Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Oct. 7, 2023, 2:42 p.m. | Oct. 7, 2023, 2:45 p.m. |
-
cmd.exe "C:\Windows\System32\cmd.exe" /c start /wait "LCtKcmsKEZFv" C:\Users\test22\AppData\Local\Temp\DgKW9Ycr.bat
2548-
-
cscript.exe cscript x.js
2740 -
MEMZ.exe "C:\Users\test22\AppData\Roaming\MEMZ.exe"
2892
-
-
-
explorer.exe C:\Windows\Explorer.EXE
1452
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
No hosts contacted. |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
file | C:\Users\test22\AppData\Roaming\MEMZ.exe |
file | C:\Users\test22\AppData\Local\Temp\x.js |
file | C:\Users\test22\AppData\Roaming\MEMZ.exe |
url | http://pcoptimizerpro.com |
url | http://google.co.ck/search?q=batch |
url | http://google.co.ck/search?q=best |
url | http://google.co.ck/search?q=bonzi |
url | http://google.co.ck/search?q=g3t |
url | http://google.co.ck/search?q=stanky |
url | http://google.co.ck/search?q=virus |
url | http://google.co.ck/search?q=mcafee |
url | http://google.co.ck/search?q=the |
url | http://google.co.ck/search?q=virus.exe |
url | http://google.co.ck/search?q=internet |
url | http://google.co.ck/search?q=facebook |
url | http://google.co.ck/search?q=what |
url | http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b45 |
url | http://google.co.ck/search?q=my |
url | http://google.co.ck/search?q=vinesauce |
url | http://google.co.ck/search?q=half |
url | http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape |
url | http://google.co.ck/search?q=john |
url | http://google.co.ck/search?q=skrillex |
url | http://google.co.ck/search?q=minecraft |
url | http://google.co.ck/search?q=montage |
url | http://softonic.com |
url | http://google.co.ck/search?q=how |
url | http://play.clubpenguin.com |
url | http://google.co.ck/search?q=dank |
url | http://google.co.ck/search?q=is |
description | Create a windows service | rule | Create_Service | ||||||
description | Communications over RAW Socket | rule | Network_TCP_Socket | ||||||
description | Communication using DGA | rule | Network_DGA | ||||||
description | Match Windows Http API call | rule | Str_Win32_Http_API | ||||||
description | Take ScreenShot | rule | ScreenShot | ||||||
description | Escalate priviledges | rule | Escalate_priviledges | ||||||
description | Steal credential | rule | local_credential_Steal | ||||||
description | PWS Memory | rule | Generic_PWS_Memory_Zero | ||||||
description | Record Audio | rule | Sniff_Audio | ||||||
description | Communications over HTTP | rule | Network_HTTP | ||||||
description | Communications use DNS | rule | Network_DNS | ||||||
description | Code injection with CreateRemoteThread in a remote process | rule | Code_injection | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerCheck__RemoteAPI | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | DebuggerException__ConsoleCtrl | ||||||
description | (no description) | rule | DebuggerException__SetConsoleCtrl | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | (no description) | rule | Check_Dlls | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Anti-Sandbox checks for ThreatExpert | rule | antisb_threatExpert | ||||||
description | Bypass DEP | rule | disable_dep | ||||||
description | Affect hook table | rule | win_hook | ||||||
description | File Downloader | rule | Network_Downloader | ||||||
description | Match Windows Inet API call | rule | Str_Win32_Internet_API | ||||||
description | Communications over FTP | rule | Network_FTP | ||||||
description | Run a KeyLogger | rule | KeyLogger | ||||||
description | Communications over P2P network | rule | Network_P2P_Win | ||||||
description | Create a windows service | rule | Create_Service | ||||||
description | Communications over RAW Socket | rule | Network_TCP_Socket | ||||||
description | Communication using DGA | rule | Network_DGA | ||||||
description | Match Windows Http API call | rule | Str_Win32_Http_API | ||||||
description | Take ScreenShot | rule | ScreenShot | ||||||
description | Escalate priviledges | rule | Escalate_priviledges | ||||||
description | Steal credential | rule | local_credential_Steal | ||||||
description | PWS Memory | rule | Generic_PWS_Memory_Zero | ||||||
description | Record Audio | rule | Sniff_Audio | ||||||
description | Communications over HTTP | rule | Network_HTTP | ||||||
description | Communications use DNS | rule | Network_DNS | ||||||
description | Code injection with CreateRemoteThread in a remote process | rule | Code_injection | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerCheck__RemoteAPI | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | DebuggerException__ConsoleCtrl | ||||||
description | (no description) | rule | DebuggerException__SetConsoleCtrl |
file | C:\Users\test22\AppData\Roaming\MEMZ.exe |
Lionic | Trojan.Script.Memz.4!c |
MicroWorld-eScan | Generic.Zmem.1.3F7310CB |
FireEye | Generic.Zmem.1.3F7310CB |
CAT-QuickHeal | BAT.Agent.FS |
ALYac | Generic.Zmem.1.3F7310CB |
Sangfor | Trojan.Generic-BAT.Save.6fddfff7 |
Cyren | BAT/Agent.AGE |
Symantec | Trojan.Gen.NPE |
ESET-NOD32 | BAT/TrojanDropper.Agent.NCY |
Avast | Script:SNH-gen [Drp] |
Kaspersky | Trojan.BAT.Memz.b |
BitDefender | Generic.Zmem.1.3F7310CB |
NANO-Antivirus | Trojan.Script.Dropper.hkfymg |
DrWeb | Trojan.KillAll.143 |
VIPRE | Generic.Zmem.1.3F7310CB |
McAfee-GW-Edition | BAT/Dropper.e |
Ikarus | Trojan-Dropper.BAT.Agent |
Kingsoft | Script.Ks.Malware.17099 |
Arcabit | Generic.Zmem.1.3F7310CB |
ViRobot | HTML.Z.Agent.13803 |
ZoneAlarm | Trojan.BAT.Memz.b |
GData | Generic.Zmem.1.3F7310CB |
Detected | |
Tencent | Unk.Win32.Script.403928 |
MAX | malware (ai score=81) |
Fortinet | BAT/Agent.NCY!tr |
AVG | Script:SNH-gen [Drp] |