Suspicious "game"

Status
Not open for further replies.

piquiteco

Level 14
Verified
Top Poster
Well-known
Oct 16, 2022
624
Okay. Please keep me updated.
Windows Resource Protection found corrupted files and repaired them successfully.
For online repairs, the details are included in the CBS log file located at
windir\Logs\CBS.log. For example, C:\WindowsLogsCBS\CBS.log. For offline
offline, the details are included in the log file provided by the /OFFLOGFILE flag.
 
  • Like
Reactions: partha_roy

partha_roy

Level 3
Well-known
Oct 16, 2022
126
Windows Resource Protection found corrupted files and repaired them successfully.
For online repairs, the details are included in the CBS log file located at
windir\Logs\CBS.log. For example, C:\WindowsLogsCBS\CBS.log. For offline
offline, the details are included in the log file provided by the /OFFLOGFILE flag.
Could you share the log file?
 

Shadowra

Level 37
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,617
With Harmony (Kaspersky)

Capture d’écran 2023-07-02 120705.pngCapture d’écran 2023-07-02 120720.pngCapture d’écran 2023-07-02 120911.pngCapture d’écran 2023-07-02 120932.pngCapture d’écran 2023-07-02 121031.png
 

piquiteco

Level 14
Verified
Top Poster
Well-known
Oct 16, 2022
624
Could you share the log file?
These errors are superficial, lol if I tell you you will laugh until a few hours, I was not supposed to run sfc /scannow. If I restart my computer, then I can't write this message, only on my cellphone. If you want to know why? send me a PM, then I'll tell you here lol (y):LOL:
 
  • Like
Reactions: Kongo

partha_roy

Level 3
Well-known
Oct 16, 2022
126
These errors are superficial, lol if I tell you you will laugh until a few hours, I was not supposed to run sfc /scannow. If I restart my computer, then I can't write this message, only on my cellphone. If you want to know why? send me a PM, then I'll tell you here lol (y):LOL:
Lol! Sure, I have privately texted you
 
  • Like
  • +Reputation
Reactions: Kongo and piquiteco

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,863
I ran crazydown and for me it had no effect, no detection by Bitdefender AV, no suspicious connections, just two processes running from build.exe that I kept monitoring and then it created some temporary files in the temp folder and they were the same files as the packaged crazydown.exe. I don't have Discord, but I do have edge and chrome. I was disappointed to expect something else from the malware. 😞
Final results clean machine, tested on physical machine, nothing unusual if stolen or infected then hitched a ride with some Windows process and sent it to web, good luck to the one who stole it. 😌
I tested Bitdefender Free a few hours ago. BD blocks the C2 connection made by build.exe, so the malware couldn't do anything after. The C2 was already blacklisted by BD even before @likeastar20 shared the sample. Maybe for some reason, the C2 didn't/doesn't connect to your location.
bd1.png
 

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,863
Correct, so that is clarified. NextDNS I block the suspicious top-level domains (TLD), so it did not make the connection C2. :oops:
Haha that's why. I always make my VM use a filter free DNS. Mine is set to use 1.1.1.1 & 8.8.8.8. Though using NextDNS would be better that you'll be able to have all the logs about the connections malware made. That's how @Trident tests. But make sure all filterings are off.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top