Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Aug. 10, 2024, 12:25 p.m. | Aug. 10, 2024, 12:27 p.m. |
-
-
powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/'
3028 -
powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Documents and Settings/'
2568 -
powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/$Recycle.Bin/'
2456 -
powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/GPKI/'
1080 -
powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/MSOCache/'
232 -
powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/PerfLogs/'
1792 -
powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Program Files/'
2312 -
powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Program Files (x86)/'
1332 -
powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/ProgramData/'
2132 -
powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Python27/'
2052 -
powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Recovery/'
2100 -
powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Sandbox/'
1800
-
-
schtasks.exe schtasks.exe /create /tn "lsassl" /sc MINUTE /mo 9 /tr "'C:\tmptqb9ww\modules\auxiliary\__pycache__\lsass.exe'" /f
2360 -
schtasks.exe schtasks.exe /create /tn "lsass" /sc ONLOGON /tr "'C:\tmptqb9ww\modules\auxiliary\__pycache__\lsass.exe'" /rl HIGHEST /f
2500 -
schtasks.exe schtasks.exe /create /tn "lsassl" /sc MINUTE /mo 8 /tr "'C:\tmptqb9ww\modules\auxiliary\__pycache__\lsass.exe'" /rl HIGHEST /f
2648 -
schtasks.exe schtasks.exe /create /tn "csrssc" /sc MINUTE /mo 9 /tr "'C:\GPKI\csrss.exe'" /f
2620 -
schtasks.exe schtasks.exe /create /tn "csrss" /sc ONLOGON /tr "'C:\GPKI\csrss.exe'" /rl HIGHEST /f
1456 -
schtasks.exe schtasks.exe /create /tn "csrssc" /sc MINUTE /mo 9 /tr "'C:\GPKI\csrss.exe'" /rl HIGHEST /f
1064 -
schtasks.exe schtasks.exe /create /tn "wininitw" /sc MINUTE /mo 12 /tr "'C:\tmpuvzci8\.idea\inspectionProfiles\wininit.exe'" /f
2720 -
schtasks.exe schtasks.exe /create /tn "wininit" /sc ONLOGON /tr "'C:\tmpuvzci8\.idea\inspectionProfiles\wininit.exe'" /rl HIGHEST /f
1616 -
schtasks.exe schtasks.exe /create /tn "wininitw" /sc MINUTE /mo 12 /tr "'C:\tmpuvzci8\.idea\inspectionProfiles\wininit.exe'" /rl HIGHEST /f
1320 -
schtasks.exe schtasks.exe /create /tn "smsss" /sc MINUTE /mo 9 /tr "'C:\util\ProcessMonitor\smss.exe'" /f
2772 -
schtasks.exe schtasks.exe /create /tn "smss" /sc ONLOGON /tr "'C:\util\ProcessMonitor\smss.exe'" /rl HIGHEST /f
2148 -
schtasks.exe schtasks.exe /create /tn "smsss" /sc MINUTE /mo 5 /tr "'C:\util\ProcessMonitor\smss.exe'" /rl HIGHEST /f
2176 -
schtasks.exe schtasks.exe /create /tn "taskhostt" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\Google\CrashReports\taskhost.exe'" /f
1404 -
schtasks.exe schtasks.exe /create /tn "taskhost" /sc ONLOGON /tr "'C:\Program Files (x86)\Google\CrashReports\taskhost.exe'" /rl HIGHEST /f
1252 -
schtasks.exe schtasks.exe /create /tn "taskhostt" /sc MINUTE /mo 6 /tr "'C:\Program Files (x86)\Google\CrashReports\taskhost.exe'" /rl HIGHEST /f
772
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
No hosts contacted. |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid |
cmdline | "powershell" -Command Add-MpPreference -ExclusionPath 'C:/GPKI/' |
cmdline | "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Program Files (x86)/' |
cmdline | "powershell" -Command Add-MpPreference -ExclusionPath 'C:/$Recycle.Bin/' |
cmdline | "powershell" -Command Add-MpPreference -ExclusionPath 'C:/ProgramData/' |
cmdline | "powershell" -Command Add-MpPreference -ExclusionPath 'C:/System Volume Information/' |
cmdline | "powershell" -Command Add-MpPreference -ExclusionPath 'C:/MSOCache/' |
cmdline | "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Sandbox/' |
cmdline | "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Python27/' |
cmdline | "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Program Files/' |
cmdline | "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Recovery/' |
cmdline | "powershell" -Command Add-MpPreference -ExclusionPath 'C:/' |
cmdline | "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Documents and Settings/' |
cmdline | "powershell" -Command Add-MpPreference -ExclusionPath 'C:/PerfLogs/' |
section | {u'size_of_data': u'0x0020b400', u'virtual_address': u'0x00002000', u'entropy': 7.606780072579322, u'name': u'.text', u'virtual_size': u'0x0020b204'} | entropy | 7.60678007258 | description | A section with a high entropy has been found | |||||||||
entropy | 0.999283838625 | description | Overall entropy of this PE file is high |
file | C:\Windows\System32\ie4uinit.exe |
file | C:\Program Files\Windows Sidebar\sidebar.exe |
file | C:\Windows\System32\WindowsAnytimeUpgradeUI.exe |
file | C:\Windows\System32\xpsrchvw.exe |
file | C:\Windows\System32\displayswitch.exe |
file | C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe |
file | C:\Windows\System32\mblctr.exe |
file | C:\Windows\System32\msinfo32.exe |
file | C:\Windows\System32\rstrui.exe |
file | C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe |
file | C:\Program Files\Windows Journal\Journal.exe |
file | C:\Windows\System32\MdSched.exe |
file | C:\Windows\System32\msconfig.exe |
file | C:\Windows\System32\recdisc.exe |
file | C:\Windows\System32\msra.exe |
file | C:\Windows\System32\mstsc.exe |
file | C:\Windows\System32\SnippingTool.exe |
file | C:\Windows\System32\SoundRecorder.exe |
file | C:\Windows\System32\dfrgui.exe |
Bkav | W32.AIDetectMalware.CS |
Lionic | Trojan.Win32.Dnoper.4!c |
Elastic | malicious (high confidence) |
Skyhigh | BehavesLike.Win32.Generic.vc |
ALYac | Trojan.MSIL.Basic.8.Gen |
Cylance | Unsafe |
VIPRE | Trojan.MSIL.Basic.8.Gen |
Sangfor | Trojan.Win32.Save.a |
K7AntiVirus | Trojan ( 005690671 ) |
BitDefender | Trojan.MSIL.Basic.8.Gen |
K7GW | Trojan ( 005690671 ) |
Cybereason | malicious.883559 |
Symantec | ML.Attribute.HighConfidence |
ESET-NOD32 | a variant of MSIL/Spy.Agent.ETF |
APEX | Malicious |
McAfee | GenericRXWO-FP!3970EF988355 |
Avast | Win32:SpywareX-gen [Trj] |
ClamAV | Win.Packed.Uztuby-10009381-0 |
Kaspersky | HEUR:Trojan.MSIL.Dnoper.gen |
Alibaba | Trojan:MSIL/Dnoper.4408aad0 |
MicroWorld-eScan | Trojan.MSIL.Basic.8.Gen |
Rising | Trojan.Dnoper!8.10CB3 (CLOUD) |
Emsisoft | Trojan.MSIL.Basic.8.Gen (B) |
DrWeb | Trojan.Siggen28.48158 |
Zillya | Trojan.Basic.Win32.127126 |
McAfeeD | Real Protect-LS!3970EF988355 |
FireEye | Generic.mg.3970ef9883559736 |
Sophos | Troj/DCRat-U |
SentinelOne | Static AI - Malicious PE |
Jiangmin | Trojan.MSIL.aotqv |
Detected | |
MAX | malware (ai score=88) |
Kingsoft | MSIL.Trojan.Dnoper.gen |
Arcabit | Trojan.MSIL.Basic.8.Gen |
ZoneAlarm | HEUR:Trojan.MSIL.Dnoper.gen |
GData | Trojan.MSIL.Basic.8.Gen |
Varist | W32/MSIL_Agent.HOQ.gen!Eldorado |
AhnLab-V3 | Trojan/Win.Generic.C5484342 |
BitDefenderTheta | Gen:NN.ZemsilF.36810.co0@aGy6stf |
DeepInstinct | MALICIOUS |
VBA32 | TScope.Trojan.MSIL |
Malwarebytes | Generic.Malware.AI.DDS |
Ikarus | Trojan.MSIL.Crypt |
Panda | Trj/GdSda.A |
Tencent | Msil.Trojan.Dnoper.Ncnw |
Yandex | Trojan.Dnoper!0Ro/SJ5iD8k |
huorong | Backdoor/MSIL.DCRat.l |
MaxSecure | Trojan.Malware.74328497.susgen |
Fortinet | MSIL/Crypt.SS!tr.spy |
AVG | Win32:SpywareX-gen [Trj] |