Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | May 25, 2021, 9:50 a.m. | May 25, 2021, 10:02 a.m. |
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
172.217.25.14 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
name | RT_STRING | language | LANG_LITHUANIAN | filetype | data | sublanguage | SUBLANG_LITHUANIAN_CLASSIC | offset | 0x00079998 | size | 0x00000028 | ||||||||||||||||||
name | RT_STRING | language | LANG_LITHUANIAN | filetype | data | sublanguage | SUBLANG_LITHUANIAN_CLASSIC | offset | 0x00079998 | size | 0x00000028 | ||||||||||||||||||
name | RT_STRING | language | LANG_LITHUANIAN | filetype | data | sublanguage | SUBLANG_LITHUANIAN_CLASSIC | offset | 0x00079998 | size | 0x00000028 |
section | {u'size_of_data': u'0x00075000', u'virtual_address': u'0x00001000', u'entropy': 6.92456471363538, u'name': u'.text', u'virtual_size': u'0x00074be0'} | entropy | 6.92456471364 | description | A section with a high entropy has been found | |||||||||
entropy | 0.983193277311 | description | Overall entropy of this PE file is high |
description | Escalate priviledges | rule | Escalate_priviledges | ||||||
description | Run a KeyLogger | rule | KeyLogger | ||||||
description | Take ScreenShot | rule | ScreenShot | ||||||
description | File Downloader | rule | Network_Downloader | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | SEH__vba | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Affect hook table | rule | win_hook | ||||||
description | Install itself for autorun at Windows startup | rule | Persistence |
host | 172.217.25.14 |
Bkav | W32.AIDetect.malware1 |
Elastic | malicious (high confidence) |
FireEye | Generic.mg.9c0ab971e6011646 |
Cylance | Unsafe |
Sangfor | Trojan.Win32.Save.a |
Cybereason | malicious.b9ab89 |
Symantec | ML.Attribute.HighConfidence |
APEX | Malicious |
SentinelOne | Static AI - Malicious PE |
Microsoft | Trojan:Win32/Wacatac.B!ml |
Cynet | Malicious (score: 100) |
BitDefenderTheta | Gen:NN.ZevbaF.34690.Pm3@aOjd4@oO |
VBA32 | Malware-Cryptor.VB.gen.1 |
Malwarebytes | Malware.AI.3647425024 |
Ikarus | VirTool.Win32.Vbinder |
eGambit | Unsafe.AI_Score_91% |
MaxSecure | Trojan.Malware.300983.susgen |
CrowdStrike | win/malicious_confidence_90% (D) |