Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | March 17, 2024, 9:50 a.m. | March 17, 2024, 9:52 a.m. |
-
-
copjlgqx.exe C:\Users\test22\AppData\Local\Temp\copjlgqx.exe C:\Users\test22\AppData\Local\Temp\znwhn
2052-
copjlgqx.exe C:\Users\test22\AppData\Local\Temp\copjlgqx.exe C:\Users\test22\AppData\Local\Temp\znwhn
2136
-
-
Name | Response | Post-Analysis Lookup |
---|---|---|
sempersim.su | 104.237.252.28 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
UDP 192.168.56.103:52760 -> 164.124.101.2:53 | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | Potentially Bad Traffic |
UDP 192.168.56.103:52760 -> 8.8.8.8:53 | 2014169 | ET DNS Query for .su TLD (Soviet Union) Often Malware Related | Potentially Bad Traffic |
Suricata TLS
No Suricata TLS
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox |
section | .ndata |
domain | sempersim.su | description | Soviet Union domain TLD |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data |
file | C:\Users\test22\AppData\Roaming\Opera\Opera Next\data\Default\Login Data |
file | C:\Users\test22\AppData\Roaming\Opera\Opera Next\data\User Data\Default\Web Data |
file | C:\Users\test22\AppData\Roaming\Opera\Opera Next\data\User Data\Default\Login Data |
file | C:\Users\test22\AppData\Roaming\Opera\Opera Next\data\Login Data |
file | C:\Users\test22\AppData\Local\Chromium\User Data\Default\Web Data |
file | C:\Users\test22\AppData\Local\Chromium\User Data\Default\Login Data |
file | C:\Users\test22\AppData\LocalMapleStudio\ChromePlus\Default\Login Data |
file | C:\Users\test22\AppData\Local\MapleStudio\ChromePlus\User Data\Default\Web Data |
file | C:\Users\test22\AppData\Local\MapleStudio\ChromePlus\User Data\Default\Login Data |
file | C:\Users\test22\AppData\LocalMapleStudio\ChromePlus\Login Data |
file | C:\Users\test22\AppData\Local\Nichrome\User Data\Default\Login Data |
file | C:\Users\test22\AppData\Local\Nichrome\User Data\Default\Web Data |
file | C:\Users\test22\AppData\Local\RockMelt\User Data\Default\Login Data |
file | C:\Users\test22\AppData\Local\RockMelt\User Data\Default\Web Data |
file | C:\Users\test22\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Data |
file | C:\Users\test22\AppData\Local\Yandex\YandexBrowser\User Data\Default\Login Data |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\SeaMonkey |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox |
file | C:\Users\test22\AppData\Local\Temp\copjlgqx.exe |
file | C:\Program Files (x86)\FTPGetter\Profile\servers.xml |
file | C:\Users\test22\AppData\Roaming\FTPGetter\servers.xml |
file | C:\Users\test22\AppData\Roaming\Estsoft\ALFTP\ESTdb2.dat |
file | C:\Users\test22\AppData\Roaming\GHISLER\wcx_ftp.ini |
file | C:\Users\test22\AppData\Roaming\wcx_ftp.ini |
file | C:\Windows\wcx_ftp.ini |
file | C:\Users\test22\wcx_ftp.ini |
file | C:\Windows\32BitFtp.ini |
file | C:\Users\test22\AppData\Roaming\FileZilla\sitemanager.xml |
file | C:\Program Files (x86)\FileZilla\Filezilla.xml |
file | C:\Users\test22\AppData\Roaming\FileZilla\recentservers.xml |
file | C:\Users\test22\AppData\Roaming\FileZilla\filezilla.xml |
registry | HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts |
registry | HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts |
registry | HKEY_CURRENT_USER\Software\Ghisler\Total Commander |
registry | HKEY_CURRENT_USER\Software\VanDyke\SecureFX |
registry | HKEY_CURRENT_USER\Software\LinasFTP\Site Manager |
registry | HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings |
registry | HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions |
registry | HKEY_LOCAL_MACHINE\Software\SimonTatham\PuTTY\Sessions |
registry | HKEY_CURRENT_USER\Software\Martin Prikryl |
registry | HKEY_LOCAL_MACHINE\Software\Martin Prikryl |
file | C:\Users\test22\AppData\Roaming\.purple\accounts.xml |
file | C:\Users\test22\AppData\Roaming\Thunderbird\profiles.ini |
registry | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Thunderbird\78.4.0 (ko)\Main |
registry | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\ddb0922fc50b8d42be5a821ede840761\Email |
Bkav | W32.AIDetect.malware2 |
Lionic | Trojan.Multi.GenericML.4!c |
Elastic | malicious (high confidence) |
ClamAV | Win.Trojan.Trojanx-9942394-0 |
ALYac | Trojan.GenericKD.39345569 |
Cylance | Unsafe |
K7AntiVirus | Trojan ( 00590d7c1 ) |
BitDefender | Trojan.GenericKD.39345569 |
K7GW | Trojan ( 00590d7c1 ) |
Arcabit | Trojan.Generic.D2585DA1 |
Cyren | W32/Trojan.MUAF-8214 |
Symantec | Trojan.Gen.MBT |
ESET-NOD32 | a variant of Win32/Injector.ERIP |
APEX | Malicious |
Avast | Win32:TrojanX-gen [Trj] |
Cynet | Malicious (score: 100) |
Kaspersky | UDS:Trojan.Multi.GenericML.xnet |
Alibaba | Backdoor:Win32/Tnega.df031205 |
SUPERAntiSpyware | Trojan.Agent/Gen-Siggen |
MicroWorld-eScan | Trojan.GenericKD.39345569 |
Rising | Trojan.Injector!8.C4 (CLOUD) |
Ad-Aware | Trojan.GenericKD.39345569 |
Emsisoft | Trojan.GenericKD.39345569 (B) |
Comodo | Malware@#1isw9z6qv36q1 |
DrWeb | Trojan.Siggen17.30027 |
BitDefenderTheta | Gen:NN.ZexaF.34666.gmW@amfZ9!k |
TrendMicro | TROJ_GEN.R002C0PCP22 |
McAfee-GW-Edition | GenericRXSG-FS!7FCBF2F00F40 |
FireEye | Trojan.GenericKD.39345569 |
Sophos | Mal/Generic-S |
Ikarus | Trojan.Win32.Injector |
Jiangmin | Trojan.Multi.ise |
Webroot | W32.Trojan.Gen |
Avira | TR/AD.LokiBot.ooibi |
MAX | malware (ai score=82) |
Kingsoft | Win32.Hack.Undef.(kcloud) |
Microsoft | Trojan:Win32/Tnega.RVAN!MTB |
ZoneAlarm | HEUR:Backdoor.Win32.Androm.gen |
GData | Win32.Trojan.PSE.1EP9IXH |
AhnLab-V3 | Dropper/Win.Agent.C5028095 |
McAfee | Artemis!D7E7CDF137C9 |
VBA32 | Trojan.Sdum |
Malwarebytes | Malware.AI.4264460529 |
TrendMicro-HouseCall | TROJ_GEN.R002C0PCP22 |
Tencent | Win32.Backdoor.Androm.Wuhb |
Yandex | Trojan.Injector!MPa33SFYHqs |
MaxSecure | Trojan.Malware.121218.susgen |
Fortinet | W32/Injector.ERKP!tr |
AVG | Win32:TrojanX-gen [Trj] |
Paloalto | generic.ml |
dead_host | 192.168.56.103:49171 |
dead_host | 192.168.56.103:49170 |
dead_host | 192.168.56.103:49175 |
dead_host | 192.168.56.103:49176 |
dead_host | 192.168.56.103:49165 |
dead_host | 104.237.252.28:80 |
dead_host | 192.168.56.103:49169 |
dead_host | 192.168.56.103:49168 |
dead_host | 192.168.56.103:49166 |