Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
906982022050120220531MES_S Quote.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\906982022050120220531MES_S Quote.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4cowmdch.xfy.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4w5xxvlp.bul.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fg3pbeg0.wm5.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nnk0ukal.3ls.psm1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\906982022050120220531MES_S Quote.exe
|
"C:\Users\user\Desktop\906982022050120220531MES_S Quote.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\906982022050120220531MES_S
Quote.exe"
|
|
|
|
C:\Users\user\Desktop\906982022050120220531MES_S Quote.exe
|
"C:\Users\user\Desktop\906982022050120220531MES_S Quote.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
940000
|
direct allocation
|
page read and write
|
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
2E90000
|
trusted library allocation
|
page read and write
|
||
|
5510000
|
heap
|
page read and write
|
||
|
2DA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
12D0000
|
trusted library allocation
|
page read and write
|
||
|
AD7000
|
heap
|
page read and write
|
||
|
7F1D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5500000
|
trusted library section
|
page readonly
|
||
|
158E000
|
stack
|
page read and write
|
||
|
152B000
|
trusted library allocation
|
page execute and read and write
|
||
|
3052000
|
trusted library allocation
|
page read and write
|
||
|
A86E000
|
stack
|
page read and write
|
||
|
1306000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D9C000
|
stack
|
page read and write
|
||
|
1153000
|
heap
|
page read and write
|
||
|
AD7C000
|
stack
|
page read and write
|
||
|
5520000
|
heap
|
page read and write
|
||
|
A66D000
|
stack
|
page read and write
|
||
|
A9AD000
|
stack
|
page read and write
|
||
|
54C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3047000
|
trusted library allocation
|
page read and write
|
||
|
76C2000
|
trusted library allocation
|
page read and write
|
||
|
7CDE000
|
stack
|
page read and write
|
||
|
15B0000
|
heap
|
page read and write
|
||
|
C2C000
|
unkown
|
page readonly
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
4B0000
|
heap
|
page read and write
|
||
|
1030000
|
heap
|
page read and write
|
||
|
2EB1000
|
trusted library allocation
|
page read and write
|
||
|
588D000
|
stack
|
page read and write
|
||
|
12F0000
|
trusted library allocation
|
page read and write
|
||
|
1278000
|
direct allocation
|
page execute and read and write
|
||
|
80F0000
|
trusted library allocation
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
AE7C000
|
stack
|
page read and write
|
||
|
5780000
|
heap
|
page read and write
|
||
|
576E000
|
stack
|
page read and write
|
||
|
3FF9000
|
trusted library allocation
|
page read and write
|
||
|
54B0000
|
trusted library allocation
|
page read and write
|
||
|
5890000
|
heap
|
page read and write
|
||
|
DB7000
|
stack
|
page read and write
|
||
|
71D0000
|
trusted library allocation
|
page read and write
|
||
|
722F000
|
trusted library allocation
|
page read and write
|
||
|
105D000
|
direct allocation
|
page execute and read and write
|
||
|
7FEE000
|
stack
|
page read and write
|
||
|
1020000
|
heap
|
page read and write
|
||
|
15B7000
|
heap
|
page read and write
|
||
|
10B1000
|
heap
|
page read and write
|
||
|
721E000
|
stack
|
page read and write
|
||
|
11F6000
|
direct allocation
|
page execute and read and write
|
||
|
10CE000
|
direct allocation
|
page execute and read and write
|
||
|
AD0000
|
heap
|
page read and write
|
||
|
80EE000
|
stack
|
page read and write
|
||
|
2ED5000
|
trusted library allocation
|
page read and write
|
||
|
54B2000
|
trusted library allocation
|
page read and write
|
||
|
54D0000
|
trusted library allocation
|
page read and write
|
||
|
A96E000
|
stack
|
page read and write
|
||
|
7D1E000
|
stack
|
page read and write
|
||
|
2DC0000
|
trusted library allocation
|
page read and write
|
||
|
2EB6000
|
trusted library allocation
|
page read and write
|
||
|
1070000
|
heap
|
page read and write
|
||
|
AE80000
|
trusted library allocation
|
page execute and read and write
|
||
|
570B000
|
stack
|
page read and write
|
||
|
7220000
|
trusted library allocation
|
page read and write
|
||
|
70AE000
|
heap
|
page read and write
|
||
|
1310000
|
heap
|
page read and write
|
||
|
7EA0000
|
trusted library section
|
page read and write
|
||
|
107E000
|
heap
|
page read and write
|
||
|
DCF000
|
stack
|
page read and write
|
||
|
2EE0000
|
heap
|
page read and write
|
||
|
12F3000
|
trusted library allocation
|
page read and write
|
||
|
5720000
|
heap
|
page read and write
|
||
|
5450000
|
trusted library allocation
|
page read and write
|
||
|
1302000
|
trusted library allocation
|
page read and write
|
||
|
3050000
|
trusted library allocation
|
page read and write
|
||
|
5530000
|
heap
|
page read and write
|
||
|
53D000
|
stack
|
page read and write
|
||
|
93E000
|
stack
|
page read and write
|
||
|
109C000
|
heap
|
page read and write
|
||
|
54A0000
|
heap
|
page execute and read and write
|
||
|
8FC000
|
stack
|
page read and write
|
||
|
1522000
|
trusted library allocation
|
page read and write
|
||
|
11B5000
|
heap
|
page read and write
|
||
|
769F000
|
stack
|
page read and write
|
||
|
F30000
|
direct allocation
|
page execute and read and write
|
||
|
10A5000
|
heap
|
page read and write
|
||
|
AC3E000
|
stack
|
page read and write
|
||
|
58C0000
|
heap
|
page read and write
|
||
|
A6BE000
|
stack
|
page read and write
|
||
|
12ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
7EB0000
|
heap
|
page read and write
|
||
|
AAAF000
|
stack
|
page read and write
|
||
|
1527000
|
trusted library allocation
|
page execute and read and write
|
||
|
ECF000
|
stack
|
page read and write
|
||
|
1520000
|
trusted library allocation
|
page read and write
|
||
|
151F000
|
stack
|
page read and write
|
||
|
50EC000
|
stack
|
page read and write
|
||
|
2DD0000
|
trusted library allocation
|
page read and write
|
||
|
5430000
|
trusted library allocation
|
page read and write
|
||
|
5AE000
|
stack
|
page read and write
|
||
|
12E3000
|
trusted library allocation
|
page execute and read and write
|
||
|
11FD000
|
direct allocation
|
page execute and read and write
|
||
|
11E1000
|
direct allocation
|
page execute and read and write
|
||
|
58A0000
|
heap
|
page read and write
|
||
|
2DB0000
|
trusted library allocation
|
page read and write
|
||
|
5490000
|
heap
|
page read and write
|
||
|
7225000
|
trusted library allocation
|
page read and write
|
||
|
5710000
|
trusted library allocation
|
page execute and read and write
|
||
|
1540000
|
trusted library allocation
|
page read and write
|
||
|
2E9B000
|
trusted library allocation
|
page read and write
|
||
|
7E1E000
|
stack
|
page read and write
|
||
|
2FF1000
|
trusted library allocation
|
page read and write
|
||
|
B82000
|
unkown
|
page readonly
|
||
|
1098000
|
heap
|
page read and write
|
||
|
10B3000
|
heap
|
page read and write
|
||
|
7BDE000
|
stack
|
page read and write
|
||
|
5533000
|
heap
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
3FF1000
|
trusted library allocation
|
page read and write
|
||
|
70A0000
|
heap
|
page read and write
|
||
|
B80000
|
unkown
|
page readonly
|
||
|
7510000
|
trusted library section
|
page read and write
|
||
|
2EAE000
|
trusted library allocation
|
page read and write
|
||
|
1300000
|
trusted library allocation
|
page read and write
|
||
|
12E4000
|
trusted library allocation
|
page read and write
|
||
|
141E000
|
stack
|
page read and write
|
||
|
1590000
|
heap
|
page read and write
|
||
|
1059000
|
direct allocation
|
page execute and read and write
|
||
|
2EBD000
|
trusted library allocation
|
page read and write
|
||
|
2ED0000
|
trusted library allocation
|
page read and write
|
||
|
7B9E000
|
stack
|
page read and write
|
||
|
AD3F000
|
stack
|
page read and write
|
||
|
2DF8000
|
trusted library allocation
|
page read and write
|
||
|
130A000
|
trusted library allocation
|
page execute and read and write
|
||
|
12E0000
|
trusted library allocation
|
page read and write
|
||
|
5770000
|
trusted library allocation
|
page read and write
|
||
|
11B0000
|
heap
|
page read and write
|
||
|
5785000
|
heap
|
page read and write
|
||
|
12FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
12CE000
|
stack
|
page read and write
|
||
|
2FEE000
|
stack
|
page read and write
|
||
|
11AD000
|
stack
|
page read and write
|
||
|
CBA000
|
stack
|
page read and write
|
||
|
2DE0000
|
heap
|
page execute and read and write
|
||
|
7EE0000
|
heap
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
There are 137 hidden memdumps, click here to show them.