Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | Oct. 8, 2024, 9:54 p.m. | Oct. 8, 2024, 9:56 p.m. |
-
CCRNC.txt.exe "C:\Users\test22\AppData\Local\Temp\CCRNC.txt.exe"
3060
Name | Response | Post-Analysis Lookup |
---|---|---|
michelsrmccontrol.duckdns.org | 107.175.130.20 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
UDP 192.168.56.102:63709 -> 164.124.101.2:53 | 2042936 | ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain | Potentially Bad Traffic |
UDP 192.168.56.102:63709 -> 164.124.101.2:53 | 2022918 | ET INFO DYNAMIC_DNS Query to *.duckdns. Domain | Misc activity |
UDP 192.168.56.102:62846 -> 164.124.101.2:53 | 2042936 | ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain | Potentially Bad Traffic |
UDP 192.168.56.102:62846 -> 164.124.101.2:53 | 2022918 | ET INFO DYNAMIC_DNS Query to *.duckdns. Domain | Misc activity |
Suricata TLS
No Suricata TLS
section | .gfids |
domain | michelsrmccontrol.duckdns.org |
description | CCRNC.txt.exe tried to sleep 162 seconds, actually delayed analysis time by 162 seconds |
Lionic | Trojan.Win32.Remcos.m!c |
Cynet | Malicious (score: 100) |
CAT-QuickHeal | Backdoor.Remcos |
Skyhigh | BehavesLike.Win32.Remcos.gh |
ALYac | Generic.Remcos.138B30D4 |
Cylance | Unsafe |
VIPRE | Generic.Remcos.138B30D4 |
Sangfor | Trojan.Win32.Save.a |
CrowdStrike | win/malicious_confidence_100% (D) |
BitDefender | Generic.Remcos.138B30D4 |
K7GW | Trojan ( 0053ac2c1 ) |
K7AntiVirus | Trojan ( 0053ac2c1 ) |
Arcabit | Generic.Remcos.138B30D4 |
Baidu | Win32.Trojan.Kryptik.awm |
VirIT | Trojan.Win32.Remcos.HCY |
Symantec | Trojan Horse |
Elastic | Windows.Trojan.Remcos |
ESET-NOD32 | a variant of Win32/Rescoms.B |
APEX | Malicious |
Avast | Win32:RATX-gen [Trj] |
ClamAV | Win.Trojan.Remcos-9841897-0 |
Kaspersky | HEUR:Backdoor.Win32.Remcos.gen |
Alibaba | Backdoor:Win32/Remcos.be873ff6 |
NANO-Antivirus | Trojan.Win32.Rescoms.kqldxd |
SUPERAntiSpyware | Trojan.Agent/Gen-Crypt |
MicroWorld-eScan | Generic.Remcos.138B30D4 |
Rising | Backdoor.Remcos!1.BAC7 (CLASSIC) |
Emsisoft | Generic.Remcos.138B30D4 (B) |
F-Secure | Backdoor.BDS/Backdoor.Gen |
DrWeb | BackDoor.Remcos.438 |
Zillya | Trojan.Rescoms.Win32.1913 |
McAfeeD | Real Protect-LS!1A3FEE38CED0 |
CTX | exe.trojan.remcos |
Sophos | Mal/Remcos-B |
Ikarus | Backdoor.Remcos |
FireEye | Generic.mg.1a3fee38ced030e1 |
Jiangmin | Backdoor.Remcos.dzw |
Webroot | W32.Trojan.Remcos |
Detected | |
Avira | BDS/Backdoor.Gen |
Antiy-AVL | Trojan[Backdoor]/Win32.Rescoms.b |
Kingsoft | Win32.Hack.Remcos.gen |
Gridinsoft | Backdoor.Win32.Remcos.sa |
Microsoft | Backdoor:Win32/Remcos.GA!MTB |
ZoneAlarm | HEUR:Backdoor.Win32.Remcos.gen |
GData | Generic.Remcos.138B30D4 |
Varist | W32/Trojan.TEVC-5559 |
AhnLab-V3 | Backdoor/Win.Remcos.R634199 |
McAfee | Remcos-FDQO!1A3FEE38CED0 |
DeepInstinct | MALICIOUS |
dead_host | 192.168.56.102:49172 |
dead_host | 192.168.56.102:49187 |
dead_host | 192.168.56.102:49205 |
dead_host | 192.168.56.102:49167 |
dead_host | 192.168.56.102:49196 |
dead_host | 192.168.56.102:49176 |
dead_host | 192.168.56.102:49191 |
dead_host | 192.168.56.102:49200 |
dead_host | 192.168.56.102:49180 |
dead_host | 192.168.56.102:49195 |
dead_host | 107.175.130.20:14645 |
dead_host | 192.168.56.102:49175 |
dead_host | 192.168.56.102:49186 |
dead_host | 192.168.56.102:49204 |
dead_host | 192.168.56.102:49166 |
dead_host | 192.168.56.102:49199 |
dead_host | 192.168.56.102:49179 |
dead_host | 192.168.56.102:49190 |
dead_host | 192.168.56.102:49208 |
dead_host | 192.168.56.102:49170 |
dead_host | 192.168.56.102:49203 |
dead_host | 192.168.56.102:49194 |
dead_host | 192.168.56.102:49174 |
dead_host | 192.168.56.102:49207 |
dead_host | 192.168.56.102:49161 |
dead_host | 192.168.56.102:49198 |
dead_host | 192.168.56.102:49178 |
dead_host | 192.168.56.102:49185 |
dead_host | 192.168.56.102:49165 |
dead_host | 192.168.56.102:49202 |
dead_host | 192.168.56.102:49182 |
dead_host | 192.168.56.102:49189 |
dead_host | 192.168.56.102:49169 |
dead_host | 192.168.56.102:49206 |
dead_host | 192.168.56.102:49193 |
dead_host | 192.168.56.102:49173 |
dead_host | 192.168.56.102:49184 |
dead_host | 192.168.56.102:49164 |
dead_host | 192.168.56.102:49197 |
dead_host | 192.168.56.102:49177 |
dead_host | 192.168.56.102:49188 |
dead_host | 192.168.56.102:49168 |
dead_host | 192.168.56.102:49201 |
dead_host | 192.168.56.102:49163 |
dead_host | 192.168.56.102:49181 |
dead_host | 192.168.56.102:49192 |