Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | Aug. 26, 2022, 9:55 a.m. | Aug. 26, 2022, 9:57 a.m. |
-
wscript.exe "C:\Windows\System32\wscript.exe" "C:\Users\test22\AppData\Local\Temp\OV DU 220722.PDF.js"
2176-
wscript.exe "C:\Windows\System32\wscript.exe" //B "C:\Users\test22\AppData\Roaming\hFINgWEGSB.js"
2248 -
LANCEMENT.exe "C:\Users\test22\AppData\Local\Temp\LANCEMENT.exe"
2316
-
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
description | LANCEMENT.exe tried to sleep 171 seconds, actually delayed analysis time by 171 seconds |
file | C:\Users\test22\AppData\Roaming\hFINgWEGSB.js |
file | C:\Users\test22\AppData\Local\Temp\LANCEMENT.exe |
file | C:\Users\test22\AppData\Local\Temp\LANCEMENT.exe |
host | 143.198.133.245 |
file | C:\Users\test22\AppData\Local\Temp\LANCEMENT.exe |
parent_process | wscript.exe | martian_process | "C:\Windows\System32\wscript.exe" //B "C:\Users\test22\AppData\Roaming\hFINgWEGSB.js" | ||||||
parent_process | wscript.exe | martian_process | C:\Users\test22\AppData\Local\Temp\LANCEMENT.exe | ||||||
parent_process | wscript.exe | martian_process | "C:\Users\test22\AppData\Local\Temp\LANCEMENT.exe" | ||||||
parent_process | wscript.exe | martian_process | wscript //B "C:\Users\test22\AppData\Roaming\hFINgWEGSB.js" |
Lionic | Trojan.Script.Generic.b!c |
DrWeb | Trojan.MulDrop20.45409 |
FireEye | Trojan.GenericKD.61448550 |
CAT-QuickHeal | JS.Nemucod.BGF |
VIPRE | Trojan.GenericKD.61448550 |
Cyren | ABRisk.YUWJ-5 |
Symantec | Backdoor.Cobalt |
Avast | Other:Malware-gen [Trj] |
Kaspersky | HEUR:Trojan-Dropper.Script.Generic |
BitDefender | Trojan.GenericKD.61448550 |
NANO-Antivirus | Trojan.Script.Dropper.foxxbq |
MicroWorld-eScan | Trojan.GenericKD.61448550 |
Ad-Aware | Trojan.GenericKD.61448550 |
Emsisoft | Trojan.GenericKD.61448550 (B) |
Microsoft | Trojan:Win32/Leonem |
Arcabit | Trojan.Generic.D3A9A166 |
GData | Trojan.GenericKD.61448550 |
Detected | |
ALYac | Trojan.GenericKD.61448550 |
VBA32 | suspected of JS.Crypted.Heur |
Ikarus | Trojan.Script |
AVG | Other:Malware-gen [Trj] |
dead_host | 143.198.133.245:443 |
file | C:\Users\test22\AppData\Local\Temp\LANCEMENT.exe |
file | C:\Windows\SysWOW64\wscript.exe |