Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | Jan. 2, 2024, 7:36 a.m. | Jan. 2, 2024, 7:38 a.m. |
-
cmd.exe "C:\Windows\System32\cmd.exe" /c start /wait "BTJFljOzyfeskw" C:\Users\test22\AppData\Local\Temp\fuckjewishpeople.sparc
1800-
rundll32.exe "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\test22\AppData\Local\Temp\fuckjewishpeople.sparc
2156-
editplus.exe "editplus.exe"
2700
-
-
-
explorer.exe C:\Windows\Explorer.EXE
1236
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
No hosts contacted. |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
file | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
file | c:\program files\mozilla firefox\firefox.exe |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EditPlus.lnk |
file | C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk |
file | C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Chrome.lnk |
file | C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Word 2013.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk |
file | C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk |
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Bypass DEP | rule | disable_dep |
registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\EDITPLUS.EXE |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail\Mozilla Thunderbird\Capabilities\Hidden |
Lionic | Trojan.Linux.Mirai.K!c |
Elastic | Linux.Trojan.Gafgyt |
MicroWorld-eScan | Gen:Variant.Trojan.Linux.Gafgyt.9 |
FireEye | Gen:Variant.Trojan.Linux.Gafgyt.9 |
Skyhigh | Linux/Mirai.au |
ALYac | Gen:Variant.Trojan.Linux.Gafgyt.9 |
K7GW | Password-Stealer ( 0040f0aa1 ) |
Arcabit | Trojan.Trojan.Linux.Gafgyt.9 |
BitDefenderTheta | Gen:NN.Mirai.36608 |
VirIT | Linux.BackDoor.Fgt.CDP |
Symantec | Linux.Lightaidra!g1 |
ESET-NOD32 | a variant of Linux/Gafgyt.AXJ |
TrendMicro-HouseCall | Backdoor.Linux.GAFGYT.SMMR2 |
Avast | ELF:Agent-AYQ [Trj] |
Cynet | Malicious (score: 99) |
Kaspersky | HEUR:Backdoor.Linux.Gafgyt.bj |
BitDefender | Gen:Variant.Trojan.Linux.Gafgyt.9 |
Rising | Backdoor.Gafgyt/Linux!1.C997 (CLASSIC) |
Sophos | Linux/DDoS-BI |
F-Secure | Exploit.EXP/ELF.Mirai.Gen.Z.A |
DrWeb | Linux.Siggen.9999 |
VIPRE | Gen:Variant.Trojan.Linux.Gafgyt.9 |
TrendMicro | Backdoor.Linux.GAFGYT.SMMR2 |
Emsisoft | Gen:Variant.Trojan.Linux.Gafgyt.9 (B) |
Ikarus | Trojan.Linux.Gafgyt |
Avast-Mobile | ELF:Gafgyt-KS [Trj] |
Jiangmin | Backdoor.Linux.foby |
Varist | E32/Gafgyt.AU.gen!Camelot |
Avira | EXP/ELF.Mirai.Gen.Z.A |
Antiy-AVL | Trojan/Linux.Mirai.a |
Kingsoft | elf.Mirai.2002004 |
Gridinsoft | Malware.U.Gafgyt.tr |
Microsoft | Backdoor:Linux/DemonBot.Aa!MTB |
ZoneAlarm | HEUR:Backdoor.Linux.Gafgyt.bj |
GData | Gen:Variant.Trojan.Linux.Gafgyt.9 |
Detected | |
McAfee | Linux/Mirai.au |
MAX | malware (ai score=86) |
Tencent | Linux.Backdoor.Gafgyt.Zolw |
Fortinet | ELF/Gafgyt.ARN!tr |
AVG | ELF:Agent-AYQ [Trj] |