Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | Dec. 4, 2023, 5:59 p.m. | Dec. 4, 2023, 6:27 p.m. |
-
-
schtasks.exe schtasks /create /f /RU "test22" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 HR" /sc HOURLY /rl HIGHEST
2220 -
schtasks.exe schtasks /create /f /RU "test22" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 LG" /sc ONLOGON /rl HIGHEST
2284
-
-
explorer.exe C:\Windows\Explorer.EXE
1236
Name | Response | Post-Analysis Lookup |
---|---|---|
ipinfo.io | 34.117.59.81 | |
db-ip.com | 104.26.5.15 |
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.103:49168 172.67.75.166:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 03:f8:79:dd:26:16:32:12:a4:33:99:34:af:f7:33:32:d5:e0:aa:e5 |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid |
request | GET https://db-ip.com/demo/home.php?s=175.208.134.152 |
domain | ipinfo.io |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FANBooster131.lnk |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FANBooster131.lnk |
cmdline | schtasks /create /f /RU "test22" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 HR" /sc HOURLY /rl HIGHEST |
cmdline | schtasks /create /f /RU "test22" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 LG" /sc ONLOGON /rl HIGHEST |
cmdline | schtasks /create /f /RU "test22" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 HR" /sc HOURLY /rl HIGHEST |
cmdline | schtasks /create /f /RU "test22" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 LG" /sc ONLOGON /rl HIGHEST |
host | 193.233.132.51 |
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MaxLoonaFest131 | reg_value | C:\Users\test22\AppData\Local\MaxLoonaFest131\MaxLoonaFest131.exe | ||||||
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FANBooster131.lnk | ||||||||
cmdline | schtasks /create /f /RU "test22" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 HR" /sc HOURLY /rl HIGHEST | ||||||||
cmdline | schtasks /create /f /RU "test22" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 LG" /sc ONLOGON /rl HIGHEST |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F81F111D0E5AB58D396F7BF525577FD30FDC95AA\Blob |
cmdline | schtasks /create /f /RU "test22" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 HR" /sc HOURLY /rl HIGHEST |
cmdline | schtasks /create /f /RU "test22" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 LG" /sc ONLOGON /rl HIGHEST |
description | attempts to modify windows defender policies | registry | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{FDC3E3F7-9B67-464A-A356-AE744BEBBAF5}Machine\Software\Policies\Microsoft\Windows Defender\Exclusions\Extensions\exe | ||||||
description | attempts to modify windows defender policies | registry | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{FDC3E3F7-9B67-464A-A356-AE744BEBBAF5}Machine\Software\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection | ||||||
description | attempts to modify windows defender policies | registry | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{FDC3E3F7-9B67-464A-A356-AE744BEBBAF5}Machine\Software\Policies\Microsoft\Windows Defender\DisableRoutinelyTakingAction | ||||||
description | attempts to modify windows defender policies | registry | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{FDC3E3F7-9B67-464A-A356-AE744BEBBAF5}Machine\Software\Policies\Microsoft\Windows Defender\Exclusions\Exclusions_Extensions | ||||||
description | attempts to modify windows defender policies | registry | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{FDC3E3F7-9B67-464A-A356-AE744BEBBAF5}Machine\Software\Policies\Microsoft\Windows Defender\DisableAntiSpyware | ||||||
description | attempts to modify windows defender policies | registry | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{FDC3E3F7-9B67-464A-A356-AE744BEBBAF5}Machine\Software\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection | ||||||
description | attempts to modify windows defender policies | registry | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{FDC3E3F7-9B67-464A-A356-AE744BEBBAF5}Machine\Software\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring | ||||||
description | attempts to modify windows defender policies | registry | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{FDC3E3F7-9B67-464A-A356-AE744BEBBAF5}Machine\Software\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable | ||||||
description | attempts to modify windows defender policies | registry | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{FDC3E3F7-9B67-464A-A356-AE744BEBBAF5}Machine\Software\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring | ||||||
description | attempts to modify windows defender policies | registry | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{FDC3E3F7-9B67-464A-A356-AE744BEBBAF5}Machine\Software\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRawWriteNotification |
Bkav | W32.AIDetectMalware |
Cynet | Malicious (score: 100) |
Skyhigh | BehavesLike.Win32.Generic.th |
McAfee | GenericRXAA-AA!8EA7DC740A4D |
Malwarebytes | RiskWare.Agent |
Zillya | Trojan.Agent.Win32.3773140 |
K7AntiVirus | Riskware ( 00584baa1 ) |
K7GW | Riskware ( 00584baa1 ) |
Cybereason | malicious.b1eae3 |
Arcabit | Generic.Dacic.7CB2327F.A.28870786 |
VirIT | Trojan.Win32.Genus.UEA |
Symantec | ML.Attribute.HighConfidence |
Elastic | malicious (high confidence) |
ESET-NOD32 | a variant of Win32/Agent.ADVG |
APEX | Malicious |
ClamAV | Win.Malware.Zard-10015589-0 |
Kaspersky | HEUR:Trojan-PSW.Win32.RisePro.gen |
BitDefender | Generic.Dacic.7CB2327F.A.28870786 |
NANO-Antivirus | Trojan.Win32.Mint.kegarr |
MicroWorld-eScan | Generic.Dacic.7CB2327F.A.28870786 |
Avast | Win32:TrojanX-gen [Trj] |
Tencent | Malware.Win32.Gencirc.10bf6423 |
Sophos | Troj/RisePro-C |
F-Secure | Trojan.TR/AD.Nekark.exgfn |
DrWeb | Trojan.MulDrop24.22194 |
VIPRE | Generic.Dacic.7CB2327F.A.28870786 |
Trapmine | suspicious.low.ml.score |
FireEye | Generic.mg.8ea7dc740a4d382a |
Emsisoft | Generic.Dacic.7CB2327F.A.28870786 (B) |
Ikarus | Trojan.Win32.Agent |
Jiangmin | Trojan.Generic.hryzt |
Avira | TR/AD.Nekark.exgfn |
Antiy-AVL | Trojan/Win32.Agent.advg |
Gridinsoft | Trojan.Win32.Agent.oa!s1 |
Microsoft | Trojan:Win32/Wacatac.B!ml |
ZoneAlarm | HEUR:Trojan-PSW.Win32.RisePro.gen |
GData | Win32.Trojan.PSE.DJFZVU |
Varist | W32/Sdum.Z.gen!Eldorado |
AhnLab-V3 | Trojan/Win.Generic.R624285 |
ALYac | Generic.Dacic.7CB2327F.A.28870786 |
MAX | malware (ai score=80) |
Cylance | unsafe |
Panda | Trj/GdSda.A |
Rising | Downloader.Agent!1.D93C (CLASSIC) |
Yandex | Trojan.Agent!E34nJNo+lBI |
Fortinet | W32/Agent.ADVG!tr |
BitDefenderTheta | Gen:NN.ZexaF.36608.Dv1@a4aq2Fpk |
AVG | Win32:TrojanX-gen [Trj] |
DeepInstinct | MALICIOUS |
CrowdStrike | win/malicious_confidence_70% (W) |