Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Oct. 7, 2023, 2:50 p.m. | Oct. 7, 2023, 2:54 p.m. |
-
-
-
lqqdtfofke.exe "C:\Users\test22\AppData\Local\Temp\lqqdtfofke.exe"
2716
-
-
Name | Response | Post-Analysis Lookup |
---|---|---|
sheddy1122.ddns.net | 103.212.81.151 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
UDP 192.168.56.101:54148 -> 164.124.101.2:53 | 2028675 | ET POLICY DNS Query to DynDNS Domain *.ddns .net | Potentially Bad Traffic |
UDP 192.168.56.101:59002 -> 164.124.101.2:53 | 2028675 | ET POLICY DNS Query to DynDNS Domain *.ddns .net | Potentially Bad Traffic |
Suricata TLS
No Suricata TLS
section | .ndata |
domain | sheddy1122.ddns.net |
description | lqqdtfofke.exe tried to sleep 157 seconds, actually delayed analysis time by 157 seconds |
file | C:\Users\test22\AppData\Local\Temp\lqqdtfofke.exe |
file | C:\Users\test22\AppData\Roaming\yyieeniirbbwgg\pluuqaajff.exe |
file | C:\Users\test22\AppData\Local\Temp\lqqdtfofke.exe |
file | C:\Users\test22\AppData\Local\Temp\lqqdtfofke.exe |
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\oxttdyyirr | reg_value | C:\Users\test22\AppData\Roaming\yyieeniirbbwgg\pluuqaajff.exe "C:\Users\test22\AppData\Local\Temp\lqqdtfofke.exe" |
Bkav | W32.AIDetectMalware |
Lionic | Trojan.Win32.Strab.4!c |
MicroWorld-eScan | Trojan.GenericKD.69614515 |
FireEye | Generic.mg.b80d6d5161b4f047 |
Skyhigh | BehavesLike.Win32.Generic.hc |
ALYac | Gen:Variant.Jaik.182440 |
Malwarebytes | Malware.AI.2278674909 |
VIPRE | Gen:Variant.Jaik.182440 |
Sangfor | Trojan.Win32.Agent.Vbre |
K7GW | Trojan ( 005ac2511 ) |
Cybereason | malicious.ff3c26 |
Arcabit | Trojan.Generic.D4263BB3 |
Symantec | ML.Attribute.HighConfidence |
Elastic | malicious (high confidence) |
ESET-NOD32 | a variant of Win32/Injector.ETIY |
Cynet | Malicious (score: 100) |
APEX | Malicious |
Kaspersky | HEUR:Trojan.Win32.Strab.gen |
BitDefender | Trojan.GenericKD.69614515 |
Avast | Win32:TrojanX-gen [Trj] |
Emsisoft | Trojan.GenericKD.69614515 (B) |
DrWeb | Trojan.DownLoader46.22803 |
TrendMicro | Backdoor.Win32.REMCOS.YXDJFZ |
Sophos | Mal/Generic-S |
Avira | TR/Injector.owqxc |
MAX | malware (ai score=83) |
Kingsoft | malware.kb.a.971 |
Gridinsoft | Trojan.Win32.Remcos.bot |
Microsoft | Trojan:Win32/Remcos.SD!MTB |
ZoneAlarm | HEUR:Backdoor.Win32.Remcos.gen |
GData | Trojan.GenericKD.69614515 |
Detected | |
AhnLab-V3 | Malware/Win.Generic.R609602 |
McAfee | Artemis!B80D6D5161B4 |
Cylance | unsafe |
Panda | Trj/Chgt.AD |
TrendMicro-HouseCall | Backdoor.Win32.REMCOS.YXDJFZ |
Rising | Trojan.Generic@AI.83 (RDML:b8UENwZTGI8FcxoVLShEhQ) |
Ikarus | Trojan.MSIL.Inject |
Fortinet | W32/ETIY!tr |
BitDefenderTheta | Gen:NN.ZexaE.36738.jmW@aexmEZb |
AVG | Win32:TrojanX-gen [Trj] |
DeepInstinct | MALICIOUS |
CrowdStrike | win/malicious_confidence_100% (W) |
dead_host | 192.168.56.101:49191 |
dead_host | 192.168.56.101:49171 |
dead_host | 192.168.56.101:49192 |
dead_host | 192.168.56.101:49202 |
dead_host | 192.168.56.101:49175 |
dead_host | 192.168.56.101:49196 |
dead_host | 192.168.56.101:49206 |
dead_host | 192.168.56.101:49176 |
dead_host | 192.168.56.101:49184 |
dead_host | 192.168.56.101:49180 |
dead_host | 192.168.56.101:49193 |
dead_host | 192.168.56.101:49203 |
dead_host | 192.168.56.101:49188 |
dead_host | 192.168.56.101:49166 |
dead_host | 192.168.56.101:49197 |
dead_host | 192.168.56.101:49177 |
dead_host | 192.168.56.101:49172 |
dead_host | 192.168.56.101:49185 |
dead_host | 192.168.56.101:49181 |
dead_host | 192.168.56.101:49194 |
dead_host | 103.212.81.151:6524 |
dead_host | 192.168.56.101:49189 |
dead_host | 192.168.56.101:49167 |
dead_host | 192.168.56.101:49169 |
dead_host | 192.168.56.101:49198 |
dead_host | 192.168.56.101:49200 |
dead_host | 192.168.56.101:49178 |
dead_host | 192.168.56.101:49173 |
dead_host | 192.168.56.101:49186 |
dead_host | 192.168.56.101:49204 |
dead_host | 192.168.56.101:49182 |
dead_host | 192.168.56.101:49195 |
dead_host | 192.168.56.101:49190 |
dead_host | 192.168.56.101:49170 |
dead_host | 192.168.56.101:49199 |
dead_host | 192.168.56.101:49201 |
dead_host | 192.168.56.101:49179 |
dead_host | 192.168.56.101:49174 |
dead_host | 192.168.56.101:49187 |
dead_host | 192.168.56.101:49205 |
dead_host | 192.168.56.101:49183 |