Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | July 14, 2024, 5:43 p.m. | July 14, 2024, 5:58 p.m. |
-
-
-
-
voptda.exe "C:\Users\test22\AppData\Local\Temp\RarSFX1\voptda.exe"
2464
-
-
-
-
explorer.exe C:\Windows\Explorer.EXE
1236
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
95.169.205.186 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid |
pdb_path | D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb |
section | .didat |
section | _RDATA |
resource name | PNG |
file | C:\Users\test22\AppData\Local\Temp\RarSFX1\voptda.exe |
file | C:\Users\test22\AppData\Local\Temp\RarSFX0\clamer.exe |
file | C:\Users\test22\AppData\Local\Temp\RarSFX0\1.bat |
file | C:\Users\test22\AppData\Local\Temp\RarSFX1\voptda.exe |
description | Create a windows service | rule | Create_Service | ||||||
description | Communications over RAW Socket | rule | Network_TCP_Socket | ||||||
description | Communication using DGA | rule | Network_DGA | ||||||
description | Match Windows Http API call | rule | Str_Win32_Http_API | ||||||
description | Take ScreenShot | rule | ScreenShot | ||||||
description | Escalate priviledges | rule | Escalate_priviledges | ||||||
description | Steal credential | rule | local_credential_Steal | ||||||
description | PWS Memory | rule | Generic_PWS_Memory_Zero | ||||||
description | Record Audio | rule | Sniff_Audio | ||||||
description | Communications over HTTP | rule | Network_HTTP | ||||||
description | Communications use DNS | rule | Network_DNS | ||||||
description | Code injection with CreateRemoteThread in a remote process | rule | Code_injection | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerCheck__RemoteAPI | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | DebuggerException__ConsoleCtrl | ||||||
description | (no description) | rule | DebuggerException__SetConsoleCtrl | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | (no description) | rule | Check_Dlls | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Anti-Sandbox checks for ThreatExpert | rule | antisb_threatExpert | ||||||
description | Bypass DEP | rule | disable_dep | ||||||
description | Affect hook table | rule | win_hook | ||||||
description | File Downloader | rule | Network_Downloader | ||||||
description | Match Windows Inet API call | rule | Str_Win32_Internet_API | ||||||
description | Install itself for autorun at Windows startup | rule | Persistence | ||||||
description | Communications over FTP | rule | Network_FTP | ||||||
description | Run a KeyLogger | rule | KeyLogger | ||||||
description | Communications over P2P network | rule | Network_P2P_Win |
host | 95.169.205.186 |
file | C:\Users\test22\AppData\Local\Temp\RarSFX1\voptda.exe |
file | C:\Users\test22\AppData\Local\Temp\RarSFX0\1.bat |
file | C:\Users\test22\AppData\Local\Temp\RarSFX0\clamer.exe |
file | C:\Users\test22\AppData\Local\Temp\RarSFX1\voptda.exe |
dead_host | 95.169.205.186:80 |
Bkav | W64.AIDetectMalware |
Lionic | Trojan.Win32.RecordBreaker.4!c |
Elastic | malicious (high confidence) |
Cynet | Malicious (score: 99) |
Skyhigh | BehavesLike.Win64.Generic.dh |
ALYac | Trojan.GenericKD.73407751 |
Cylance | Unsafe |
VIPRE | Trojan.GenericKD.73407751 |
K7AntiVirus | Spyware ( 005b10b61 ) |
BitDefender | Trojan.GenericKD.73407751 |
K7GW | Riskware ( abcd70071 ) |
Cybereason | malicious.9d099b |
VirIT | Trojan.Win64.RarDrp.GZC |
Symantec | Trojan.Gen.MBT |
ESET-NOD32 | Win32/RecordBreaker.A |
McAfee | Artemis!CEFC3739D099 |
Avast | Win64:Malware-gen |
ClamAV | Win.Dropper.Nanocore-9986456-0 |
Kaspersky | UDS:DangerousObject.Multi.Generic |
Alibaba | TrojanPSW:Win32/RecordBreaker.5a7aee7a |
NANO-Antivirus | Trojan.Win64.RaccoonSteal.kponbt |
MicroWorld-eScan | Trojan.GenericKD.73407751 |
Emsisoft | Trojan.GenericKD.73407751 (B) |
F-Secure | Trojan.TR/Redcap.obzmv |
DrWeb | Trojan.PWS.Siggen3.37746 |
Zillya | Exploit.UAC.Win32.999 |
McAfeeD | ti!17808B7509E2 |
FireEye | Generic.mg.cefc3739d099bae5 |
Sophos | Mal/Generic-S |
Ikarus | Trojan.Win32.RecordBreaker |
Jiangmin | Worm.MSIL.vpw |
Webroot | W32.Trojan.Gen |
Avira | TR/AD.RaccoonSteal.zgxnz |
Antiy-AVL | Trojan/Win32.Casdet |
Kingsoft | Win32.Trojan.Generic.a |
Gridinsoft | Trojan.Win64.Downloader.sa |
Xcitium | Malware@#3jlj97zizu7o8 |
Arcabit | Trojan.Generic.D4601D07 |
ZoneAlarm | HEUR:Trojan.Win32.Generic |
GData | Win64.Trojan.Agent.LV5BOZ |
DeepInstinct | MALICIOUS |
VBA32 | TrojanPSW.Racealer |
Malwarebytes | Malware.AI.3225386938 |
Panda | Trj/CI.A |
TrendMicro-HouseCall | TrojanSpy.Win64.RACCOONSTEALER.YXEGGZ |
MAX | malware (ai score=88) |
AVG | Win64:Malware-gen |
Paloalto | generic.ml |
CrowdStrike | win/malicious_confidence_60% (D) |