Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | Aug. 4, 2024, 5:43 p.m. | Aug. 4, 2024, 5:45 p.m. |
-
-
-
wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\test22\AppData\Local\Temp\IXP000.TMP\nbg.vbs"
292
-
-
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
164.124.101.2 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid |
pdb_path | wextract.pdb |
resource name | AVI |
file | C:\Users\test22\AppData\Local\Temp\IXP000.TMP\nbg.vbs |
cmdline | cmd.exe /c nbg.vbs |
section | {u'size_of_data': u'0x0001dc00', u'virtual_address': u'0x0000f000', u'entropy': 7.084626134678982, u'name': u'.rsrc', u'virtual_size': u'0x0001e000'} | entropy | 7.08462613468 | description | A section with a high entropy has been found | |||||||||
entropy | 0.734567901235 | description | Overall entropy of this PE file is high |
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Bypass DEP | rule | disable_dep |
reg_key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 | reg_value | rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\test22\AppData\Local\Temp\IXP000.TMP\" |
file | C:\Users\test22\AppData\Local\Temp\IXP000.TMP\nbg.vbs |
Bkav | W64.AIDetectMalware |
Lionic | Trojan.Win32.SLoad.a!c |
Elastic | malicious (moderate confidence) |
Cynet | Malicious (score: 100) |
Skyhigh | BehavesLike.Win64.Downloader.ch |
Cylance | Unsafe |
VIPRE | Trojan.GenericKD.73778037 |
Sangfor | Downloader.Win32.Agent.V0t7 |
BitDefender | Trojan.Generic.36663062 |
Symantec | Trojan.Gen.MBT |
ESET-NOD32 | a variant of Generik.LJCICZK |
APEX | Malicious |
McAfee | Artemis!E219ACD0A358 |
Avast | FileRepMalware [Misc] |
Kaspersky | UDS:Trojan-Downloader.MSOffice.SLoad |
Alibaba | Trojan:Script/Generic.c31df01d |
NANO-Antivirus | Trojan.Win64.Dwn.kqmozj |
MicroWorld-eScan | Trojan.Generic.36663062 |
Emsisoft | Trojan.Generic.36663062 (B) |
DrWeb | Trojan.DownLoader47.15767 |
McAfeeD | ti!649A1CAF93E5 |
FireEye | Trojan.Generic.36663062 |
Sophos | Mal/Generic-S |
Ikarus | Trojan.Script.Agent |
Webroot | W32.Trojan.Gen |
Detected | |
Antiy-AVL | Trojan/Script.Agent |
Kingsoft | Win32.Troj.Unknown.a |
Gridinsoft | Spy.Win64.Gen.tr |
Microsoft | Trojan:Win32/Znyonm |
ZoneAlarm | UDS:Trojan-Downloader.MSOffice.SLoad |
GData | Win64.Trojan.Agent.K6DEDK |
AhnLab-V3 | Downloader/Win.Powershell.C5655492 |
DeepInstinct | MALICIOUS |
Panda | Trj/Chgt.AD |
Tencent | Script.Trojan.Generic.Qgil |
MAX | malware (ai score=83) |
Fortinet | W32/PossibleThreat |
AVG | FileRepMalware [Misc] |
Paloalto | generic.ml |
alibabacloud | Trojan:Multi/Generic.Gen |