Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | June 24, 2021, 7:06 p.m. | June 24, 2021, 8:44 p.m. |
-
-
cmd.exe "C:\Windows\sysnative\cmd" /c "C:\Users\test22\AppData\Local\Temp\5EA3.tmp\5EB4.tmp\5EB5.bat C:\Users\test22\AppData\Local\Temp\clean1.exe"
1684-
attrib.exe attrib -s -h -r
2428 -
attrib.exe attrib +s +h +r clean1.exe
656
-
-
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
164.124.101.2 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
section | .code |
packer | PureBasic 4.x -> Neil Hodgson |
file | C:\Users\test22\AppData\Local\Temp\5EA3.tmp\5EB4.tmp\5EB5.bat |
section | {u'size_of_data': u'0x00003400', u'virtual_address': u'0x00013000', u'entropy': 7.111835561466392, u'name': u'.rdata', u'virtual_size': u'0x000033a5'} | entropy | 7.11183556147 | description | A section with a high entropy has been found |
cmdline | attrib +s +h +r clean1.exe |
cmdline | "C:\Windows\sysnative\cmd" /c "C:\Users\test22\AppData\Local\Temp\5EA3.tmp\5EB4.tmp\5EB5.bat C:\Users\test22\AppData\Local\Temp\clean1.exe" |
cmdline | attrib -s -h -r |
file | C:\Users\test22\AppData\Local\Temp\SandboxieInstall.exe |
Bkav | W32.AIDetect.malware2 |
Elastic | malicious (high confidence) |
FireEye | Generic.mg.6192d1233fe0683d |
CAT-QuickHeal | Trojan.GenericPMF.S16976269 |
Cylance | Unsafe |
Sangfor | Trojan.Win32.Save.a |
CrowdStrike | win/malicious_confidence_70% (W) |
Cyren | W32/Delf.MV.gen!Eldorado |
Symantec | ML.Attribute.HighConfidence |
APEX | Malicious |
McAfee-GW-Edition | BehavesLike.Win32.Trojan.dm |
MaxSecure | Trojan.Malware.300983.susgen |
Sophos | Generic ML PUA (PUA) |
Antiy-AVL | Trojan/Generic.ASMalwS.2B9E7F9 |
Cynet | Malicious (score: 100) |
Rising | Malware.Heuristic!ET#100% (RDMK:cmRtazpfpM9CRNnG/giMiY/eM6oB) |
SentinelOne | Static AI - Suspicious PE |
eGambit | Unsafe.AI_Score_61% |
BitDefenderTheta | Gen:NN.ZexaF.34758.quW@aGvrqVb |
Panda | Trj/Genetic.gen |