Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | June 25, 2021, 3:16 p.m. | June 25, 2021, 3:21 p.m. |
-
-
-
cmd.exe cmd /c ""C:\Users\test22\AppData\Local\Temp\7ZSfx000.cmd" "
3660
-
-
EqualizerAPO64-1.2.1.exe "C:\Users\test22\AppData\Local\Temp\EqualizerAPO64-1.2.1.exe"
3908
-
-
explorer.exe C:\Windows\Explorer.EXE
1848
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
172.217.25.14 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
section | CODE |
section | DATA |
section | BSS |
packer | BobSoft Mini Delphi -> BoB / BobSoft |
file | C:\Program Files (x86)\PC Equalizer\PCEqualizer.exe |
file | C:\Users\test22\AppData\Local\Temp\nsv4145.tmp\nsDialogs.dll |
file | C:\Program Files (x86)\PC Equalizer\PC-Equalizer.exe |
file | C:\Program Files (x86)\PC Equalizer\data\Plugins\requ\liceline.exe |
file | C:\Users\test22\AppData\Local\Temp\EqualizerAPO64-1.2.1.exe |
file | C:\Program Files (x86)\PC Equalizer\lua5.1.dll |
file | C:\Program Files (x86)\PC Equalizer\Uninstall.exe |
file | C:\Users\test22\Desktop\PC Equalizer.lnk |
file | C:\Users\test22\AppData\Local\Temp\nsv4145.tmp\NSISpcre.dll |
file | C:\Users\test22\AppData\Local\Temp\nsv4145.tmp\System.dll |
file | C:\Program Files (x86)\PC Equalizer\PCEqualizer.dll |
file | C:\Users\test22\AppData\Local\Temp\7ZSfx000.cmd |
file | C:\Program Files (x86)\PC Equalizer\lua51.dll |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk |
file | C:\Users\test22\Desktop\PC Equalizer.lnk |
file | C:\Program Files (x86)\PC Equalizer\PC-Equalizer.exe |
file | C:\Users\test22\AppData\Local\Temp\EqualizerAPO64-1.2.1.exe |
file | C:\Users\test22\AppData\Local\Temp\7ZSfx000.cmd |
file | C:\Users\test22\AppData\Local\Temp\nsv4145.tmp\nsDialogs.dll |
file | C:\Users\test22\AppData\Local\Temp\nsv4145.tmp\NSISpcre.dll |
file | C:\Users\test22\AppData\Local\Temp\nsv4145.tmp\System.dll |
file | C:\Users\test22\AppData\Local\Temp\EqualizerAPO64-1.2.1.exe |
url | http://nsis.sf.net/NSIS_Error |
description | Escalate priviledges | rule | Escalate_priviledges | ||||||
description | Take ScreenShot | rule | ScreenShot | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Bypass DEP | rule | disable_dep | ||||||
description | Take ScreenShot | rule | ScreenShot | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Bypass DEP | rule | disable_dep |
host | 172.217.25.14 |
file | C:\Users\test22\AppData\Local\Temp\7ZSfx000.cmd |
MicroWorld-eScan | Gen:Heur.SMHeist.3 |
FireEye | Generic.mg.8073587ad2b8cc98 |
McAfee | Artemis!8073587AD2B8 |
Sangfor | Suspicious.Win32.SMHeist.3 |
Cybereason | malicious.ad2b8c |
Cyren | W32/Trojan.DXXJ-1478 |
Symantec | ML.Attribute.HighConfidence |
APEX | Malicious |
Avast | FileRepMalware |
BitDefender | Gen:Heur.SMHeist.3 |
Ad-Aware | Gen:Heur.SMHeist.3 |
Emsisoft | Gen:Heur.SMHeist.3 (B) |
McAfee-GW-Edition | Artemis |
Webroot | W32.Malware.Gen |
Microsoft | Ransom:Win32/Crypmod |
Arcabit | Trojan.SMHeist.3 |
GData | Gen:Heur.SMHeist.3 |
MAX | malware (ai score=80) |
Malwarebytes | Malware.AI.4286241904 |
TrendMicro-HouseCall | TROJ_GEN.R002H09FL21 |
Ikarus | Gen.SMHeist |
Fortinet | W32/PossibleThreat |
AVG | FileRepMalware |
CrowdStrike | win/malicious_confidence_60% (W) |