Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | March 2, 2024, 6:38 p.m. | March 2, 2024, 6:41 p.m. |
-
-
-
PING.EXE ping -n 2 127.0.0.1
2752 -
client.exe "C:\Users\test22\AppData\Roaming\Demm\client.exe"
2812
-
-
Name | Response | Post-Analysis Lookup |
---|---|---|
jelepenorocks.com | 54.39.152.114 |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
pdb_path | C:\Users\Administrator\Documents\Work\DemProject\Output\Loader\Release\Loader_Release_Win32.pdb |
file | C:\Users\test22\AppData\Roaming\Demm\client.exe |
file | C:\Users\test22\AppData\Roaming\Demm\curl.exe |
file | C:\Users\test22\AppData\Roaming\Demm\launch.bat |
file | C:\Users\test22\AppData\Roaming\Demm\launch.bat |
file | C:\Users\test22\AppData\Roaming\Demm\client.exe |
file | C:\Users\test22\AppData\Roaming\Demm\curl.exe |
description | Create a windows service | rule | Create_Service | ||||||
description | Communications over RAW Socket | rule | Network_TCP_Socket | ||||||
description | Communication using DGA | rule | Network_DGA | ||||||
description | Match Windows Http API call | rule | Str_Win32_Http_API | ||||||
description | Take ScreenShot | rule | ScreenShot | ||||||
description | Escalate priviledges | rule | Escalate_priviledges | ||||||
description | Steal credential | rule | local_credential_Steal | ||||||
description | PWS Memory | rule | Generic_PWS_Memory_Zero | ||||||
description | Record Audio | rule | Sniff_Audio | ||||||
description | Communications over HTTP | rule | Network_HTTP | ||||||
description | Communications use DNS | rule | Network_DNS | ||||||
description | Code injection with CreateRemoteThread in a remote process | rule | Code_injection | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerCheck__RemoteAPI | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | DebuggerException__ConsoleCtrl | ||||||
description | (no description) | rule | DebuggerException__SetConsoleCtrl | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | (no description) | rule | Check_Dlls | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Anti-Sandbox checks for ThreatExpert | rule | antisb_threatExpert | ||||||
description | Bypass DEP | rule | disable_dep | ||||||
description | Affect hook table | rule | win_hook | ||||||
description | File Downloader | rule | Network_Downloader | ||||||
description | Match Windows Inet API call | rule | Str_Win32_Internet_API | ||||||
description | Install itself for autorun at Windows startup | rule | Persistence | ||||||
description | Communications over FTP | rule | Network_FTP | ||||||
description | Run a KeyLogger | rule | KeyLogger | ||||||
description | Communications over P2P network | rule | Network_P2P_Win |
cmdline | ping -n 2 127.0.0.1 |
Lionic | Trojan.Win32.Agentb.X!c |
Cynet | Malicious (score: 100) |
Skyhigh | BehavesLike.Win32.NetLoader.dh |
ALYac | Gen:Variant.Jaik.146768 |
Cylance | unsafe |
VIPRE | Gen:Variant.Jaik.146768 |
Sangfor | Trojan.Win32.Agent.Vdsj |
BitDefender | Gen:Variant.Jaik.146768 |
Arcabit | Trojan.Jaik.D23D50 |
Symantec | ML.Attribute.HighConfidence |
ESET-NOD32 | a variant of Win32/TrojanDownloader.Agent.HNR |
McAfee | Artemis!83C6F7D8026E |
Kaspersky | HEUR:Trojan.Win32.Agentb.gen |
Alibaba | TrojanDownloader:Win32/Generic.2b68bae0 |
MicroWorld-eScan | Gen:Variant.Jaik.146768 |
Emsisoft | Gen:Variant.Jaik.146768 (B) |
F-Secure | Trojan.TR/Dldr.Agent.ffafq |
TrendMicro | Trojan.Win32.AMADEY.YXEB3Z |
FireEye | Gen:Variant.Jaik.146768 |
Sophos | Mal/Generic-S |
Ikarus | Trojan-Downloader.Win32.Agent |
Webroot | W32.Malware.Gen |
Detected | |
Avira | TR/Dldr.Agent.ffafq |
MAX | malware (ai score=87) |
Antiy-AVL | Trojan/Win32.Phonzy |
Kingsoft | Win32.Trojan.Agentb.a |
Gridinsoft | Trojan.Win32.Agent.sa |
Microsoft | Trojan:Win32/Casdet!rfn |
ZoneAlarm | HEUR:Trojan.Win32.Agentb.gen |
GData | Gen:Variant.Jaik.146768 |
BitDefenderTheta | Gen:NN.ZexaE.36744.suW@aK5ZIjii |
DeepInstinct | MALICIOUS |
Malwarebytes | Trojan.Crypt |
Panda | Trj/Chgt.AD |
TrendMicro-HouseCall | Trojan.Win32.AMADEY.YXEB3Z |
Fortinet | W32/PossibleThreat |
CrowdStrike | win/malicious_confidence_100% (W) |