IOC Report
92.255.57.155.ps1

loading gifFilesProcessesURLsIPsMemdumps54321010010Label

Files

File Path
Type
Category
Malicious
Download
92.255.57.155.ps1
ASCII text, with very long lines (65481), with CRLF line terminators
initial sample
malicious
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1ysiz34r.ilk.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mnqrtdrr.cux.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\K4Z6E38R47VKYKX20MAO.temp
data
dropped

Processes

Path
Cmdline
Malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\92.255.57.155.ps1"
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

URLs

Name
IP
Malicious
92.255.57.155
http://nuget.org/NuGet.exe
unknown
https://aka.ms/pscore68
unknown
http://pesterbdd.com/images/Pester.png
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
http://www.apache.org/licenses/LICENSE-2.0.html
unknown
https://go.micro
unknown
https://github.com/Pester/Pester
unknown
https://contoso.com/
unknown
https://nuget.org/nuget.exe
unknown
https://contoso.com/License
unknown
https://contoso.com/Icon
unknown
There are 2 hidden URLs, click here to show them.

IPs

IP
Domain
Country
Malicious
92.255.57.155
unknown
Russian Federation
malicious

Memdumps

Base Address
Regiontype
Protect
Malicious
Download
17D00227000
trusted library allocation
page read and write
malicious
402000
remote allocation
page execute and read and write
malicious
2861000
trusted library allocation
page read and write
malicious
17D0045A000
trusted library allocation
page read and write
malicious
17D00CEF000
trusted library allocation
page read and write
malicious
7FFD34A20000
trusted library allocation
page read and write
17D7B58C000
heap
page read and write
7FFD34A70000
trusted library allocation
page read and write
BA1000
heap
page read and write
C6B000
trusted library allocation
page execute and read and write
2750000
heap
page execute and read and write
4EBC000
stack
page read and write
5E9C000
stack
page read and write
6BDC47E000
stack
page read and write
4D40000
heap
page read and write
17D7B8E6000
heap
page read and write
BCA000
heap
page read and write
17D7B020000
heap
page readonly
17D013D8000
trusted library allocation
page read and write
BD7000
heap
page read and write
7FFD34941000
trusted library allocation
page read and write
5F9E000
stack
page read and write
17D012BA000
trusted library allocation
page read and write
613C000
stack
page read and write
545E000
stack
page read and write
17D012E9000
trusted library allocation
page read and write
17D00001000
trusted library allocation
page read and write
7FFD34846000
trusted library allocation
page read and write
6BDC5FE000
stack
page read and write
17D7B4FC000
heap
page read and write
3861000
trusted library allocation
page read and write
531E000
stack
page read and write
6BDC93E000
stack
page read and write
83B000
stack
page read and write
7FFD34975000
trusted library allocation
page read and write
B1E000
heap
page read and write
17D7AFE0000
trusted library allocation
page read and write
541E000
stack
page read and write
7FFD34980000
trusted library allocation
page execute and read and write
17D79662000
heap
page read and write
49FE000
stack
page read and write
EC0000
trusted library allocation
page execute and read and write
6BDC57F000
stack
page read and write
17D7B8E3000
heap
page read and write
17D7B5A7000
heap
page read and write
5710000
heap
page read and write
E9E000
stack
page read and write
285E000
stack
page read and write
B7C000
heap
page read and write
599E000
stack
page read and write
C5A000
trusted library allocation
page execute and read and write
2720000
trusted library allocation
page read and write
7FFD34792000
trusted library allocation
page read and write
7FFD34950000
trusted library allocation
page execute and read and write
7FFD34AE0000
trusted library allocation
page read and write
B2B000
heap
page read and write
6BDC8BA000
stack
page read and write
ED0000
heap
page read and write
60F0000
trusted library allocation
page read and write
17D7968C000
heap
page read and write
6275000
trusted library allocation
page read and write
C43000
trusted library allocation
page read and write
5670000
heap
page read and write
C90000
heap
page read and write
17D7B850000
heap
page execute and read and write
5C1D000
stack
page read and write
7FFD34AD7000
trusted library allocation
page read and write
17D10236000
trusted library allocation
page read and write
7FFD3479D000
trusted library allocation
page execute and read and write
17D7B747000
heap
page execute and read and write
17D7AFD0000
heap
page read and write
6BDC2FE000
stack
page read and write
7FFD34930000
trusted library allocation
page read and write
2897000
trusted library allocation
page read and write
6BDC275000
stack
page read and write
6BDCABE000
stack
page read and write
7FFD34972000
trusted library allocation
page read and write
B08000
heap
page read and write
7FFD34850000
trusted library allocation
page execute and read and write
6244000
trusted library allocation
page read and write
17D1002A000
trusted library allocation
page read and write
17D1006E000
trusted library allocation
page read and write
6BDC839000
stack
page read and write
7FFD34A60000
trusted library allocation
page read and write
555E000
stack
page read and write
5B1C000
stack
page read and write
17D7968A000
heap
page read and write
7FFD349C0000
trusted library allocation
page read and write
C30000
trusted library allocation
page read and write
C97000
heap
page read and write
7FFD34AF0000
trusted library allocation
page read and write
3869000
trusted library allocation
page read and write
17D00087000
trusted library allocation
page read and write
7FFD34A10000
trusted library allocation
page read and write
7FFD34A00000
trusted library allocation
page read and write
17D7B030000
trusted library allocation
page read and write
17D10001000
trusted library allocation
page read and write
C52000
trusted library allocation
page read and write
595E000
stack
page read and write
7FFD3494A000
trusted library allocation
page read and write
D9F000
stack
page read and write
7FFD349E0000
trusted library allocation
page read and write
7FFD34790000
trusted library allocation
page read and write
C56000
trusted library allocation
page execute and read and write
7FFD34AA0000
trusted library allocation
page read and write
5219000
stack
page read and write
6BDC4FB000
stack
page read and write
17D7B420000
trusted library allocation
page read and write
56B0000
trusted library allocation
page read and write
17D795A8000
heap
page read and write
17D02036000
trusted library allocation
page read and write
C34000
trusted library allocation
page read and write
17D7B564000
heap
page read and write
60E0000
trusted library allocation
page read and write
17D7B90B000
heap
page read and write
7FFD349B0000
trusted library allocation
page read and write
C40000
trusted library allocation
page read and write
ED7000
heap
page read and write
7FFD349A0000
trusted library allocation
page read and write
BF0000
heap
page read and write
5700000
heap
page read and write
7FFD34A30000
trusted library allocation
page read and write
C50000
trusted library allocation
page read and write
7FFD34793000
trusted library allocation
page execute and read and write
ABE000
stack
page read and write
17D0044E000
trusted library allocation
page read and write
B3A000
heap
page read and write
17D100C8000
trusted library allocation
page read and write
B00000
heap
page read and write
17D7B8F1000
heap
page read and write
7F780000
trusted library allocation
page execute and read and write
17D0156C000
trusted library allocation
page read and write
6BDCA3B000
stack
page read and write
17D7B590000
heap
page read and write
6BDC73F000
stack
page read and write
17D7B075000
heap
page read and write
17D7B490000
heap
page read and write
7FFD34876000
trusted library allocation
page execute and read and write
C33000
trusted library allocation
page execute and read and write
7FFD34B00000
trusted library allocation
page read and write
4ED0000
heap
page read and write
56FE000
stack
page read and write
4F5E000
stack
page read and write
17D79690000
heap
page read and write
B3C000
heap
page read and write
591E000
stack
page read and write
7FFD34A50000
trusted library allocation
page read and write
58DD000
stack
page read and write
7FFD349F0000
trusted library allocation
page read and write
4ED3000
heap
page read and write
17D795A0000
heap
page read and write
17D7B740000
heap
page execute and read and write
6BDC3FD000
stack
page read and write
6BDCB3B000
stack
page read and write
17D79905000
heap
page read and write
7FFD34A80000
trusted library allocation
page read and write
4F70000
heap
page execute and read and write
A76000
heap
page read and write
6BDC7B6000
stack
page read and write
17D7B450000
trusted library allocation
page read and write
6290000
heap
page read and write
6BDC9BE000
stack
page read and write
970000
heap
page read and write
C3D000
trusted library allocation
page execute and read and write
17D79648000
heap
page read and write
17D79550000
heap
page read and write
17D01636000
trusted library allocation
page read and write
17D7B880000
heap
page read and write
17D7964E000
heap
page read and write
7FFD34794000
trusted library allocation
page read and write
17D79641000
heap
page read and write
6281000
trusted library allocation
page read and write
7FFD34990000
trusted library allocation
page read and write
C67000
trusted library allocation
page execute and read and write
17D7BAB0000
trusted library section
page read and write
6BDC37E000
stack
page read and write
6BDC6F8000
stack
page read and write
17D795B2000
heap
page read and write
7FFD34AD0000
trusted library allocation
page read and write
6BDD58B000
stack
page read and write
17D79540000
heap
page read and write
2710000
trusted library allocation
page read and write
17D7B010000
trusted library allocation
page read and write
7FFD34840000
trusted library allocation
page read and write
5D60000
heap
page read and write
4F1E000
stack
page read and write
7FFD34A90000
trusted library allocation
page read and write
7FFD3484C000
trusted library allocation
page execute and read and write
17D01632000
trusted library allocation
page read and write
17D79570000
heap
page read and write
7FFD34960000
trusted library allocation
page execute and read and write
7DF455780000
trusted library allocation
page execute and read and write
B9D000
heap
page read and write
6BDC67D000
stack
page read and write
5D6D000
heap
page read and write
270C000
stack
page read and write
7FFD347A0000
trusted library allocation
page read and write
6BDD50E000
stack
page read and write
C20000
trusted library allocation
page read and write
BB6000
heap
page read and write
17D7B770000
heap
page read and write
7FFD3497B000
trusted library allocation
page read and write
AFE000
stack
page read and write
BF9000
heap
page read and write
17D7B410000
heap
page execute and read and write
7FFD347AB000
trusted library allocation
page read and write
17D7B4BD000
heap
page read and write
17D79644000
heap
page read and write
A70000
heap
page read and write
17D10010000
trusted library allocation
page read and write
938000
stack
page read and write
EA0000
heap
page read and write
62D0000
trusted library allocation
page execute and read and write
17D79900000
heap
page read and write
7FFD348B0000
trusted library allocation
page execute and read and write
2CAA000
trusted library allocation
page read and write
A50000
heap
page read and write
17D100D6000
trusted library allocation
page read and write
26C0000
heap
page read and write
C80000
trusted library allocation
page read and write
511D000
stack
page read and write
7FFD349D0000
trusted library allocation
page read and write
5D5E000
stack
page read and write
17D7AF30000
heap
page read and write
17D00456000
trusted library allocation
page read and write
623D000
stack
page read and write
400000
remote allocation
page execute and read and write
7FFD34AC0000
trusted library allocation
page read and write
4868000
trusted library allocation
page read and write
26BE000
stack
page read and write
17D0044A000
trusted library allocation
page read and write
7FFD34A40000
trusted library allocation
page read and write
60F9000
trusted library allocation
page read and write
5C5C000
stack
page read and write
7FFD34AB0000
trusted library allocation
page read and write
5D70000
heap
page read and write
17D7BAC0000
trusted library section
page read and write
17D7B070000
heap
page read and write
589E000
stack
page read and write
4E7E000
stack
page read and write
17D7B573000
heap
page read and write
There are 231 hidden memdumps, click here to show them.