Source: unknown |
TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.3730000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.3730000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.3730000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.3730000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.3730000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38c86d4.6.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38c86d4.6.unpack, type: UNPACKEDPE |
Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38c86d4.6.unpack, type: UNPACKEDPE |
Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38c86d4.6.unpack, type: UNPACKEDPE |
Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38c86d4.6.unpack, type: UNPACKEDPE |
Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 5.2.WindowsUpdate.exe.3818594.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 5.2.WindowsUpdate.exe.3818594.0.unpack, type: UNPACKEDPE |
Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 5.2.WindowsUpdate.exe.3818594.0.unpack, type: UNPACKEDPE |
Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 5.2.WindowsUpdate.exe.3818594.0.unpack, type: UNPACKEDPE |
Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 5.2.WindowsUpdate.exe.3818594.0.unpack, type: UNPACKEDPE |
Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.3730000.3.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.3730000.3.unpack, type: UNPACKEDPE |
Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.3730000.3.unpack, type: UNPACKEDPE |
Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.3730000.3.unpack, type: UNPACKEDPE |
Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.3730000.3.unpack, type: UNPACKEDPE |
Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 5.2.WindowsUpdate.exe.3818594.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 5.2.WindowsUpdate.exe.3818594.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 5.2.WindowsUpdate.exe.3818594.0.raw.unpack, type: UNPACKEDPE |
Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 5.2.WindowsUpdate.exe.3818594.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 5.2.WindowsUpdate.exe.3825b10.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 5.2.WindowsUpdate.exe.3825b10.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 5.2.WindowsUpdate.exe.3825b10.1.raw.unpack, type: UNPACKEDPE |
Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 5.2.WindowsUpdate.exe.3825b10.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 5.2.WindowsUpdate.exe.3825c1c.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 5.2.WindowsUpdate.exe.3825c1c.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 5.2.WindowsUpdate.exe.3825c1c.2.raw.unpack, type: UNPACKEDPE |
Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 5.2.WindowsUpdate.exe.3825c1c.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38d5c50.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38d5c50.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38d5c50.4.raw.unpack, type: UNPACKEDPE |
Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38d5c50.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38c86d4.6.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38c86d4.6.raw.unpack, type: UNPACKEDPE |
Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38c86d4.6.raw.unpack, type: UNPACKEDPE |
Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38c86d4.6.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38d5d5c.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38d5d5c.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38d5d5c.5.raw.unpack, type: UNPACKEDPE |
Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38d5d5c.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 00000005.00000002.1969185248.0000000003801000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 00000005.00000002.1969185248.0000000003801000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000005.00000002.1969185248.0000000003801000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 00000000.00000002.1701045268.0000000003730000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 00000000.00000002.1701045268.0000000003730000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 00000000.00000002.1701045268.0000000003730000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000000.00000002.1701045268.0000000003730000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 00000000.00000002.1701045268.0000000003730000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 00000000.00000002.1701121550.00000000038B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 00000000.00000002.1701121550.00000000038B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000000.00000002.1701121550.00000000038B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Section loaded: shfolder.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Section loaded: edputil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Section loaded: windows.staterepositoryps.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Section loaded: appresolver.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Section loaded: bcp47langs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Section loaded: slc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Section loaded: sppc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Section loaded: onecorecommonproxystub.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Section loaded: onecoreuapcommonproxystub.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: shfolder.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: ifmon.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: mprapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: rasmontr.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: rasapi32.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: rasman.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: mfc42u.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: rasman.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: authfwcfg.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: fwpolicyiomgr.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: firewallapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: fwbase.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: dhcpcmonitor.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: dot3cfg.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: dot3api.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: onex.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: eappcfg.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: eappprxy.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: fwcfg.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: hnetmon.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: netshell.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: nlaapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: netsetupapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: netiohlp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: nshhttp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: httpapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: nshipsec.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: activeds.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: polstore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: winipsec.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: adsldpc.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: nshwfp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: cabinet.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: p2pnetsh.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: p2p.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: rpcnsh.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: whhelper.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: wlancfg.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: wlanapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: wshelper.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: wevtapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: peerdistsh.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: wcmapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: rmclient.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: mobilenetworking.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: slc.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: sppc.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: ktmw32.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: mprmsg.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: shfolder.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: shfolder.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: shfolder.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.3730000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.3730000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.3730000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.3730000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.3730000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38c86d4.6.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38c86d4.6.unpack, type: UNPACKEDPE |
Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38c86d4.6.unpack, type: UNPACKEDPE |
Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38c86d4.6.unpack, type: UNPACKEDPE |
Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38c86d4.6.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 5.2.WindowsUpdate.exe.3818594.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 5.2.WindowsUpdate.exe.3818594.0.unpack, type: UNPACKEDPE |
Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 5.2.WindowsUpdate.exe.3818594.0.unpack, type: UNPACKEDPE |
Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 5.2.WindowsUpdate.exe.3818594.0.unpack, type: UNPACKEDPE |
Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 5.2.WindowsUpdate.exe.3818594.0.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.3730000.3.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.3730000.3.unpack, type: UNPACKEDPE |
Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.3730000.3.unpack, type: UNPACKEDPE |
Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.3730000.3.unpack, type: UNPACKEDPE |
Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.3730000.3.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 5.2.WindowsUpdate.exe.3818594.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 5.2.WindowsUpdate.exe.3818594.0.raw.unpack, type: UNPACKEDPE |
Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 5.2.WindowsUpdate.exe.3818594.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 5.2.WindowsUpdate.exe.3818594.0.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 5.2.WindowsUpdate.exe.3825b10.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 5.2.WindowsUpdate.exe.3825b10.1.raw.unpack, type: UNPACKEDPE |
Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 5.2.WindowsUpdate.exe.3825b10.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 5.2.WindowsUpdate.exe.3825b10.1.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 5.2.WindowsUpdate.exe.3825c1c.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 5.2.WindowsUpdate.exe.3825c1c.2.raw.unpack, type: UNPACKEDPE |
Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 5.2.WindowsUpdate.exe.3825c1c.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 5.2.WindowsUpdate.exe.3825c1c.2.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38d5c50.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38d5c50.4.raw.unpack, type: UNPACKEDPE |
Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38d5c50.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38d5c50.4.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38c86d4.6.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38c86d4.6.raw.unpack, type: UNPACKEDPE |
Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38c86d4.6.raw.unpack, type: UNPACKEDPE |
Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38c86d4.6.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38d5d5c.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38d5d5c.5.raw.unpack, type: UNPACKEDPE |
Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38d5d5c.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38d5d5c.5.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 00000005.00000002.1969185248.0000000003801000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 00000005.00000002.1969185248.0000000003801000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000005.00000002.1969185248.0000000003801000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 00000000.00000002.1701045268.0000000003730000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 00000000.00000002.1701045268.0000000003730000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 00000000.00000002.1701045268.0000000003730000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000000.00000002.1701045268.0000000003730000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 00000000.00000002.1701045268.0000000003730000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 00000000.00000002.1701121550.00000000038B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 00000000.00000002.1701121550.00000000038B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000000.00000002.1701121550.00000000038B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Code function: 0_2_006A6104 push ecx; mov dword ptr [esp], edx |
0_2_006A6109 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Code function: 0_2_0069A2B5 push 0069A6D8h; ret |
0_2_0069A6D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Code function: 0_2_006A632C push ecx; mov dword ptr [esp], edx |
0_2_006A6331 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Code function: 0_2_006923EA push 00692418h; ret |
0_2_00692410 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Code function: 0_2_006A33A0 push 006A3400h; ret |
0_2_006A33F8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Code function: 0_2_006A6448 push ecx; mov dword ptr [esp], edx |
0_2_006A644D |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Code function: 0_2_0069245C push 00692488h; ret |
0_2_00692480 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Code function: 0_2_006A4454 push 006A44A1h; ret |
0_2_006A4499 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Code function: 0_2_00692424 push 00692450h; ret |
0_2_00692448 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Code function: 0_2_0069A424 push 0069A6D8h; ret |
0_2_0069A6D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Code function: 0_2_006924F8 push 0069252Ch; ret |
0_2_00692524 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Code function: 0_2_0069A4D7 push 0069A6D8h; ret |
0_2_0069A6D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Code function: 0_2_0069A4B5 push 0069A6D8h; ret |
0_2_0069A6D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Code function: 0_2_0069A48F push 0069A6D8h; ret |
0_2_0069A6D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Code function: 0_2_006A648C push ecx; mov dword ptr [esp], edx |
0_2_006A6491 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Code function: 0_2_00692494 push 006924C0h; ret |
0_2_006924B8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Code function: 0_2_006A3550 push 006A35A4h; ret |
0_2_006A359C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Code function: 0_2_0069A538 push 0069A6D8h; ret |
0_2_0069A6D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Code function: 0_2_006A2536 push 006A25B5h; ret |
0_2_006A25AD |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Code function: 0_2_0069A500 push 0069A6D8h; ret |
0_2_0069A6D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Code function: 0_2_006905F0 push 00690641h; ret |
0_2_00690639 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Code function: 0_2_006A162C push 006A16A2h; ret |
0_2_006A169A |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Code function: 0_2_0069A6DA push 0069A74Bh; ret |
0_2_0069A743 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Code function: 0_2_006A16A4 push 006A174Ch; ret |
0_2_006A1744 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Code function: 0_2_006A3684 push ecx; mov dword ptr [esp], ecx |
0_2_006A3687 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Code function: 0_2_006A174E push 006A179Ch; ret |
0_2_006A1794 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Code function: 0_2_00692738 push 0069285Ch; ret |
0_2_00692854 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Code function: 0_2_0069A85E push 0069A88Ch; ret |
0_2_0069A884 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Code function: 0_2_006A2804 push 006A2830h; ret |
0_2_006A2828 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Code function: 0_2_006A38F4 push ecx; mov dword ptr [esp], ecx |
0_2_006A38F6 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Code function: 0_2_006908AA push 006908D8h; ret |
0_2_006908D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe, 00000000.00000002.1700012370.0000000000FCC000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAWw |
Source: SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe, 00000000.00000002.1699455955.000000000068A000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: VBoxService.exe |
Source: SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe, 00000000.00000002.1700012370.0000000000FCC000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} |
Source: WindowsUpdate.exe, 00000008.00000002.2047287114.0000000001112000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlln |
Source: SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe, SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe, 00000000.00000002.1699455955.00000000007D0000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: ~VirtualMachineTypes |
Source: WindowsUpdate.exe, 00000009.00000002.2133883432.00000000004DE000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllCulture=neutral, PublicKeyToken=31bf3856ad364e35"/> |
Source: SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe, SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe, 00000000.00000002.1699455955.00000000007D0000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: ]DLL_Loader_VirtualMachine |
Source: WindowsUpdate.exe, 00000005.00000002.1964106695.0000000000DF1000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000008.00000002.2047287114.0000000001112000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000009.00000002.2133883432.00000000004DE000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW |
Source: SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe, 00000000.00000002.1699455955.000000000068A000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: VMWare |
Source: SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe, 00000000.00000002.1699455955.00000000007D0000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: DLL_Loader_Marker]DLL_Loader_VirtualMachineZDLL_Loader_Reloc_Unit |
Source: SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe, 00000000.00000002.1699455955.000000000068A000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: &VBoxService.exe |
Source: SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe, 00000000.00000002.1700012370.0000000000FCC000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\ye |
Source: SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe, 00000000.00000002.1700012370.0000000000FCC000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: WindowsUpdate.exe, 00000001.00000002.4073317835.0000000001092000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000003.1789309952.0000000003711000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000005.00000002.1964106695.0000000000DF1000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |