Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | June 24, 2021, 7:06 p.m. | June 24, 2021, 7:31 p.m. |
-
-
cmd.exe "C:\Windows\sysnative\cmd" /c "C:\Users\test22\AppData\Local\Temp\62E9.tmp\62EA.tmp\62FB.bat C:\Users\test22\AppData\Local\Temp\clean1.exe"
1772-
attrib.exe attrib -s -h -r
2264 -
attrib.exe attrib +s +h +r clean1.exe
556
-
-
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
164.124.101.2 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
section | .code |
packer | PureBasic 4.x -> Neil Hodgson |
file | C:\Users\test22\AppData\Local\Temp\62E9.tmp\62EA.tmp\62FB.bat |
section | {u'size_of_data': u'0x00003400', u'virtual_address': u'0x00013000', u'entropy': 7.111835561466392, u'name': u'.rdata', u'virtual_size': u'0x000033a5'} | entropy | 7.11183556147 | description | A section with a high entropy has been found |
cmdline | "C:\Windows\sysnative\cmd" /c "C:\Users\test22\AppData\Local\Temp\62E9.tmp\62EA.tmp\62FB.bat C:\Users\test22\AppData\Local\Temp\clean1.exe" |
cmdline | attrib +s +h +r clean1.exe |
cmdline | attrib -s -h -r |
file | C:\Users\test22\AppData\Local\Temp\SandboxieInstall.exe |
file | C:\Users\test22\AppData\Local\Temp\62E9.tmp |
file | C:\Users\test22\AppData\Local\Temp\62E9.tmp\62EA.tmp |
file | C:\Users\test22\AppData\Local\Temp\62E9.tmp\62EA.tmp\62FB.bat |
Bkav | W32.AIDetect.malware2 |
Elastic | malicious (high confidence) |
FireEye | Generic.mg.e5b895e9aa0f2d53 |
CAT-QuickHeal | Trojan.GenericPMF.S16976269 |
Sangfor | Trojan.Win32.Save.a |
Cyren | W32/Delf.MV.gen!Eldorado |
Symantec | ML.Attribute.HighConfidence |
APEX | Malicious |
Sophos | Generic ML PUA (PUA) |
SentinelOne | Static AI - Suspicious PE |
Antiy-AVL | Trojan/Generic.ASMalwS.2B9E7F9 |
Cynet | Malicious (score: 100) |
BitDefenderTheta | Gen:NN.ZexaF.34758.quW@a0USgqh |
Rising | Malware.Heuristic!ET#100% (RDMK:cmRtazoRWr46e7Sivxf7/JP6a5XK) |
eGambit | Unsafe.AI_Score_63% |
MaxSecure | Trojan.Malware.300983.susgen |
Panda | Trj/Genetic.gen |