IOC Report
5j2OMdx64J.ps1

loading gif

Files

File Path
Type
Category
Malicious
5j2OMdx64J.ps1
ASCII text
initial sample
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3os2v5tg.4ff.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_r2nc44v2.epa.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\I8SYJP66JIC44BOUQGXK.temp
data
dropped

Processes

Path
Cmdline
Malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\5j2OMdx64J.ps1"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

URLs

Name
IP
Malicious
https://aka.ms/pscore6
unknown
https://aka.ms/pscore68
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown

Memdumps

Base Address
Regiontype
Protect
Malicious
1F56E87D000
heap
page read and write
7FF849120000
trusted library allocation
page read and write
1F556360000
heap
page execute and read and write
1F55680B000
trusted library allocation
page read and write
1F554923000
heap
page read and write
1F55491F000
heap
page read and write
7FF848FCA000
trusted library allocation
page read and write
1F55491D000
heap
page read and write
1F5667F1000
trusted library allocation
page read and write
1F556866000
trusted library allocation
page read and write
1DBE677000
stack
page read and write
7FF848EC6000
trusted library allocation
page read and write
1F554890000
heap
page read and write
1DBE57D000
stack
page read and write
1F556914000
trusted library allocation
page read and write
7FF849130000
trusted library allocation
page read and write
1F554A80000
heap
page read and write
7FF848FF2000
trusted library allocation
page read and write
1DBE8FE000
stack
page read and write
1F5564A0000
heap
page read and write
1DBE5F9000
stack
page read and write
1F5549D0000
trusted library allocation
page read and write
7FF848E6C000
trusted library allocation
page execute and read and write
1F556922000
trusted library allocation
page read and write
7FF848EF6000
trusted library allocation
page execute and read and write
1DBE47E000
stack
page read and write
1DBDF9E000
stack
page read and write
1F554981000
heap
page read and write
1F554B10000
heap
page read and write
1F5549A0000
trusted library allocation
page read and write
1F554A70000
trusted library allocation
page read and write
1F556C82000
trusted library allocation
page read and write
1F554800000
heap
page read and write
1F55691F000
trusted library allocation
page read and write
1F556911000
trusted library allocation
page read and write
1F55690B000
trusted library allocation
page read and write
7FF848ED0000
trusted library allocation
page execute and read and write
1F55695A000
trusted library allocation
page read and write
1F556D2C000
trusted library allocation
page read and write
7FF848ECC000
trusted library allocation
page execute and read and write
7FF849030000
trusted library allocation
page read and write
1DBE777000
stack
page read and write
1F5570A0000
trusted library allocation
page read and write
7FF849110000
trusted library allocation
page read and write
7FF849000000
trusted library allocation
page execute and read and write
1F55688D000
trusted library allocation
page read and write
7FF849090000
trusted library allocation
page read and write
7FF8490D0000
trusted library allocation
page read and write
1F556B1A000
trusted library allocation
page read and write
1F56E7F0000
heap
page read and write
7FF848E13000
trusted library allocation
page execute and read and write
1F5549F0000
heap
page readonly
7FF849050000
trusted library allocation
page read and write
1F556CDD000
trusted library allocation
page read and write
1DBE2FE000
stack
page read and write
7FF848E14000
trusted library allocation
page read and write
1F5549E0000
heap
page read and write
1DBE77E000
stack
page read and write
1F554941000
heap
page read and write
1F56E83F000
heap
page read and write
1F556961000
trusted library allocation
page read and write
7FF8490E0000
trusted library allocation
page read and write
7FF848EC0000
trusted library allocation
page read and write
1F56E910000
heap
page read and write
1F556815000
trusted library allocation
page read and write
1F56EA1F000
heap
page read and write
7FF849040000
trusted library allocation
page read and write
1F556DDE000
trusted library allocation
page read and write
1F56EA1C000
heap
page read and write
7FF848E12000
trusted library allocation
page read and write
7FF849020000
trusted library allocation
page read and write
7FF8490C0000
trusted library allocation
page read and write
1F5546C0000
heap
page read and write
1F554987000
heap
page read and write
1F554898000
heap
page read and write
1F5567F1000
trusted library allocation
page read and write
1F556CD4000
trusted library allocation
page read and write
1F5564A5000
heap
page read and write
1F55493D000
heap
page read and write
7FF849080000
trusted library allocation
page read and write
1F5548A2000
heap
page read and write
1F556B50000
trusted library allocation
page read and write
1DBDF15000
stack
page read and write
1F56E8EC000
heap
page read and write
1F56E9F7000
heap
page execute and read and write
1F56EA00000
heap
page read and write
7FF8490A0000
trusted library allocation
page read and write
1DBE4FF000
stack
page read and write
1F554B15000
heap
page read and write
1F5547C0000
heap
page read and write
1F55683A000
trusted library allocation
page read and write
1DBDFDE000
stack
page read and write
7FF848E30000
trusted library allocation
page read and write
7FF8490B0000
trusted library allocation
page read and write
7FF849070000
trusted library allocation
page read and write
1F554939000
heap
page read and write
1F55683D000
trusted library allocation
page read and write
1F554947000
heap
page read and write
1F56E834000
heap
page read and write
1DBE97E000
stack
page read and write
1F556925000
trusted library allocation
page read and write
1F56E8C0000
heap
page read and write
7FF848FB0000
trusted library allocation
page read and write
1F554983000
heap
page read and write
7FF849100000
trusted library allocation
page read and write
1F56E9F0000
heap
page execute and read and write
7FF849150000
trusted library allocation
page read and write
1F56685F000
trusted library allocation
page read and write
1F554959000
heap
page read and write
1F566800000
trusted library allocation
page read and write
1F556CE5000
trusted library allocation
page read and write
1F55709C000
trusted library allocation
page read and write
1F5547A0000
heap
page read and write
7FF848E1D000
trusted library allocation
page execute and read and write
7FF848FE0000
trusted library allocation
page execute and read and write
7FF848F30000
trusted library allocation
page execute and read and write
7FF849140000
trusted library allocation
page read and write
1DBE37E000
stack
page read and write
1F556CA4000
trusted library allocation
page read and write
1F55690E000
trusted library allocation
page read and write
1F5548DB000
heap
page read and write
1DBE6FB000
stack
page read and write
7FF848FC1000
trusted library allocation
page read and write
1DBE7FE000
stack
page read and write
1F56EA26000
heap
page read and write
7FF849010000
trusted library allocation
page read and write
1F5548D9000
heap
page read and write
7FF848FD0000
trusted library allocation
page execute and read and write
7FF849060000
trusted library allocation
page read and write
1DBE9FB000
stack
page read and write
1F556BDE000
trusted library allocation
page read and write
1F556480000
heap
page execute and read and write
1DBE3FB000
stack
page read and write
1F55689C000
trusted library allocation
page read and write
1DBE27E000
stack
page read and write
7FF8490F0000
trusted library allocation
page read and write
7FF848E20000
trusted library allocation
page read and write
7DF48D930000
trusted library allocation
page execute and read and write
1DBE87F000
stack
page read and write
1F554945000
heap
page read and write
There are 130 hidden memdumps, click here to show them.