Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | April 10, 2021, 8:42 a.m. | April 10, 2021, 8:56 a.m. |
-
-
takeown.exe c:\windows\system32\takeown.exe /R /A /D S /F "c:\pixe"
1976 -
icacls.exe c:\windows\system32\icacls.exe "c:\pixe" /reset /C /Q
2840 -
icacls.exe c:\windows\system32\icacls.exe "c:\pixe" /inheritance:d /C /Q
1892 -
-
icacls.exe icacls.exe c:\pixe\update\RunDll32-low.exe /setintegritylevel low
2288
-
-
Name | Response | Post-Analysis Lookup |
---|---|---|
www.pixe.es | 208.113.170.70 |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
request | GET http://www.pixe.es/bin/curl.exe |
file | c:\pixe\update\7za.exe |
file | c:\pixe\update\curl.exe |
wmi | Select * From Win32_NetworkAdapterConfiguration Where IPEnabled = True |
section | {u'size_of_data': u'0x000bea00', u'virtual_address': u'0x0007a000', u'entropy': 7.863629381011641, u'name': u'UPX1', u'virtual_size': u'0x000bf000'} | entropy | 7.86362938101 | description | A section with a high entropy has been found | |||||||||
entropy | 0.99025974026 | description | Overall entropy of this PE file is high |
section | UPX0 | description | Section name indicates UPX | ||||||
section | UPX1 | description | Section name indicates UPX |
wmi | Select * From Win32_NetworkAdapterConfiguration Where IPEnabled = True |
buffer | Buffer with sha1: b3aea131a18e363486ded8f546b3582a401094a3 |
cmdline | icacls.exe c:\pixe\update\RunDll32-low.exe /setintegritylevel low |
cmdline | c:\windows\system32\icacls.exe "c:\pixe" /reset /C /Q |
cmdline | cmd /c icacls.exe c:\pixe\update\RunDll32-low.exe /setintegritylevel low |
cmdline | c:\windows\system32\icacls.exe "c:\pixe" /inheritance:d /C /Q |
Bkav | W32.AIDetectVM.malware1 |
Elastic | malicious (high confidence) |
MicroWorld-eScan | Trojan.GenericKD.44367987 |
FireEye | Generic.mg.ba4658b682eba9d5 |
McAfee | RDN/Generic.grp |
Alibaba | Worm:Win32/ScriptSH.5a31b7cf |
Arcabit | Trojan.Generic.D2A50073 |
APEX | Malicious |
Paloalto | generic.ml |
BitDefender | Trojan.GenericKD.44367987 |
Ad-Aware | Trojan.GenericKD.44367987 |
Sophos | ML/PE-A |
TrendMicro | TROJ_GEN.R002C0PK820 |
McAfee-GW-Edition | BehavesLike.Win32.TrojanAitInject.bc |
Emsisoft | Trojan.GenericKD.44367987 (B) |
Ikarus | Trojan.Worm |
Antiy-AVL | GrayWare/Autoit.Execute.a |
AegisLab | Trojan.Win32.Generic.4!c |
GData | Trojan.GenericKD.44367987 |
Cynet | Malicious (score: 100) |
AhnLab-V3 | PUP/Win32.Agent.C2127860 |
ALYac | Trojan.GenericKD.44367987 |
MAX | malware (ai score=82) |
TrendMicro-HouseCall | TROJ_GEN.R002C0PK820 |
Rising | Trojan.Obfus/Autoit!1.BEDE (CLASSIC) |
MaxSecure | Trojan.Malware.300983.susgen |
Fortinet | W32/PossibleThreat |
AVG | JS:ScriptSH-inf [Trj] |
Panda | Trj/CI.A |
CrowdStrike | win/malicious_confidence_60% (W) |
Qihoo-360 | Generic/Trojan.Script.393 |