Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | Dec. 6, 2024, 9:36 a.m. | Dec. 6, 2024, 9:43 a.m. |
-
wscript.exe "C:\Windows\System32\wscript.exe" C:\Users\test22\AppData\Local\Temp\Transfer-https.vbs
840-
hTSebfAkRTedaXH.exe "C:\Users\test22\AppData\Local\Temp\radF25E7.tmp\hTSebfAkRTedaXH.exe"
2080
-
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
89.197.154.116 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
file | C:\Users\test22\AppData\Local\Temp\radF25E7.tmp\hTSebfAkRTedaXH.exe |
file | C:\Users\test22\AppData\Local\Temp\radF25E7.tmp\hTSebfAkRTedaXH.exe |
host | 89.197.154.116 |
file | C:\Users\test22\AppData\Local\Temp\radF25E7.tmp\hTSebfAkRTedaXH.exe |
file | C:\Users\test22\AppData\Local\Temp\radF25E7.tmp\hTSebfAkRTedaXH.exe |
parent_process | wscript.exe | martian_process | "C:\Users\test22\AppData\Local\Temp\radF25E7.tmp\hTSebfAkRTedaXH.exe" | ||||||
parent_process | wscript.exe | martian_process | C:\Users\test22\AppData\Local\Temp\radF25E7.tmp\hTSebfAkRTedaXH.exe |
Lionic | Trojan.Script.Swrort.4!c |
MicroWorld-eScan | VB:Trojan.VBS.Dropper.AG |
CTX | vba.trojan.swrort |
CAT-QuickHeal | Trojan.VBS.33100 |
Skyhigh | BehavesLike.VBS.Dropper.zp |
ALYac | VB:Trojan.VBS.Dropper.AG |
VIPRE | VB:Trojan.VBS.Dropper.AG |
Arcabit | VB:Trojan.VBS.Dropper.AG |
Baidu | JS.Trojan-Downloader.Agent.xk |
Symantec | VBS.Heur.SNIC |
ESET-NOD32 | Win32/Rozena.ED |
TrendMicro-HouseCall | Backdoor.VBS.SWRORT.YXEKPZ |
Avast | BV:Dowloader-A [Trj] |
Cynet | Malicious (score: 99) |
Kaspersky | UDS:DangerousObject.Multi.Generic |
BitDefender | VB:Trojan.VBS.Dropper.AG |
NANO-Antivirus | Trojan.Script.Agent.fosjzx |
Rising | Dropper.Ploty!8.EEC8 (TOPIS:E0:JqyfiJ1QMlQ) |
Emsisoft | VB:Trojan.VBS.Dropper.AG (B) |
F-Secure | Malware.HTML/ExpKit.Gen2 |
DrWeb | JS.Muldrop.457 |
TrendMicro | Backdoor.VBS.SWRORT.YXEKPZ |
Sophos | Troj/Swrort-AL |
Ikarus | Trojan.Win32.Swrort |
FireEye | VB:Trojan.VBS.Dropper.AG |
Detected | |
Avira | HTML/ExpKit.Gen2 |
Kingsoft | Script.Ks.Malware.9344 |
Gridinsoft | Trojan.U.Gen.tr |
Xcitium | TrojWare.VBS.TrojanDropper.Agent.NJA@833icd |
Microsoft | Trojan:VBS/Obfuse.NFE!MTB |
GData | VB:Trojan.VBS.Dropper.AG |
Varist | VBS/Agent.AJU!Eldorado |
AhnLab-V3 | Dropper/VBS.Generic |
McAfee | VBS/MPreter |
Tencent | Win32.Trojan.Expkit.Ymhl |
huorong | TrojanDropper/Agent.fg |
Fortinet | VBS/Rozena.ED!tr |
AVG | BV:Dowloader-A [Trj] |
alibabacloud | Trojan:Win/Rozena.EF |
file | C:\Users\test22\AppData\Local\Temp\radF25E7.tmp\hTSebfAkRTedaXH.exe |
dead_host | 192.168.56.103:49171 |
dead_host | 192.168.56.103:49170 |
dead_host | 192.168.56.103:49163 |
dead_host | 192.168.56.103:49173 |
dead_host | 192.168.56.103:49172 |
dead_host | 192.168.56.103:49164 |
dead_host | 192.168.56.103:49169 |
dead_host | 89.197.154.116:7810 |
dead_host | 192.168.56.103:49167 |
dead_host | 192.168.56.103:49168 |
dead_host | 192.168.56.103:49166 |