[病毒样本] x1

显示全部楼层 · 发表于 2023-8-29 03:53:49

https://krakenfiles.com/view/6PfoD1pem2/file.html

显示全部楼层 · 发表于 2023-8-29 07:44:36

蜘蛛

显示全部楼层 · 发表于 2023-8-29 07:52:02

360

显示全部楼层 · 发表于 2023-8-29 09:26:50

火绒
扫描：MISS

显示全部楼层 · 发表于 2023-8-29 09:41:26

火绒

显示全部楼层 · 发表于 2023-8-29 11:07:05

事件: 检测到恶意对象
应用程序: Windows Command Processor
用户: WIN-7U843EHTANS\Administrator
用户类型: 发起者
组件: 系统监控
结果说明: 检测到
类型: 木马
名称: PDM:Exploit.Win32.Generic.nblk
威胁级别: 高
对象类型: 进程
对象路径: C:\Users\Administrator\Desktop\1
对象名称: 1.bat
原因: 行为分析
数据库发布日期: 今天，2023/8/29 星期二 4:09:00
MD5: CF6B0959B49F88A949A9FF983AC8ABA1

复制代码

显示全部楼层 · 发表于 2023-8-29 11:30:53

S1 killed.

Infostealer
Attempts to read sensitive information from LSASS
MITRE : Credential Access [T1003.001][T1555.004]
MITRE : Initial Access [T1078]
MITRE : Defense Evasion [T1078]
MITRE : Persistence [T1078]
MITRE : Privilege Escalation [T1078]
Blocked read access to LSASS
MITRE : Credential Access [T1003.001]
MITRE : Initial Access [T1078]
MITRE : Defense Evasion [T1078]
MITRE : Persistence [T1078]
MITRE : Privilege Escalation [T1078]
Exploitation
Detected suspicious shellcode API call from PowerShell
MITRE : Execution [T1059.001][T1106]
MITRE : Defense Evasion [T1140]
Evasion
Attempt to evade monitoring using the Process hollowing technique
MITRE : Privilege Escalation [T1055.012]
MITRE : Defense Evasion [T1055.012]
A potential system signed process hollowing attempt was detected
MITRE : Privilege Escalation [T1055.012]
MITRE : Defense Evasion [T1055.012]
Process started with a spoofed parent process
MITRE : Defense Evasion [T1134.004]
MITRE : Privilege Escalation [T1134.004]
User process created a process solely used by the system
MITRE : Execution
An obfuscated Command Prompt command was detected
MITRE : Defense Evasion [T1027][T1140][T1480.001]
Interpreters were chained together in execution
MITRE : Defense Evasion [T1218][T1202]
MITRE : Execution [T1059]
Process bypassed the ETW mechanism
MITRE : Defense Evasion [T1562.001][T1562.006]
Detected in-memory hooks on AMSI DLL
MITRE : Defense Evasion [T1562.001][T1574]
MITRE : Privilege Escalation [T1574]
MITRE : Persistence [T1574]
Multiple functions were unhooked
MITRE : Defense Evasion [T1562.001]
A function was unhooked
MITRE : Defense Evasion [T1562.001]
An obfuscated PowerShell command was detected
MITRE : Defense Evasion [T1027][T1140][T1480.001]
An encoded PowerShell execution was chained with lolbins
MITRE : Defense Evasion [T1218][T1202][T1140][T1027][T1480.001]
An encoded PowerShell command was detected
MITRE : Defense Evasion [T1140][T1027][T1480.001]
The original filename is different from its actual name
MITRE : Defense Evasion [T1036.003][T1036.005][T1574.008]
MITRE : Persistence [T1574.008]
MITRE : Privilege Escalation [T1574.008]
Indirect command was executed
MITRE : Defense Evasion [T1218][T1202]
Injection
Code injection to a remote process
MITRE : Defense Evasion [T1055][T1055.002]
MITRE : Privilege Escalation [T1055][T1055.002]
Privilege Escalation
Attempt to bypass UAC (User Account Control)
MITRE : Privilege Escalation [T1548.002]
MITRE : Defense Evasion [T1548.002]
Malware
A function was unhooked
MITRE : Defense Evasion [T1562.001]
Detected attempt to re-map a core DLL of the OS
MITRE : Defense Evasion [T1562.001]
General
Powershell execution policy was changed
MITRE : Execution [T1059.001]

复制代码

显示全部楼层 · 发表于 2023-8-29 12:45:54

本帖最后由吃瓜群众第123位于 2023-8-29 13:33 编辑

AhnLab V3 Lite 扫描miss 信誉：未知分析：木马

显示全部楼层 · 发表于 2023-8-29 13:21:04

高级威胁防护已开始对恶意进程执行清除操作。进程路径: C:\Users\XX\Downloads\1\1.bat.exe. 威胁名称: ATC.SuspiciousBehavior.C04835497A98EA2E.

显示全部楼层 · 发表于 2023-8-29 15:41:00

江民miss

[病毒样本] x1

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源