Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Sept. 10, 2024, 10:31 a.m. | Sept. 10, 2024, 10:34 a.m. |
-
-
cmd.exe cmd /c wmic shadowcopy delete /nointeractive
2628 -
cmd.exe cmd /c vssadmin.exe Delete Shadows /All /Quiet
2664 -
cmd.exe cmd /c bcdedit /set {default} recoveryenabled No
2704 -
cmd.exe cmd /c bcdedit /set {default} bootstatuspolicy ignoreallfailures
2744 -
cmd.exe cmd /c powershell -command "Get-EventLog -LogName * | ForEach { Clear-EventLog $_.Log }"
2784
-
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
No hosts contacted. |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
file | C:\Users\test22\Documents\lLFuFezmExEmf.docm |
file | C:\Users\test22\Documents\axTZwDBeUngqBG.ppt |
file | C:\Users\test22\Documents\readme.xls |
file | C:\Users\test22\Documents\WmXfDlmbAt.doc |
file | C:\Users\test22\Documents\iZaIwdonvHsGmWxjG.docm |
file | C:\Users\test22\Documents\readme.doc |
file | C:\Users\test22\Documents\ONyeiyAHXnG.docx |
file | C:\Users\test22\Documents\vSjjFAKhemtn.doc |
file | C:\Users\test22\Documents\sGUIEmQWRjHTi.docx |
file | C:\Users\test22\Documents\JDHeJjBWHuxqp.doc |
file | C:\Users\test22\Documents\tfWgfaUyXRlwSTg.docm |
file | C:\Users\test22\Documents\sByekmDWYN.docm |
file | C:\Users\test22\Documents\cXMLMLMlMJidCP.doc |
file | C:\Users\test22\Documents\FAaWoqRZplEQFsGvV.docm |
file | C:\Users\test22\Documents\ATwjKHHgPIXqpQbCw.doc |
file | C:\Users\test22\Documents\KIprYLexEf.doc |
file | C:\Users\test22\Documents\FOwRatdvSt.docm |
file | C:\util\vm_setting.reg |
cmdline | cmd /c wmic shadowcopy delete /nointeractive |
cmdline | cmd /c bcdedit /set {default} bootstatuspolicy ignoreallfailures |
cmdline | cmd /c bcdedit /set {default} recoveryenabled No |
cmdline | cmd /c powershell -command "Get-EventLog -LogName * | ForEach { Clear-EventLog $_.Log }" |
cmdline | cmd /c wmic shadowcopy delete /nointeractive |
file | C:\tmpuvzci8\analyzer.py |
file | Z:\Boot\BOOTSTAT.DAT |
command | cmd /c bcdedit /set {default} recoveryenabled no |
command | cmd /c bcdedit /set {default} bootstatuspolicy ignoreallfailures |
cmdline | cmd /c vssadmin.exe Delete Shadows /All /Quiet |
Bkav | W32.AIDetectMalware |
Lionic | Trojan.Win32.AvosLocker.4!c |
Elastic | malicious (high confidence) |
Cynet | Malicious (score: 100) |
CAT-QuickHeal | Ransom.Avoslocker.S27130740 |
Skyhigh | BehavesLike.Win32.Infected.ch |
ALYac | Trojan.Ransom.AvosLocker |
Cylance | Unsafe |
VIPRE | Dump:Generic.Ransom.AmnesiaE.FC97BF15 |
Sangfor | Ransom.Win32.Avoslocker.V6ok |
K7AntiVirus | Trojan ( 0058241e1 ) |
BitDefender | Dump:Generic.Ransom.AmnesiaE.FC97BF15 |
K7GW | Trojan ( 0058241e1 ) |
Cybereason | malicious.2427b8 |
Arcabit | Dump:Generic.Ransom.AmnesiaE.FC97BF15 |
VirIT | Trojan.Win32.Genus.LXS |
Symantec | Ransom.AvosLocker |
ESET-NOD32 | a variant of Win32/Filecoder.AvosLocker.A |
Avast | Win32:RansomX-gen [Ransom] |
ClamAV | Win.Ransomware.Deepscan-9938939-0 |
Kaspersky | HEUR:Trojan.Win32.DelShad.gen |
Alibaba | Ransom:Win32/AvosLocker.76642e7b |
NANO-Antivirus | Trojan.Win32.DelShad.jpyrxd |
MicroWorld-eScan | Dump:Generic.Ransom.AmnesiaE.FC97BF15 |
Rising | Trojan.Filecoder!8.68 (TFE:5:pZJ1k8KCxxO) |
Emsisoft | Dump:Generic.Ransom.AmnesiaE.FC97BF15 (B) |
F-Secure | Heuristic.HEUR/AGEN.1318629 |
DrWeb | Trojan.Encoder.34626 |
Zillya | Trojan.Filecoder.Win32.20880 |
TrendMicro | Ransom.Win32.AVOSLOCKER.SMYXBLNT |
McAfeeD | ti!F8E99BBACC62 |
FireEye | Generic.mg.8da384b2427b8397 |
Sophos | Troj/Ransom-GTK |
SentinelOne | Static AI - Suspicious PE |
Jiangmin | Trojan.DelShad.buh |
Webroot | W32.Ransom.Gen |
Detected | |
Avira | HEUR/AGEN.1318629 |
MAX | malware (ai score=100) |
Antiy-AVL | Trojan/Win32.DelShad |
Kingsoft | Win32.Troj.Generic.jm |
Gridinsoft | Ransom.Win32.AvosLocker.tr |
Xcitium | Malware@#2502rf9mx1khm |
Microsoft | Ransom:Win32/AvosLocker.MBK!MTB |
ViRobot | Trojan.Win32.Z.Avoslocker.826880.E |
ZoneAlarm | HEUR:Trojan.Win32.DelShad.gen |
GData | Dump:Generic.Ransom.AmnesiaE.FC97BF15 |
Varist | W32/Trojan.ICF.gen!Eldorado |
AhnLab-V3 | Ransomware/Win.AvosLocker.R452361 |
McAfee | GenericRXRK-AV!8DA384B2427B |