Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | March 17, 2023, 9:38 a.m. | March 17, 2023, 9:45 a.m. |
-
-
pcspikx.exe "C:\Users\test22\AppData\Local\Temp\pcspikx.exe" C:\Users\test22\AppData\Local\Temp\oiusxmgnt.njd
2644-
pcspikx.exe "C:\Users\test22\AppData\Local\Temp\pcspikx.exe"
2708
-
-
-
explorer.exe C:\Windows\Explorer.EXE
1452
Name | Response | Post-Analysis Lookup |
---|---|---|
omerlan.duckdns.org | 193.56.29.112 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
UDP 192.168.56.101:53004 -> 164.124.101.2:53 | 2042936 | ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain | Potentially Bad Traffic |
UDP 192.168.56.101:53004 -> 164.124.101.2:53 | 2022918 | ET INFO DYNAMIC_DNS Query to *.duckdns. Domain | Misc activity |
UDP 192.168.56.101:59002 -> 164.124.101.2:53 | 2042936 | ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain | Potentially Bad Traffic |
UDP 192.168.56.101:59002 -> 164.124.101.2:53 | 2022918 | ET INFO DYNAMIC_DNS Query to *.duckdns. Domain | Misc activity |
UDP 192.168.56.101:54148 -> 164.124.101.2:53 | 2042936 | ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain | Potentially Bad Traffic |
UDP 192.168.56.101:54148 -> 164.124.101.2:53 | 2022918 | ET INFO DYNAMIC_DNS Query to *.duckdns. Domain | Misc activity |
Suricata TLS
No Suricata TLS
section | .ndata |
domain | omerlan.duckdns.org |
file | C:\Users\test22\AppData\Local\Temp\pcspikx.exe |
file | C:\Users\test22\AppData\Roaming\vfokscxhdmvrb\kgplueaj.exe |
file | C:\Users\test22\AppData\Local\Temp\pcspikx.exe |
file | C:\Users\test22\AppData\Local\Temp\pcspikx.exe |
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\sowsclhqavf | reg_value | C:\Users\test22\AppData\Roaming\vfokscxhdmvrb\kgplueaj.exe "C:\Users\test22\AppData\Local\Temp\pcspikx.exe" C:\Users\test22\AppDa |
dead_host | 193.56.29.112:6548 |
Lionic | Trojan.Win32.Agent.tshg |
DrWeb | Trojan.Loader.1341 |
MicroWorld-eScan | Trojan.GenericKD.65949387 |
CAT-QuickHeal | Trojan.Multi |
McAfee | Artemis!F2E4E0BA9FC3 |
Sangfor | Infostealer.Win32.Injector.V655 |
CrowdStrike | win/malicious_confidence_100% (W) |
Alibaba | TrojanPSW:Win32/Stealer.61bd438b |
Arcabit | Trojan.NSISX.Spy.Gen.24 [many] |
BitDefenderTheta | Gen:NN.ZexaF.36344.aqW@aOxdQEo |
Cyren | W32/Downloader-Sml!Eldorado |
Symantec | Packed.NSISPacker!g14 |
Elastic | malicious (high confidence) |
ESET-NOD32 | a variant of Win32/Injector.ESUG |
Cynet | Malicious (score: 99) |
APEX | Malicious |
Paloalto | generic.ml |
Kaspersky | HEUR:Trojan-PSW.Win32.Stealer.gen |
BitDefender | Trojan.GenericKD.65949387 |
Avast | Win32:PWSX-gen [Trj] |
VIPRE | Trojan.GenericKD.65949387 |
TrendMicro | TROJ_GEN.R002C0DCF23 |
McAfee-GW-Edition | BehavesLike.Win32.Dropper.cc |
FireEye | Generic.mg.f2e4e0ba9fc3fe9d |
Emsisoft | Trojan.GenericKD.65949387 (B) |
Webroot | W32.Trojan.NSISX.Spy |
Avira | TR/ATRAPS.Gen |
MAX | malware (ai score=80) |
Antiy-AVL | GrayWare/Win32.Wacapew |
Gridinsoft | Ransom.Win32.Wacatac.sa |
Xcitium | Malware@#2zwfsv3ypbfr6 |
Microsoft | Trojan:Win32/Tnega.ST!MTB |
GData | Win32.Trojan.PSE.MC8CC0 |
Detected | |
AhnLab-V3 | Infostealer/Win.Generic.C5395778 |
VBA32 | BScope.Trojan.Loader |
ALYac | Trojan.PSW.AveMaria |
TrendMicro-HouseCall | TROJ_GEN.R002H0CCF23 |
Rising | Trojan.Injector!1.E2E1 (CLASSIC) |
Ikarus | Trojan.Inject |
Fortinet | W32/Injector.ESTE!tr |
AVG | Win32:PWSX-gen [Trj] |
Panda | Trj/CI.A |