Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | Sept. 13, 2024, 9:33 a.m. | Sept. 13, 2024, 9:47 a.m. |
-
service123.exe "C:\Users\test22\AppData\Local\Temp\service123.exe"
2688 -
schtasks.exe "C:\Windows\System32\schtasks.exe" /create /tn "ServiceData4" /tr "C:\Users\test22\AppData\Local\Temp\/service123.exe" /st 00:01 /du 9800:59 /sc once /ri 1 /f
2728
Name | Response | Post-Analysis Lookup |
---|---|---|
tventyvd20ht.top | 194.87.248.136 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.103:49162 -> 194.87.248.136:80 | 2054350 | ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 | A Network Trojan was detected |
TCP 192.168.56.103:49162 -> 194.87.248.136:80 | 2023882 | ET INFO HTTP Request to a *.top domain | Potentially Bad Traffic |
TCP 192.168.56.103:49162 -> 194.87.248.136:80 | 2054350 | ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 | A Network Trojan was detected |
TCP 192.168.56.103:49162 -> 194.87.248.136:80 | 2054350 | ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 | A Network Trojan was detected |
UDP 192.168.56.103:52760 -> 164.124.101.2:53 | 2023883 | ET DNS Query to a *.top domain - Likely Hostile | Potentially Bad Traffic |
Suricata TLS
No Suricata TLS
suspicious_features | POST method with no referer header | suspicious_request | POST http://tventyvd20ht.top/v1/upload.php |
request | POST http://tventyvd20ht.top/v1/upload.php |
request | POST http://tventyvd20ht.top/v1/upload.php |
file | C:\Users\test22\AppData\Local\Temp\service123.exe |
file | C:\Users\test22\AppData\Local\Temp\YucxOllQDqxHqbsZWekA.dll |
section | {u'size_of_data': u'0x000e2c00', u'virtual_address': u'0x00b39000', u'entropy': 6.841597148781801, u'name': u'.reloc', u'virtual_size': u'0x000e2ad0'} | entropy | 6.84159714878 | description | A section with a high entropy has been found |
Bkav | W32.AIDetectMalware |
Elastic | malicious (high confidence) |
ALYac | Generic.Dacic.3704.A572C03C |
Cylance | Unsafe |
VIPRE | Generic.Dacic.3704.A572C03C |
Sangfor | Infostealer.Win32.Cryptbot.Vjio |
K7AntiVirus | Password-Stealer ( 0054cf561 ) |
BitDefender | Generic.Dacic.3704.A572C03C |
K7GW | Password-Stealer ( 0054cf561 ) |
Arcabit | Generic.Dacic.3704.A572C03C |
Symantec | ML.Attribute.HighConfidence |
ESET-NOD32 | a variant of Win32/PSW.Agent.OGR |
APEX | Malicious |
Avast | Win32:Evo-gen [Trj] |
ClamAV | Win.Malware.Barys-10032866-0 |
Kaspersky | Trojan-PSW.Win32.Cryptnot.cyj |
Alibaba | TrojanPSW:Win32/CryptBot.0b139dae |
MicroWorld-eScan | Generic.Dacic.3704.A572C03C |
Rising | Trojan.CryptBot!8.19865 (TFE:5:du8Y4XG1zuF) |
Emsisoft | Generic.Dacic.3704.A572C03C (B) |
DrWeb | Trojan.PWS.Stealer.39980 |
McAfeeD | ti!D023E36B9485 |
CTX | exe.trojan.stealer |
Sophos | Mal/Generic-S |
FireEye | Generic.Dacic.3704.A572C03C |
Webroot | W32.ChePro |
Detected | |
Avira | TR/PSW.Agent.xuseq |
Antiy-AVL | Trojan/Win32.Cryptbot |
Kingsoft | Win32.Troj.Unknown.a |
Gridinsoft | Trojan.Win32.CryptBot.tr |
Microsoft | Trojan:Win32/CryptBot.CCJD!MTB |
ZoneAlarm | Trojan-PSW.Win32.Cryptnot.cyj |
GData | Win32.Trojan.PSE.1BPFXUZ |
Varist | W32/Agent.JHG.gen!Eldorado |
AhnLab-V3 | Infostealer/Win.CryptBot.R661185 |
McAfee | Artemis!71D70566C254 |
DeepInstinct | MALICIOUS |
Malwarebytes | Spyware.Stealer |
Ikarus | Trojan-PSW.Agent |
Panda | Trj/Genetic.gen |
TrendMicro-HouseCall | Trojan.Win32.PRIVATELOADER.YXEILZ |
Tencent | Trojan.Win32.Agent.16001366 |
huorong | TrojanSpy/Stealer.lt |
Fortinet | W32/Agent.OGR!tr |
AVG | Win32:Evo-gen [Trj] |
Paloalto | generic.ml |
CrowdStrike | win/malicious_confidence_60% (D) |
alibabacloud | Trojan[stealer]:Win/CryptBot.CWU!3DGW |