Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | April 18, 2024, 4:32 p.m. | April 18, 2024, 4:35 p.m. |
-
-
-
sc.exe Sc delete GameServerClient
2752 -
GameService.exe GameService remove GameServerClient confirm
2800 -
GameService.exe GameService install GameServerClient "C:\Program Files (x86)\GameServerClient\GameClient.exe"
2848 -
GameService.exe GameService start GameServerClient
2896
-
-
-
sc.exe Sc delete GameServerClientC
2080 -
GameService.exe GameService remove GameServerClientC confirm
2100 -
GameService.exe GameService install GameServerClientC "C:\Program Files (x86)\GameServerClient\GameClientC.exe"
2164 -
GameService.exe GameService start GameServerClientC
2216
-
-
cmd.exe cmd /c ""C:\Users\test22\AppData\Local\Temp\7ZSfx000.cmd" "
2504
-
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
194.116.172.72 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
packer | Armadillo v1.71 |
file | C:\Program Files (x86)\GameServerClient\install.bat |
file | C:\Program Files (x86)\GameServerClient\installc.bat |
file | C:\Program Files (x86)\GameServerClient\GameClient.exe |
file | C:\Program Files (x86)\GameServerClient\GameClientC.exe |
file | C:\Users\test22\AppData\Local\Temp\7ZSfx000.cmd |
file | C:\Program Files (x86)\GameServerClient\GameService.exe |
file | C:\Users\test22\AppData\Local\Temp\7ZSfx000.cmd |
file | C:\Program Files (x86)\GameServerClient\GameService.exe |
file | C:\Users\test22\AppData\Local\Temp\install_new.exe |
cmdline | Sc delete GameServerClient |
cmdline | Sc delete GameServerClientC |
host | 194.116.172.72 |
service_name | GameServerClient | service_path | C:\Program Files (x86)\GameServerClient\GameService.exe | ||||||
service_name | GameServerClientC | service_path | C:\Program Files (x86)\GameServerClient\GameService.exe |
Bkav | W32.AIDetectMalware |
ALYac | Trojan.GenericKD.72398061 |
Cylance | unsafe |
VIPRE | Trojan.GenericKD.72398061 |
Sangfor | Trojan.Win32.Agent.V3e4 |
CrowdStrike | win/grayware_confidence_70% (W) |
BitDefender | Trojan.GenericKD.72398061 |
Arcabit | Trojan.Generic.D450B4ED |
Symantec | Trojan.Gen.MBT |
MicroWorld-eScan | Trojan.GenericKD.72398061 |
Rising | HackTool.NSSM!1.CABB (CLASSIC) |
Emsisoft | Trojan.GenericKD.72398061 (B) |
DrWeb | Tool.Nssm.5 |
TrendMicro | Trojan.Win32.AMADEY.YXEDPZ |
Trapmine | suspicious.low.ml.score |
FireEye | Trojan.GenericKD.72398061 |
Sophos | Mal/Generic-S |
Webroot | W32.Trojan.GenKD |
Antiy-AVL | Trojan/Win32.Znyonm |
Gridinsoft | Virtool.Win32.Znyonm.ca |
Microsoft | Trojan:Win32/Znyonm |
GData | Trojan.GenericKD.72398061 |
AhnLab-V3 | Malware/Win.Generic.C5613362 |
DeepInstinct | MALICIOUS |
Malwarebytes | Trojan.Dropper.SFX |
TrendMicro-HouseCall | Trojan.Win32.AMADEY.YXEDPZ |
Tencent | Win32.Trojan.Malware.Szfl |
MAX | malware (ai score=89) |
Fortinet | W32/Malicious_Behavior.SBX |