Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | June 26, 2024, 10:11 a.m. | June 26, 2024, 10:14 a.m. |
-
cmd.exe "C:\Windows\System32\cmd.exe" /c start /wait "exbT" C:\Users\test22\AppData\Local\Temp\info.vbe
3036-
-
cscript.exe "C:\Windows\System32\cscript.exe" "C:\Users\test22\AppData\Local\Temp\info.vbe"
2220
-
-
Name | Response | Post-Analysis Lookup |
---|---|---|
testswork.ru | 82.97.240.167 | |
www.testswork.ru | 82.97.240.167 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.102:49166 -> 82.97.240.167:80 | 2019714 | ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile | Potentially Bad Traffic |
Suricata TLS
No Suricata TLS
request | GET http://www.testswork.ru/tmp2.exe |
domain | testswork.ru | description | Russian Federation domain TLD | ||||||
domain | www.testswork.ru | description | Russian Federation domain TLD |
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Bypass DEP | rule | disable_dep |
parent_process | wscript.exe | martian_process | CScript "C:\Users\test22\AppData\Local\Temp\info.vbe" | ||||||
parent_process | wscript.exe | martian_process | "C:\Windows\System32\cscript.exe" "C:\Users\test22\AppData\Local\Temp\info.vbe" |
Lionic | Trojan.UKP.Agent.a!c |
Cynet | Malicious (score: 99) |
CAT-QuickHeal | JS.Downloader.AA |
Skyhigh | VBS/Downloader.bk |
Baidu | VBS.Trojan-Downloader.Agent.iu |
VirIT | Trojan.VBS.Agent.JCY |
Symantec | VBS.Downloader.Trojan |
ESET-NOD32 | VBS/TrojanDownloader.Agent.OBQ |
TrendMicro-HouseCall | VBS_COINMINE.D |
Kaspersky | Trojan-Downloader.VBS.Agent.bco |
NANO-Antivirus | Trojan.Script.MLW.edxafr |
MicroWorld-eScan | Trojan.VBS.Agent.WH |
Rising | Downloader.Agent/VBS!1.CB16 (CLASSIC) |
Emsisoft | Trojan.VBS.Agent.WH (B) |
F-Secure | Trojan:VBS/Agent.DWHS |
DrWeb | VBS.DownLoader.581 |
Zillya | Trojan.StartPage.VBS.12 |
TrendMicro | VBS_COINMINE.D |
FireEye | Trojan.VBS.Agent.WH |
Sophos | VBS/Dwnldr-MDQ |
Ikarus | Trojan-Downloader.HTML.Adodb |
Jiangmin | TrojanDownloader.VBS.tm |
Detected | |
Avira | VBS/Agent.bco |
Antiy-AVL | Trojan[Downloader]/VBS.Agent |
Xcitium | Malware@#3nvl5y3ejddip |
Arcabit | Trojan.VBS.Agent.WH |
ViRobot | VBE.Downloader.1314 |
ZoneAlarm | Trojan-Downloader.VBS.Agent.bco |
AhnLab-V3 | VBS/Agent |
Tencent | Vbs.Trojan-Downloader.Der.Ychl |
Yandex | Trojan.Etecer.bVl1Gm.57 |
MAX | malware (ai score=94) |
Fortinet | PossibleThreat.P1 |
file | C:\Windows\SysWOW64\wscript.exe |
file | C:\Windows\System32\cscript.exe |