Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Feb. 3, 2022, 1:49 p.m. | Feb. 3, 2022, 2:14 p.m. |
-
-
-
-
net1.exe C:\Windows\system32\net1 stop MiningeService
2984
-
-
-
-
sc.exe Sc delete MiningeService
2060
-
-
cmd.exe C:\Windows\system32\cmd.exe /C Sc create MiningeService binpath= C:\Windows\Client.exe start= auto DisplayName= MiningeService
788-
sc.exe Sc create MiningeService binpath= C:\Windows\Client.exe start= auto DisplayName= MiningeService
2024
-
-
-
sc.exe sc description MiningeService ServiceManagerForMiner
2292
-
-
cmd.exe C:\Windows\system32\cmd.exe /C sc failure MiningeService reset= 3600 actions= restart/60000/restart/60000/restart/60000
2416-
sc.exe sc failure MiningeService reset= 3600 actions= restart/60000/restart/60000/restart/60000
2464
-
-
-
-
net1.exe C:\Windows\system32\net1 start MiningeService
2788
-
-
-
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
91.243.32.26 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
section | .ndata |
file | C:\Users\test22\AppData\Local\Temp\nsaE2CF.tmp\nsProcess.dll |
file | C:\Users\test22\AppData\Local\Temp\nsaE2CF.tmp\nsExec.dll |
file | C:\Windows\Client.exe |
cmdline | C:\Windows\system32\cmd.exe /C sc description MiningeService ServiceManagerForMiner |
cmdline | C:\Windows\system32\cmd.exe /C sc failure MiningeService reset= 3600 actions= restart/60000/restart/60000/restart/60000 |
cmdline | C:\Windows\system32\cmd.exe /C Sc delete MiningeService |
cmdline | C:\Windows\system32\cmd.exe /C net stop MiningeService |
cmdline | C:\Windows\system32\cmd.exe /C net start MiningeService |
cmdline | C:\Windows\system32\cmd.exe /C Sc create MiningeService binpath= C:\Windows\Client.exe start= auto DisplayName= MiningeService |
file | C:\Users\test22\AppData\Local\Temp\nsaE2CF.tmp\nsExec.dll |
file | C:\Users\test22\AppData\Local\Temp\nsaE2CF.tmp\nsProcess.dll |
cmdline | net start MiningeService |
cmdline | C:\Windows\system32\cmd.exe /C sc description MiningeService ServiceManagerForMiner |
cmdline | C:\Windows\system32\cmd.exe /C sc failure MiningeService reset= 3600 actions= restart/60000/restart/60000/restart/60000 |
cmdline | Sc create MiningeService binpath= C:\Windows\Client.exe start= auto DisplayName= MiningeService |
cmdline | net stop MiningeService |
cmdline | sc description MiningeService ServiceManagerForMiner |
cmdline | C:\Windows\system32\cmd.exe /C Sc delete MiningeService |
cmdline | C:\Windows\system32\cmd.exe /C net stop MiningeService |
cmdline | C:\Windows\system32\cmd.exe /C net start MiningeService |
cmdline | sc failure MiningeService reset= 3600 actions= restart/60000/restart/60000/restart/60000 |
cmdline | Sc delete MiningeService |
cmdline | C:\Windows\system32\cmd.exe /C Sc create MiningeService binpath= C:\Windows\Client.exe start= auto DisplayName= MiningeService |
host | 91.243.32.26 |
service_name | MiningeService | service_path | C:\Windows\Client.exe |
Elastic | malicious (high confidence) |
MicroWorld-eScan | Gen:Variant.Zusy.325941 |
FireEye | Generic.mg.472afcfc669c79a6 |
ALYac | Gen:Variant.Zusy.325941 |
Cylance | Unsafe |
K7AntiVirus | Trojan-Downloader ( 0050e5cf1 ) |
K7GW | Trojan-Downloader ( 0050e5cf1 ) |
CrowdStrike | win/malicious_confidence_60% (D) |
Cyren | W32/Delf.PR.gen!Eldorado |
Symantec | ML.Attribute.HighConfidence |
ESET-NOD32 | a variant of Win32/Delf.BBD |
APEX | Malicious |
Kaspersky | HEUR:Trojan.Win32.Agentb.gen |
BitDefender | Gen:Variant.Zusy.325941 |
SUPERAntiSpyware | Trojan.Agent/Gen-Zusy |
Avast | Win32:TrojanX-gen [Trj] |
Emsisoft | Gen:Variant.Zusy.325941 (B) |
McAfee-GW-Edition | BehavesLike.Win32.Generic.tc |
Sophos | Mal/Generic-S |
SentinelOne | Static AI - Suspicious PE |
Avira | HEUR/AGEN.1145140 |
Microsoft | Trojan:Script/Phonzy.C!ml |
Gridinsoft | Malware.Win32.Gen.cc!s5 |
GData | Gen:Variant.Zusy.325941 |
Cynet | Malicious (score: 100) |
AhnLab-V3 | Trojan/Win32.Fuery.R202739 |
McAfee | Artemis!472AFCFC669C |
MAX | malware (ai score=83) |
Malwarebytes | RiskWare.BitCoinMiner |
Rising | Trojan.CoinMiner/NSIS!1.D88C (CLASSIC) |
BitDefenderTheta | Gen:NN.ZelphiF.34182.@V0@aS0r3gii |
AVG | Win32:TrojanX-gen [Trj] |