Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | June 1, 2021, 5:38 p.m. | June 1, 2021, 5:40 p.m. |
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
164.124.101.2 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
description | Escalate priviledges | rule | Escalate_priviledges | ||||||
description | Run a KeyLogger | rule | KeyLogger | ||||||
description | Take ScreenShot | rule | ScreenShot | ||||||
description | File Downloader | rule | Network_Downloader | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | SEH__vba | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Affect hook table | rule | win_hook | ||||||
description | Install itself for autorun at Windows startup | rule | Persistence |
Bkav | W32.AIDetect.malware2 |
Elastic | malicious (high confidence) |
FireEye | Generic.mg.e5e99249a71ae209 |
Cylance | Unsafe |
Sangfor | Trojan.Win32.Save.a |
Cybereason | malicious.bd00f3 |
BitDefenderTheta | Gen:NN.ZevbaF.34692.1m3@aePqAGci |
ESET-NOD32 | a variant of Win32/Injector.BEUV |
APEX | Malicious |
Kaspersky | HEUR:Trojan.Win32.Generic |
Paloalto | generic.ml |
McAfee-GW-Edition | BehavesLike.Win32.VBObfus.ch |
Microsoft | PWS:Win32/Zbot!ml |
McAfee | Artemis!E5E99249A71A |
VBA32 | Trojan.VB.Halfman |
Malwarebytes | Malware.AI.3472699293 |
SentinelOne | Static AI - Malicious PE |
Fortinet | W32/Injector.EHLH!tr |
CrowdStrike | win/malicious_confidence_70% (D) |