Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | April 23, 2021, 10:05 a.m. | April 23, 2021, 10:09 a.m. |
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\check.dll,StartW
2332-
wermgr.exe C:\Windows\system32\wermgr.exe
2256
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\check.dll,
1224
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.101:49210 115.73.211.230:443 |
C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | bb:48:e9:a1:55:37:8d:d3:de:c1:26:8f:7a:43:8c:19:5e:bb:da:25 |
TLSv1 192.168.56.101:49212 117.252.68.211:443 |
C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | bb:48:e9:a1:55:37:8d:d3:de:c1:26:8f:7a:43:8c:19:5e:bb:da:25 |
TLSv1 192.168.56.101:49213 103.54.41.193:443 |
C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | bb:48:e9:a1:55:37:8d:d3:de:c1:26:8f:7a:43:8c:19:5e:bb:da:25 |
TLSv1 192.168.56.101:49211 102.176.221.78:443 |
C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | bb:48:e9:a1:55:37:8d:d3:de:c1:26:8f:7a:43:8c:19:5e:bb:da:25 |
suspicious_features | Connection to IP address | suspicious_request | GET https://115.73.211.230/che1/TEST22-PC_W617601.B3E19DB41C770B4F9DA6BB1D235F02FF/5/kps/ | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET https://102.176.221.78/che1/TEST22-PC_W617601.B3E19DB41C770B4F9DA6BB1D235F02FF/5/kps/ | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET https://117.252.68.211/che1/TEST22-PC_W617601.B3E19DB41C770B4F9DA6BB1D235F02FF/5/kps/ | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET https://103.54.41.193/che1/TEST22-PC_W617601.B3E19DB41C770B4F9DA6BB1D235F02FF/5/kps/ |
request | GET https://115.73.211.230/che1/TEST22-PC_W617601.B3E19DB41C770B4F9DA6BB1D235F02FF/5/kps/ |
request | GET https://102.176.221.78/che1/TEST22-PC_W617601.B3E19DB41C770B4F9DA6BB1D235F02FF/5/kps/ |
request | GET https://117.252.68.211/che1/TEST22-PC_W617601.B3E19DB41C770B4F9DA6BB1D235F02FF/5/kps/ |
request | GET https://103.54.41.193/che1/TEST22-PC_W617601.B3E19DB41C770B4F9DA6BB1D235F02FF/5/kps/ |
description | wermgr.exe tried to sleep 190 seconds, actually delayed analysis time by 190 seconds |
host | 102.176.221.78 | |||
host | 103.54.41.193 | |||
host | 103.66.72.217 | |||
host | 115.73.211.230 | |||
host | 117.252.68.211 | |||
host | 181.176.161.143 |
Bkav | W32.AIDetect.malware2 |
Elastic | malicious (high confidence) |
MicroWorld-eScan | Trojan.GenericKD.36747608 |
ALYac | Trojan.GenericKD.36747608 |
Sangfor | Riskware.Win32.Wacapew.C |
CrowdStrike | win/malicious_confidence_100% (W) |
APEX | Malicious |
Paloalto | generic.ml |
BitDefender | Trojan.GenericKD.36747608 |
Avast | Win32:Malware-gen |
Rising | Malware.Strealer!8.1EF (CLOUD) |
Ad-Aware | Trojan.GenericKD.36747608 |
McAfee-GW-Edition | Artemis |
FireEye | Generic.mg.19cf698a9ec21bb5 |
Emsisoft | Trojan.GenericKD.36747608 (B) |
GData | Trojan.GenericKD.36747608 |
Microsoft | Program:Win32/Wacapew.C!ml |
Cynet | Malicious (score: 100) |
McAfee | Artemis!19CF698A9EC2 |
MAX | malware (ai score=86) |
Fortinet | PossibleThreat.PALLAS.H |
AVG | Win32:Malware-gen |
dead_host | 103.66.72.217:443 |