Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | March 16, 2023, 10:28 a.m. | March 16, 2023, 10:38 a.m. |
-
-
nttjjyrr.exe "C:\Users\test22\AppData\Local\Temp\nttjjyrr.exe" C:\Users\test22\AppData\Local\Temp\kdcmehojesw.kx
2140-
nttjjyrr.exe "C:\Users\test22\AppData\Local\Temp\nttjjyrr.exe"
2192
-
-
-
explorer.exe C:\Windows\Explorer.EXE
1236
Name | Response | Post-Analysis Lookup |
---|---|---|
omerlan.duckdns.org | 193.56.29.112 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
UDP 192.168.56.103:52760 -> 164.124.101.2:53 | 2042936 | ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain | Potentially Bad Traffic |
UDP 192.168.56.103:50800 -> 164.124.101.2:53 | 2042936 | ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain | Potentially Bad Traffic |
UDP 192.168.56.103:52760 -> 164.124.101.2:53 | 2022918 | ET INFO DYNAMIC_DNS Query to *.duckdns. Domain | Misc activity |
UDP 192.168.56.103:50800 -> 164.124.101.2:53 | 2022918 | ET INFO DYNAMIC_DNS Query to *.duckdns. Domain | Misc activity |
Suricata TLS
No Suricata TLS
section | .ndata |
domain | omerlan.duckdns.org |
file | C:\Users\test22\AppData\Local\Temp\nttjjyrr.exe |
file | C:\Users\test22\AppData\Roaming\wgpktdyienwsc\lhqmvfbkt.exe |
file | C:\Users\test22\AppData\Local\Temp\nttjjyrr.exe |
file | C:\Users\test22\AppData\Local\Temp\nttjjyrr.exe |
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\oxtdmirbwg | reg_value | C:\Users\test22\AppData\Roaming\wgpktdyienwsc\lhqmvfbkt.exe "C:\Users\test22\AppData\Local\Temp\nttjjyrr.exe" C:\Users\test22\App |
dead_host | 193.56.29.112:6548 |
Lionic | Trojan.Win32.Agent.tshg |
Elastic | malicious (high confidence) |
MicroWorld-eScan | Trojan.NSISX.Spy.Gen.24 |
FireEye | Generic.mg.8c8ee58eacb110d5 |
ALYac | Gen:Variant.Babar.172047 |
Sangfor | Trojan.Win32.Injector.V6yk |
CrowdStrike | win/malicious_confidence_100% (D) |
Alibaba | Trojan:Win32/Injector.e8f0e636 |
Arcabit | Trojan.NSISX.Spy.Gen.24 [many] |
BitDefenderTheta | Gen:NN.ZexaCO.36344.dqW@ayJcgIe |
Cyren | W32/Injector.SZDO-0098 |
Symantec | Trojan.Gen.MBT |
ESET-NOD32 | a variant of Win32/Injector.ESUJ |
Cynet | Malicious (score: 100) |
APEX | Malicious |
Paloalto | generic.ml |
Kaspersky | HEUR:Trojan-PSW.Win32.Stealer.gen |
BitDefender | Trojan.NSISX.Spy.Gen.24 |
Avast | Win32:InjectorX-gen [Trj] |
Rising | Trojan.Generic@AI.87 (RDML:BlpMf0/pa79IWI8d/dofCA) |
DrWeb | Trojan.Loader.1342 |
VIPRE | Trojan.NSISX.Spy.Gen.24 |
McAfee-GW-Edition | BehavesLike.Win32.Dropper.dc |
Emsisoft | Trojan.NSISX.Spy.Gen.24 (B) |
Ikarus | Trojan.Inject |
Webroot | W32.Injector.Gen |
Microsoft | TrojanSpy:Win32/AveMaria.STB |
ViRobot | Trojan.Win.Z.Spy.207921 |
GData | Win32.Backdoor.AMRat.8YBFKU |
Detected | |
McAfee | Artemis!8C8EE58EACB1 |
MAX | malware (ai score=84) |
TrendMicro-HouseCall | TROJ_GEN.R002H0DCF23 |
Fortinet | W32/Injector.ESTE!tr |
AVG | Win32:InjectorX-gen [Trj] |
Panda | Trj/GdSda.A |