Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | April 28, 2021, 4:14 p.m. | April 28, 2021, 4:16 p.m. |
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\uDUxwumDrV.dll,PHAEbowsFCQddE9m
8212-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\uDUxwumDrV.dll,PHAEbowsFCQddE9m
7664
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\uDUxwumDrV.dll,TMethodImplementationIntercept
7032-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\uDUxwumDrV.dll,TMethodImplementationIntercept
1888
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\uDUxwumDrV.dll,
7960 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\uDUxwumDrV.dll,dbk_fcall_wrapper
8620-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\uDUxwumDrV.dll,dbk_fcall_wrapper
3916
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\uDUxwumDrV.dll,dbkFCallWrapperAddr
5888-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\uDUxwumDrV.dll,dbkFCallWrapperAddr
8408
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\uDUxwumDrV.dll,
3812
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
172.217.25.14 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
section | ?MYF.v\x1d% |
section | bX,7Ic,: |
section | 7vVtIR\x1fP |
section | 8:!CD-Y# |
section | lX9\x1cFMLW |
section | YT;jIN:! |
section | B;bdgtRg |
section | TD_8>Y0q |
section | =\Q-FAQc |
section | \x1c*\x1eHAdSP |
section | V:D8)cUm |
section | S%w9EedK |
section | vdR&<rVA |
section | {u'size_of_data': u'0x00048a00', u'virtual_address': u'0x006b1000', u'entropy': 7.9991395216885115, u'name': u'TD_8>Y0q', u'virtual_size': u'0x000488e0'} | entropy | 7.99913952169 | description | A section with a high entropy has been found | |||||||||
section | {u'size_of_data': u'0x00050200', u'virtual_address': u'0x006fa000', u'entropy': 7.995932504638369, u'name': u'=\\Q-FAQc', u'virtual_size': u'0x000501c0'} | entropy | 7.99593250464 | description | A section with a high entropy has been found | |||||||||
section | {u'size_of_data': u'0x0057d000', u'virtual_address': u'0x0074b000', u'entropy': 7.863972219166107, u'name': u'\\x1c*\\x1eHAdSP', u'virtual_size': u'0x0057ce61'} | entropy | 7.86397221917 | description | A section with a high entropy has been found | |||||||||
section | {u'size_of_data': u'0x002ef600', u'virtual_address': u'0x00cc8000', u'entropy': 7.617840162915499, u'name': u'V:D8)cUm', u'virtual_size': u'0x002ef574'} | entropy | 7.61784016292 | description | A section with a high entropy has been found | |||||||||
entropy | 0.566465303119 | description | Overall entropy of this PE file is high |
host | 172.217.25.14 |
Elastic | malicious (high confidence) |
MicroWorld-eScan | Trojan.Agent.FGHR |
Cylance | Unsafe |
CrowdStrike | win/malicious_confidence_100% (W) |
K7GW | Spyware ( 005791d51 ) |
K7AntiVirus | Spyware ( 005791d51 ) |
Arcabit | Trojan.Agent.FGHR |
Symantec | Trojan.Gen.2 |
ESET-NOD32 | a variant of Win64/Spy.Mekotio.P |
APEX | Malicious |
Avast | Win64:Trojan-gen |
BitDefender | Trojan.Agent.FGHR |
AegisLab | Trojan.Win32.Fghr.4!c |
Rising | Spyware.Mekotio!8.F5DF (CLOUD) |
Ad-Aware | Trojan.Agent.FGHR |
Emsisoft | Trojan.Agent.FGHR (B) |
McAfee-GW-Edition | BehavesLike.Win64.Softcnapp.wc |
FireEye | Generic.mg.ee03a7aafeaa2e4b |
Sophos | Mal/Generic-S |
Ikarus | Win32.Outbreak |
Webroot | W32.Trojan.Gen |
MAX | malware (ai score=83) |
Kingsoft | Win32.Troj.Generic.a.(kcloud) |
Gridinsoft | Trojan.Heur!.02296202 |
Microsoft | Trojan:Win32/Wacatac.B!ml |
GData | Trojan.Agent.FGHR |
McAfee | Artemis!EE03A7AAFEAA |
Malwarebytes | Malware.AI.4211687409 |
TrendMicro-HouseCall | TROJ_FRS.VSNTDR21 |
Fortinet | W64/Mekotio.P!tr.spy |
AVG | Win64:Trojan-gen |