Clicky

Detection Date Name MD5 Info Behavior Graph Classification File Icon
slider slider
22.06.2017 13:47:12
1F486A3E24F816A6843CEBD2E6902384
slider slider
22.06.2017 13:47:04
8B8E73270C47D25DDE328BB239F22E1F
slider slider
22.06.2017 13:42:55
8B8E73270C47D25DDE328BB239F22E1F
slider slider
21.06.2017 23:35:19
53A51E5308E14BA09046BA529CF2FD37
slider slider
21.06.2017 19:52:52
63BB6714A0AED8CD2A68F0AB56A0907E
slider slider
21.06.2017 15:30:34
B72645B6F35C2B4519120E94578D966C
slider slider
20.06.2017 19:49:34
0942AE8ABF027AC095EF3CE2B590448A
slider slider
20.06.2017 15:18:55
1C2E2125180B5C0A45AFC61870E3B528
slider slider
20.06.2017 04:27:15
219529DA9CA60707F113D501491031FC
slider slider
20.06.2017 04:26:41
858C6394E8CB8723BFED342A9ABE47C6
slider slider
20.06.2017 01:38:06
0F8E4171084CAB1A98354F93E961807D
slider slider
19.06.2017 20:23:20
B495D42B7B2B35D00081517A73E90D0C
slider slider
19.06.2017 13:45:16
8E147AB2EAAFF3122F6339697CD05E1D
slider slider
19.06.2017 13:37:50
2A7F0AAD137B03B05F152FF5A8F0E6C8
slider slider
19.06.2017 10:29:02
897E6FBAA548DBCC0C45FD5BA8061201
slider slider
19.06.2017 10:06:41
897E6FBAA548DBCC0C45FD5BA8061201
slider slider
19.06.2017 09:42:24
A304AD782B159A719A554B40DA032619
slider slider
16.06.2017 16:34:16
9B2F40CDC26FA220FB27D62E71D566A0
slider slider
16.06.2017 16:34:15
4E9AD3A14823FFB64C21568AE74F02E6
slider slider
16.06.2017 16:33:56
E974B30C2D661EE2BFF4F94066C5AA83
slider slider
16.06.2017 12:50:30
A304AD782B159A719A554B40DA032619
slider slider
16.06.2017 11:41:51
710857729C9ADB7E41D9AAC8ED842329
behavior_graph main Behavior Graph ID: 30954 Sample:  37scanned-000002708... Startdate:  16/06/2017 Architecture:  WINDOWS Score:  100 0 wscript.exe 14 main->0      started     8 mshta.exe 7 main->8      started     5230reducedSig Signatures exceeded maximum capacity for this level. 2 signatures have been hidden. 5230sig Drops files with a non-matching file extension (content does not match file extension) 802d1e534403sig Downloads files with wrong headers with respect to MIME Content-Type 8758sig Suspicious powershell command line found 3484reducedSig Signatures exceeded maximum capacity for this level. 6 signatures have been hidden. 1963sig Modifies the context of a thread in another process (thread injection) 3484sig Contains functionality to inject code into remote processes 1869sig Maps a DLL or memory area into another process 3486reducedSig Signatures exceeded maximum capacity for this level. 6 signatures have been hidden. 61211reducedSig Signatures exceeded maximum capacity for this level. 6 signatures have been hidden. 1967sig Modifies the context of a thread in another process (thread injection) 3486sig Contains functionality to inject code into remote processes 61211sig Blacklisted process start detected (Windows program) 522d1e534398sig Detected TCP or UDP traffic on non-standard ports 522d1e534399sig Detected TCP or UDP traffic on non-standard ports 61212reducedSig Signatures exceeded maximum capacity for this level. 4 signatures have been hidden. 61212sig Blacklisted process start detected (Windows program) 8312sig Creates an undocumented autostart registry key 61112sig Creates autostart registry keys with suspicious values (likely registry only malware) d1e534403 triktriclub.com 173.201.246.1, 80 GoDaddycomLLC United States d1e534403->802d1e534403sig d1e525638 triktriclub.com d1e534390reduced Connected ips exeeded maximum capacity for this level. 13 connected ips have been hidden. d1e534398 7.124.235.19, 8080 DoDNetworkInformationCenter United States d1e534398->522d1e534398sig d1e534399 206.130.49.104, 8080 ONTelInc Canada d1e534399->522d1e534399sig d1e534390 215.201.41.215, 80 DoDNetworkInformationCenter United States d1e3153reduced Dropped files exeeded maximum capacity for this level. 3 dropped files have been hidden. d1e3153 472d[1].gif, PE32 d1e3179 3486181.exe, PE32 d1e3257 5af56847[1].gif, PE32 d1e136129 paystation.dll, PE32 d1e136156 System.dll, PE32 0->5230reducedSig 0->5230sig 0->d1e534403 0->d1e525638 0->d1e3153reduced dropped 0->d1e3153 dropped 0->d1e3179 dropped 0->d1e3257 dropped 3reduced Processes exeeded maximum capacity for this level. 1 process has been hidden. 0->3reduced      started     3 3486181.exe 0->3      started     4 3486182.exe 20 0->4      started     8->8758sig 9 powershell.exe 50 6 8->9      started     3->1963sig 7 3486181.exe 3 3->7      started     4->3484reducedSig 4->3484sig 4->d1e136129 dropped 4->d1e136156 dropped 6 3486182.exe 4->6      started     9->1869sig 11 regsvr32.exe 9->11      started     7->1967sig 6->3486reducedSig 6->3486sig 11->61211reducedSig 11->61211sig 11->d1e534390reduced 11->d1e534398 11->d1e534399 11->d1e534390 12 regsvr32.exe 11->12      started     12->61212reducedSig 12->61212sig 12->8312sig 12->61112sig process0 dnsIp0 fileCreated0 signatures0 process3 fileCreated3 signatures3 process7 dnsIp7 signatures7 process12 signatures12
slider slider
15.06.2017 22:42:36
2FC05486A3FE93CEF213CC37748BF556
slider slider
15.06.2017 21:35:16
31C7DE1045C2A5E199BF90B3AAB13CE7
slider slider
15.06.2017 16:40:52
525B45A1A874E53D6019A39C047C7D2C
slider slider
15.06.2017 00:01:15
E76F9162E491B49F1BD1F5FF7C967359
slider slider
13.06.2017 21:30:53
33408F35623DC5BB4A3BDE09FA45F86B
slider slider
13.06.2017 21:20:04
0A77F732624155A215F5CA54DF9B2930
slider slider
13.06.2017 19:06:02
31594D28C74F367073BA17ACEA9809F6