Edit tour
Windows
Analysis Report
gI5xZdIxUs.exe
Overview
General Information
| Sample Name: | gI5xZdIxUs.exe |
| Analysis ID: | 694566 |
| MD5: | 98a12ec721c098842fbfd7384d5a72ae |
| SHA1: | 9dfd7d1746c8ae943f3dced0f85f0e3c6f5084f3 |
| SHA256: | f83457d173841c7e944bc60b00c197ca93c864893c71902cf1b1a36decdd30a4 |
| Tags: | exe |
| Infos: |  |
 | |
Detection
Gandcrab, ReflectiveLoader
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Yara detected Gandcrab
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Yara detected ReflectiveLoader
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for domain / URL
Antivirus detection for dropped file
Snort IDS alert for network traffic
Contains functionality to determine the online IP of the system
Found Tor onion address
Uses nslookup.exe to query domains
Machine Learning detection for sample
May check the online IP address of the machine
Performs many domain queries via nslookup
Machine Learning detection for dropped file
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Sample execution stops while process was sleeping (likely an evasion)
Too many similar processes found
Contains functionality to dynamically determine API calls
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a DirectInput object (often for capturing keystrokes)
Queries information about the installed CPU (vendor, model number etc)
Drops PE files
Contains functionality to read the PEB
Found evaded block containing many API calls
Contains functionality to enumerate device drivers
Checks for available system drives (often done to infect USB drives)
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)
Classification
- System is w10x64
gI5xZdIxUs.exe (PID: 5280 cmdline: "C:\Users\ user\Deskt op\gI5xZdI xUs.exe" MD5: 98A12EC721C098842FBFD7384D5A72AE) 
nslookup.exe (PID: 5960 cmdline: nslookup n omoreranso m.coin dns 1.soprodns .ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC) 
conhost.exe (PID: 792 cmdline: C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - nslookup.exe (PID: 4684 cmdline:
nslookup n omoreranso m.bit dns1 .soprodns. ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC) - conhost.exe (PID: 5556 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - nslookup.exe (PID: 4596 cmdline:
nslookup g andcrab.bi t dns2.sop rodns.ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC) - conhost.exe (PID: 1920 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - nslookup.exe (PID: 6112 cmdline:
nslookup n omoreranso m.coin dns 2.soprodns .ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC) - conhost.exe (PID: 4624 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - nslookup.exe (PID: 1916 cmdline:
nslookup n omoreranso m.bit dns2 .soprodns. ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC) - conhost.exe (PID: 5388 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - nslookup.exe (PID: 5244 cmdline:
nslookup g andcrab.bi t dns1.sop rodns.ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC) - conhost.exe (PID: 4592 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - nslookup.exe (PID: 6028 cmdline:
nslookup n omoreranso m.coin dns 1.soprodns .ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC) - conhost.exe (PID: 1012 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - nslookup.exe (PID: 5116 cmdline:
nslookup n omoreranso m.bit dns1 .soprodns. ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC) - conhost.exe (PID: 5552 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - nslookup.exe (PID: 680 cmdline:
nslookup g andcrab.bi t dns2.sop rodns.ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC) - conhost.exe (PID: 496 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - nslookup.exe (PID: 5124 cmdline:
nslookup n omoreranso m.coin dns 2.soprodns .ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC) - conhost.exe (PID: 5484 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - nslookup.exe (PID: 4972 cmdline:
nslookup n omoreranso m.bit dns2 .soprodns. ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC) - conhost.exe (PID: 6096 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - nslookup.exe (PID: 5604 cmdline:
nslookup g andcrab.bi t dns1.sop rodns.ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC) - conhost.exe (PID: 1784 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - nslookup.exe (PID: 736 cmdline:
nslookup n omoreranso m.coin dns 1.soprodns .ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC) - conhost.exe (PID: 6060 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - nslookup.exe (PID: 4460 cmdline:
nslookup n omoreranso m.bit dns1 .soprodns. ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC) - conhost.exe (PID: 4560 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - nslookup.exe (PID: 6052 cmdline:
nslookup g andcrab.bi t dns2.sop rodns.ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC) - conhost.exe (PID: 5984 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - nslookup.exe (PID: 5424 cmdline:
nslookup n omoreranso m.coin dns 2.soprodns .ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC) - conhost.exe (PID: 1000 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - nslookup.exe (PID: 4364 cmdline:
nslookup n omoreranso m.bit dns2 .soprodns. ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC) - conhost.exe (PID: 1552 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - nslookup.exe (PID: 5188 cmdline:
nslookup g andcrab.bi t dns1.sop rodns.ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC) - conhost.exe (PID: 1960 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - nslookup.exe (PID: 1164 cmdline:
nslookup n omoreranso m.coin dns 1.soprodns .ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC) - conhost.exe (PID: 5824 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - nslookup.exe (PID: 1092 cmdline:
nslookup n omoreranso m.bit dns1 .soprodns. ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC) - conhost.exe (PID: 5844 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - nslookup.exe (PID: 968 cmdline:
nslookup g andcrab.bi t dns2.sop rodns.ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC) - conhost.exe (PID: 5636 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
- isqmkp.exe (PID: 5464 cmdline:
"C:\Users\ user\AppDa ta\Roaming \Microsoft \isqmkp.ex e" MD5: F4758788F11A0DE8D11EB4B8C515FFBD)
- isqmkp.exe (PID: 1572 cmdline:
"C:\Users\ user\AppDa ta\Roaming \Microsoft \isqmkp.ex e" MD5: F4758788F11A0DE8D11EB4B8C515FFBD)
- cleanup
⊘No configs have been found
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| ReflectiveLoader | Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended | Florian Roth |
| |
| SUSP_RANSOMWARE_Indicator_Jul20 | Detects ransomware indicator | Florian Roth |
| |
| JoeSecurity_Gandcrab | Yara detected Gandcrab | Joe Security | ||
| JoeSecurity_ReflectiveLoader | Yara detected ReflectiveLoader | Joe Security | ||
| INDICATOR_SUSPICIOUS_ReflectiveLoader | detects Reflective DLL injection artifacts | ditekSHen |
| |
| Click to see the 1 entries | ||||
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| ReflectiveLoader | Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended | Florian Roth |
| |
| SUSP_RANSOMWARE_Indicator_Jul20 | Detects ransomware indicator | Florian Roth |
| |
| JoeSecurity_Gandcrab | Yara detected Gandcrab | Joe Security | ||
| JoeSecurity_ReflectiveLoader | Yara detected ReflectiveLoader | Joe Security | ||
| INDICATOR_SUSPICIOUS_ReflectiveLoader | detects Reflective DLL injection artifacts | ditekSHen |
| |
| Click to see the 1 entries | ||||
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_ReflectiveLoader | Yara detected ReflectiveLoader | Joe Security | ||
| JoeSecurity_ReflectiveLoader | Yara detected ReflectiveLoader | Joe Security | ||
| JoeSecurity_Gandcrab | Yara detected Gandcrab | Joe Security | ||
| JoeSecurity_ReflectiveLoader | Yara detected ReflectiveLoader | Joe Security | ||
| JoeSecurity_ReflectiveLoader | Yara detected ReflectiveLoader | Joe Security | ||
| Click to see the 14 entries | ||||
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| ReflectiveLoader | Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended | Florian Roth |
| |
| SUSP_RANSOMWARE_Indicator_Jul20 | Detects ransomware indicator | Florian Roth |
| |
| JoeSecurity_Gandcrab | Yara detected Gandcrab | Joe Security | ||
| JoeSecurity_ReflectiveLoader | Yara detected ReflectiveLoader | Joe Security | ||
| INDICATOR_SUSPICIOUS_ReflectiveLoader | detects Reflective DLL injection artifacts | ditekSHen |
| |
| Click to see the 31 entries | ||||
⊘No Sigma rule has matched
| Timestamp: | 192.168.2.38.8.8.860754532829498 08/31/22-23:58:43.044195 |
| SID: | 2829498 |
| Source Port: | 60754 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.850789532829498 08/31/22-23:59:48.239260 |
| SID: | 2829498 |
| Source Port: | 50789 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.858305532829498 08/31/22-23:59:32.365598 |
| SID: | 2829498 |
| Source Port: | 58305 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.865389532829498 08/31/22-23:59:40.892307 |
| SID: | 2829498 |
| Source Port: | 65389 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.849203532026737 08/31/22-23:59:56.322889 |
| SID: | 2026737 |
| Source Port: | 49203 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.856952532026737 08/31/22-23:58:46.555077 |
| SID: | 2026737 |
| Source Port: | 56952 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.853051532829498 08/31/22-23:59:12.297576 |
| SID: | 2829498 |
| Source Port: | 53051 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.853431532829498 08/31/22-23:59:18.287185 |
| SID: | 2829498 |
| Source Port: | 53431 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.865022532829498 08/31/22-23:58:54.690068 |
| SID: | 2829498 |
| Source Port: | 65022 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.861420532829498 08/31/22-23:59:01.493233 |
| SID: | 2829498 |
| Source Port: | 61420 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.851994532829498 08/31/22-23:59:24.206869 |
| SID: | 2829498 |
| Source Port: | 51994 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.860478532829498 08/31/22-23:59:59.939438 |
| SID: | 2829498 |
| Source Port: | 60478 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.865019532829498 08/31/22-23:58:54.630989 |
| SID: | 2829498 |
| Source Port: | 65019 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.850230532026737 09/01/22-00:00:07.433896 |
| SID: | 2026737 |
| Source Port: | 50230 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.860093532026737 08/31/22-23:59:14.413883 |
| SID: | 2026737 |
| Source Port: | 60093 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.858122532026737 08/31/22-23:59:27.247839 |
| SID: | 2026737 |
| Source Port: | 58122 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.865515532026737 08/31/22-23:59:20.761806 |
| SID: | 2026737 |
| Source Port: | 65515 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.852958532829498 08/31/22-23:58:07.331283 |
| SID: | 2829498 |
| Source Port: | 52958 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.854156532026737 08/31/22-23:59:42.281210 |
| SID: | 2026737 |
| Source Port: | 54156 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.865110532829498 08/31/22-23:58:33.358759 |
| SID: | 2829498 |
| Source Port: | 65110 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.853430532829498 08/31/22-23:59:18.269254 |
| SID: | 2829498 |
| Source Port: | 53430 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.858121532026737 08/31/22-23:59:27.189978 |
| SID: | 2026737 |
| Source Port: | 58121 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.865021532829498 08/31/22-23:58:54.669703 |
| SID: | 2829498 |
| Source Port: | 65021 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.858306532829498 08/31/22-23:59:32.396919 |
| SID: | 2829498 |
| Source Port: | 58306 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.864126532026737 08/31/22-23:59:50.649034 |
| SID: | 2026737 |
| Source Port: | 64126 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.858695532026737 08/31/22-23:58:36.600606 |
| SID: | 2026737 |
| Source Port: | 58695 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.861418532829498 08/31/22-23:59:01.454658 |
| SID: | 2829498 |
| Source Port: | 61418 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.865516532026737 08/31/22-23:59:20.780161 |
| SID: | 2026737 |
| Source Port: | 65516 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.865111532829498 08/31/22-23:58:33.379307 |
| SID: | 2829498 |
| Source Port: | 65111 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.865388532829498 08/31/22-23:59:40.874321 |
| SID: | 2829498 |
| Source Port: | 65388 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.858694532026737 08/31/22-23:58:36.580328 |
| SID: | 2026737 |
| Source Port: | 58694 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.854155532026737 08/31/22-23:59:42.262891 |
| SID: | 2026737 |
| Source Port: | 54155 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.852957532829498 08/31/22-23:58:07.312591 |
| SID: | 2829498 |
| Source Port: | 52957 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.849204532026737 08/31/22-23:59:56.342973 |
| SID: | 2026737 |
| Source Port: | 49204 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.860586532026737 08/31/22-23:58:15.043750 |
| SID: | 2026737 |
| Source Port: | 60586 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.850231532026737 09/01/22-00:00:07.455721 |
| SID: | 2026737 |
| Source Port: | 50231 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.852959532829498 08/31/22-23:58:07.365561 |
| SID: | 2829498 |
| Source Port: | 52959 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.862054532829498 08/31/22-23:58:21.744663 |
| SID: | 2829498 |
| Source Port: | 62054 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.859641532026737 08/31/22-23:58:24.944174 |
| SID: | 2026737 |
| Source Port: | 59641 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.859638532026737 08/31/22-23:58:24.884406 |
| SID: | 2026737 |
| Source Port: | 59638 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.865198532026737 08/31/22-23:59:03.441447 |
| SID: | 2026737 |
| Source Port: | 65198 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.865109532829498 08/31/22-23:58:33.338202 |
| SID: | 2829498 |
| Source Port: | 65109 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.852457532829498 09/01/22-00:00:11.310934 |
| SID: | 2829498 |
| Source Port: | 52457 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.860587532026737 08/31/22-23:58:15.064663 |
| SID: | 2026737 |
| Source Port: | 60587 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.853470532026737 08/31/22-23:58:56.772805 |
| SID: | 2026737 |
| Source Port: | 53470 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.856620532026737 09/01/22-00:00:02.142088 |
| SID: | 2026737 |
| Source Port: | 56620 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.858693532026737 08/31/22-23:58:36.550637 |
| SID: | 2026737 |
| Source Port: | 58693 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.858696532026737 08/31/22-23:58:36.619047 |
| SID: | 2026737 |
| Source Port: | 58696 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.856954532026737 08/31/22-23:58:46.594398 |
| SID: | 2026737 |
| Source Port: | 56954 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.849205532026737 08/31/22-23:59:56.360951 |
| SID: | 2026737 |
| Source Port: | 49205 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.856619532026737 09/01/22-00:00:02.120945 |
| SID: | 2026737 |
| Source Port: | 56619 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.851995532829498 08/31/22-23:59:24.227191 |
| SID: | 2829498 |
| Source Port: | 51995 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.861421532829498 08/31/22-23:59:01.511754 |
| SID: | 2829498 |
| Source Port: | 61421 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.852960532829498 08/31/22-23:58:07.384051 |
| SID: | 2829498 |
| Source Port: | 52960 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.865390532829498 08/31/22-23:59:40.910653 |
| SID: | 2829498 |
| Source Port: | 65390 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.853053532829498 08/31/22-23:59:12.348894 |
| SID: | 2829498 |
| Source Port: | 53053 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.854158532026737 08/31/22-23:59:42.322126 |
| SID: | 2026737 |
| Source Port: | 54158 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.860753532829498 08/31/22-23:58:43.024087 |
| SID: | 2829498 |
| Source Port: | 60753 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.857391532829498 09/01/22-00:00:05.158775 |
| SID: | 2829498 |
| Source Port: | 57391 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.858303532829498 08/31/22-23:59:32.323930 |
| SID: | 2829498 |
| Source Port: | 58303 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.860584532026737 08/31/22-23:58:15.004694 |
| SID: | 2026737 |
| Source Port: | 60584 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.858123532026737 08/31/22-23:59:27.268863 |
| SID: | 2026737 |
| Source Port: | 58123 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.860091532026737 08/31/22-23:59:14.371988 |
| SID: | 2026737 |
| Source Port: | 60091 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.865200532026737 08/31/22-23:59:03.482704 |
| SID: | 2026737 |
| Source Port: | 65200 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.853433532829498 08/31/22-23:59:18.325585 |
| SID: | 2829498 |
| Source Port: | 53433 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.850787532829498 08/31/22-23:59:48.189200 |
| SID: | 2829498 |
| Source Port: | 50787 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.860751532829498 08/31/22-23:58:42.984219 |
| SID: | 2829498 |
| Source Port: | 60751 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.850786532829498 08/31/22-23:59:48.168544 |
| SID: | 2829498 |
| Source Port: | 50786 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.853468532026737 08/31/22-23:58:56.731128 |
| SID: | 2026737 |
| Source Port: | 53468 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.849206532026737 08/31/22-23:59:56.381031 |
| SID: | 2026737 |
| Source Port: | 49206 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.860475532829498 08/31/22-23:59:59.877731 |
| SID: | 2829498 |
| Source Port: | 60475 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.863448532026737 08/31/22-23:59:36.563649 |
| SID: | 2026737 |
| Source Port: | 63448 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.851997532829498 08/31/22-23:59:24.265731 |
| SID: | 2829498 |
| Source Port: | 51997 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.856618532026737 09/01/22-00:00:02.100951 |
| SID: | 2026737 |
| Source Port: | 56618 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.853471532026737 08/31/22-23:58:56.793274 |
| SID: | 2026737 |
| Source Port: | 53471 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.853054532829498 08/31/22-23:59:12.369224 |
| SID: | 2829498 |
| Source Port: | 53054 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.852458532829498 09/01/22-00:00:11.330853 |
| SID: | 2829498 |
| Source Port: | 52458 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.865513532026737 08/31/22-23:59:20.720500 |
| SID: | 2026737 |
| Source Port: | 65513 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.860828532829498 08/31/22-23:59:53.952246 |
| SID: | 2829498 |
| Source Port: | 60828 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.864124532026737 08/31/22-23:59:50.605079 |
| SID: | 2026737 |
| Source Port: | 64124 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.862052532829498 08/31/22-23:58:21.699516 |
| SID: | 2829498 |
| Source Port: | 62052 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.857390532829498 09/01/22-00:00:05.138814 |
| SID: | 2829498 |
| Source Port: | 57390 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.850233532026737 09/01/22-00:00:07.502496 |
| SID: | 2026737 |
| Source Port: | 50233 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.860090532026737 08/31/22-23:59:14.353291 |
| SID: | 2026737 |
| Source Port: | 60090 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.852459532829498 09/01/22-00:00:11.350932 |
| SID: | 2829498 |
| Source Port: | 52459 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.860827532829498 08/31/22-23:59:53.930680 |
| SID: | 2829498 |
| Source Port: | 60827 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.853469532026737 08/31/22-23:58:56.749513 |
| SID: | 2026737 |
| Source Port: | 53469 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.850232532026737 09/01/22-00:00:07.481526 |
| SID: | 2026737 |
| Source Port: | 50232 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.865387532829498 08/31/22-23:59:40.854236 |
| SID: | 2829498 |
| Source Port: | 65387 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.863451532026737 08/31/22-23:59:36.620733 |
| SID: | 2026737 |
| Source Port: | 63451 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.864125532026737 08/31/22-23:59:50.625202 |
| SID: | 2026737 |
| Source Port: | 64125 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.860476532829498 08/31/22-23:59:59.898864 |
| SID: | 2829498 |
| Source Port: | 60476 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.854157532026737 08/31/22-23:59:42.301537 |
| SID: | 2026737 |
| Source Port: | 54157 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.857392532829498 09/01/22-00:00:05.176878 |
| SID: | 2829498 |
| Source Port: | 57392 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.852460532829498 09/01/22-00:00:11.371195 |
| SID: | 2829498 |
| Source Port: | 52460 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.857389532829498 09/01/22-00:00:05.118977 |
| SID: | 2829498 |
| Source Port: | 57389 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.856043532829498 08/31/22-23:58:21.768917 |
| SID: | 2829498 |
| Source Port: | 56043 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.853052532829498 08/31/22-23:59:12.328339 |
| SID: | 2829498 |
| Source Port: | 53052 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.861419532829498 08/31/22-23:59:01.474961 |
| SID: | 2829498 |
| Source Port: | 61419 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.851996532829498 08/31/22-23:59:24.245596 |
| SID: | 2829498 |
| Source Port: | 51996 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.853432532829498 08/31/22-23:59:18.305428 |
| SID: | 2829498 |
| Source Port: | 53432 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.860585532026737 08/31/22-23:58:15.025136 |
| SID: | 2026737 |
| Source Port: | 60585 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.863450532026737 08/31/22-23:59:36.602428 |
| SID: | 2026737 |
| Source Port: | 63450 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.860477532829498 08/31/22-23:59:59.919053 |
| SID: | 2829498 |
| Source Port: | 60477 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.856951532026737 08/31/22-23:58:46.526858 |
| SID: | 2026737 |
| Source Port: | 56951 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.865112532829498 08/31/22-23:58:33.402809 |
| SID: | 2829498 |
| Source Port: | 65112 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.865020532829498 08/31/22-23:58:54.651252 |
| SID: | 2829498 |
| Source Port: | 65020 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.863449532026737 08/31/22-23:59:36.584182 |
| SID: | 2026737 |
| Source Port: | 63449 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.865201532026737 08/31/22-23:59:03.503720 |
| SID: | 2026737 |
| Source Port: | 65201 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.860830532829498 08/31/22-23:59:53.997132 |
| SID: | 2829498 |
| Source Port: | 60830 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.859640532026737 08/31/22-23:58:24.925442 |
| SID: | 2026737 |
| Source Port: | 59640 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.864123532026737 08/31/22-23:59:50.576561 |
| SID: | 2026737 |
| Source Port: | 64123 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.850788532829498 08/31/22-23:59:48.220006 |
| SID: | 2829498 |
| Source Port: | 50788 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.860092532026737 08/31/22-23:59:14.392903 |
| SID: | 2026737 |
| Source Port: | 60092 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.858124532026737 08/31/22-23:59:27.287358 |
| SID: | 2026737 |
| Source Port: | 58124 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.865199532026737 08/31/22-23:59:03.462712 |
| SID: | 2026737 |
| Source Port: | 65199 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.859639532026737 08/31/22-23:58:24.905091 |
| SID: | 2026737 |
| Source Port: | 59639 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.856953532026737 08/31/22-23:58:46.573613 |
| SID: | 2026737 |
| Source Port: | 56953 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.858304532829498 08/31/22-23:59:32.344904 |
| SID: | 2829498 |
| Source Port: | 58304 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.860752532829498 08/31/22-23:58:43.003278 |
| SID: | 2829498 |
| Source Port: | 60752 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.865514532026737 08/31/22-23:59:20.740564 |
| SID: | 2026737 |
| Source Port: | 65514 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.860829532829498 08/31/22-23:59:53.975918 |
| SID: | 2829498 |
| Source Port: | 60829 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.862053532829498 08/31/22-23:58:21.721380 |
| SID: | 2829498 |
| Source Port: | 62053 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.38.8.8.856621532026737 09/01/22-00:00:02.160962 |
| SID: | 2026737 |
| Source Port: | 56621 |
| Destination Port: | 53 |
| Protocol: | UDP |
| Classtype: | A Network Trojan was detected |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Virustotal: | Perma Link | ||
| Source: | Metadefender: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | Avira: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Avira: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Avira: | ||
| Source: | Avira: | ||
| Source: | Avira: | ||
| Source: | Avira: | ||
| Source: | Avira: | ||
| Source: | Avira: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | |||