E2437000
stack
page read and write
17B7C220000
heap
page read and write
17B7C440000
trusted library allocation
page read and write
17B7C30B000
heap
page read and write
17E1FFE000
stack
page read and write
17B013E4000
trusted library allocation
page read and write
7FFAAC3CD000
trusted library allocation
page execute and read and write
7FFB167B5000
unkown
page readonly
17B7E3F0000
heap
page read and write
7FFB16791000
unkown
page execute read
17B7E544000
heap
page read and write
17B7DE90000
heap
page read and write
7FFB167B0000
unkown
page read and write
17B010A5000
trusted library allocation
page read and write
7FFAAC6A0000
trusted library allocation
page read and write
17B7E560000
heap
page read and write
There are 130 hidden memdumps, click here to show them.