popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis
Downloader FTP Code injection DGA Escalate priviledges Socket ScreenShot Create Service KeyLogger P2P Internet API Sniff Audio DNS Http API HTTP Steal credential persistence PWS AntiVM AntiDebug
  1. Resubmit sample
Category Machine Started Completed
ARCHIVE s1_win7_x6402 June 8, 2024, 12:22 a.m. June 8, 2024, 12:33 a.m.

Archive Open-Audit-Classic-master/htdocs/openaudit/all-tools-scripts/jobsundbatches/OpenAuditPC-Scan.cmd @ Open-Audit-Classic-master.zip

Summary

Size 166.0B
Type ASCII text
MD5 14402d1cf83cf7c3fc19cd733cedcb9e
SHA1 cdc03c699066f4de9b15da2e1a85ce88b0c742b0
SHA256 6aa3b3e5c41a3a890780f991e44a76fa2d9a742c816e472a81b7c09696cdf27b
SHA512
e6bdf609f4f3dcc873bba07b52cf9fc97bb2af2d0321e01328fcdc253996f786584686643d48267b794976e312e760909e755a3d74fe554466a6679a918a972b
CRC32 32339908
ssdeep 3:IecuCj4I5dEoVJTdgzwURn6WAIBXM0XZj4I5dEoVJTdgzwURUgLWH:Ies53JQlpTvt53JQlUgk
Yara None matched

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Temp>
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: c:
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Temp>
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: cd
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: C:\Program Files (x86)\xampplite\htdocs\openaudit\scripts
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: The system cannot find the path specified.
console_handle: 0x0000000b
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Temp>
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: c:\windows\system32\cscript.exe
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: "C:\Program Files (x86)\xampplite\htdocs\openaudit\scripts\audit.vbs"
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Temp>
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: Microsoft (R) Windows Script Host 버전 5.8 Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: 입력 오류: 스크립트 파일 "C:\Program Files (x86)\xampplite\htdocs\openaudit\scripts\audit.vbs"을(를) 찾을 수 없습니다.
console_handle: 0x00000007
1 1 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2356
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x742f2000
process_handle: 0xffffffff
1 0 0
description Create a windows service rule Create_Service
description Communications over RAW Socket rule Network_TCP_Socket
description Communication using DGA rule Network_DGA
description Match Windows Http API call rule Str_Win32_Http_API
description Take ScreenShot rule ScreenShot
description Escalate priviledges rule Escalate_priviledges
description Steal credential rule local_credential_Steal
description PWS Memory rule Generic_PWS_Memory_Zero
description Record Audio rule Sniff_Audio
description Communications over HTTP rule Network_HTTP
description Communications use DNS rule Network_DNS
description Code injection with CreateRemoteThread in a remote process rule Code_injection
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerCheck__RemoteAPI
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule DebuggerException__ConsoleCtrl
description (no description) rule DebuggerException__SetConsoleCtrl
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description (no description) rule Check_Dlls
description Checks if being debugged rule anti_dbg
description Anti-Sandbox checks for ThreatExpert rule antisb_threatExpert
description Bypass DEP rule disable_dep
description Affect hook table rule win_hook
description File Downloader rule Network_Downloader
description Match Windows Inet API call rule Str_Win32_Internet_API
description Communications over FTP rule Network_FTP
description Run a KeyLogger rule KeyLogger
description Communications over P2P network rule Network_P2P_Win
description Create a windows service rule Create_Service
description Communications over RAW Socket rule Network_TCP_Socket
description Communication using DGA rule Network_DGA
description Match Windows Http API call rule Str_Win32_Http_API
description Take ScreenShot rule ScreenShot
description Escalate priviledges rule Escalate_priviledges
description Steal credential rule local_credential_Steal
description PWS Memory rule Generic_PWS_Memory_Zero
description Record Audio rule Sniff_Audio
description Communications over HTTP rule Network_HTTP
description Communications use DNS rule Network_DNS
description Code injection with CreateRemoteThread in a remote process rule Code_injection
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerCheck__RemoteAPI
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule DebuggerException__ConsoleCtrl
description (no description) rule DebuggerException__SetConsoleCtrl