Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | Oct. 6, 2024, 12:46 p.m. | Oct. 6, 2024, 12:50 p.m. |
-
-
cmd.exe "C:\Windows\System32\cmd.exe" /C schtasks /create /tn MyApp /tr %APPDATA%\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f
2176-
schtasks.exe schtasks /create /tn MyApp /tr C:\Users\test22\AppData\Roaming\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f
2252
-
-
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
164.124.101.2 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
section | .vmp\xe2\x98\x8fh |
resource name | STYLE_XML |
resource name | None |
cmdline | cmd.exe /C schtasks /create /tn MyApp /tr %APPDATA%\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f |
cmdline | schtasks /create /tn MyApp /tr C:\Users\test22\AppData\Roaming\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f |
cmdline | "C:\Windows\System32\cmd.exe" /C schtasks /create /tn MyApp /tr %APPDATA%\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f |
section | {u'size_of_data': u'0x0054cc00', u'virtual_address': u'0x002b2000', u'entropy': 7.8958944956166865, u'name': u'.vmp\\xe2\\x98\\x8fh', u'virtual_size': u'0x0054ca90'} | entropy | 7.89589449562 | description | A section with a high entropy has been found | |||||||||
entropy | 0.981818181818 | description | Overall entropy of this PE file is high |
cmdline | cmd.exe /C schtasks /create /tn MyApp /tr %APPDATA%\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f |
cmdline | schtasks /create /tn MyApp /tr C:\Users\test22\AppData\Roaming\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f |
cmdline | "C:\Windows\System32\cmd.exe" /C schtasks /create /tn MyApp /tr %APPDATA%\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f |
section | .vmp\xe2\x98\x8fh | description | Section name indicates VMProtect | ||||||
section | .vmp\xe2\x98\x8fh | description | Section name indicates VMProtect | ||||||
section | .vmp\xe2\x98\x8fh | description | Section name indicates VMProtect |
cmdline | cmd.exe /C schtasks /create /tn MyApp /tr %APPDATA%\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f |
cmdline | schtasks /create /tn MyApp /tr C:\Users\test22\AppData\Roaming\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f |
cmdline | "C:\Windows\System32\cmd.exe" /C schtasks /create /tn MyApp /tr %APPDATA%\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f |
cmdline | cmd.exe /C schtasks /create /tn MyApp /tr %APPDATA%\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f |
cmdline | schtasks /create /tn MyApp /tr C:\Users\test22\AppData\Roaming\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f |
cmdline | "C:\Windows\System32\cmd.exe" /C schtasks /create /tn MyApp /tr %APPDATA%\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f |
Bkav | W32.AIDetectMalware |
Lionic | Trojan.Win32.Agent.Y!c |
Skyhigh | Artemis!Trojan |
Cylance | Unsafe |
CrowdStrike | win/malicious_confidence_90% (D) |
Symantec | ML.Attribute.HighConfidence |
Elastic | malicious (high confidence) |
Avast | Win32:MalwareX-gen [Trj] |
Cynet | Malicious (score: 100) |
Kaspersky | Trojan-Dropper.Win32.Agent.tjbmor |
Rising | Trojan.Generic!8.C3 (CLOUD) |
F-Secure | Trojan.TR/AD.Nekark.qzrwp |
McAfeeD | ti!419901E7E174 |
Trapmine | malicious.high.ml.score |
Sophos | Mal/Generic-S |
SentinelOne | Static AI - Suspicious PE |
FireEye | Generic.mg.925ec45b5ac88ab7 |
Detected | |
Avira | TR/AD.Nekark.qzrwp |
Kingsoft | Win32.Trojan-Dropper.Agent.tjbmor |
Gridinsoft | Ransom.Win32.Wacatac.ca |
Microsoft | Trojan:Win32/Wacatac.B!ml |
ViRobot | Trojan.Win.Z.Wacatac.5699232 |
ZoneAlarm | Trojan-Dropper.Win32.Agent.tjbmor |
Varist | W32/ABTrojan.SAZR-3568 |
AhnLab-V3 | Suspicious/Win.MalPe.X2197 |
McAfee | Artemis!925EC45B5AC8 |
DeepInstinct | MALICIOUS |
Malwarebytes | Malware.AI.4277566029 |
Ikarus | Win32.Outbreak |
Panda | Trj/Chgt.AD |
Fortinet | W32/PossibleThreat |
AVG | Win32:MalwareX-gen [Trj] |
Paloalto | generic.ml |
alibabacloud | Trojan[dropper]:Win/Wacatac.H9nj |