Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | May 1, 2021, 9:40 a.m. | May 1, 2021, 9:43 a.m. |
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\AazrkIaOnf.dll,Fi0KUsFNBsfDy53hFM5ulsq62
872-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\AazrkIaOnf.dll,Fi0KUsFNBsfDy53hFM5ulsq62
2648
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\AazrkIaOnf.dll,TMethodImplementationIntercept
2264-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\AazrkIaOnf.dll,TMethodImplementationIntercept
2080
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\AazrkIaOnf.dll,
1316 -
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\AazrkIaOnf.dll,dbk_fcall_wrapper
2664-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\AazrkIaOnf.dll,dbk_fcall_wrapper
2344
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\AazrkIaOnf.dll,dbkFCallWrapperAddr
2040-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\AazrkIaOnf.dll,dbkFCallWrapperAddr
604
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\AazrkIaOnf.dll,
2312
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
164.124.101.2 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
section | p\18XVd! |
section | \x1f`.E@9%\x1c |
section | ZG<.aII+ |
section | m@FI,i-! |
section | A+f7Uco6 |
section | 6\x1fhp#;k7 |
section | =ifQtp[, |
section | =5+RP\\x1eV |
section | m:I\x1e2m@4 |
section | .`0dZed' |
section | =b2^tF86 |
section | /;MX5YN\ |
section | g_["QQ\x1ca |
section | {u'size_of_data': u'0x00048a00', u'virtual_address': u'0x006b3000', u'entropy': 7.9992284151107045, u'name': u'=5+RP\\\\x1eV', u'virtual_size': u'0x00048904'} | entropy | 7.99922841511 | description | A section with a high entropy has been found | |||||||||
section | {u'size_of_data': u'0x00050400', u'virtual_address': u'0x006fc000', u'entropy': 7.997153726215477, u'name': u'm:I\\x1e2m@4', u'virtual_size': u'0x00050220'} | entropy | 7.99715372622 | description | A section with a high entropy has been found | |||||||||
section | {u'size_of_data': u'0x00579200', u'virtual_address': u'0x0074d000', u'entropy': 7.866781138206522, u'name': u".`0dZed'", u'virtual_size': u'0x00579042'} | entropy | 7.86678113821 | description | A section with a high entropy has been found | |||||||||
section | {u'size_of_data': u'0x002eb800', u'virtual_address': u'0x00cc7000', u'entropy': 7.624904621612691, u'name': u'=b2^tF86', u'virtual_size': u'0x002eb764'} | entropy | 7.62490462161 | description | A section with a high entropy has been found | |||||||||
entropy | 0.56537493091 | description | Overall entropy of this PE file is high |
Elastic | malicious (high confidence) |
DrWeb | Trojan.Mekotio.23 |
MicroWorld-eScan | Trojan.Agent.FGHR |
ALYac | Trojan.Agent.FGHR |
Alibaba | TrojanSpy:Win64/Mekotio.4d347b49 |
CrowdStrike | win/malicious_confidence_80% (W) |
Cyren | W64/Mekotio.H.gen!Eldorado |
Symantec | Trojan.Gen.MBT |
ESET-NOD32 | a variant of Win64/Spy.Mekotio.P |
APEX | Malicious |
BitDefender | Trojan.Agent.FGHR |
Rising | Spyware.Mekotio!8.F5DF (CLOUD) |
Ad-Aware | Trojan.Agent.FGHR |
McAfee-GW-Edition | BehavesLike.Win64.Softcnapp.wc |
FireEye | Generic.mg.4ea2c49920dfc1db |
Emsisoft | Trojan.Agent.FGHR (B) |
MAX | malware (ai score=85) |
Gridinsoft | Trojan.Heur!.02296222 |
GData | Trojan.Agent.FGHR |
AhnLab-V3 | Trojan/Win.Agent.R418241 |
McAfee | Artemis!4EA2C49920DF |
Malwarebytes | Malware.AI.4211687409 |
Ikarus | Trojan.Win64.Spy |
Fortinet | W64/Mekotio.P!tr.spy |