Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
  • MD5 =c0f04fec3900ffce803121c34df3b70c

    • Malware Report - Results

    File MD5SumSHA1SUMSHA256SUMFUZZY HASHFile Size
    c0f04fec3900ffce803121c34df3b70c0d5a112d5c3ad80092d534d880c76f853d45c1ac9e1c50cebbf5033d7602245f181c36cd951e66ca4089d03dfd17b871d08d91af768:2O/mbgWpJqddHs/FcNRwgN4Yle9JwVnHkN9/fq6WIu3UF+EIAOKrIg8jS1Y9c+AF:xYcfbNQdfq673728

    File Results

    File Name
    m1111.net%2Dd88e6adf24.exe

    SNORT Results

    Snort ClassSnort AlertCount
    N/ANo snort alerts generated0

    AV Results

    AV AlertAV Vendor

    Folders (Added) - ICC Results

    PathFolder Name

    Files (Added) - ICC Results

    PathFile Name
    c:/Documents and Settings/dmc73144/Application Datahostsys.exe
    c:/WINDOWS/PrefetchAUTOIT3.EXE-32361418.pf
    c:/WINDOWS/PrefetchHOSTSYS.EXE-361B884B.pf
    c:/WINDOWS/PrefetchREGSHOT.EXE-010A5EE6.pf
    c:/WINDOWS/PrefetchSANDNET.EXE-2012C478.pf
    c:/WINDOWS/SoftwareDistribution/DataStore/Logstmp.edb

    Files (Deleted) - ICC Results

    ActionPathFile Name

    Files (Changed) - ICC Results

    ActionPathFile Name
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchHSTART.EXE-221D72BF.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/PrefetchWMIPRVSE.EXE-28F301A9.pf
    modifiedc:/WINDOWS/PrefetchWUAUCLT.EXE-399A8E72.pf
    modifiedc:/WINDOWS/SoftwareDistribution/DataStoreDataStore.edb
    modifiedc:/WINDOWS/SoftwareDistribution/DataStore/Logsedb.chk
    modifiedc:/WINDOWS/SoftwareDistribution/DataStore/Logsedb.log
    modifiedc:/WINDOWS/system32/configsoftware.LOG
    modifiedc:/WINDOWS/system32/wbem/Logswmiprov.log
    modifiedc:/WINDOWSWindowsUpdate.log

    Registry Keys (Added) - ICC Results

    ActionPath
    addedHKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/WindowsUpdate/Reporting/RebootWatch

    Registry Values (Added) - ICC Results

    ActionPathVal_NameVal_Data
    addedHKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/RunWindows Update System "C:/Documents and Settings/dmc73144/Application Data/hostsys.exe"
    addedHKLM/SYSTEM/ControlSet001/Services/SharedAccess/Parameters/FirewallPolicy/StandardProfile/AuthorizedApplications/ListWindows Update System "C:/Documents and Settings/dmc73144/Application Data/hostsys.exe"
    addedHKLM/SYSTEM/CurrentControlSet/Services/SharedAccess/Parameters/FirewallPolicy/StandardProfile/AuthorizedApplications/ListWindows Update System "C:/Documents and Settings/dmc73144/Application Data/hostsys.exe"
    addedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/RunWindows Update System "C:/Documents and Settings/dmc73144/Application Data/hostsys.exe"

    Registry Values (Deleted) - ICC Results

    ActionPathVal_NameVal_TypeMod_Val_TypeVal_DataMod_Val_Data

    Registry Values (Changed) - ICC Results

    ActionPathVal_NameVal_DataMod_Val_Data
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeed15 A4 98 C5 94 A2 92 2E 3F 96 F3 CE D3 4C 08 A0 AE 43 EA FD DD B6 0A 29 48 4C 5CC4 F6 CF 29 0C 4A 13 31 70 0F 5A AD 59 2E 1A D3 EB 7B DF C9 85 11 93 F9 C8 E1 E3
    modifiedHKLM/SYSTEM/ControlSet001/Services/Eventlog/Application/ESENTEventMessageFile"c"C:WINDOWSsystem32ESENT.dll"
    modifiedHKLM/SYSTEM/ControlSet001/Services/Eventlog/Application/ESENTCategoryMessageFile"c"C:WINDOWSsystem32ESENT.dll"
    modifiedHKLM/SYSTEM/ControlSet001/Services/SharedAccess/EpochEpoch0x000001070x00000108
    modifiedHKLM/SYSTEM/CurrentControlSet/Services/Eventlog/Application/ESENTEventMessageFile"c"C:WINDOWSsystem32ESENT.dll"
    modifiedHKLM/SYSTEM/CurrentControlSet/Services/Eventlog/Application/ESENTCategoryMessageFile"c"C:WINDOWSsystem32ESENT.dll"
    modifiedHKLM/SYSTEM/CurrentControlSet/Services/SharedAccess/EpochEpoch0x000001070x00000108

    DNS Results

    DNSDNS Response
    cyba.sytes.netStandard query response A 127.0.0.1

    URL Results

    DstIPHTTP_HOSTHTTP_REQUEST_URIHTTP_USER_AGENTPROTOCOL

    ARGUS PROTOCOL Results

    PROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES

    ARGUS DPORT Results

    DPORTPROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES

    ARGUS DATA Results

    TimeDateProtocolSrcIPDstIPDirFlagsSportDportPktsBytes

    Packer Results

    Packer Name

    HoneyTrap Results

    Honey Trap Log File Location

    PTFB Results

    PTFB Log File Location