Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | June 24, 2021, 11:11 p.m. | June 24, 2021, 11:42 p.m. |
-
-
cmd.exe C:\Windows\system32\cmd.exe /c C:\Users\Public\csvchost.exe
5628 -
cmd.exe C:\Windows\system32\cmd.exe /c csvchost.exe
6096 -
cmd.exe C:\Windows\system32\cmd.exe /c C:\Users\Public\csvchost.exe
2848 -
cmd.exe C:\Windows\system32\cmd.exe /c csvchost.exe
8400 -
cmd.exe C:\Windows\system32\cmd.exe /c C:\Users\Public\csvchost.exe
4368 -
cmd.exe C:\Windows\system32\cmd.exe /c csvchost.exe
1756 -
cmd.exe C:\Windows\system32\cmd.exe /c C:\Users\Public\csvchost.exe
3320 -
cmd.exe C:\Windows\system32\cmd.exe /c csvchost.exe
6324 -
cmd.exe C:\Windows\system32\cmd.exe /c C:\Users\Public\csvchost.exe
7000 -
cmd.exe C:\Windows\system32\cmd.exe /c csvchost.exe
9060 -
cmd.exe C:\Windows\system32\cmd.exe /c C:\Users\Public\csvchost.exe
6140 -
cmd.exe C:\Windows\system32\cmd.exe /c csvchost.exe
7128 -
cmd.exe C:\Windows\system32\cmd.exe /c C:\Users\Public\csvchost.exe
1404 -
cmd.exe C:\Windows\system32\cmd.exe /c csvchost.exe
296 -
cmd.exe C:\Windows\system32\cmd.exe /c C:\Users\Public\csvchost.exe
5600 -
cmd.exe C:\Windows\system32\cmd.exe /c csvchost.exe
6372
-
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
172.217.25.14 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
pdb_path | D:\C++\csrrs\csrrs\Release\csrrs.pdb |
cmdline | C:\Windows\system32\cmd.exe /c csvchost.exe |
cmdline | C:\Windows\system32\cmd.exe /c C:\Users\Public\csvchost.exe |
host | 172.217.25.14 |
MicroWorld-eScan | Gen:Variant.Ransom.Gibon.20 |
McAfee | RDN/Generic.dx |
Sangfor | Trojan.Win32.Dridex.ml |
Alibaba | Trojan:Win32/Generic.958799d5 |
Cybereason | malicious.fb0fee |
Arcabit | Trojan.Ransom.Gibon.20 |
Symantec | ML.Attribute.HighConfidence |
APEX | Malicious |
Avast | Win32:Malware-gen |
BitDefender | Gen:Variant.Ransom.Gibon.20 |
Ad-Aware | Gen:Variant.Ransom.Gibon.20 |
Emsisoft | Gen:Variant.Ransom.Gibon.20 (B) |
TrendMicro | TROJ_GEN.R011C0PFL21 |
McAfee-GW-Edition | RDN/Generic.dx |
MaxSecure | Trojan.Malware.300983.susgen |
FireEye | Gen:Variant.Ransom.Gibon.20 |
MAX | malware (ai score=81) |
Gridinsoft | Ransom.Win32.Gen.sa |
Microsoft | Trojan:Win32/Dridex!ml |
AegisLab | Trojan.Win32.Gibon.4!c |
GData | Gen:Variant.Ransom.Gibon.20 |
Cynet | Malicious (score: 100) |
ALYac | Gen:Variant.Ransom.Gibon.20 |
Malwarebytes | Trojan.Dropper |
TrendMicro-HouseCall | TROJ_GEN.R011C0PFL21 |
Rising | Malware.Heuristic!ET#83% (RDMK:cmRtazoyxUVkqsyQNiqrTy+JKRx5) |
eGambit | Unsafe.AI_Score_90% |
Fortinet | W32/PossibleThreat |
BitDefenderTheta | Gen:NN.ZexaF.34758.guW@aasZ44ni |
AVG | Win32:Malware-gen |
Panda | Trj/GdSda.A |
CrowdStrike | win/malicious_confidence_90% (W) |