IOC Report
f7f26fx0eq.ps1

loading gif

Files

File Path
Type
Category
Malicious
f7f26fx0eq.ps1
ASCII text
initial sample
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_02hg0vci.ddd.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rjtgbr3p.sxd.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\MEORLIR5E4UCQI45FDEQ.temp
data
dropped

Processes

Path
Cmdline
Malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\f7f26fx0eq.ps1"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

URLs

Name
IP
Malicious
https://aka.ms/pscore6
unknown
https://aka.ms/pscore68
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown

Memdumps

Base Address
Regiontype
Protect
Malicious
7FFD9BA30000
trusted library allocation
page read and write
2399BA20000
heap
page readonly
23999BF0000
heap
page read and write
7FFD9BA80000
trusted library allocation
page read and write
239B3F92000
heap
page read and write
2399BC32000
trusted library allocation
page read and write
2399B690000
trusted library allocation
page read and write
EBD1E75000
stack
page read and write
EBD2376000
stack
page read and write
7FFD9B950000
trusted library allocation
page execute and read and write
7FFD9B790000
trusted library allocation
page read and write
2399BA80000
heap
page execute and read and write
239B3C80000
heap
page read and write
239B3F60000
heap
page execute and read and write
7FFD9BA40000
trusted library allocation
page read and write
7FFD9B9B0000
trusted library allocation
page read and write
EBD24FE000
stack
page read and write
EBD23F9000
stack
page read and write
7FFD9B83C000
trusted library allocation
page execute and read and write
23999D10000
heap
page read and write
EBD26FB000
stack
page read and write
7FFD9BA20000
trusted library allocation
page read and write
23999E02000
heap
page read and write
7FFD9B920000
trusted library allocation
page read and write
239B3EF0000
heap
page execute and read and write
7FFD9BA50000
trusted library allocation
page read and write
7FFD9BAC0000
trusted library allocation
page read and write
EBD21FE000
stack
page read and write
7FFD9B783000
trusted library allocation
page execute and read and write
EBD1F7E000
stack
page read and write
7FFD9B9D0000
trusted library allocation
page read and write
2399BB1B000
trusted library allocation
page read and write
23999DC2000
heap
page read and write
2399C03C000
trusted library allocation
page read and write
239B3F67000
heap
page execute and read and write
2399BFE4000
trusted library allocation
page read and write
239B3DF0000
heap
page read and write
7FFD9BA00000
trusted library allocation
page read and write
7FFD9B784000
trusted library allocation
page read and write
23999CD0000
heap
page read and write
2399C3B2000
trusted library allocation
page read and write
23999D22000
heap
page read and write
EBD257E000
stack
page read and write
239B3F70000
heap
page read and write
7FFD9B93A000
trusted library allocation
page read and write
239B3D36000
heap
page read and write
EBD227D000
stack
page read and write
2399BFF5000
trusted library allocation
page read and write
7FFD9B830000
trusted library allocation
page read and write
7FFD9B836000
trusted library allocation
page read and write
EBD1EFE000
stack
page read and write
7FFD9BA70000
trusted library allocation
page read and write
7FFD9BAB0000
trusted library allocation
page read and write
2399BC21000
trusted library allocation
page read and write
EBD207E000
stack
page read and write
7FFD9B7A0000
trusted library allocation
page read and write
2399BB23000
trusted library allocation
page read and write
239ABB01000
trusted library allocation
page read and write
7FFD9B990000
trusted library allocation
page read and write
239ABB74000
trusted library allocation
page read and write
23999FE0000
heap
page read and write
239B3E10000
heap
page read and write
239B3F90000
heap
page read and write
2399BC1E000
trusted library allocation
page read and write
23999DBC000
heap
page read and write
2399C0EC000
trusted library allocation
page read and write
EBD2479000
stack
page read and write
7FFD9BAA0000
trusted library allocation
page read and write
7FFD9B9E0000
trusted library allocation
page read and write
2399BB6A000
trusted library allocation
page read and write
7FFD9B866000
trusted library allocation
page execute and read and write
7FFD9B9F0000
trusted library allocation
page read and write
2399BCF8000
trusted library allocation
page read and write
239B3CC2000
heap
page read and write
7FFD9B970000
trusted library allocation
page execute and read and write
2399BC18000
trusted library allocation
page read and write
EBD22FE000
stack
page read and write
7FFD9B78D000
trusted library allocation
page execute and read and write
2399BB9E000
trusted library allocation
page read and write
2399B6B0000
heap
page read and write
23999D97000
heap
page read and write
EBD20FC000
stack
page read and write
2399BFB3000
trusted library allocation
page read and write
2399B655000
heap
page read and write
2399B650000
heap
page read and write
7FFD9B931000
trusted library allocation
page read and write
239ABB10000
trusted library allocation
page read and write
23999DD6000
heap
page read and write
2399BC2F000
trusted library allocation
page read and write
2399BFEC000
trusted library allocation
page read and write
EBD217F000
stack
page read and write
23999FE5000
heap
page read and write
EBD22F8000
stack
page read and write
2399BB70000
trusted library allocation
page read and write
2399BA10000
trusted library allocation
page read and write
7FFD9BA90000
trusted library allocation
page read and write
2399BAF0000
heap
page read and write
23999FC0000
heap
page read and write
7FFD9B980000
trusted library allocation
page read and write
2399BC1B000
trusted library allocation
page read and write
2399C164000
trusted library allocation
page read and write
7FFD9B8A0000
trusted library allocation
page execute and read and write
7FFD9B782000
trusted library allocation
page read and write
2399BB01000
trusted library allocation
page read and write
23999DBE000
heap
page read and write
7DF43D260000
trusted library allocation
page execute and read and write
239B3CF8000
heap
page read and write
7FFD9BA10000
trusted library allocation
page read and write
EBD1FFD000
stack
page read and write
2399C1CD000
trusted library allocation
page read and write
2399BA30000
trusted library allocation
page read and write
23999DFD000
heap
page read and write
7FFD9B962000
trusted library allocation
page read and write
239B3D69000
heap
page read and write
7FFD9B940000
trusted library allocation
page execute and read and write
7FFD9B840000
trusted library allocation
page execute and read and write
23999CF0000
heap
page read and write
7FFD9B7DC000
trusted library allocation
page execute and read and write
23999DB5000
heap
page read and write
7FFD9B9A0000
trusted library allocation
page read and write
7FFD9BA60000
trusted library allocation
page read and write
2399BC6B000
trusted library allocation
page read and write
23999D18000
heap
page read and write
EBD267E000
stack
page read and write
7FFD9B9C0000
trusted library allocation
page read and write
EBD1BCE000
stack
page read and write
2399BC35000
trusted library allocation
page read and write
There are 117 hidden memdumps, click here to show them.