Category | Machine | Started | Completed |
---|---|---|---|
ARCHIVE | s1_win7_x6402 | June 8, 2024, 1:35 a.m. | June 8, 2024, 1:44 a.m. |
Archive Open-Audit-Classic-master/htdocs/openaudit/scripts/firewall-win10-open-oa.cmd @ Open-Audit-Classic-master.zip
Summary
Size | 334.0B |
---|---|
Type | ASCII text |
MD5 | c14d829053bc52e0df45f97cfa6913ac |
SHA1 | 70bbaf06fa81489509dfdd037939be0dfd13a241 |
SHA256 | 9d009a7de37a115c9c6e6839f80d884a0f1edc8bf8ca13a9789774c76cd4e641 |
SHA512 |
182c96f0f21a3071d3e216175f425102fa8b30e8e73324785f2d1a91e03e200c8890a05f9ea6b25edafa3adcc23b46e3ee5ec3e7f767d115e4a9ed63e45ce560
|
CRC32 | DA6BBD79 |
ssdeep | 6:OgRIA73HtDJkMdRlFzOxAWS3HSUy02zOxAWS32Y+qugxNNlRzOxAWn:h3DJk8nf+yYuaNlLW |
Yara | None matched |
-
cmd.exe "C:\Windows\System32\cmd.exe" /c start /wait "PpSmJbpvydMC" C:\Users\test22\AppData\Local\Temp\Open-Audit-Classic-master/htdocs/openaudit/scripts/firewall-win10-open-oa.cmd
2200-
cmd.exe C:\Windows\system32\cmd.exe /K C:\Users\test22\AppData\Local\Temp\Open-Audit-Classic-master/htdocs/openaudit/scripts/firewall-win10-open-oa.cmd
2268-
netsh.exe netsh advfirewall firewall set rule group="Windows-Verwaltungsinstrumentation (WMI)" new enable=yes
2408 -
netsh.exe netsh advfirewall firewall set rule group="remoteverwaltung" new enable=yes
2192 -
netsh.exe netsh advfirewall firewall set rule name="Datei- und Druckerfreigabe (Echoanforderung - ICMPv4 eingehend)" new enable=yes
924
-
-
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
164.124.101.2 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
description | (no description) | rule | DebuggerException__SetConsoleCtrl | ||||||
description | Create a windows service | rule | Create_Service | ||||||
description | Communications over RAW Socket | rule | Network_TCP_Socket | ||||||
description | Communication using DGA | rule | Network_DGA | ||||||
description | Match Windows Http API call | rule | Str_Win32_Http_API | ||||||
description | Take ScreenShot | rule | ScreenShot | ||||||
description | Escalate priviledges | rule | Escalate_priviledges | ||||||
description | Steal credential | rule | local_credential_Steal | ||||||
description | PWS Memory | rule | Generic_PWS_Memory_Zero | ||||||
description | Record Audio | rule | Sniff_Audio | ||||||
description | Communications over HTTP | rule | Network_HTTP | ||||||
description | Communications use DNS | rule | Network_DNS | ||||||
description | Code injection with CreateRemoteThread in a remote process | rule | Code_injection | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerCheck__RemoteAPI | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | DebuggerException__ConsoleCtrl | ||||||
description | (no description) | rule | DebuggerException__SetConsoleCtrl | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | (no description) | rule | Check_Dlls | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Anti-Sandbox checks for ThreatExpert | rule | antisb_threatExpert | ||||||
description | Bypass DEP | rule | disable_dep | ||||||
description | Affect hook table | rule | win_hook | ||||||
description | File Downloader | rule | Network_Downloader | ||||||
description | Match Windows Inet API call | rule | Str_Win32_Internet_API | ||||||
description | Communications over FTP | rule | Network_FTP | ||||||
description | Run a KeyLogger | rule | KeyLogger | ||||||
description | Communications over P2P network | rule | Network_P2P_Win | ||||||
description | Create a windows service | rule | Create_Service | ||||||
description | Communications over RAW Socket | rule | Network_TCP_Socket | ||||||
description | Communication using DGA | rule | Network_DGA | ||||||
description | Match Windows Http API call | rule | Str_Win32_Http_API | ||||||
description | Take ScreenShot | rule | ScreenShot | ||||||
description | Escalate priviledges | rule | Escalate_priviledges | ||||||
description | Steal credential | rule | local_credential_Steal | ||||||
description | PWS Memory | rule | Generic_PWS_Memory_Zero | ||||||
description | Record Audio | rule | Sniff_Audio | ||||||
description | Communications over HTTP | rule | Network_HTTP | ||||||
description | Communications use DNS | rule | Network_DNS | ||||||
description | Code injection with CreateRemoteThread in a remote process | rule | Code_injection | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerCheck__RemoteAPI | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | DebuggerException__ConsoleCtrl |
cmdline | netsh advfirewall firewall set rule name="Datei- und Druckerfreigabe (Echoanforderung - ICMPv4 eingehend)" new enable=yes |
cmdline | netsh advfirewall firewall set rule group="remoteverwaltung" new enable=yes |
cmdline | netsh advfirewall firewall set rule group="Windows-Verwaltungsinstrumentation (WMI)" new enable=yes |
cmdline | netsh advfirewall firewall set rule name="Datei- und Druckerfreigabe (Echoanforderung - ICMPv4 eingehend)" new enable=yes |
cmdline | netsh advfirewall firewall set rule group="remoteverwaltung" new enable=yes |
cmdline | netsh advfirewall firewall set rule group="Windows-Verwaltungsinstrumentation (WMI)" new enable=yes |