Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Nov. 19, 2022, 9:39 a.m. | Nov. 19, 2022, 9:44 a.m. |
-
-
Bolt2.tmp "C:\Users\test22\AppData\Local\Temp\is-NJCLH.tmp\Bolt2.tmp" /SL5="$70178,140559,56832,C:\Users\test22\AppData\Local\Temp\Bolt2.exe"
2604
-
-
explorer.exe C:\Windows\Explorer.EXE
1452
Name | Response | Post-Analysis Lookup |
---|---|---|
160dd0af-5534-4369-972f-5aa0f99c9324.s3.pl-waw.scw.cloud |
CNAME
s3.pl-waw.scw.cloud
|
151.115.10.1 |
nova-brothers.s3.pl-waw.scw.cloud |
CNAME
s3.pl-waw.scw.cloud
|
151.115.10.1 |
Suricata Alerts
Suricata TLS
No Suricata TLS
section | CODE |
section | DATA |
section | BSS |
request | HEAD http://160dd0af-5534-4369-972f-5aa0f99c9324.s3.pl-waw.scw.cloud/workflow/poweroff-1mo67u5vspq3.exe |
request | GET http://160dd0af-5534-4369-972f-5aa0f99c9324.s3.pl-waw.scw.cloud/workflow/poweroff-1mo67u5vspq3.exe |
file | C:\Users\test22\AppData\Local\Temp\is-H15BU.tmp\_isetup\_shfoldr.dll |
file | C:\Users\test22\AppData\Local\Temp\is-H15BU.tmp\idp.dll |
file | C:\Users\test22\AppData\Local\Temp\is-H15BU.tmp\_isetup\_shfoldr.dll |
file | C:\Users\test22\AppData\Local\Temp\is-H15BU.tmp\idp.dll |
file | C:\Users\test22\AppData\Local\Temp\is-NJCLH.tmp\Bolt2.tmp |
file | C:\Users\test22\AppData\Local\Temp\is-NJCLH.tmp\Bolt2.tmp |
Bkav | W32.AIDetect.malware2 |
Lionic | Trojan.Win32.Generic.4!c |
Elastic | malicious (high confidence) |
DrWeb | Trojan.DownLoader44.21184 |
MicroWorld-eScan | Trojan.GenericKD.63533652 |
FireEye | Trojan.GenericKD.63533652 |
CAT-QuickHeal | Backdoor.Manuscrypt |
McAfee | Artemis!501C0B729F6E |
Cylance | Unsafe |
VIPRE | Trojan.GenericKD.63533652 |
Sangfor | Backdoor.Win32.Manuscrypt.Vv7m |
K7AntiVirus | Trojan-Downloader ( 00599e201 ) |
Alibaba | Backdoor:Win32/Manuscrypt.9f82f9aa |
K7GW | Trojan-Downloader ( 00599e201 ) |
Cybereason | malicious.05450e |
Arcabit | Trojan.Generic.D3C97254 |
Cyren | W32/ABRisk.KMBD-4947 |
Symantec | Trojan.Gen.MBT |
ESET-NOD32 | a variant of Win32/TrojanDownloader.Adload.NVT |
APEX | Malicious |
Kaspersky | Backdoor.Win32.Manuscrypt.bs |
BitDefender | Trojan.GenericKD.63533652 |
SUPERAntiSpyware | Backdoor.Manuscrypt/Variant |
Avast | Other:Malware-gen [Trj] |
Tencent | Win32.Backdoor.Manuscrypt.Adhl |
Ad-Aware | Trojan.GenericKD.63533652 |
Sophos | Generic ML PUA (PUA) |
F-Secure | Heuristic.HEUR/AGEN.1233171 |
TrendMicro | Trojan.Win32.PRIVATELOADER.YXCKSZ |
McAfee-GW-Edition | BehavesLike.Win32.AdwareFileTour.fc |
Emsisoft | Trojan.GenericKD.63533652 (B) |
Ikarus | Trojan-Downloader.Win32.Adload |
Webroot | W32.Malware.Gen |
Detected | |
Avira | HEUR/AGEN.1233171 |
Gridinsoft | Trojan.Win32.Downloader.sa |
Microsoft | Backdoor:Win32/Manuscrypt!MTB |
ViRobot | Trojan.Win32.Z.Manuscrypt.390117 |
ZoneAlarm | Backdoor.Win32.Manuscrypt.bs |
GData | Trojan.GenericKD.63533652 |
Cynet | Malicious (score: 99) |
AhnLab-V3 | Malware/Win32.Generic.C4341768 |
ALYac | Trojan.GenericKD.63533652 |
MAX | malware (ai score=87) |
Malwarebytes | Generic.Trojan.Malicious.DDS |
TrendMicro-HouseCall | TROJ_GEN.R002C0DKC22 |
Fortinet | W32/PossibleThreat |
AVG | Other:Malware-gen [Trj] |