d01aa424...7874

Severity	Category	Operation	Classification
4/5	File System	Associated with malicious files	Trojan
File "c:\users\eebsym5\appdata\local\temp\_0.86996859035608224741331762670039370.class" is a known malicious file. ... VTI Actions Go to File Details Go to Function Call
File "c:\users\eebsym5\appdata\local\temp\retrive6349682593628295348.vbs" is a known malicious file. ... VTI Actions Go to File Details Go to Function Call
File "c:\users\eebsym5\appdata\local\temp\retrive5365638019239783154.vbs" is a known malicious file. ... VTI Actions Go to File Details Go to Function Call
3/5	Anti Analysis	Tries to detect the presence of antivirus software	-
Tries to detect antivirus software via WMI query: "select * from antivirusproduct". ... VTI Actions Go to Function Call
3/5	Anti Analysis	Tries to detect firewall	-
Tries to detect firewall via WMI query: "select * from firewallproduct". ... VTI Actions Go to Function Call
2/5	Network	Attempts to connect to unavailable TCP servers	-
Every TCP connection attempt failed. ... VTI Actions Go to Function Call
1/5	Network	Performs DNS request	-
Resolves host name "cRh2YWu7". ... VTI Actions Go to Function Call
Resolves host name "vvrhhhnaijyj6s2m.onion.top". ... VTI Actions Go to Function Call
1/5	Process	Creates process with hidden window	-
The process ""C:\Program Files\Java\jre7\bin\java.exe" -jar C:\Users\EEBsYm5\AppData\Local\Temp\_0.86996859035608224741331762670039370.class" starts with hidden window. ... VTI Actions Go to Function Call
The process "cmd.exe /C cscript.exe C:\Users\EEBsYm5\AppData\Local\Temp\Retrive6349682593628295348.vbs" starts with hidden window. ... VTI Actions Go to Function Call
The process "cmd.exe /C cscript.exe C:\Users\EEBsYm5\AppData\Local\Temp\Retrive2551337130529148691.vbs" starts with hidden window. ... VTI Actions Go to Function Call
The process "cmd.exe /C cscript.exe C:\Users\EEBsYm5\AppData\Local\Temp\Retrive5365638019239783154.vbs" starts with hidden window. ... VTI Actions Go to Function Call
The process "cmd.exe /C cscript.exe C:\Users\EEBsYm5\AppData\Local\Temp\Retrive2742094931696724792.vbs" starts with hidden window. ... VTI Actions Go to Function Call
The process "xcopy "C:\Program Files\Java\jre7" "C:\Users\EEBsYm5\AppData\Roaming\Oracle\" /e" starts with hidden window. ... VTI Actions Go to Function Call
The process "cmd.exe" starts with hidden window. ... VTI Actions Go to Function Call
The process "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v eUOfVMeBSPH /t REG_EXPAND_SZ /d "\"C:\Users\EEBsYm5\AppData\Roaming\Oracle\bin\javaw.exe\" -jar \"C:\Users\EEBsYm5\PKcVbKSqerl\ZpEbztPLUfw.BnNKgj\"" /f" starts with hidden window. ... VTI Actions Go to Function Call
The process "attrib +h "C:\Users\EEBsYm5\PKcVbKSqerl\."" starts with hidden window. ... VTI Actions Go to Function Call
The process "attrib +h "C:\Users\EEBsYm5\PKcVbKSqerl"" starts with hidden window. ... VTI Actions Go to Function Call
The process "C:\Users\EEBsYm5\AppData\Roaming\Oracle\bin\javaw.exe -jar C:\Users\EEBsYm5\PKcVbKSqerl\ZpEbztPLUfw.BnNKgj" starts with hidden window. ... VTI Actions Go to Function Call
1/5	Anti Analysis	Resolves APIs dynamically to possibly evade static detection	-
Resolves an unusually high number of APIs. ... VTI Actions Go to Function Call
1/5	File System	Modifies operating system directory	-
Creates file "C:\Windows\System32\test.txt" in the OS directory. ... VTI Actions Go to Function Call
1/5	Persistence	Installs system startup script or application	-
Adds ""C:\Users\EEBsYm5\AppData\Roaming\Oracle\bin\javaw.exe" -jar "C:\Users\EEBsYm5\PKcVbKSqerl\ZpEbztPLUfw.BnNKgj"" to Windows startup via registry. ... VTI Actions Go to Function Call
1/5	Process	Creates system object	-
Creates nameless mutex. ... VTI Actions Go to Function Call

Notifications (1/1)

Before

After