Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | June 2, 2021, 10:36 a.m. | June 2, 2021, 10:36 a.m. |
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\DOCUMENT.exe.dll,Open
1016-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\DOCUMENT.exe.dll,Open
2056
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\DOCUMENT.exe.dll,
1756
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
No hosts contacted. |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
pdb_path | C:\Users\dev\Desktop\ëíëê² íë¤\Dll6\x64\Release\Dll6.pdb |
file | C:\Windows\System32\vboxdisp.dll |
file | C:\Windows\System32\vboxhook.dll |
file | C:\Windows\System32\vboxmrxnp.dll |
file | C:\Windows\System32\vboxogl.dll |
file | C:\Windows\System32\vboxoglarrayspu.dll |
file | C:\Windows\System32\vboxoglcrutil.dll |
file | C:\Windows\System32\vboxoglerrorspu.dll |
file | C:\Windows\System32\vboxoglfeedbackspu.dll |
file | C:\Windows\System32\vboxoglpackspu.dll |
file | C:\Windows\System32\drivers\VBoxSF.sys |
file | C:\Windows\System32\VBoxControl.exe |
file | C:\Windows\System32\vboxservice.exe |
file | C:\Windows\System32\vboxtray.exe |
file | C:\Windows\System32\drivers\VBoxGuest.sys |
file | C:\Windows\System32\drivers\VBoxVideo.sys |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions |
registry | HKEY_LOCAL_MACHINE\HARDWARE\ACPI\FADT\VBOX__ |
registry | HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ |
registry | HKEY_LOCAL_MACHINE\HARDWARE\ACPI\RSDT\VBOX__ |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\VMware Tools |
Cynet | Malicious (score: 99) |
CAT-QuickHeal | Trojan.Khalesi |
ALYac | Trojan.Agent.CobaltStrike |
Malwarebytes | Trojan.CobaltStrike |
K7AntiVirus | Trojan ( 0057d2181 ) |
Alibaba | Trojan:Win32/Khalesi.849e3ee7 |
K7GW | Trojan ( 0057d2181 ) |
CrowdStrike | win/malicious_confidence_100% (W) |
Arcabit | Trojan.NativeZone.2 |
Cyren | W64/Cobaltstrike.C.gen!Eldorado |
Symantec | Backdoor.Cobalt |
ESET-NOD32 | a variant of Win64/Rozena.KA |
TrendMicro-HouseCall | Trojan.Win64.COBEACON.SUM |
Paloalto | generic.ml |
Kaspersky | Trojan.Win32.Khalesi.jaqc |
BitDefender | Gen:Variant.NativeZone.2 |
ViRobot | Trojan.Win64.S.Cobalt.1747968 |
MicroWorld-eScan | Gen:Variant.NativeZone.2 |
Avast | Win64:Trojan-gen |
Ad-Aware | Gen:Variant.NativeZone.2 |
Emsisoft | Gen:Variant.NativeZone.2 (B) |
Comodo | Malware@#nhkruipfa8c3 |
VIPRE | Trojan.Win32.Generic!BT |
TrendMicro | Trojan.Win64.COBEACON.SUM |
McAfee-GW-Edition | Artemis!Trojan |
FireEye | Gen:Variant.NativeZone.2 |
Sophos | Mal/Generic-S + Troj/Cobalt-BQ |
Jiangmin | Trojan.Khalesi.apzn |
MaxSecure | Trojan.Malware.118402540.susgen |
Avira | TR/Rozena.kphbb |
MAX | malware (ai score=100) |
Kingsoft | Win32.Troj.Khalesi.ja.(kcloud) |
Gridinsoft | Trojan.Win64.Agent.oa |
Microsoft | Trojan:Win32/NativeZone.C!dha |
AegisLab | Trojan.Win32.Khalesi.4!c |
ZoneAlarm | Trojan.Win32.Khalesi.jaqc |
GData | Gen:Variant.NativeZone.2 |
AhnLab-V3 | Trojan/Win.CobaltStrike.R423201 |
McAfee | Trojan-FTRB!1C3B8AE594CB |
VBA32 | Trojan.Khalesi |
Cylance | Unsafe |
Rising | Backdoor.CobaltLoader!1.D6C6 (CLASSIC) |
Ikarus | Trojan.Win64.Rozena |
Fortinet | W32/Khalesi.JAQC!tr |
Webroot | W32.Trojan.Gen |
AVG | Win64:Trojan-gen |
Panda | Trj/CI.A |