Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | June 25, 2021, 2:34 p.m. | June 25, 2021, 2:44 p.m. |
-
-
-
regini.exe regini C:\Users\test22\AppData\Local\Temp\regini.ini
584
-
-
-
regini.exe regini C:\Users\test22\AppData\Local\Temp\regini.ini
2324
-
-
cmd.exe cmd.exe /c ping -n 3 127.1 & del /q "C:\Users\test22\AppData\Local\Temp\lock_Setup.exe"
1120-
PING.EXE ping -n 3 127.1
812
-
-
-
explorer.exe C:\Windows\Explorer.EXE
1848
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
164.124.101.2 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
file | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
regkey | .*360Safe |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\Start Page |
registry | \REGISTRY\USER\.DEFAULT\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\Start Page |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\Start Page |
registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page |
registry | HKEY_CURRENT_USER\.DEFAULT\Software\Wow6432Node\Microsoft\Internet Explorer\Main\Start Page |
registry | HKEY_CURRENT_USER\Software\Wow6432Node\Microsoft\Internet Explorer\MAIN\Start Page |
file | C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk |
file | C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk |
file | C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Chrome.lnk |
file | C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chrome.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chrome.lnk |
file | C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk |
file | C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\????? ?? 2010.lnk |
file | C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Chrome.lnk |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Chrome.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\한컴 사전.lnk |
file | C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Chrome.lnk |
file | C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chrome.lnk |
file | C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\한컴오피스 한글 2010.lnk |
file | C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chrome.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\?? ??.lnk |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EditPlus.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk |
cmdline | cmd.exe /c ping -n 3 127.1 & del /q "C:\Users\test22\AppData\Local\Temp\lock_Setup.exe" |
cmdline | C:\Windows\system32\cmd.exe /C regini %temp%\regini.ini |
file | C:\Users\test22\AppData\Local\Temp\lock_Setup.exe |
section | {u'size_of_data': u'0x00054e00', u'virtual_address': u'0x00098000', u'entropy': 7.9371091744154985, u'name': u'UPX1', u'virtual_size': u'0x00055000'} | entropy | 7.93710917442 | description | A section with a high entropy has been found | |||||||||
entropy | 0.788617886179 | description | Overall entropy of this PE file is high |
section | UPX0 | description | Section name indicates UPX | ||||||
section | UPX1 | description | Section name indicates UPX |
cmdline | cmd.exe /c ping -n 3 127.1 & del /q "C:\Users\test22\AppData\Local\Temp\lock_Setup.exe" |
cmdline | ping -n 3 127.1 |
Bkav | W32.AIDetect.malware2 |
Elastic | malicious (high confidence) |
DrWeb | Trojan.Click3.29713 |
MicroWorld-eScan | Trojan.GenericKD.46514503 |
ALYac | Trojan.GenericKD.46514503 |
Cylance | Unsafe |
Sangfor | Riskware.Win32.Agent.ky |
CrowdStrike | win/malicious_confidence_60% (W) |
Arcabit | Trojan.Generic.D2C5C147 |
Cyren | W32/Trojan.MOTR-5742 |
Symantec | ML.Attribute.HighConfidence |
APEX | Malicious |
Paloalto | generic.ml |
Kaspersky | UDS:DangerousObject.Multi.Generic |
BitDefender | Trojan.GenericKD.46514503 |
AegisLab | Trojan.Multi.Generic.4!c |
Avast | Win32:Malware-gen |
Ad-Aware | Trojan.GenericKD.46514503 |
Sophos | Mal/Generic-S |
VIPRE | Trojan.Win32.Generic!BT |
TrendMicro | TROJ_FRS.VSNTFJ21 |
McAfee-GW-Edition | BehavesLike.Win32.TrojanAitInject.gc |
FireEye | Generic.mg.4c5c0403d852fcd4 |
Emsisoft | Trojan.GenericKD.46514503 (B) |
Jiangmin | Variant.Symmi.aeh |
MAX | malware (ai score=81) |
Antiy-AVL | Trojan/Generic.ASMalwS.1C1636F |
Kingsoft | Win32.Troj.Generic_a.a.(kcloud) |
Gridinsoft | Trojan.Win32.Downloader.sa |
Microsoft | Worm:Win32/Vigorf.A |
GData | Trojan.GenericKD.46514503 |
Cynet | Malicious (score: 100) |
AhnLab-V3 | Trojan/Win.Generic.C4531354 |
McAfee | RDN/Generic.cf |
VBA32 | Trojan.SelfDel |
Malwarebytes | Malware.AI.1478680933 |
TrendMicro-HouseCall | TROJ_FRS.VSNTFJ21 |
Rising | Trojan.Obfus/Autoit!1.D77B (CLASSIC) |
Yandex | Trojan.GenAsa!NHzzuRkQa3Y |
MaxSecure | Trojan.Malware.1728101.susgen |
Fortinet | W32/PossibleThreat |
AVG | Win32:Malware-gen |