Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
gI5xZdIxUs.exe

Overview

General Information

Sample Name:gI5xZdIxUs.exe
Analysis ID:694566
MD5:98a12ec721c098842fbfd7384d5a72ae
SHA1:9dfd7d1746c8ae943f3dced0f85f0e3c6f5084f3
SHA256:f83457d173841c7e944bc60b00c197ca93c864893c71902cf1b1a36decdd30a4
Tags:exe
Infos:

Detection

Gandcrab, ReflectiveLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected Gandcrab
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Yara detected ReflectiveLoader
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for domain / URL
Antivirus detection for dropped file
Snort IDS alert for network traffic
Contains functionality to determine the online IP of the system
Found Tor onion address
Uses nslookup.exe to query domains
Machine Learning detection for sample
May check the online IP address of the machine
Performs many domain queries via nslookup
Machine Learning detection for dropped file
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Sample execution stops while process was sleeping (likely an evasion)
Too many similar processes found
Contains functionality to dynamically determine API calls
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a DirectInput object (often for capturing keystrokes)
Queries information about the installed CPU (vendor, model number etc)
Drops PE files
Contains functionality to read the PEB
Found evaded block containing many API calls
Contains functionality to enumerate device drivers
Checks for available system drives (often done to infect USB drives)
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)

Classification

  • System is w10x64
  • gI5xZdIxUs.exe (PID: 5280 cmdline: "C:\Users\user\Desktop\gI5xZdIxUs.exe" MD5: 98A12EC721C098842FBFD7384D5A72AE)
    • nslookup.exe (PID: 5960 cmdline: nslookup nomoreransom.coin dns1.soprodns.ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC)
      • conhost.exe (PID: 792 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • nslookup.exe (PID: 4684 cmdline: nslookup nomoreransom.bit dns1.soprodns.ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC)
      • conhost.exe (PID: 5556 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • nslookup.exe (PID: 4596 cmdline: nslookup gandcrab.bit dns2.soprodns.ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC)
      • conhost.exe (PID: 1920 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • nslookup.exe (PID: 6112 cmdline: nslookup nomoreransom.coin dns2.soprodns.ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC)
      • conhost.exe (PID: 4624 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • nslookup.exe (PID: 1916 cmdline: nslookup nomoreransom.bit dns2.soprodns.ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC)
      • conhost.exe (PID: 5388 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • nslookup.exe (PID: 5244 cmdline: nslookup gandcrab.bit dns1.soprodns.ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC)
      • conhost.exe (PID: 4592 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • nslookup.exe (PID: 6028 cmdline: nslookup nomoreransom.coin dns1.soprodns.ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC)
      • conhost.exe (PID: 1012 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • nslookup.exe (PID: 5116 cmdline: nslookup nomoreransom.bit dns1.soprodns.ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC)
      • conhost.exe (PID: 5552 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • nslookup.exe (PID: 680 cmdline: nslookup gandcrab.bit dns2.soprodns.ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC)
      • conhost.exe (PID: 496 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • nslookup.exe (PID: 5124 cmdline: nslookup nomoreransom.coin dns2.soprodns.ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC)
      • conhost.exe (PID: 5484 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • nslookup.exe (PID: 4972 cmdline: nslookup nomoreransom.bit dns2.soprodns.ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC)
      • conhost.exe (PID: 6096 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • nslookup.exe (PID: 5604 cmdline: nslookup gandcrab.bit dns1.soprodns.ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC)
      • conhost.exe (PID: 1784 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • nslookup.exe (PID: 736 cmdline: nslookup nomoreransom.coin dns1.soprodns.ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC)
      • conhost.exe (PID: 6060 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • nslookup.exe (PID: 4460 cmdline: nslookup nomoreransom.bit dns1.soprodns.ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC)
      • conhost.exe (PID: 4560 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • nslookup.exe (PID: 6052 cmdline: nslookup gandcrab.bit dns2.soprodns.ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC)
      • conhost.exe (PID: 5984 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • nslookup.exe (PID: 5424 cmdline: nslookup nomoreransom.coin dns2.soprodns.ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC)
      • conhost.exe (PID: 1000 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • nslookup.exe (PID: 4364 cmdline: nslookup nomoreransom.bit dns2.soprodns.ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC)
      • conhost.exe (PID: 1552 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • nslookup.exe (PID: 5188 cmdline: nslookup gandcrab.bit dns1.soprodns.ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC)
      • conhost.exe (PID: 1960 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • nslookup.exe (PID: 1164 cmdline: nslookup nomoreransom.coin dns1.soprodns.ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC)
      • conhost.exe (PID: 5824 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • nslookup.exe (PID: 1092 cmdline: nslookup nomoreransom.bit dns1.soprodns.ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC)
      • conhost.exe (PID: 5844 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • nslookup.exe (PID: 968 cmdline: nslookup gandcrab.bit dns2.soprodns.ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC)
      • conhost.exe (PID: 5636 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • isqmkp.exe (PID: 5464 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\isqmkp.exe" MD5: F4758788F11A0DE8D11EB4B8C515FFBD)
  • isqmkp.exe (PID: 1572 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\isqmkp.exe" MD5: F4758788F11A0DE8D11EB4B8C515FFBD)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
gI5xZdIxUs.exeReflectiveLoaderDetects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommendedFlorian Roth
  • 0xed22:$x1: ReflectiveLoader
gI5xZdIxUs.exeSUSP_RANSOMWARE_Indicator_Jul20Detects ransomware indicatorFlorian Roth
  • 0xe67e:$: DECRYPT.txt
  • 0xe6e4:$: DECRYPT.txt
gI5xZdIxUs.exeJoeSecurity_GandcrabYara detected GandcrabJoe Security
    gI5xZdIxUs.exeJoeSecurity_ReflectiveLoaderYara detected ReflectiveLoaderJoe Security
      gI5xZdIxUs.exeINDICATOR_SUSPICIOUS_ReflectiveLoaderdetects Reflective DLL injection artifactsditekSHen
      • 0xed21:$s1: _ReflectiveLoader@
      • 0xed22:$s2: ReflectiveLoader@
      Click to see the 1 entries
      SourceRuleDescriptionAuthorStrings
      C:\Users\user\AppData\Roaming\Microsoft\isqmkp.exeReflectiveLoaderDetects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommendedFlorian Roth
      • 0xed22:$x1: ReflectiveLoader
      C:\Users\user\AppData\Roaming\Microsoft\isqmkp.exeSUSP_RANSOMWARE_Indicator_Jul20Detects ransomware indicatorFlorian Roth
      • 0xe67e:$: DECRYPT.txt
      • 0xe6e4:$: DECRYPT.txt
      C:\Users\user\AppData\Roaming\Microsoft\isqmkp.exeJoeSecurity_GandcrabYara detected GandcrabJoe Security
        C:\Users\user\AppData\Roaming\Microsoft\isqmkp.exeJoeSecurity_ReflectiveLoaderYara detected ReflectiveLoaderJoe Security
          C:\Users\user\AppData\Roaming\Microsoft\isqmkp.exeINDICATOR_SUSPICIOUS_ReflectiveLoaderdetects Reflective DLL injection artifactsditekSHen
          • 0xed21:$s1: _ReflectiveLoader@
          • 0xed22:$s2: ReflectiveLoader@
          Click to see the 1 entries
          SourceRuleDescriptionAuthorStrings
          00000014.00000000.322631215.000000000F9DA000.00000002.00000001.01000000.00000005.sdmpJoeSecurity_ReflectiveLoaderYara detected ReflectiveLoaderJoe Security
            0000000E.00000002.315651936.000000000F9DA000.00000002.00000001.01000000.00000005.sdmpJoeSecurity_ReflectiveLoaderYara detected ReflectiveLoaderJoe Security
              0000000E.00000000.307654244.000000000F9E2000.00000008.00000001.01000000.00000005.sdmpJoeSecurity_GandcrabYara detected GandcrabJoe Security
                00000001.00000000.272296797.000000000FC6A000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_ReflectiveLoaderYara detected ReflectiveLoaderJoe Security
                  0000000E.00000000.307645700.000000000F9DA000.00000002.00000001.01000000.00000005.sdmpJoeSecurity_ReflectiveLoaderYara detected ReflectiveLoaderJoe Security
                    Click to see the 14 entries
                    SourceRuleDescriptionAuthorStrings
                    14.2.isqmkp.exe.f9d0000.0.unpackReflectiveLoaderDetects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommendedFlorian Roth
                    • 0xed22:$x1: ReflectiveLoader
                    14.2.isqmkp.exe.f9d0000.0.unpackSUSP_RANSOMWARE_Indicator_Jul20Detects ransomware indicatorFlorian Roth
                    • 0xe67e:$: DECRYPT.txt
                    • 0xe6e4:$: DECRYPT.txt
                    14.2.isqmkp.exe.f9d0000.0.unpackJoeSecurity_GandcrabYara detected GandcrabJoe Security
                      14.2.isqmkp.exe.f9d0000.0.unpackJoeSecurity_ReflectiveLoaderYara detected ReflectiveLoaderJoe Security
                        14.2.isqmkp.exe.f9d0000.0.unpackINDICATOR_SUSPICIOUS_ReflectiveLoaderdetects Reflective DLL injection artifactsditekSHen
                        • 0xed21:$s1: _ReflectiveLoader@
                        • 0xed22:$s2: ReflectiveLoader@
                        Click to see the 31 entries
                        No Sigma rule has matched
                        Timestamp:192.168.2.38.8.8.860754532829498 08/31/22-23:58:43.044195
                        SID:2829498
                        Source Port:60754
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.850789532829498 08/31/22-23:59:48.239260
                        SID:2829498
                        Source Port:50789
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.858305532829498 08/31/22-23:59:32.365598
                        SID:2829498
                        Source Port:58305
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.865389532829498 08/31/22-23:59:40.892307
                        SID:2829498
                        Source Port:65389
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.849203532026737 08/31/22-23:59:56.322889
                        SID:2026737
                        Source Port:49203
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.856952532026737 08/31/22-23:58:46.555077
                        SID:2026737
                        Source Port:56952
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.853051532829498 08/31/22-23:59:12.297576
                        SID:2829498
                        Source Port:53051
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.853431532829498 08/31/22-23:59:18.287185
                        SID:2829498
                        Source Port:53431
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.865022532829498 08/31/22-23:58:54.690068
                        SID:2829498
                        Source Port:65022
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.861420532829498 08/31/22-23:59:01.493233
                        SID:2829498
                        Source Port:61420
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.851994532829498 08/31/22-23:59:24.206869
                        SID:2829498
                        Source Port:51994
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.860478532829498 08/31/22-23:59:59.939438
                        SID:2829498
                        Source Port:60478
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.865019532829498 08/31/22-23:58:54.630989
                        SID:2829498
                        Source Port:65019
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.850230532026737 09/01/22-00:00:07.433896
                        SID:2026737
                        Source Port:50230
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.860093532026737 08/31/22-23:59:14.413883
                        SID:2026737
                        Source Port:60093
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.858122532026737 08/31/22-23:59:27.247839
                        SID:2026737
                        Source Port:58122
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.865515532026737 08/31/22-23:59:20.761806
                        SID:2026737
                        Source Port:65515
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.852958532829498 08/31/22-23:58:07.331283
                        SID:2829498
                        Source Port:52958
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.854156532026737 08/31/22-23:59:42.281210
                        SID:2026737
                        Source Port:54156
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.865110532829498 08/31/22-23:58:33.358759
                        SID:2829498
                        Source Port:65110
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.853430532829498 08/31/22-23:59:18.269254
                        SID:2829498
                        Source Port:53430
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.858121532026737 08/31/22-23:59:27.189978
                        SID:2026737
                        Source Port:58121
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.865021532829498 08/31/22-23:58:54.669703
                        SID:2829498
                        Source Port:65021
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.858306532829498 08/31/22-23:59:32.396919
                        SID:2829498
                        Source Port:58306
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.864126532026737 08/31/22-23:59:50.649034
                        SID:2026737
                        Source Port:64126
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.858695532026737 08/31/22-23:58:36.600606
                        SID:2026737
                        Source Port:58695
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.861418532829498 08/31/22-23:59:01.454658
                        SID:2829498
                        Source Port:61418
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.865516532026737 08/31/22-23:59:20.780161
                        SID:2026737
                        Source Port:65516
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.865111532829498 08/31/22-23:58:33.379307
                        SID:2829498
                        Source Port:65111
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.865388532829498 08/31/22-23:59:40.874321
                        SID:2829498
                        Source Port:65388
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.858694532026737 08/31/22-23:58:36.580328
                        SID:2026737
                        Source Port:58694
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.854155532026737 08/31/22-23:59:42.262891
                        SID:2026737
                        Source Port:54155
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.852957532829498 08/31/22-23:58:07.312591
                        SID:2829498
                        Source Port:52957
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.849204532026737 08/31/22-23:59:56.342973
                        SID:2026737
                        Source Port:49204
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.860586532026737 08/31/22-23:58:15.043750
                        SID:2026737
                        Source Port:60586
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.850231532026737 09/01/22-00:00:07.455721
                        SID:2026737
                        Source Port:50231
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.852959532829498 08/31/22-23:58:07.365561
                        SID:2829498
                        Source Port:52959
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.862054532829498 08/31/22-23:58:21.744663
                        SID:2829498
                        Source Port:62054
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.859641532026737 08/31/22-23:58:24.944174
                        SID:2026737
                        Source Port:59641
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.859638532026737 08/31/22-23:58:24.884406
                        SID:2026737
                        Source Port:59638
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.865198532026737 08/31/22-23:59:03.441447
                        SID:2026737
                        Source Port:65198
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.865109532829498 08/31/22-23:58:33.338202
                        SID:2829498
                        Source Port:65109
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.852457532829498 09/01/22-00:00:11.310934
                        SID:2829498
                        Source Port:52457
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.860587532026737 08/31/22-23:58:15.064663
                        SID:2026737
                        Source Port:60587
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.853470532026737 08/31/22-23:58:56.772805
                        SID:2026737
                        Source Port:53470
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.856620532026737 09/01/22-00:00:02.142088
                        SID:2026737
                        Source Port:56620
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.858693532026737 08/31/22-23:58:36.550637
                        SID:2026737
                        Source Port:58693
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.858696532026737 08/31/22-23:58:36.619047
                        SID:2026737
                        Source Port:58696
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.856954532026737 08/31/22-23:58:46.594398
                        SID:2026737
                        Source Port:56954
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.849205532026737 08/31/22-23:59:56.360951
                        SID:2026737
                        Source Port:49205
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.856619532026737 09/01/22-00:00:02.120945
                        SID:2026737
                        Source Port:56619
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.851995532829498 08/31/22-23:59:24.227191
                        SID:2829498
                        Source Port:51995
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.861421532829498 08/31/22-23:59:01.511754
                        SID:2829498
                        Source Port:61421
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.852960532829498 08/31/22-23:58:07.384051
                        SID:2829498
                        Source Port:52960
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.865390532829498 08/31/22-23:59:40.910653
                        SID:2829498
                        Source Port:65390
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.853053532829498 08/31/22-23:59:12.348894
                        SID:2829498
                        Source Port:53053
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.854158532026737 08/31/22-23:59:42.322126
                        SID:2026737
                        Source Port:54158
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.860753532829498 08/31/22-23:58:43.024087
                        SID:2829498
                        Source Port:60753
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.857391532829498 09/01/22-00:00:05.158775
                        SID:2829498
                        Source Port:57391
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.858303532829498 08/31/22-23:59:32.323930
                        SID:2829498
                        Source Port:58303
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.860584532026737 08/31/22-23:58:15.004694
                        SID:2026737
                        Source Port:60584
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.858123532026737 08/31/22-23:59:27.268863
                        SID:2026737
                        Source Port:58123
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.860091532026737 08/31/22-23:59:14.371988
                        SID:2026737
                        Source Port:60091
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.865200532026737 08/31/22-23:59:03.482704
                        SID:2026737
                        Source Port:65200
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.853433532829498 08/31/22-23:59:18.325585
                        SID:2829498
                        Source Port:53433
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.850787532829498 08/31/22-23:59:48.189200
                        SID:2829498
                        Source Port:50787
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.860751532829498 08/31/22-23:58:42.984219
                        SID:2829498
                        Source Port:60751
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.850786532829498 08/31/22-23:59:48.168544
                        SID:2829498
                        Source Port:50786
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.853468532026737 08/31/22-23:58:56.731128
                        SID:2026737
                        Source Port:53468
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.849206532026737 08/31/22-23:59:56.381031
                        SID:2026737
                        Source Port:49206
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.860475532829498 08/31/22-23:59:59.877731
                        SID:2829498
                        Source Port:60475
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.863448532026737 08/31/22-23:59:36.563649
                        SID:2026737
                        Source Port:63448
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.851997532829498 08/31/22-23:59:24.265731
                        SID:2829498
                        Source Port:51997
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.856618532026737 09/01/22-00:00:02.100951
                        SID:2026737
                        Source Port:56618
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.853471532026737 08/31/22-23:58:56.793274
                        SID:2026737
                        Source Port:53471
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.853054532829498 08/31/22-23:59:12.369224
                        SID:2829498
                        Source Port:53054
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.852458532829498 09/01/22-00:00:11.330853
                        SID:2829498
                        Source Port:52458
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.865513532026737 08/31/22-23:59:20.720500
                        SID:2026737
                        Source Port:65513
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.860828532829498 08/31/22-23:59:53.952246
                        SID:2829498
                        Source Port:60828
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.864124532026737 08/31/22-23:59:50.605079
                        SID:2026737
                        Source Port:64124
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.862052532829498 08/31/22-23:58:21.699516
                        SID:2829498
                        Source Port:62052
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.857390532829498 09/01/22-00:00:05.138814
                        SID:2829498
                        Source Port:57390
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.850233532026737 09/01/22-00:00:07.502496
                        SID:2026737
                        Source Port:50233
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.860090532026737 08/31/22-23:59:14.353291
                        SID:2026737
                        Source Port:60090
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.852459532829498 09/01/22-00:00:11.350932
                        SID:2829498
                        Source Port:52459
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.860827532829498 08/31/22-23:59:53.930680
                        SID:2829498
                        Source Port:60827
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.853469532026737 08/31/22-23:58:56.749513
                        SID:2026737
                        Source Port:53469
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.850232532026737 09/01/22-00:00:07.481526
                        SID:2026737
                        Source Port:50232
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.865387532829498 08/31/22-23:59:40.854236
                        SID:2829498
                        Source Port:65387
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.863451532026737 08/31/22-23:59:36.620733
                        SID:2026737
                        Source Port:63451
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.864125532026737 08/31/22-23:59:50.625202
                        SID:2026737
                        Source Port:64125
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.860476532829498 08/31/22-23:59:59.898864
                        SID:2829498
                        Source Port:60476
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.854157532026737 08/31/22-23:59:42.301537
                        SID:2026737
                        Source Port:54157
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.857392532829498 09/01/22-00:00:05.176878
                        SID:2829498
                        Source Port:57392
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.852460532829498 09/01/22-00:00:11.371195
                        SID:2829498
                        Source Port:52460
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.857389532829498 09/01/22-00:00:05.118977
                        SID:2829498
                        Source Port:57389
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.856043532829498 08/31/22-23:58:21.768917
                        SID:2829498
                        Source Port:56043
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.853052532829498 08/31/22-23:59:12.328339
                        SID:2829498
                        Source Port:53052
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.861419532829498 08/31/22-23:59:01.474961
                        SID:2829498
                        Source Port:61419
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.851996532829498 08/31/22-23:59:24.245596
                        SID:2829498
                        Source Port:51996
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.853432532829498 08/31/22-23:59:18.305428
                        SID:2829498
                        Source Port:53432
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.860585532026737 08/31/22-23:58:15.025136
                        SID:2026737
                        Source Port:60585
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.863450532026737 08/31/22-23:59:36.602428
                        SID:2026737
                        Source Port:63450
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.860477532829498 08/31/22-23:59:59.919053
                        SID:2829498
                        Source Port:60477
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.856951532026737 08/31/22-23:58:46.526858
                        SID:2026737
                        Source Port:56951
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.865112532829498 08/31/22-23:58:33.402809
                        SID:2829498
                        Source Port:65112
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.865020532829498 08/31/22-23:58:54.651252
                        SID:2829498
                        Source Port:65020
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.863449532026737 08/31/22-23:59:36.584182
                        SID:2026737
                        Source Port:63449
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.865201532026737 08/31/22-23:59:03.503720
                        SID:2026737
                        Source Port:65201
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.860830532829498 08/31/22-23:59:53.997132
                        SID:2829498
                        Source Port:60830
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.859640532026737 08/31/22-23:58:24.925442
                        SID:2026737
                        Source Port:59640
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.864123532026737 08/31/22-23:59:50.576561
                        SID:2026737
                        Source Port:64123
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.850788532829498 08/31/22-23:59:48.220006
                        SID:2829498
                        Source Port:50788
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.860092532026737 08/31/22-23:59:14.392903
                        SID:2026737
                        Source Port:60092
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.858124532026737 08/31/22-23:59:27.287358
                        SID:2026737
                        Source Port:58124
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.865199532026737 08/31/22-23:59:03.462712
                        SID:2026737
                        Source Port:65199
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.859639532026737 08/31/22-23:58:24.905091
                        SID:2026737
                        Source Port:59639
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.856953532026737 08/31/22-23:58:46.573613
                        SID:2026737
                        Source Port:56953
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.858304532829498 08/31/22-23:59:32.344904
                        SID:2829498
                        Source Port:58304
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.860752532829498 08/31/22-23:58:43.003278
                        SID:2829498
                        Source Port:60752
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.865514532026737 08/31/22-23:59:20.740564
                        SID:2026737
                        Source Port:65514
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.860829532829498 08/31/22-23:59:53.975918
                        SID:2829498
                        Source Port:60829
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.862053532829498 08/31/22-23:58:21.721380
                        SID:2829498
                        Source Port:62053
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected
                        Timestamp:192.168.2.38.8.8.856621532026737 09/01/22-00:00:02.160962
                        SID:2026737
                        Source Port:56621
                        Destination Port:53
                        Protocol:UDP
                        Classtype:A Network Trojan was detected

                        Click to jump to signature section

                        Show All Signature Results

                        AV Detection

                        barindex
                        Source: gI5xZdIxUs.exeVirustotal: Detection: 85%Perma Link
                        Source: gI5xZdIxUs.exeMetadefender: Detection: 74%Perma Link
                        Source: gI5xZdIxUs.exeReversingLabs: Detection: 92%
                        Source: gI5xZdIxUs.exeAvira: detected
                        Source: dns1.soprodns.ruVirustotal: Detection: 5%Perma Link
                        Source: C:\Users\user\AppData\Roaming\Microsoft\isqmkp.exeAvira: detection malicious, Label: TR/Dropper.Gen
                        Source: gI5xZdIxUs.exeJoe Sandbox ML: detected
                        Source: C:\Users\user\AppData\Roaming\Microsoft\isqmkp.exeJoe Sandbox ML: detected
                        Source: 1.2.gI5xZdIxUs.exe.fc60000.0.unpackAvira: Label: TR/Dropper.Gen
                        Source: 14.0.isqmkp.exe.f9d0000.0.unpackAvira: Label: TR/Dropper.Gen
                        Source: 20.2.isqmkp.exe.f9d0000.0.unpackAvira: Label: TR/Dropper.Gen
                        Source: 14.2.isqmkp.exe.f9d0000.0.unpackAvira: Label: TR/Dropper.Gen
                        Source: 1.0.gI5xZdIxUs.exe.fc60000.0.unpackAvira: Label: TR/Dropper.Gen
                        Source: 20.0.isqmkp.exe.f9d0000.0.unpackAvira: Label: TR/Dropper.Gen