Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | May 31, 2024, 7:29 a.m. | May 31, 2024, 7:35 a.m. |
-
-
cmd.exe "C:\Windows\System32\cmd.exe" /c taskkill /im "inte.exe" /f & erase "C:\Users\test22\AppData\Local\Temp\inte.exe" & exit
2848-
taskkill.exe taskkill /im "inte.exe" /f
2912
-
-
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
suspicious_features | Connection to IP address | suspicious_request | GET http://185.172.128.90/cpa/ping.php?substr=one&s=two | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://185.172.128.69/advdlc.php |
request | GET http://185.172.128.90/cpa/ping.php?substr=one&s=two |
request | GET http://185.172.128.69/advdlc.php |
cmdline | C:\Windows\System32\cmd.exe /c taskkill /im "inte.exe" /f & erase "C:\Users\test22\AppData\Local\Temp\inte.exe" & exit |
cmdline | "C:\Windows\System32\cmd.exe" /c taskkill /im "inte.exe" /f & erase "C:\Users\test22\AppData\Local\Temp\inte.exe" & exit |
file | C:\Users\test22\AppData\Local\Temp\inte.exe |
wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "inte.exe") |
cmdline | taskkill /im "inte.exe" /f |
cmdline | C:\Windows\System32\cmd.exe /c taskkill /im "inte.exe" /f & erase "C:\Users\test22\AppData\Local\Temp\inte.exe" & exit |
cmdline | "C:\Windows\System32\cmd.exe" /c taskkill /im "inte.exe" /f & erase "C:\Users\test22\AppData\Local\Temp\inte.exe" & exit |
host | 185.172.128.69 | |||
host | 185.172.128.90 |
file | C:\Users\test22\AppData\Local\Temp\inte.exe |
process | inte.exe | useragent | 1 | ||||||
process | inte.exe | useragent | B |
Bkav | W32.AIDetectMalware |
Lionic | Trojan.Win32.Tepfer.i!c |
Elastic | Windows.Generic.Threat |
Cynet | Malicious (score: 100) |
CAT-QuickHeal | Trojanpws.Tepfer |
Skyhigh | BehavesLike.Win32.Downloader.ch |
ALYac | Gen:Variant.Zusy.534250 |
Malwarebytes | Trojan.Downloader |
VIPRE | Gen:Variant.Zusy.534250 |
Sangfor | Trojan.Win32.Save.a |
K7AntiVirus | Trojan-Downloader ( 005480a41 ) |
BitDefender | Gen:Variant.Zusy.534250 |
K7GW | Trojan-Downloader ( 005480a41 ) |
Cybereason | malicious.0429e1 |
Arcabit | Trojan.Zusy.D826EA |
Symantec | ML.Attribute.HighConfidence |
ESET-NOD32 | a variant of Win32/TrojanDownloader.Agent.ELB |
APEX | Malicious |
McAfee | Artemis!B7FCD8D0429E |
Avast | Win32:DropperX-gen [Drp] |
Kaspersky | HEUR:Trojan-PSW.Win32.Tepfer.gen |
Alibaba | TrojanPSW:Win32/Tepfer.a49e3c81 |
MicroWorld-eScan | Gen:Variant.Zusy.534250 |
Rising | Downloader.Agent!1.F3FA (CLASSIC) |
Emsisoft | Gen:Variant.Zusy.534250 (B) |
F-Secure | Trojan.TR/Dldr.Agent.udues |
DrWeb | Trojan.DownLoader46.65201 |
Zillya | Downloader.Agent.Win32.565789 |
TrendMicro | TROJ_GEN.R002C0DES24 |
McAfeeD | Real Protect-LS!B7FCD8D0429E |
Trapmine | suspicious.low.ml.score |
FireEye | Generic.mg.b7fcd8d0429e1001 |
Sophos | Mal/Generic-S |
Ikarus | Trojan-Downloader.Win32.Agent |
Webroot | W32.Trojan.Agent.Gen |
Detected | |
Avira | TR/Dldr.Agent.udues |
MAX | malware (ai score=84) |
Antiy-AVL | Trojan/Win32.Tepfer |
Kingsoft | malware.kb.a.835 |
Gridinsoft | Malware.Win32.Gen.tr |
Microsoft | Trojan:Win32/Tepfer.NT!MTB |
ViRobot | Trojan.Win.Z.Tepfer.180224.P |
ZoneAlarm | HEUR:Trojan-PSW.Win32.Tepfer.gen |
GData | Gen:Variant.Zusy.534250 |
Varist | W32/Agent.EPA.gen!Eldorado |
AhnLab-V3 | Trojan/Win.Generic.C5574203 |
BitDefenderTheta | AI:Packer.04F0253F1F |
DeepInstinct | MALICIOUS |
VBA32 | BScope.TrojanPSW.Tepfer |