Source: unknown | TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown | TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown | TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown | TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown | TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown | TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown | TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown | TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown | TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown | TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown | TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown | TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown | TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown | TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown | TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown | TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown | TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown | TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown | TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown | TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown | TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown | TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown | TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown | TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown | TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown | TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown | TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown | TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown | TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown | TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown | TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown | TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown | TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown | TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown | TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown | TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown | TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown | TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown | TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown | TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown | TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown | TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown | TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown | TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown | TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown | TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown | TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown | TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown | TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: unknown | TCP traffic detected without corresponding DNS query: 157.245.191.173 |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.3730000.3.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.3730000.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.3730000.3.raw.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.3730000.3.raw.unpack, type: UNPACKEDPE | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.3730000.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38c86d4.6.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38c86d4.6.unpack, type: UNPACKEDPE | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38c86d4.6.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38c86d4.6.unpack, type: UNPACKEDPE | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38c86d4.6.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 5.2.WindowsUpdate.exe.3818594.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 5.2.WindowsUpdate.exe.3818594.0.unpack, type: UNPACKEDPE | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 5.2.WindowsUpdate.exe.3818594.0.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 5.2.WindowsUpdate.exe.3818594.0.unpack, type: UNPACKEDPE | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 5.2.WindowsUpdate.exe.3818594.0.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.3730000.3.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.3730000.3.unpack, type: UNPACKEDPE | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.3730000.3.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.3730000.3.unpack, type: UNPACKEDPE | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.3730000.3.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 5.2.WindowsUpdate.exe.3818594.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 5.2.WindowsUpdate.exe.3818594.0.raw.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 5.2.WindowsUpdate.exe.3818594.0.raw.unpack, type: UNPACKEDPE | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 5.2.WindowsUpdate.exe.3818594.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 5.2.WindowsUpdate.exe.3825b10.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 5.2.WindowsUpdate.exe.3825b10.1.raw.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 5.2.WindowsUpdate.exe.3825b10.1.raw.unpack, type: UNPACKEDPE | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 5.2.WindowsUpdate.exe.3825b10.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 5.2.WindowsUpdate.exe.3825c1c.2.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 5.2.WindowsUpdate.exe.3825c1c.2.raw.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 5.2.WindowsUpdate.exe.3825c1c.2.raw.unpack, type: UNPACKEDPE | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 5.2.WindowsUpdate.exe.3825c1c.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38d5c50.4.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38d5c50.4.raw.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38d5c50.4.raw.unpack, type: UNPACKEDPE | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38d5c50.4.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38c86d4.6.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38c86d4.6.raw.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38c86d4.6.raw.unpack, type: UNPACKEDPE | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38c86d4.6.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38d5d5c.5.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38d5d5c.5.raw.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38d5d5c.5.raw.unpack, type: UNPACKEDPE | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38d5d5c.5.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 00000005.00000002.1969185248.0000000003801000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 00000005.00000002.1969185248.0000000003801000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000005.00000002.1969185248.0000000003801000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 00000000.00000002.1701045268.0000000003730000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 00000000.00000002.1701045268.0000000003730000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 00000000.00000002.1701045268.0000000003730000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000000.00000002.1701045268.0000000003730000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 00000000.00000002.1701045268.0000000003730000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 00000000.00000002.1701121550.00000000038B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 00000000.00000002.1701121550.00000000038B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000000.00000002.1701121550.00000000038B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Section loaded: shfolder.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Section loaded: edputil.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Section loaded: windows.staterepositoryps.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Section loaded: appresolver.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Section loaded: bcp47langs.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Section loaded: slc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Section loaded: sppc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Section loaded: onecorecommonproxystub.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Section loaded: onecoreuapcommonproxystub.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: shfolder.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: ifmon.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: mprapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: rasmontr.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: rasapi32.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: rasman.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: mfc42u.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: rasman.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: authfwcfg.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: fwpolicyiomgr.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: firewallapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: fwbase.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: dhcpcmonitor.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: dot3cfg.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: dot3api.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: onex.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: eappcfg.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: ncrypt.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: eappprxy.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: ntasn1.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: fwcfg.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: hnetmon.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: netshell.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: nlaapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: netsetupapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: netiohlp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: dhcpcsvc.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: nshhttp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: httpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: nshipsec.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: activeds.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: polstore.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: winipsec.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: adsldpc.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: nshwfp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: cabinet.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: p2pnetsh.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: p2p.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: rpcnsh.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: whhelper.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: wlancfg.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: wlanapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: wshelper.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: wevtapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: peerdistsh.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: wcmapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: rmclient.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: mobilenetworking.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: slc.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: sppc.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: ktmw32.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: mprmsg.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: shfolder.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: shfolder.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: shfolder.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.3730000.3.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.3730000.3.raw.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.3730000.3.raw.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.3730000.3.raw.unpack, type: UNPACKEDPE | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.3730000.3.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38c86d4.6.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38c86d4.6.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38c86d4.6.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38c86d4.6.unpack, type: UNPACKEDPE | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38c86d4.6.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 5.2.WindowsUpdate.exe.3818594.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 5.2.WindowsUpdate.exe.3818594.0.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 5.2.WindowsUpdate.exe.3818594.0.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 5.2.WindowsUpdate.exe.3818594.0.unpack, type: UNPACKEDPE | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 5.2.WindowsUpdate.exe.3818594.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.3730000.3.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.3730000.3.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.3730000.3.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.3730000.3.unpack, type: UNPACKEDPE | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.3730000.3.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 5.2.WindowsUpdate.exe.3818594.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 5.2.WindowsUpdate.exe.3818594.0.raw.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 5.2.WindowsUpdate.exe.3818594.0.raw.unpack, type: UNPACKEDPE | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 5.2.WindowsUpdate.exe.3818594.0.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 5.2.WindowsUpdate.exe.3825b10.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 5.2.WindowsUpdate.exe.3825b10.1.raw.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 5.2.WindowsUpdate.exe.3825b10.1.raw.unpack, type: UNPACKEDPE | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 5.2.WindowsUpdate.exe.3825b10.1.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 5.2.WindowsUpdate.exe.3825c1c.2.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 5.2.WindowsUpdate.exe.3825c1c.2.raw.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 5.2.WindowsUpdate.exe.3825c1c.2.raw.unpack, type: UNPACKEDPE | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 5.2.WindowsUpdate.exe.3825c1c.2.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38d5c50.4.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38d5c50.4.raw.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38d5c50.4.raw.unpack, type: UNPACKEDPE | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38d5c50.4.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38c86d4.6.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38c86d4.6.raw.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38c86d4.6.raw.unpack, type: UNPACKEDPE | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38c86d4.6.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38d5d5c.5.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38d5d5c.5.raw.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38d5d5c.5.raw.unpack, type: UNPACKEDPE | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 0.2.SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe.38d5d5c.5.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 00000005.00000002.1969185248.0000000003801000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 00000005.00000002.1969185248.0000000003801000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000005.00000002.1969185248.0000000003801000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 00000000.00000002.1701045268.0000000003730000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 00000000.00000002.1701045268.0000000003730000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 00000000.00000002.1701045268.0000000003730000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000000.00000002.1701045268.0000000003730000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 00000000.00000002.1701045268.0000000003730000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 00000000.00000002.1701121550.00000000038B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 00000000.00000002.1701121550.00000000038B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000000.00000002.1701121550.00000000038B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Code function: 0_2_006A6104 push ecx; mov dword ptr [esp], edx | 0_2_006A6109 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Code function: 0_2_0069A2B5 push 0069A6D8h; ret | 0_2_0069A6D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Code function: 0_2_006A632C push ecx; mov dword ptr [esp], edx | 0_2_006A6331 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Code function: 0_2_006923EA push 00692418h; ret | 0_2_00692410 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Code function: 0_2_006A33A0 push 006A3400h; ret | 0_2_006A33F8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Code function: 0_2_006A6448 push ecx; mov dword ptr [esp], edx | 0_2_006A644D |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Code function: 0_2_0069245C push 00692488h; ret | 0_2_00692480 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Code function: 0_2_006A4454 push 006A44A1h; ret | 0_2_006A4499 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Code function: 0_2_00692424 push 00692450h; ret | 0_2_00692448 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Code function: 0_2_0069A424 push 0069A6D8h; ret | 0_2_0069A6D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Code function: 0_2_006924F8 push 0069252Ch; ret | 0_2_00692524 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Code function: 0_2_0069A4D7 push 0069A6D8h; ret | 0_2_0069A6D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Code function: 0_2_0069A4B5 push 0069A6D8h; ret | 0_2_0069A6D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Code function: 0_2_0069A48F push 0069A6D8h; ret | 0_2_0069A6D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Code function: 0_2_006A648C push ecx; mov dword ptr [esp], edx | 0_2_006A6491 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Code function: 0_2_00692494 push 006924C0h; ret | 0_2_006924B8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Code function: 0_2_006A3550 push 006A35A4h; ret | 0_2_006A359C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Code function: 0_2_0069A538 push 0069A6D8h; ret | 0_2_0069A6D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Code function: 0_2_006A2536 push 006A25B5h; ret | 0_2_006A25AD |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Code function: 0_2_0069A500 push 0069A6D8h; ret | 0_2_0069A6D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Code function: 0_2_006905F0 push 00690641h; ret | 0_2_00690639 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Code function: 0_2_006A162C push 006A16A2h; ret | 0_2_006A169A |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Code function: 0_2_0069A6DA push 0069A74Bh; ret | 0_2_0069A743 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Code function: 0_2_006A16A4 push 006A174Ch; ret | 0_2_006A1744 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Code function: 0_2_006A3684 push ecx; mov dword ptr [esp], ecx | 0_2_006A3687 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Code function: 0_2_006A174E push 006A179Ch; ret | 0_2_006A1794 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Code function: 0_2_00692738 push 0069285Ch; ret | 0_2_00692854 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Code function: 0_2_0069A85E push 0069A88Ch; ret | 0_2_0069A884 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Code function: 0_2_006A2804 push 006A2830h; ret | 0_2_006A2828 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Code function: 0_2_006A38F4 push ecx; mov dword ptr [esp], ecx | 0_2_006A38F6 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Code function: 0_2_006908AA push 006908D8h; ret | 0_2_006908D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\WindowsUpdate.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe, 00000000.00000002.1700012370.0000000000FCC000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAWw |
Source: SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe, 00000000.00000002.1699455955.000000000068A000.00000040.00000001.01000000.00000003.sdmp | Binary or memory string: VBoxService.exe |
Source: SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe, 00000000.00000002.1700012370.0000000000FCC000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} |
Source: WindowsUpdate.exe, 00000008.00000002.2047287114.0000000001112000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlln |
Source: SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe, SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe, 00000000.00000002.1699455955.00000000007D0000.00000040.00000001.01000000.00000003.sdmp | Binary or memory string: ~VirtualMachineTypes |
Source: WindowsUpdate.exe, 00000009.00000002.2133883432.00000000004DE000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllCulture=neutral, PublicKeyToken=31bf3856ad364e35"/> |
Source: SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe, SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe, 00000000.00000002.1699455955.00000000007D0000.00000040.00000001.01000000.00000003.sdmp | Binary or memory string: ]DLL_Loader_VirtualMachine |
Source: WindowsUpdate.exe, 00000005.00000002.1964106695.0000000000DF1000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000008.00000002.2047287114.0000000001112000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000009.00000002.2133883432.00000000004DE000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW |
Source: SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe, 00000000.00000002.1699455955.000000000068A000.00000040.00000001.01000000.00000003.sdmp | Binary or memory string: VMWare |
Source: SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe, 00000000.00000002.1699455955.00000000007D0000.00000040.00000001.01000000.00000003.sdmp | Binary or memory string: DLL_Loader_Marker]DLL_Loader_VirtualMachineZDLL_Loader_Reloc_Unit |
Source: SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe, 00000000.00000002.1699455955.000000000068A000.00000040.00000001.01000000.00000003.sdmp | Binary or memory string: &VBoxService.exe |
Source: SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe, 00000000.00000002.1700012370.0000000000FCC000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\ye |
Source: SecuriteInfo.com.Trojan.Siggen10.9096.15276.30319.exe, 00000000.00000002.1700012370.0000000000FCC000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: WindowsUpdate.exe, 00000001.00000002.4073317835.0000000001092000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000003.1789309952.0000000003711000.00000004.00000020.00020000.00000000.sdmp, WindowsUpdate.exe, 00000005.00000002.1964106695.0000000000DF1000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |