svch.exe| Category | Machine | Started | Completed |
|---|---|---|---|
| FILE | s1_win7_x6401 | June 1, 2021, 5:38 p.m. | June 1, 2021, 5:40 p.m. |
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| No hosts contacted. | ||
| IP Address | Status | Action |
|---|---|---|
| 164.124.101.2 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
| description | Escalate priviledges | rule | Escalate_priviledges | ||||||
| description | Run a KeyLogger | rule | KeyLogger | ||||||
| description | Take ScreenShot | rule | ScreenShot | ||||||
| description | File Downloader | rule | Network_Downloader | ||||||
| description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
| description | (no description) | rule | DebuggerHiding__Thread | ||||||
| description | (no description) | rule | SEH__vba | ||||||
| description | Checks if being debugged | rule | anti_dbg | ||||||
| description | Affect hook table | rule | win_hook | ||||||
| description | Install itself for autorun at Windows startup | rule | Persistence | ||||||
| Bkav | W32.AIDetect.malware2 |
| Elastic | malicious (high confidence) |
| FireEye | Generic.mg.e5e99249a71ae209 |
| Cylance | Unsafe |
| Sangfor | Trojan.Win32.Save.a |
| Cybereason | malicious.bd00f3 |
| BitDefenderTheta | Gen:NN.ZevbaF.34692.1m3@aePqAGci |
| ESET-NOD32 | a variant of Win32/Injector.BEUV |
| APEX | Malicious |
| Kaspersky | HEUR:Trojan.Win32.Generic |
| Paloalto | generic.ml |
| McAfee-GW-Edition | BehavesLike.Win32.VBObfus.ch |
| Microsoft | PWS:Win32/Zbot!ml |
| McAfee | Artemis!E5E99249A71A |
| VBA32 | Trojan.VB.Halfman |
| Malwarebytes | Malware.AI.3472699293 |
| SentinelOne | Static AI - Malicious PE |
| Fortinet | W32/Injector.EHLH!tr |
| CrowdStrike | win/malicious_confidence_70% (D) |