ssetup.exe| Category | Machine | Started | Completed |
|---|---|---|---|
| FILE | s1_win7_x6401 | June 25, 2021, 2:34 p.m. | June 25, 2021, 2:39 p.m. |
-
-
-
PING.EXE ping -n 2 127.1
2256
-
-
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| s5_rep.listw.top | 8.135.96.89 | |
| s5_down.listw.top | 120.79.176.83 |
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| UDP 192.168.56.101:62329 -> 114.114.114.114:53 | 2023883 | ET DNS Query to a *.top domain - Likely Hostile | Potentially Bad Traffic |
Suricata TLS
No Suricata TLS
| packer | Armadillo v1.71 |
| resource name | FILE |
| name | FILE | language | LANG_CHINESE | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0004da50 | size | 0x00048380 | ||||||||||||||||||
| name | FILE | language | LANG_CHINESE | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0004da50 | size | 0x00048380 | ||||||||||||||||||
| name | RT_DIALOG | language | LANG_CHINESE | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x000052c0 | size | 0x000000e8 | ||||||||||||||||||
| name | RT_DIALOG | language | LANG_CHINESE | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x000052c0 | size | 0x000000e8 | ||||||||||||||||||
| name | RT_STRING | language | LANG_CHINESE | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x000961f0 | size | 0x0000003c | ||||||||||||||||||
| name | RT_VERSION | language | LANG_CHINESE | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x000053a8 | size | 0x00000324 | ||||||||||||||||||
| name | RT_MANIFEST | language | LANG_CHINESE | filetype | XML 1.0 document, ASCII text, with CRLF line terminators | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00095dd0 | size | 0x0000041c | ||||||||||||||||||
| file | C:\Users\test22\AppData\Local\Temp\n3OVbL.bat |
| file | C:\Users\test22\AppData\Local\Temp\ssetup.exe |
| section | {u'size_of_data': u'0x00092000', u'virtual_address': u'0x00005000', u'entropy': 7.9794487394775695, u'name': u'.rsrc', u'virtual_size': u'0x00091230'} | entropy | 7.97944873948 | description | A section with a high entropy has been found | |||||||||
| entropy | 0.973333333333 | description | Overall entropy of this PE file is high | |||||||||||
| cmdline | ping -n 2 127.1 |
| service_name | mspci | service_path | C:\Windows\System32\drivers\mspci.sys | ||||||
| file | C:\Users\test22\AppData\Local\Temp\n3OVbL.bat |
| registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D8C7019BD363CEA27D25594A5517BD6A5225E04B\Blob |
| file | 276cfadc80c356ef_n3OVbL.bat |
| Bkav | W32.AIDetect.malware2 |
| Elastic | malicious (high confidence) |
| MicroWorld-eScan | Trojan.GenericKD.46530551 |
| FireEye | Generic.mg.5e8f78570b9610d1 |
| McAfee | RDN/Generic.grp |
| Cylance | Unsafe |
| Zillya | Trojan.AgentCRTD.Win32.9239 |
| Sangfor | Trojan.Win32.Save.a |
| Alibaba | Trojan:Win32/Witch.3a75efb7 |
| Symantec | Trojan.Gen.MBT |
| TrendMicro-HouseCall | TROJ_GEN.R002H0CFO21 |
| Avast | Win32:Malware-gen |
| Kaspersky | HEUR:Trojan.Win32.Witch.gen |
| BitDefender | Trojan.GenericKD.46530551 |
| Paloalto | generic.ml |
| AegisLab | Trojan.Win32.Witch.4!c |
| Rising | Trojan.DDLives!1.D77E (CLASSIC) |
| Ad-Aware | Trojan.GenericKD.46530551 |
| Emsisoft | Trojan.GenericKD.46530551 (B) |
| Comodo | TrojWare.Win32.Agent.xmmpz@0 |
| McAfee-GW-Edition | Artemis!Trojan |
| APEX | Malicious |
| eGambit | Unsafe.AI_Score_99% |
| Avira | TR/Dropper.Gen |
| MAX | malware (ai score=81) |
| Kingsoft | Win32.Troj.Undef.(kcloud) |
| Microsoft | HackTool:Win32/AutoKMS!ml |
| GData | Trojan.GenericKD.46530551 |
| Cynet | Malicious (score: 99) |
| AhnLab-V3 | Trojan/Win.Generic.R426870 |
| VBA32 | BScope.Trojan.Pasta |
| Ikarus | Trojan.Dropper |
| Fortinet | W32/Witch!tr |
| AVG | Win32:Malware-gen |
| Panda | Trj/CI.A |